Policies: treat true as allow, and false as deny (#2534)

2025-07-30 21:20:24 +02:00 · 2021-01-18 18:28:48 -05:00
parent 9b2d7856d1
commit 89e821e70f
2 changed files with 66 additions and 18 deletions
--- a/tests/unit/User/AbstractPolicyTest.php
+++ b/tests/unit/User/AbstractPolicyTest.php
@@ -9,9 +9,8 @@

 namespace Flarum\Tests\unit\User;

-use Flarum\Event\GetPermission;
 use Flarum\Tests\unit\TestCase;
-use Flarum\User\AbstractPolicy;
+use Flarum\User\Access\AbstractPolicy;
 use Flarum\User\User;
 use Illuminate\Events\Dispatcher;
 use Mockery as m;
@@ -19,7 +18,6 @@ use Mockery as m;
 class AbstractPolicyTest extends TestCase
 {
    private $policy;
-    private $dispatcher;

    /**
     * @inheritDoc
@@ -27,27 +25,43 @@ class AbstractPolicyTest extends TestCase
    protected function setUp(): void
    {
        $this->policy = m::mock(CustomUserPolicy::class)->makePartial();
-        $this->dispatcher = new Dispatcher();
-        $this->dispatcher->subscribe($this->policy);
-        User::setEventDispatcher($this->dispatcher);
+        User::setEventDispatcher(new Dispatcher());
+    }
+
+    /**
+     * @inheritDoc
+     */
+    protected function tearDown(): void
+    {
+        m::close();
    }

    public function test_policy_can_be_called_with_object()
    {
-        $this->policy->shouldReceive('edit')->andReturn(true);
+        $allowed = $this->policy->checkAbility(new User(), 'create', new User());

-        $allowed = $this->dispatcher->until(new GetPermission(new User(), 'edit', new User()));
-
-        $this->assertTrue($allowed);
+        $this->assertEquals(AbstractPolicy::ALLOW, $allowed);
    }

    public function test_policy_can_be_called_with_class()
    {
-        $this->policy->shouldReceive('create')->andReturn(true);
+        $allowed = $this->policy->checkAbility(new User(), 'edit', User::class);

-        $allowed = $this->dispatcher->until(new GetPermission(new User(), 'create', User::class));
+        $this->assertEquals(AbstractPolicy::DENY, $allowed);
+    }

-        $this->assertTrue($allowed);
+    public function test_policy_converts_true_to_ALLOW()
+    {
+        $allowed = $this->policy->checkAbility(new User(), 'somethingRandom', User::class);
+
+        $this->assertEquals(AbstractPolicy::ALLOW, $allowed);
+    }
+
+    public function test_policy_converts_false_to_DENY()
+    {
+        $allowed = $this->policy->checkAbility(new User(), 'somethingElseRandom', User::class);
+
+        $this->assertEquals(AbstractPolicy::DENY, $allowed);
    }
 }

@@ -57,11 +71,21 @@ class CustomUserPolicy extends AbstractPolicy

    public function create(User $actor)
    {
-        return true;
+        return $this->allow();
    }

-    public function edit(User $actor, User $user)
+    public function edit(User $actor, $target)
+    {
+        return $this->deny();
+    }
+
+    public function somethingRandom(User $actor, $target)
    {
        return true;
    }
+
+    public function somethingElseRandom(User $actor, $target)
+    {
+        return false;
+    }
 }