Skip to content

Commit 444610a

Browse files
vitormattosvitormattos
committed
test(controller): cover user policy authorization
Signed-off-by: Vitor Mattos <1079143+vitormattos@users.noreply.github.com>
1 parent 3dab7c1 commit 444610a

1 file changed

Lines changed: 75 additions & 0 deletions

File tree

tests/php/Unit/Controller/PolicyControllerTest.php

Lines changed: 75 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -652,6 +652,11 @@ public function testClearGroupReturnsForbiddenWhenGlobalDefaultBlocksLowerLevelO
652652
}
653653

654654
public function testSetUserPolicyForTargetUserReturnsSavedExplicitPolicy(): void {
655+
$this->groupManager
656+
->method('isAdmin')
657+
->with('admin')
658+
->willReturn(true);
659+
655660
$persistedPolicy = (new PolicyLayer())
656661
->setScope('user')
657662
->setValue('ordered_numeric');
@@ -677,6 +682,11 @@ public function testSetUserPolicyForTargetUserReturnsSavedExplicitPolicy(): void
677682
}
678683

679684
public function testClearUserPolicyForTargetUserReturnsClearedExplicitPolicy(): void {
685+
$this->groupManager
686+
->method('isAdmin')
687+
->with('admin')
688+
->willReturn(true);
689+
680690
$this->l10n
681691
->expects($this->once())
682692
->method('t')
@@ -698,6 +708,11 @@ public function testClearUserPolicyForTargetUserReturnsClearedExplicitPolicy():
698708
}
699709

700710
public function testSetUserPolicyForTargetUserReturnsBadRequestWhenServiceBlocksSave(): void {
711+
$this->groupManager
712+
->method('isAdmin')
713+
->with('admin')
714+
->willReturn(true);
715+
701716
$this->policyService
702717
->expects($this->once())
703718
->method('saveUserPreferenceForUserId')
@@ -726,6 +741,11 @@ public function testSetUserPreferenceBubblesUnexpectedExceptions(): void {
726741
}
727742

728743
public function testSetUserPolicyForTargetUserBubblesUnexpectedExceptions(): void {
744+
$this->groupManager
745+
->method('isAdmin')
746+
->with('admin')
747+
->willReturn(true);
748+
729749
$this->policyService
730750
->expects($this->once())
731751
->method('saveUserPreferenceForUserId')
@@ -752,6 +772,11 @@ public function testClearUserPreferenceBubblesUnexpectedExceptions(): void {
752772
}
753773

754774
public function testClearUserPolicyForTargetUserBubblesUnexpectedExceptions(): void {
775+
$this->groupManager
776+
->method('isAdmin')
777+
->with('admin')
778+
->willReturn(true);
779+
755780
$this->policyService
756781
->expects($this->once())
757782
->method('clearUserPreferenceForUserId')
@@ -764,6 +789,56 @@ public function testClearUserPolicyForTargetUserBubblesUnexpectedExceptions(): v
764789
$this->controller->clearUserPolicyForUser('user1', 'signature_flow');
765790
}
766791

792+
public function testSetUserPolicyForTargetUserReturnsForbiddenWhenCurrentActorCannotManageTargetUser(): void {
793+
$this->groupManager
794+
->method('isAdmin')
795+
->with('admin')
796+
->willReturn(false);
797+
$this->subAdmin
798+
->method('isSubAdmin')
799+
->with($this->currentUser)
800+
->willReturn(false);
801+
$this->l10n
802+
->expects($this->once())
803+
->method('t')
804+
->with('Not allowed to manage this user policy')
805+
->willReturn('Not allowed to manage this user policy');
806+
807+
$this->policyService->expects($this->never())->method('saveUserPreferenceForUserId');
808+
809+
$response = $this->controller->setUserPolicyForUser('user1', 'signature_flow', 'ordered_numeric');
810+
811+
$this->assertSame(Http::STATUS_FORBIDDEN, $response->getStatus());
812+
$this->assertSame([
813+
'error' => 'Not allowed to manage this user policy',
814+
], $response->getData());
815+
}
816+
817+
public function testClearUserPolicyForTargetUserReturnsForbiddenWhenCurrentActorCannotManageTargetUser(): void {
818+
$this->groupManager
819+
->method('isAdmin')
820+
->with('admin')
821+
->willReturn(false);
822+
$this->subAdmin
823+
->method('isSubAdmin')
824+
->with($this->currentUser)
825+
->willReturn(false);
826+
$this->l10n
827+
->expects($this->once())
828+
->method('t')
829+
->with('Not allowed to manage this user policy')
830+
->willReturn('Not allowed to manage this user policy');
831+
832+
$this->policyService->expects($this->never())->method('clearUserPreferenceForUserId');
833+
834+
$response = $this->controller->clearUserPolicyForUser('user1', 'signature_flow');
835+
836+
$this->assertSame(Http::STATUS_FORBIDDEN, $response->getStatus());
837+
$this->assertSame([
838+
'error' => 'Not allowed to manage this user policy',
839+
], $response->getData());
840+
}
841+
767842
public function testSetUserPreferenceReadsBodyParamsFromRequest(): void {
768843
$request = $this->createMock(IRequest::class);
769844
$request

0 commit comments

Comments
 (0)