forked from fa/breadcrumb-the-shire
293 lines
9.5 KiB
PHP
293 lines
9.5 KiB
PHP
<?php
|
|
|
|
namespace MintyPHP\Tests\App\Module;
|
|
|
|
use MintyPHP\App\Module\ModulePermissionSynchronizer;
|
|
use MintyPHP\App\Module\ModuleRegistry;
|
|
use MintyPHP\Repository\Access\PermissionRepositoryInterface;
|
|
use PHPUnit\Framework\TestCase;
|
|
|
|
final class ModulePermissionSynchronizerTest extends TestCase
|
|
{
|
|
private string $fixturesDir = '';
|
|
|
|
protected function setUp(): void
|
|
{
|
|
$this->fixturesDir = sys_get_temp_dir() . '/module-permission-sync-' . uniqid();
|
|
mkdir($this->fixturesDir, 0777, true);
|
|
}
|
|
|
|
protected function tearDown(): void
|
|
{
|
|
$this->removeDir($this->fixturesDir);
|
|
}
|
|
|
|
public function testSyncCreatesPermissionAndIsIdempotent(): void
|
|
{
|
|
$registry = $this->createRegistryWithPermissions([[
|
|
'key' => 'address_book.view',
|
|
'description' => 'Can view address book',
|
|
'active' => 1,
|
|
'is_system' => 1,
|
|
]]);
|
|
|
|
$repository = new InMemoryPermissionRepository();
|
|
$synchronizer = new ModulePermissionSynchronizer($registry, $repository);
|
|
|
|
$first = $synchronizer->sync();
|
|
self::assertSame(1, $first['created']);
|
|
self::assertSame(0, $first['updated']);
|
|
self::assertSame(0, $first['unchanged']);
|
|
|
|
$second = $synchronizer->sync();
|
|
self::assertSame(0, $second['created']);
|
|
self::assertSame(0, $second['updated']);
|
|
self::assertSame(1, $second['unchanged']);
|
|
}
|
|
|
|
public function testSyncDeactivatesOrphanedSystemPermissions(): void
|
|
{
|
|
// Module claims 'mod.perm_a' — 'mod.perm_b' is orphaned (no module owns it)
|
|
$registry = $this->createRegistryWithPermissions([[
|
|
'key' => 'mod.perm_a',
|
|
'description' => 'Active permission',
|
|
'active' => 1,
|
|
'is_system' => 1,
|
|
]]);
|
|
|
|
$repository = new InMemoryPermissionRepository();
|
|
$repository->create([
|
|
'key' => 'mod.perm_a',
|
|
'description' => 'Active permission',
|
|
'active' => 1,
|
|
'is_system' => 1,
|
|
]);
|
|
$repository->create([
|
|
'key' => 'mod.perm_b',
|
|
'description' => 'Orphaned module permission',
|
|
'active' => 1,
|
|
'is_system' => 1,
|
|
]);
|
|
|
|
$synchronizer = new ModulePermissionSynchronizer($registry, $repository);
|
|
$result = $synchronizer->sync();
|
|
|
|
self::assertSame(1, $result['deactivated']);
|
|
self::assertSame(1, $result['unchanged']);
|
|
|
|
$orphaned = $repository->findByKey('mod.perm_b');
|
|
self::assertSame(0, (int) ($orphaned['active'] ?? 1), 'Orphaned permission should be deactivated');
|
|
|
|
$active = $repository->findByKey('mod.perm_a');
|
|
self::assertSame(1, (int) ($active['active'] ?? 0), 'Claimed permission should stay active');
|
|
}
|
|
|
|
public function testSyncDoesNotDeactivateAdminCreatedPermissions(): void
|
|
{
|
|
// Empty module — no permissions declared
|
|
$registry = $this->createRegistryWithPermissions([]);
|
|
|
|
$repository = new InMemoryPermissionRepository();
|
|
$repository->create([
|
|
'key' => 'admin.custom',
|
|
'description' => 'Admin-created permission',
|
|
'active' => 1,
|
|
'is_system' => 0,
|
|
]);
|
|
|
|
$synchronizer = new ModulePermissionSynchronizer($registry, $repository);
|
|
$result = $synchronizer->sync();
|
|
|
|
self::assertSame(0, $result['deactivated']);
|
|
|
|
$adminPerm = $repository->findByKey('admin.custom');
|
|
self::assertSame(1, (int) ($adminPerm['active'] ?? 0), 'Admin-created permission must not be touched');
|
|
}
|
|
|
|
public function testSyncReactivatesPermissionWhenModuleReEnabled(): void
|
|
{
|
|
$registry = $this->createRegistryWithPermissions([[
|
|
'key' => 'mod.perm_a',
|
|
'description' => 'Reactivated permission',
|
|
'active' => 1,
|
|
'is_system' => 1,
|
|
]]);
|
|
|
|
$repository = new InMemoryPermissionRepository();
|
|
// Simulate previously deactivated permission
|
|
$repository->create([
|
|
'key' => 'mod.perm_a',
|
|
'description' => 'Reactivated permission',
|
|
'active' => 0,
|
|
'is_system' => 1,
|
|
]);
|
|
|
|
$synchronizer = new ModulePermissionSynchronizer($registry, $repository);
|
|
$result = $synchronizer->sync();
|
|
|
|
self::assertSame(0, $result['created']);
|
|
self::assertSame(1, $result['updated']);
|
|
self::assertSame(0, $result['deactivated']);
|
|
|
|
$perm = $repository->findByKey('mod.perm_a');
|
|
self::assertSame(1, (int) ($perm['active'] ?? 0), 'Permission should be reactivated by sync');
|
|
}
|
|
|
|
public function testSyncSkipsAlreadyDeactivatedOrphans(): void
|
|
{
|
|
$registry = $this->createRegistryWithPermissions([]);
|
|
|
|
$repository = new InMemoryPermissionRepository();
|
|
$repository->create([
|
|
'key' => 'mod.old_perm',
|
|
'description' => 'Already deactivated',
|
|
'active' => 0,
|
|
'is_system' => 1,
|
|
]);
|
|
|
|
$synchronizer = new ModulePermissionSynchronizer($registry, $repository);
|
|
$result = $synchronizer->sync();
|
|
|
|
self::assertSame(0, $result['deactivated'], 'Already-inactive permission should not be counted');
|
|
}
|
|
|
|
public function testSyncUpdatesExistingPermissionWhenDefinitionChanged(): void
|
|
{
|
|
$registry = $this->createRegistryWithPermissions([[
|
|
'key' => 'address_book.view',
|
|
'description' => 'Can view address book',
|
|
'active' => 1,
|
|
'is_system' => 1,
|
|
]]);
|
|
|
|
$repository = new InMemoryPermissionRepository();
|
|
$repository->create([
|
|
'key' => 'address_book.view',
|
|
'description' => 'Old description',
|
|
'active' => 0,
|
|
'is_system' => 0,
|
|
]);
|
|
|
|
$synchronizer = new ModulePermissionSynchronizer($registry, $repository);
|
|
$result = $synchronizer->sync();
|
|
|
|
self::assertSame(0, $result['created']);
|
|
self::assertSame(1, $result['updated']);
|
|
self::assertSame(0, $result['unchanged']);
|
|
|
|
$permission = $repository->findByKey('address_book.view');
|
|
self::assertSame('Can view address book', $permission['description'] ?? null);
|
|
self::assertSame(1, (int) ($permission['active'] ?? 0));
|
|
self::assertSame(1, (int) ($permission['is_system'] ?? 0));
|
|
}
|
|
|
|
/**
|
|
* @param list<array{key: string, description: string, active: int, is_system: int}> $permissions
|
|
*/
|
|
private function createRegistryWithPermissions(array $permissions): ModuleRegistry
|
|
{
|
|
mkdir($this->fixturesDir . '/mod-perm', 0777, true);
|
|
file_put_contents(
|
|
$this->fixturesDir . '/mod-perm/module.php',
|
|
'<?php return ' . var_export([
|
|
'id' => 'mod-perm',
|
|
'permissions' => $permissions,
|
|
], true) . ';'
|
|
);
|
|
|
|
return ModuleRegistry::boot($this->fixturesDir, ['mod-perm']);
|
|
}
|
|
|
|
private function removeDir(string $dir): void
|
|
{
|
|
if (!is_dir($dir)) {
|
|
return;
|
|
}
|
|
$items = new \RecursiveIteratorIterator(
|
|
new \RecursiveDirectoryIterator($dir, \FilesystemIterator::SKIP_DOTS),
|
|
\RecursiveIteratorIterator::CHILD_FIRST
|
|
);
|
|
foreach ($items as $item) {
|
|
if ($item->isDir()) {
|
|
rmdir($item->getPathname());
|
|
} else {
|
|
unlink($item->getPathname());
|
|
}
|
|
}
|
|
rmdir($dir);
|
|
}
|
|
}
|
|
|
|
final class InMemoryPermissionRepository implements PermissionRepositoryInterface
|
|
{
|
|
/** @var array<int, array<string, mixed>> */
|
|
private array $rows = [];
|
|
private int $nextId = 1;
|
|
|
|
public function list(): array
|
|
{
|
|
return array_values($this->rows);
|
|
}
|
|
|
|
public function listActive(): array
|
|
{
|
|
return array_values(array_filter($this->rows, static fn (array $row): bool => (int) ($row['active'] ?? 0) === 1));
|
|
}
|
|
|
|
public function listPaged(array $options): array
|
|
{
|
|
return ['rows' => $this->list(), 'total' => count($this->rows)];
|
|
}
|
|
|
|
public function find(int $id): ?array
|
|
{
|
|
return $this->rows[$id] ?? null;
|
|
}
|
|
|
|
public function findByKey(string $key): ?array
|
|
{
|
|
foreach ($this->rows as $row) {
|
|
if ((string) ($row['key'] ?? '') === $key) {
|
|
return $row;
|
|
}
|
|
}
|
|
return null;
|
|
}
|
|
|
|
public function create(array $data): ?int
|
|
{
|
|
$id = $this->nextId++;
|
|
$this->rows[$id] = [
|
|
'id' => $id,
|
|
'key' => (string) ($data['key'] ?? ''),
|
|
'description' => (string) ($data['description'] ?? ''),
|
|
'active' => (int) ($data['active'] ?? 1),
|
|
'is_system' => (int) ($data['is_system'] ?? 1),
|
|
];
|
|
return $id;
|
|
}
|
|
|
|
public function update(int $id, array $data): bool
|
|
{
|
|
if (!isset($this->rows[$id])) {
|
|
return false;
|
|
}
|
|
$this->rows[$id]['key'] = (string) ($data['key'] ?? $this->rows[$id]['key']);
|
|
$this->rows[$id]['description'] = (string) ($data['description'] ?? $this->rows[$id]['description']);
|
|
$this->rows[$id]['active'] = (int) ($data['active'] ?? $this->rows[$id]['active']);
|
|
$this->rows[$id]['is_system'] = (int) ($data['is_system'] ?? $this->rows[$id]['is_system']);
|
|
return true;
|
|
}
|
|
|
|
public function delete(int $id): bool
|
|
{
|
|
unset($this->rows[$id]);
|
|
return true;
|
|
}
|
|
|
|
public function listSystem(): array
|
|
{
|
|
return array_values(array_filter($this->rows, static fn (array $row): bool => (int) ($row['is_system'] ?? 0) === 1));
|
|
}
|
|
}
|