mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-07-31 05:30:38 +02:00
Code Issues Releases Wiki Activity

Model Visibility Scoping Extender and Tests (#2460)

Browse Source
This commit is contained in:
Alexander Skvortsov
2020-12-07 20:02:46 -05:00
committed by GitHub
parent e0437d237a
commit 8901073d12
19 changed files with 527 additions and 145 deletions
Download Patch File Download Diff File Expand all files Collapse all files

189
tests/integration/extenders/ModelVisibilityTest.php Normal file
View File

@@ -0,0 +1,189 @@
<?php
/*
* This file is part of Flarum.
*
* For detailed copyright and license information, please view the
* LICENSE file that was distributed with this source code.
*/
namespace Flarum\Tests\integration\extenders;
use Carbon\Carbon;
use Flarum\Discussion\Discussion;
use Flarum\Extend;
use Flarum\Post\CommentPost;
use Flarum\Post\Post;
use Flarum\Tests\integration\RetrievesAuthorizedUsers;
use Flarum\Tests\integration\TestCase;
use Flarum\User\User;
use Illuminate\Database\Eloquent\Builder;
class ModelVisibilityTest extends TestCase
{
use RetrievesAuthorizedUsers;
protected function prepDb()
{
$this->prepareDatabase([
'discussions' => [
['id' => 1, 'title' => 'Empty discussion', 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'first_post_id' => null, 'comment_count' => 0, 'is_private' => 0],
['id' => 2, 'title' => 'Discussion with post', 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'first_post_id' => 1, 'comment_count' => 1, 'is_private' => 0],
['id' => 3, 'title' => 'Private discussion', 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 1, 'first_post_id' => 2, 'comment_count' => 1, 'is_private' => 1],
],
'posts' => [
['id' => 1, 'discussion_id' => 2, 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 2, 'type' => 'comment', 'content' => '<t><p>a normal reply - too-obscure</p></t>'],
['id' => 2, 'discussion_id' => 3, 'created_at' => Carbon::now()->toDateTimeString(), 'user_id' => 1, 'type' => 'comment', 'content' => '<t><p>private!</p></t>'],
],
'users' => [
$this->normalUser(),
],
'groups' => [
$this->guestGroup(),
$this->memberGroup(),
],
'group_user' => [
['user_id' => 2, 'group_id' => 3],
],
'group_permission' => [
['permission' => 'viewDiscussions', 'group_id' => 2],
['permission' => 'viewDiscussions', 'group_id' => 3],
]
]);
}
/**
* @test
*/
public function user_can_see_posts_by_default()
{
$this->prepDb();
$actor = User::find(2);
$visiblePosts = CommentPost::query()->whereVisibleTo($actor)->get();
$this->assertCount(1, $visiblePosts);
}
/**
* @test
*/
public function custom_visibility_scoper_can_stop_user_from_seeing_posts()
{
$this->extend(
(new Extend\ModelVisibility(CommentPost::class))
->scope(function (User $user, Builder $query) {
$query->whereRaw('1=0');
}, 'view')
);
$this->prepDb();
$actor = User::find(2);
$visiblePosts = CommentPost::query()->whereVisibleTo($actor)->get();
$this->assertCount(0, $visiblePosts);
}
/**
* @test
*/
public function custom_visibility_scoper_applies_if_added_to_parent_class()
{
$this->extend(
(new Extend\ModelVisibility(Post::class))
->scope(function (User $user, Builder $query) {
$query->whereRaw('1=0');
}, 'view')
);
$this->prepDb();
$actor = User::find(2);
$visiblePosts = CommentPost::query()->whereVisibleTo($actor)->get();
$this->assertCount(0, $visiblePosts);
}
/**
* @test
*/
public function custom_visibility_scoper_for_class_applied_after_scopers_for_parent_class()
{
$this->extend(
(new Extend\ModelVisibility(CommentPost::class))
->scope(function (User $user, Builder $query) {
$query->orWhereRaw('1=1');
}, 'view'),
(new Extend\ModelVisibility(Post::class))
->scope(function (User $user, Builder $query) {
$query->whereRaw('1=0');
}, 'view')
);
$this->prepDb();
$actor = User::find(2);
$visiblePosts = CommentPost::query()->whereVisibleTo($actor)->get();
$this->assertCount(2, $visiblePosts);
}
/**
* @test
*/
public function custom_scoper_works_for_abilities_other_than_view()
{
$this->extend(
(new Extend\ModelVisibility(Discussion::class))
->scope(function (User $user, Builder $query) {
$query->whereRaw('1=1');
}, 'viewPrivate'),
(new Extend\ModelVisibility(Post::class))
->scope(function (User $user, Builder $query) {
$query->whereRaw('1=1');
}, 'viewPrivate')
);
$this->prepDb();
$actor = User::find(2);
$visiblePosts = CommentPost::query()->whereVisibleTo($actor)->get();
$this->assertCount(2, $visiblePosts);
}
/**
* @test
*/
public function universal_scoper_works()
{
$this->extend(
(new Extend\ModelVisibility(Discussion::class))
->scopeAll(function (User $user, Builder $query, string $ability) {
if ($ability == 'viewPrivate') {
$query->whereRaw('1=1');
}
}),
(new Extend\ModelVisibility(Post::class))
->scopeAll(function (User $user, Builder $query, string $ability) {
if ($ability == 'viewPrivate') {
$query->whereRaw('1=1');
}
})
);
$this->prepDb();
$actor = User::find(2);
$visiblePosts = CommentPost::query()->whereVisibleTo($actor)->get();
$this->assertCount(2, $visiblePosts);
}
}

3
tests/integration/extenders/UserTest.php
View File

@@ -33,6 +33,9 @@ class UserTest extends TestCase
'settings' => [
['key' => 'display_name_driver', 'value' => 'custom'],
],
'group_permission' => [
['permission' => 'viewUserList', 'group_id' => 3],
]
]);
}