fixes #11 Non cascadable authorizations were still cascaded

myclabs · Jun 19, 2014 · 5c89494 · 5c89494
1 parent 8844ae9
commit 5c89494
Show file tree

Hide file tree

Showing 2 changed files with 100 additions and 2 deletions.
diff --git a/src/Repository/AuthorizationRepository.php b/src/Repository/AuthorizationRepository.php
@@ -151,7 +151,7 @@ public function findCascadableAuthorizationsForResource(ResourceInterface $resou
         $qb->where('a.cascadable = true');
 
         // Root authorizations means no parent
-        $qb->where('a.parentAuthorization IS NULL');
+        $qb->andWhere('a.parentAuthorization IS NULL');
 
         if ($resource instanceof EntityResource) {
             $qb->andWhere('a.entityClass = :entityClass');

diff --git a/tests/Unit/Repository/AuthorizationRepositoryTest.php b/tests/Unit/Repository/AuthorizationRepositoryTest.php
@@ -10,6 +10,7 @@
 use MyCLabs\ACL\Doctrine\ACLSetup;
 use MyCLabs\ACL\Model\Actions;
 use MyCLabs\ACL\Model\Authorization;
+use MyCLabs\ACL\Model\ClassResource;
 use MyCLabs\ACL\Repository\AuthorizationRepository;
 use Tests\MyCLabs\ACL\Unit\Repository\Model\File;
 use Tests\MyCLabs\ACL\Unit\Repository\Model\FileOwnerRole;
@@ -68,7 +69,6 @@ public function testInsertBulk()
         $this->em->persist($resource);
         $role = new FileOwnerRole($user, $resource);
         $this->em->persist($role);
-
         $this->em->flush();
 
         $authorizations = [
@@ -96,4 +96,102 @@ public function testInsertBulk()
         $this->assertEquals(0, count($authorization->getChildAuthorizations()));
         $this->assertTrue($authorization->isCascadable());
     }
+
+    /**
+     * @depends testInsertBulk
+     */
+    public function testFindCascadableAuthorizations()
+    {
+        $user = new User();
+        $this->em->persist($user);
+        $resource = new File();
+        $this->em->persist($resource);
+        $role = new FileOwnerRole($user, $resource);
+        $this->em->persist($role);
+        $this->em->flush();
+
+        $classResource = new ClassResource('\Tests\MyCLabs\ACL\Unit\Repository\Model\File');
+
+        $authorizations = [
+            // VIEW cascades (entity resource)
+            Authorization::create($role, new Actions([ Actions::VIEW ]), $resource, true),
+            // EDIT doesn't cascade (entity resource)
+            Authorization::create($role, new Actions([ Actions::EDIT ]), $resource, false),
+
+            // VIEW cascades (class resource)
+            Authorization::create($role, new Actions([ Actions::VIEW ]), $classResource, true),
+            // EDIT doesn't cascade (class resource)
+            Authorization::create($role, new Actions([ Actions::EDIT ]), $classResource, false),
+        ];
+
+        /** @var AuthorizationRepository $repository */
+        $repository = $this->em->getRepository('MyCLabs\ACL\Model\Authorization');
+
+        $repository->insertBulk($authorizations);
+
+        // Test for entity resource
+        $result = $repository->findCascadableAuthorizationsForResource($resource);
+        $this->assertCount(1, $result);
+        $this->assertTrue($result[0]->getActions()->view);
+        $this->assertFalse($result[0]->getActions()->edit);
+
+        // Test for class resource
+        $result = $repository->findCascadableAuthorizationsForResource($classResource);
+        $this->assertCount(1, $result);
+        $this->assertTrue($result[0]->getActions()->view);
+        $this->assertFalse($result[0]->getActions()->edit);
+    }
+
+    /**
+     * @depends testInsertBulk
+     */
+    public function testIsAllowedOnEntity()
+    {
+        $user = new User();
+        $this->em->persist($user);
+        $resource = new File();
+        $this->em->persist($resource);
+        $role = new FileOwnerRole($user, $resource);
+        $this->em->persist($role);
+        $this->em->flush();
+
+        $authorizations = [
+            Authorization::create($role, new Actions([ Actions::VIEW ]), $resource),
+        ];
+
+        /** @var AuthorizationRepository $repository */
+        $repository = $this->em->getRepository('MyCLabs\ACL\Model\Authorization');
+        $repository->insertBulk($authorizations);
+
+        $this->assertTrue($repository->isAllowedOnEntity($user, Actions::VIEW, $resource));
+        $this->assertFalse($repository->isAllowedOnEntity($user, Actions::EDIT, $resource));
+    }
+
+    /**
+     * @depends testInsertBulk
+     */
+    public function testIsAllowedOnEntityClass()
+    {
+        $user = new User();
+        $this->em->persist($user);
+        $resource = new File();
+        $this->em->persist($resource);
+        $role = new FileOwnerRole($user, $resource);
+        $this->em->persist($role);
+        $this->em->flush();
+
+        $class = 'Tests\MyCLabs\ACL\Unit\Repository\Model\File';
+        $classResource = new ClassResource($class);
+
+        $authorizations = [
+            Authorization::create($role, new Actions([ Actions::VIEW ]), $classResource),
+        ];
+
+        /** @var AuthorizationRepository $repository */
+        $repository = $this->em->getRepository('MyCLabs\ACL\Model\Authorization');
+        $repository->insertBulk($authorizations);
+
+        $this->assertTrue($repository->isAllowedOnEntityClass($user, Actions::VIEW, $class));
+        $this->assertFalse($repository->isAllowedOnEntityClass($user, Actions::EDIT, $class));
+    }
 }