forked from fa/breadcrumb-the-shire
Rename the top-level lib/ directory to core/ so the project root immediately communicates which code is core platform and which lives in modules/. PHP namespaces (MintyPHP\*) are unchanged — only the Composer PSR-4 path mapping moves from lib/ to core/. Module-internal lib/ directories (modules/*/lib/) are untouched. Updated across the full stack: - composer.json PSR-4 mapping - bootstrap entry points (web/index.php, bin/*, tests/bootstrap.php) - tooling configs (phpstan.neon, phpunit.xml, php-cs-fixer) - 26 architecture contract tests - enforcement-policy, guard-catalog, quality-gates - all documentation (CLAUDE.md, README, 25 docs/, .agents/skills/) - bin/qa-extended.sh search paths - .claude/settings.local.json permission paths Workflow: .agents/runs/CORE-LIB-RENAME-001/ (Analyst → Planner → Executor → Code Review (4 findings fixed) → Security Review → Acceptance Test → Finalizer) Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
77 lines
4.6 KiB
PHP
77 lines
4.6 KiB
PHP
<?php
|
|
|
|
namespace MintyPHP\Tests\Architecture;
|
|
|
|
use PHPUnit\Framework\TestCase;
|
|
|
|
class AuthzApiBootstrapContractTest extends TestCase
|
|
{
|
|
use ProjectFileAssertionSupport;
|
|
|
|
public function testApiLoginIsBootstrappedAsPublic(): void
|
|
{
|
|
$content = $this->readProjectFile('pages/api/v1/auth/login().php');
|
|
$this->assertStringContainsString('ApiBootstrap::init(false);', $content);
|
|
}
|
|
|
|
public function testApiBootstrapSupportsOptionalAuthRequirement(): void
|
|
{
|
|
$content = $this->readProjectFile('core/Http/ApiBootstrap.php');
|
|
$this->assertStringContainsString('public static function init(bool $requireAuth = true): void', $content);
|
|
$this->assertStringContainsString('if ($requireAuth) {', $content);
|
|
$this->assertStringContainsString('$authenticated = ApiAuth::authenticate();', $content);
|
|
$this->assertStringContainsString('ApiResponse::unauthorized();', $content);
|
|
}
|
|
|
|
public function testApiUsersEndpointsUseCentralUserPolicy(): void
|
|
{
|
|
$indexContent = $this->readProjectFile('pages/api/v1/users/index().php');
|
|
$this->assertStringContainsString('AuthorizationService::class', $indexContent);
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_API_USERS_INDEX_GET', $indexContent);
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_API_USERS_INDEX_POST', $indexContent);
|
|
|
|
$showContent = $this->readProjectFile('pages/api/v1/users/show($id).php');
|
|
$this->assertStringContainsString('AuthorizationService::class', $showContent);
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_API_USERS_SHOW_GET', $showContent);
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_API_USERS_SHOW_UPDATE', $showContent);
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_API_USERS_SHOW_DELETE', $showContent);
|
|
}
|
|
|
|
public function testApiPermissionAndSettingsEndpointsHaveExpectedGuards(): void
|
|
{
|
|
$permissionContent = $this->readProjectFile('pages/api/v1/permissions/index().php');
|
|
$this->assertStringContainsString('ApiResponse::requireAbility(\\MintyPHP\\Service\\Access\\OperationsAuthorizationPolicy::ABILITY_API_PERMISSIONS_VIEW);', $permissionContent);
|
|
$this->assertStringContainsString("foreach ((\$result['rows'] ?? []) as \$row)", $permissionContent);
|
|
|
|
$settingsContent = $this->readProjectFile('pages/api/v1/settings/index().php');
|
|
$this->assertStringContainsString('ApiResponse::requireAbility(\\MintyPHP\\Service\\Access\\OperationsAuthorizationPolicy::ABILITY_API_SETTINGS_VIEW);', $settingsContent);
|
|
$this->assertStringContainsString('ApiResponse::requireAbility(\\MintyPHP\\Service\\Access\\OperationsAuthorizationPolicy::ABILITY_API_SETTINGS_UPDATE);', $settingsContent);
|
|
}
|
|
|
|
public function testApiMeEndpointsUseSelfServicePermissions(): void
|
|
{
|
|
$meContent = $this->readProjectFile('pages/api/v1/me/index().php');
|
|
$this->assertStringContainsString('$method === \'PUT\' || $method === \'PATCH\'', $meContent);
|
|
$this->assertStringContainsString('OperationsAuthorizationPolicy::ABILITY_API_ME_SELF_UPDATE', $meContent);
|
|
$this->assertStringContainsString('ApiResponse::validationFromFormErrors(', $meContent);
|
|
|
|
$passwordContent = $this->readProjectFile('pages/api/v1/me/password().php');
|
|
$this->assertStringContainsString("ApiResponse::requireMethod('POST');", $passwordContent);
|
|
$this->assertStringContainsString('ApiResponse::requireAbility(\\MintyPHP\\Service\\Access\\OperationsAuthorizationPolicy::ABILITY_API_ME_SELF_UPDATE);', $passwordContent);
|
|
|
|
$avatarContent = $this->readProjectFile('pages/api/v1/me/avatar().php');
|
|
$this->assertStringContainsString("define('MINTY_ALLOW_OUTPUT', true);", $avatarContent);
|
|
$this->assertStringContainsString('OperationsAuthorizationPolicy::ABILITY_API_ME_SELF_UPDATE', $avatarContent);
|
|
}
|
|
|
|
public function testApiAvatarEndpointsUseExpectedAuthorizationModel(): void
|
|
{
|
|
$userAvatarContent = $this->readProjectFile('pages/api/v1/users/avatar($id).php');
|
|
$this->assertStringContainsString('UserAuthorizationPolicy::ABILITY_API_USERS_SHOW_GET', $userAvatarContent);
|
|
|
|
$tenantAvatarContent = $this->readProjectFile('pages/api/v1/tenants/avatar($id).php');
|
|
$this->assertStringContainsString('OperationsAuthorizationPolicy::ABILITY_API_TENANTS_VIEW', $tenantAvatarContent);
|
|
$this->assertStringContainsString("ApiAuth::requireResourceAccess('tenants', \$tenantId);", $tenantAvatarContent);
|
|
}
|
|
}
|