summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/Controllers/BaseController.php11
-rw-r--r--src/Helpers/AuthenticatorServiceProvider.php1
-rw-r--r--src/Http/Exceptions/HttpForbidden.php23
-rw-r--r--src/Http/Request.php2
-rw-r--r--src/Middleware/CallableHandler.php8
-rw-r--r--src/Middleware/RequestHandler.php45
-rw-r--r--tests/Unit/Controllers/BaseControllerTest.php25
-rw-r--r--tests/Unit/Controllers/Stub/ControllerImplementation.php25
-rw-r--r--tests/Unit/Helpers/AuthenticatorServiceProviderTest.php1
-rw-r--r--tests/Unit/Http/Exceptions/HttpForbiddenTest.php22
-rw-r--r--tests/Unit/Middleware/CallableHandlerTest.php8
-rw-r--r--tests/Unit/Middleware/RequestHandlerTest.php77
-rw-r--r--tests/Unit/Middleware/Stub/ControllerImplementation.php24
13 files changed, 265 insertions, 7 deletions
diff --git a/src/Controllers/BaseController.php b/src/Controllers/BaseController.php
index 6a27a066..cbc00931 100644
--- a/src/Controllers/BaseController.php
+++ b/src/Controllers/BaseController.php
@@ -4,5 +4,16 @@ namespace Engelsystem\Controllers;
abstract class BaseController
{
+ /** @var string[]|string[][] A list of Permissions required to access the controller or certain pages */
+ protected $permissions = [];
+ /**
+ * Returns the list of permissions
+ *
+ * @return string[]|string[][]
+ */
+ public function getPermissions()
+ {
+ return $this->permissions;
+ }
}
diff --git a/src/Helpers/AuthenticatorServiceProvider.php b/src/Helpers/AuthenticatorServiceProvider.php
index b7508b01..715a592f 100644
--- a/src/Helpers/AuthenticatorServiceProvider.php
+++ b/src/Helpers/AuthenticatorServiceProvider.php
@@ -13,5 +13,6 @@ class AuthenticatorServiceProvider extends ServiceProvider
$this->app->instance(Authenticator::class, $authenticator);
$this->app->instance('authenticator', $authenticator);
+ $this->app->instance('auth', $authenticator);
}
}
diff --git a/src/Http/Exceptions/HttpForbidden.php b/src/Http/Exceptions/HttpForbidden.php
new file mode 100644
index 00000000..01c0a5ec
--- /dev/null
+++ b/src/Http/Exceptions/HttpForbidden.php
@@ -0,0 +1,23 @@
+<?php
+
+namespace Engelsystem\Http\Exceptions;
+
+use Throwable;
+
+class HttpForbidden extends HttpException
+{
+ /**
+ * @param string $message
+ * @param array $headers
+ * @param int $code
+ * @param Throwable|null $previous
+ */
+ public function __construct(
+ string $message = '',
+ array $headers = [],
+ int $code = 0,
+ Throwable $previous = null
+ ) {
+ parent::__construct(403, $message, $headers, $code, $previous);
+ }
+}
diff --git a/src/Http/Request.php b/src/Http/Request.php
index 0d8d28b4..06900a18 100644
--- a/src/Http/Request.php
+++ b/src/Http/Request.php
@@ -363,7 +363,7 @@ class Request extends SymfonyRequest implements ServerRequestInterface
foreach ($uploadedFiles as $file) {
/** @var UploadedFileInterface $file */
$filename = tempnam(sys_get_temp_dir(), 'upload');
- $handle = fopen($filename, "w");
+ $handle = fopen($filename, 'w');
fwrite($handle, $file->getStream()->getContents());
fclose($handle);
diff --git a/src/Middleware/CallableHandler.php b/src/Middleware/CallableHandler.php
index eb493bf1..0bb666a3 100644
--- a/src/Middleware/CallableHandler.php
+++ b/src/Middleware/CallableHandler.php
@@ -74,4 +74,12 @@ class CallableHandler implements MiddlewareInterface, RequestHandlerInterface
$response = $this->container->get('response');
return $response->withContent($return);
}
+
+ /**
+ * @return callable
+ */
+ public function getCallable()
+ {
+ return $this->callable;
+ }
}
diff --git a/src/Middleware/RequestHandler.php b/src/Middleware/RequestHandler.php
index ebe1ff9e..b0fc664f 100644
--- a/src/Middleware/RequestHandler.php
+++ b/src/Middleware/RequestHandler.php
@@ -3,6 +3,9 @@
namespace Engelsystem\Middleware;
use Engelsystem\Application;
+use Engelsystem\Controllers\BaseController;
+use Engelsystem\Helpers\Authenticator;
+use Engelsystem\Http\Exceptions\HttpForbidden;
use InvalidArgumentException;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
@@ -37,6 +40,14 @@ class RequestHandler implements MiddlewareInterface
$requestHandler = $request->getAttribute('route-request-handler');
$requestHandler = $this->resolveRequestHandler($requestHandler);
+ if ($requestHandler instanceof CallableHandler) {
+ $callable = $requestHandler->getCallable();
+
+ if (is_array($callable) && $callable[0] instanceof BaseController) {
+ $this->checkPermissions($callable[0], $callable[1]);
+ }
+ }
+
if ($requestHandler instanceof MiddlewareInterface) {
return $requestHandler->process($request, $handler);
}
@@ -49,6 +60,8 @@ class RequestHandler implements MiddlewareInterface
}
/**
+ * Resolve the given class
+ *
* @param string|callable|MiddlewareInterface|RequestHandlerInterface $handler
* @return MiddlewareInterface|RequestHandlerInterface
*/
@@ -76,4 +89,36 @@ class RequestHandler implements MiddlewareInterface
return $this->resolveMiddleware($handler);
}
+
+ /**
+ * Check required page permissions
+ *
+ * @param BaseController $controller
+ * @param string $method
+ * @return bool
+ */
+ protected function checkPermissions(BaseController $controller, string $method): bool
+ {
+ /** @var Authenticator $auth */
+ $auth = $this->container->get('auth');
+ $permissions = $controller->getPermissions();
+
+ // Merge action permissions
+ if (isset($permissions[$method])) {
+ $permissions = array_merge($permissions, (array)$permissions[$method]);
+ }
+
+ foreach ($permissions as $key => $permission) {
+ // Skip all action permission entries
+ if (!is_int($key)) {
+ continue;
+ }
+
+ if (!$auth->can($permission)) {
+ throw new HttpForbidden();
+ }
+ }
+
+ return true;
+ }
}
diff --git a/tests/Unit/Controllers/BaseControllerTest.php b/tests/Unit/Controllers/BaseControllerTest.php
new file mode 100644
index 00000000..738b538f
--- /dev/null
+++ b/tests/Unit/Controllers/BaseControllerTest.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace Engelsystem\Test\Unit\Controllers;
+
+use Engelsystem\Test\Unit\Controllers\Stub\ControllerImplementation;
+use PHPUnit\Framework\TestCase;
+
+class BaseControllerTest extends TestCase
+{
+ /**
+ * @covers \Engelsystem\Controllers\BaseController::getPermissions
+ */
+ public function testGetPermissions()
+ {
+ $controller = new ControllerImplementation();
+
+ $this->assertEquals([
+ 'foo',
+ 'lorem' => [
+ 'ipsum',
+ 'dolor',
+ ],
+ ], $controller->getPermissions());
+ }
+}
diff --git a/tests/Unit/Controllers/Stub/ControllerImplementation.php b/tests/Unit/Controllers/Stub/ControllerImplementation.php
new file mode 100644
index 00000000..01d9f250
--- /dev/null
+++ b/tests/Unit/Controllers/Stub/ControllerImplementation.php
@@ -0,0 +1,25 @@
+<?php
+
+namespace Engelsystem\Test\Unit\Controllers\Stub;
+
+use Engelsystem\Controllers\BaseController;
+
+class ControllerImplementation extends BaseController
+{
+ /** @var array */
+ protected $permissions = [
+ 'foo',
+ 'lorem' => [
+ 'ipsum',
+ 'dolor',
+ ],
+ ];
+
+ /**
+ * @param array $permissions
+ */
+ public function setPermissions(array $permissions)
+ {
+ $this->permissions = $permissions;
+ }
+}
diff --git a/tests/Unit/Helpers/AuthenticatorServiceProviderTest.php b/tests/Unit/Helpers/AuthenticatorServiceProviderTest.php
index f42e9dff..b1767ebc 100644
--- a/tests/Unit/Helpers/AuthenticatorServiceProviderTest.php
+++ b/tests/Unit/Helpers/AuthenticatorServiceProviderTest.php
@@ -24,5 +24,6 @@ class AuthenticatorServiceProviderTest extends ServiceProviderTest
$this->assertInstanceOf(Authenticator::class, $app->get(Authenticator::class));
$this->assertInstanceOf(Authenticator::class, $app->get('authenticator'));
+ $this->assertInstanceOf(Authenticator::class, $app->get('auth'));
}
}
diff --git a/tests/Unit/Http/Exceptions/HttpForbiddenTest.php b/tests/Unit/Http/Exceptions/HttpForbiddenTest.php
new file mode 100644
index 00000000..765a20d2
--- /dev/null
+++ b/tests/Unit/Http/Exceptions/HttpForbiddenTest.php
@@ -0,0 +1,22 @@
+<?php
+
+namespace Engelsystem\Test\Unit\Http\Exceptions;
+
+use Engelsystem\Http\Exceptions\HttpForbidden;
+use PHPUnit\Framework\TestCase;
+
+class HttpForbiddenTest extends TestCase
+{
+ /**
+ * @covers \Engelsystem\Http\Exceptions\HttpForbidden::__construct
+ */
+ public function testConstruct()
+ {
+ $exception = new HttpForbidden();
+ $this->assertEquals(403, $exception->getStatusCode());
+ $this->assertEquals('', $exception->getMessage());
+
+ $exception = new HttpForbidden('Go away!');
+ $this->assertEquals('Go away!', $exception->getMessage());
+ }
+}
diff --git a/tests/Unit/Middleware/CallableHandlerTest.php b/tests/Unit/Middleware/CallableHandlerTest.php
index 29424480..a0dbfce8 100644
--- a/tests/Unit/Middleware/CallableHandlerTest.php
+++ b/tests/Unit/Middleware/CallableHandlerTest.php
@@ -11,7 +11,6 @@ use PHPUnit\Framework\TestCase;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\ServerRequestInterface;
use Psr\Http\Server\RequestHandlerInterface;
-use ReflectionClass as Reflection;
use stdClass;
class CallableHandlerTest extends TestCase
@@ -28,17 +27,14 @@ class CallableHandlerTest extends TestCase
/**
* @dataProvider provideCallable
* @covers \Engelsystem\Middleware\CallableHandler::__construct
+ * @covers \Engelsystem\Middleware\CallableHandler::getCallable
* @param callable $callable
*/
public function testInit($callable)
{
$handler = new CallableHandler($callable);
- $reflection = new Reflection(get_class($handler));
- $property = $reflection->getProperty('callable');
- $property->setAccessible(true);
-
- $this->assertEquals($callable, $property->getValue($handler));
+ $this->assertEquals($callable, $handler->getCallable());
}
/**
diff --git a/tests/Unit/Middleware/RequestHandlerTest.php b/tests/Unit/Middleware/RequestHandlerTest.php
index cb5fc4a6..7ff803d0 100644
--- a/tests/Unit/Middleware/RequestHandlerTest.php
+++ b/tests/Unit/Middleware/RequestHandlerTest.php
@@ -3,7 +3,11 @@
namespace Engelsystem\Test\Unit\Middleware;
use Engelsystem\Application;
+use Engelsystem\Helpers\Authenticator;
+use Engelsystem\Http\Exceptions\HttpForbidden;
+use Engelsystem\Middleware\CallableHandler;
use Engelsystem\Middleware\RequestHandler;
+use Engelsystem\Test\Unit\Middleware\Stub\ControllerImplementation;
use InvalidArgumentException;
use PHPUnit\Framework\MockObject\MockObject;
use PHPUnit\Framework\TestCase;
@@ -132,6 +136,79 @@ class RequestHandlerTest extends TestCase
}
/**
+ * @covers \Engelsystem\Middleware\RequestHandler::process
+ * @covers \Engelsystem\Middleware\RequestHandler::checkPermissions
+ */
+ public function testCheckPermissions()
+ {
+ /** @var Application|MockObject $container */
+ /** @var ServerRequestInterface|MockObject $request */
+ /** @var RequestHandlerInterface|MockObject $handler */
+ /** @var ResponseInterface|MockObject $response */
+ list($container, $request, $handler, $response) = $this->getMocks();
+
+ /** @var Authenticator|MockObject $auth */
+ $auth = $this->createMock(Authenticator::class);
+
+ $class = new ControllerImplementation();
+ /** @var CallableHandler|MockObject $callable */
+ $callable = $this->getMockBuilder(CallableHandler::class)
+ ->setConstructorArgs([[$class, 'actionStub']])
+ ->getMock();
+
+ $callable->expects($this->exactly(2))
+ ->method('getCallable')
+ ->willReturn([$class, 'actionStub']);
+
+ $callable->expects($this->exactly(1))
+ ->method('process')
+ ->with($request, $handler)
+ ->willReturn($response);
+
+ $request->expects($this->exactly(2))
+ ->method('getAttribute')
+ ->with('route-request-handler')
+ ->willReturn($callable);
+
+
+ /** @var RequestHandler|MockObject $middleware */
+ $middleware = $this->getMockBuilder(RequestHandler::class)
+ ->setConstructorArgs([$container])
+ ->setMethods(['resolveRequestHandler'])
+ ->getMock();
+
+ $middleware->expects($this->exactly(2))
+ ->method('resolveRequestHandler')
+ ->with($callable)
+ ->willReturn($callable);
+
+ $container->expects($this->exactly(2))
+ ->method('get')
+ ->with('auth')
+ ->willReturn($auth);
+
+ $hasPermissions = [];
+ $auth->expects($this->atLeastOnce())
+ ->method('can')
+ ->willReturnCallback(function ($permission) use (&$hasPermissions) {
+ return in_array($permission, $hasPermissions);
+ });
+
+ $hasPermissions = ['foo', 'test', 'user'];
+ $class->setPermissions([
+ 'foo',
+ 'loremIpsumAction' => ['dolor', 'sit'],
+ 'actionStub' => ['test'],
+ 'user',
+ ]);
+ $middleware->process($request, $handler);
+
+ $class->setPermissions(array_merge(['not.existing.permission'], $hasPermissions));
+ $this->expectException(HttpForbidden::class);
+ $middleware->process($request, $handler);
+ }
+
+ /**
* @return array
*/
protected function getMocks(): array
diff --git a/tests/Unit/Middleware/Stub/ControllerImplementation.php b/tests/Unit/Middleware/Stub/ControllerImplementation.php
new file mode 100644
index 00000000..939dde5b
--- /dev/null
+++ b/tests/Unit/Middleware/Stub/ControllerImplementation.php
@@ -0,0 +1,24 @@
+<?php
+
+namespace Engelsystem\Test\Unit\Middleware\Stub;
+
+use Engelsystem\Controllers\BaseController;
+
+class ControllerImplementation extends BaseController
+{
+ /**
+ * @param array $permissions
+ */
+ public function setPermissions(array $permissions)
+ {
+ $this->permissions = $permissions;
+ }
+
+ /**
+ * @return string
+ */
+ public function actionStub()
+ {
+ return '';
+ }
+}