Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/tests/phpunit/unit/includes/Permissions/UserAuthorityTest.php

191 lines
6.3 KiB
PHP
Raw Normal View History

Introduce Authority interface This introduces the Authority interface and an implementation of basic functionality. This serves as a basis for spike exploring the concept. Bug: T261963 Change-Id: Idd4e8bd934f191296eada443450bc69500102937
2021-01-05 22:08:41 +00:00
<?php
/**
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along
* with this program; if not, write to the Free Software Foundation, Inc.,
* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
* http://www.gnu.org/copyleft/gpl.html
*
* @file
*/
namespace MediaWiki\Tests\Unit\Permissions;
use InvalidArgumentException;
use MediaWiki\Page\PageIdentity;
use MediaWiki\Page\PageIdentityValue;
use MediaWiki\Permissions\Authority;
use MediaWiki\Permissions\PermissionManager;
use MediaWiki\Permissions\PermissionStatus;
Make User implement Authority Ideally, only User associated with the global request should be associated with UserAuthority. For a random user instance, not the current performer, checking permissions should be based solely on user groups and perhaps an existing block. Right now however, PermissionManager is coupled with global request, so we still instantiate a UserAuthority for non-current users. This mimics the behaviour we've had before. As we refactor PermissionManager, we will be able to replace Authority implementation in this case, or even entirely prohibit non-performer authority. Bug: T271459 Depends-On: Iebf2dca34eea751391d9740443c195287399aa5c Change-Id: Ib094e498fd883db23f2763f171281b1c9e99217e
2021-01-07 20:57:19 +00:00
use MediaWiki\Permissions\UserAuthority;
Introduce Authority interface This introduces the Authority interface and an implementation of basic functionality. This serves as a basis for spike exploring the concept. Bug: T261963 Change-Id: Idd4e8bd934f191296eada443450bc69500102937
2021-01-05 22:08:41 +00:00
use MediaWikiUnitTestCase;
use PHPUnit\Framework\MockObject\MockObject;
use User;
/**
Make User implement Authority Ideally, only User associated with the global request should be associated with UserAuthority. For a random user instance, not the current performer, checking permissions should be based solely on user groups and perhaps an existing block. Right now however, PermissionManager is coupled with global request, so we still instantiate a UserAuthority for non-current users. This mimics the behaviour we've had before. As we refactor PermissionManager, we will be able to replace Authority implementation in this case, or even entirely prohibit non-performer authority. Bug: T271459 Depends-On: Iebf2dca34eea751391d9740443c195287399aa5c Change-Id: Ib094e498fd883db23f2763f171281b1c9e99217e
2021-01-07 20:57:19 +00:00
* @covers \MediaWiki\Permissions\UserAuthority
Introduce Authority interface This introduces the Authority interface and an implementation of basic functionality. This serves as a basis for spike exploring the concept. Bug: T261963 Change-Id: Idd4e8bd934f191296eada443450bc69500102937
2021-01-05 22:08:41 +00:00
*/
Make User implement Authority Ideally, only User associated with the global request should be associated with UserAuthority. For a random user instance, not the current performer, checking permissions should be based solely on user groups and perhaps an existing block. Right now however, PermissionManager is coupled with global request, so we still instantiate a UserAuthority for non-current users. This mimics the behaviour we've had before. As we refactor PermissionManager, we will be able to replace Authority implementation in this case, or even entirely prohibit non-performer authority. Bug: T271459 Depends-On: Iebf2dca34eea751391d9740443c195287399aa5c Change-Id: Ib094e498fd883db23f2763f171281b1c9e99217e
2021-01-07 20:57:19 +00:00
class UserAuthorityTest extends MediaWikiUnitTestCase {
Introduce Authority interface This introduces the Authority interface and an implementation of basic functionality. This serves as a basis for spike exploring the concept. Bug: T261963 Change-Id: Idd4e8bd934f191296eada443450bc69500102937
2021-01-05 22:08:41 +00:00
private function newPermissionsManager( array $permissions ): PermissionManager {
/** @var PermissionManager|MockObject $manager */
$manager = $this->createNoOpMock(
PermissionManager::class,
[ 'userHasRight', 'userCan', 'getPermissionErrors' ]
);
$manager->method( 'userHasRight' )->willReturnCallback(
Tests: Mark more more closures as static Result of a new sniff I25a17fb22b6b669e817317a0f45051ae9c608208 Bug: T274036 Change-Id: I695873737167a75f0d94901fa40383a33984ca55
2021-02-07 13:10:36 +00:00
static function ( $user, $permission ) use ( $permissions ) {
Introduce Authority interface This introduces the Authority interface and an implementation of basic functionality. This serves as a basis for spike exploring the concept. Bug: T261963 Change-Id: Idd4e8bd934f191296eada443450bc69500102937
2021-01-05 22:08:41 +00:00
return in_array( $permission, $permissions );
}
);
$manager->method( 'userCan' )->willReturnCallback(
Tests: Mark more more closures as static Result of a new sniff I25a17fb22b6b669e817317a0f45051ae9c608208 Bug: T274036 Change-Id: I695873737167a75f0d94901fa40383a33984ca55
2021-02-07 13:10:36 +00:00
static function ( $permission, $user ) use ( $manager ) {
Introduce Authority interface This introduces the Authority interface and an implementation of basic functionality. This serves as a basis for spike exploring the concept. Bug: T261963 Change-Id: Idd4e8bd934f191296eada443450bc69500102937
2021-01-05 22:08:41 +00:00
return $manager->userHasRight( $user, $permission );
}
);
$manager->method( 'getPermissionErrors' )->willReturnCallback(
Tests: Mark more more closures as static Result of a new sniff I25a17fb22b6b669e817317a0f45051ae9c608208 Bug: T274036 Change-Id: I695873737167a75f0d94901fa40383a33984ca55
2021-02-07 13:10:36 +00:00
static function ( $permission, $user, $target ) use ( $manager ) {
Introduce Authority interface This introduces the Authority interface and an implementation of basic functionality. This serves as a basis for spike exploring the concept. Bug: T261963 Change-Id: Idd4e8bd934f191296eada443450bc69500102937
2021-01-05 22:08:41 +00:00
$errors = [];
if ( !$manager->userCan( $permission, $user, $target ) ) {
$errors[] = [ 'permissionserrors' ];
}
return $errors;
}
);
return $manager;
}
private function newUser(): User {
return $this->createNoOpMock( User::class );
}
Make User implement Authority Ideally, only User associated with the global request should be associated with UserAuthority. For a random user instance, not the current performer, checking permissions should be based solely on user groups and perhaps an existing block. Right now however, PermissionManager is coupled with global request, so we still instantiate a UserAuthority for non-current users. This mimics the behaviour we've had before. As we refactor PermissionManager, we will be able to replace Authority implementation in this case, or even entirely prohibit non-performer authority. Bug: T271459 Depends-On: Iebf2dca34eea751391d9740443c195287399aa5c Change-Id: Ib094e498fd883db23f2763f171281b1c9e99217e
2021-01-07 20:57:19 +00:00
private function newAuthority( User $actor, array $permissions ): Authority {
Introduce Authority interface This introduces the Authority interface and an implementation of basic functionality. This serves as a basis for spike exploring the concept. Bug: T261963 Change-Id: Idd4e8bd934f191296eada443450bc69500102937
2021-01-05 22:08:41 +00:00
$permissionManager = $this->newPermissionsManager( $permissions );
Make User implement Authority Ideally, only User associated with the global request should be associated with UserAuthority. For a random user instance, not the current performer, checking permissions should be based solely on user groups and perhaps an existing block. Right now however, PermissionManager is coupled with global request, so we still instantiate a UserAuthority for non-current users. This mimics the behaviour we've had before. As we refactor PermissionManager, we will be able to replace Authority implementation in this case, or even entirely prohibit non-performer authority. Bug: T271459 Depends-On: Iebf2dca34eea751391d9740443c195287399aa5c Change-Id: Ib094e498fd883db23f2763f171281b1c9e99217e
2021-01-07 20:57:19 +00:00
return new UserAuthority(
$actor,
Introduce Authority interface This introduces the Authority interface and an implementation of basic functionality. This serves as a basis for spike exploring the concept. Bug: T261963 Change-Id: Idd4e8bd934f191296eada443450bc69500102937
2021-01-05 22:08:41 +00:00
$permissionManager
);
}
public function testGetAuthor() {
$actor = $this->newUser();
$authority = $this->newAuthority( $actor, [] );
Rename Authority::getPerformer() to ::getUser() We started to call Authority argument $performer everywhere, and $performer->getPerformer() doesn't look that good. Change-Id: Id2cf3f27b18340314e4ed1ea9931ad9404b4df6f
2021-03-04 19:45:28 +00:00
$this->assertSame( $actor, $authority->getUser() );
Introduce Authority interface This introduces the Authority interface and an implementation of basic functionality. This serves as a basis for spike exploring the concept. Bug: T261963 Change-Id: Idd4e8bd934f191296eada443450bc69500102937
2021-01-05 22:08:41 +00:00
}
public function testPermissions() {
$actor = $this->newUser();
$authority = $this->newAuthority( $actor, [ 'foo', 'bar' ] );
$this->assertTrue( $authority->isAllowed( 'foo' ) );
$this->assertTrue( $authority->isAllowed( 'bar' ) );
$this->assertFalse( $authority->isAllowed( 'quux' ) );
$this->assertTrue( $authority->isAllowedAll( 'foo', 'bar' ) );
$this->assertTrue( $authority->isAllowedAny( 'bar', 'quux' ) );
$this->assertFalse( $authority->isAllowedAll( 'foo', 'quux' ) );
$this->assertFalse( $authority->isAllowedAny( 'xyzzy', 'quux' ) );
}
public function testProbablyCan() {
$target = new PageIdentityValue( 321, NS_MAIN, __METHOD__, PageIdentity::LOCAL );
$actor = $this->newUser();
$authority = $this->newAuthority( $actor, [ 'foo', 'bar' ] );
$this->assertTrue( $authority->probablyCan( 'foo', $target ) );
$this->assertTrue( $authority->probablyCan( 'bar', $target ) );
$this->assertFalse( $authority->probablyCan( 'quux', $target ) );
$status = new PermissionStatus();
$authority->probablyCan( 'foo', $target, $status );
$this->assertTrue( $status->isOK() );
$authority->probablyCan( 'quux', $target, $status );
$this->assertFalse( $status->isOK() );
}
public function testDefinitlyCan() {
$target = new PageIdentityValue( 321, NS_MAIN, __METHOD__, PageIdentity::LOCAL );
$actor = $this->newUser();
$authority = $this->newAuthority( $actor, [ 'foo', 'bar' ] );
$this->assertTrue( $authority->definitelyCan( 'foo', $target ) );
$this->assertTrue( $authority->definitelyCan( 'bar', $target ) );
$this->assertFalse( $authority->definitelyCan( 'quux', $target ) );
$status = new PermissionStatus();
$authority->definitelyCan( 'foo', $target, $status );
$this->assertTrue( $status->isOK() );
$authority->definitelyCan( 'quux', $target, $status );
$this->assertFalse( $status->isOK() );
}
public function testAuthorizeRead() {
$target = new PageIdentityValue( 321, NS_MAIN, __METHOD__, PageIdentity::LOCAL );
$actor = $this->newUser();
$authority = $this->newAuthority( $actor, [ 'foo', 'bar' ] );
$this->assertTrue( $authority->authorizeRead( 'foo', $target ) );
$this->assertTrue( $authority->authorizeRead( 'bar', $target ) );
$this->assertFalse( $authority->authorizeRead( 'quux', $target ) );
$status = new PermissionStatus();
$authority->authorizeRead( 'foo', $target, $status );
$this->assertTrue( $status->isOK() );
$authority->authorizeRead( 'quux', $target, $status );
$this->assertFalse( $status->isOK() );
}
public function testAuthorizeWrite() {
$target = new PageIdentityValue( 321, NS_MAIN, __METHOD__, PageIdentity::LOCAL );
$actor = $this->newUser();
$authority = $this->newAuthority( $actor, [ 'foo', 'bar' ] );
$this->assertTrue( $authority->authorizeWrite( 'foo', $target ) );
$this->assertTrue( $authority->authorizeWrite( 'bar', $target ) );
$this->assertFalse( $authority->authorizeWrite( 'quux', $target ) );
$status = new PermissionStatus();
$authority->authorizeWrite( 'foo', $target, $status );
$this->assertTrue( $status->isOK() );
$authority->authorizeWrite( 'quux', $target, $status );
$this->assertFalse( $status->isOK() );
}
public function testIsAllowedAnyThrowsOnEmptySet() {
$actor = $this->newUser();
$authority = $this->newAuthority( $actor, [ 'foo', 'bar' ] );
$this->expectException( InvalidArgumentException::class );
$authority->isAllowedAny();
}
public function testIsAllowedAllThrowsOnEmptySet() {
$actor = $this->newUser();
$authority = $this->newAuthority( $actor, [ 'foo', 'bar' ] );
$this->expectException( InvalidArgumentException::class );
$authority->isAllowedAll();
}
}
Reference in a new issue Copy permalink