mirror/php-flarum
1
0
Fork 0
mirror of https://github.com/flarum/core.git synced 2025-07-25 18:51:40 +02:00
Code Issues Releases Wiki Activity

Policies: treat true as allow, and false as deny (#2534)

Browse Source
This commit is contained in:
Alexander Skvortsov
2021-01-18 18:28:48 -05:00
committed by GitHub
parent 9b2d7856d1
commit 89e821e70f
2 changed files with 66 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/User/Access/AbstractPolicy.php
View File

@@ -43,13 +43,13 @@ abstract class AbstractPolicy
* @param User $user * @param User $user
* @param string $ability * @param string $ability
* @param $instance * @param $instance
* @return bool|void * @return string|void
*/ */
public function checkAbility(User $actor, string $ability, $instance) public function checkAbility(User $actor, string $ability, $instance)
{ // If a specific method for this ability is defined, { // If a specific method for this ability is defined,
// call that and return any non-null results // call that and return any non-null results
if (method_exists($this, $ability)) { if (method_exists($this, $ability)) {
$result = call_user_func_array([$this, $ability], [$actor, $instance]); $result = $this->sanitizeResult(call_user_func_array([$this, $ability], [$actor, $instance]));
if (! is_null($result)) { if (! is_null($result)) {
return $result; return $result;
@@ -58,7 +58,31 @@ abstract class AbstractPolicy
// If a "total access" method is defined, try that. // If a "total access" method is defined, try that.
if (method_exists($this, 'can')) { if (method_exists($this, 'can')) {
return call_user_func_array([$this, 'can'], [$actor, $ability, $instance]); return $this->sanitizeResult(call_user_func_array([$this, 'can'], [$actor, $ability, $instance]));
} }
} }
/**
* Allows `true` to be used in place of `->allow()`, and `false` instead of `->deny()`
* This allows more concise and intuitive code, by returning boolean statements:.
*
* WITHOUT THIS:
* `return SOME_BOOLEAN_LOGIC ? $this->allow() : $this->deny();
*
* WITH THIS:
* `return SOME_BOOLEAN_LOGIC;
*
* @param mixed $result
* @return string|void
*/
public function sanitizeResult($result)
{
if ($result === true) {
return $this->allow();
} elseif ($result === false) {
return $this->deny();
}
return $result;
}
} }

54
tests/unit/User/AbstractPolicyTest.php
View File

@@ -9,9 +9,8 @@
namespace Flarum\Tests\unit\User; namespace Flarum\Tests\unit\User;
use Flarum\Event\GetPermission;
use Flarum\Tests\unit\TestCase; use Flarum\Tests\unit\TestCase;
use Flarum\User\AbstractPolicy; use Flarum\User\Access\AbstractPolicy;
use Flarum\User\User; use Flarum\User\User;
use Illuminate\Events\Dispatcher; use Illuminate\Events\Dispatcher;
use Mockery as m; use Mockery as m;
@@ -19,7 +18,6 @@ use Mockery as m;
class AbstractPolicyTest extends TestCase class AbstractPolicyTest extends TestCase
{ {
private $policy; private $policy;
private $dispatcher;
/** /**
* @inheritDoc * @inheritDoc
@@ -27,27 +25,43 @@ class AbstractPolicyTest extends TestCase
protected function setUp(): void protected function setUp(): void
{ {
$this->policy = m::mock(CustomUserPolicy::class)->makePartial(); $this->policy = m::mock(CustomUserPolicy::class)->makePartial();
$this->dispatcher = new Dispatcher(); User::setEventDispatcher(new Dispatcher());
$this->dispatcher->subscribe($this->policy); }
User::setEventDispatcher($this->dispatcher);
/**
* @inheritDoc
*/
protected function tearDown(): void
{
m::close();
} }
public function test_policy_can_be_called_with_object() public function test_policy_can_be_called_with_object()
{ {
$this->policy->shouldReceive('edit')->andReturn(true); $allowed = $this->policy->checkAbility(new User(), 'create', new User());
$allowed = $this->dispatcher->until(new GetPermission(new User(), 'edit', new User())); $this->assertEquals(AbstractPolicy::ALLOW, $allowed);
$this->assertTrue($allowed);
} }
public function test_policy_can_be_called_with_class() public function test_policy_can_be_called_with_class()
{ {
$this->policy->shouldReceive('create')->andReturn(true); $allowed = $this->policy->checkAbility(new User(), 'edit', User::class);
$allowed = $this->dispatcher->until(new GetPermission(new User(), 'create', User::class)); $this->assertEquals(AbstractPolicy::DENY, $allowed);
}
$this->assertTrue($allowed); public function test_policy_converts_true_to_ALLOW()
{
$allowed = $this->policy->checkAbility(new User(), 'somethingRandom', User::class);
$this->assertEquals(AbstractPolicy::ALLOW, $allowed);
}
public function test_policy_converts_false_to_DENY()
{
$allowed = $this->policy->checkAbility(new User(), 'somethingElseRandom', User::class);
$this->assertEquals(AbstractPolicy::DENY, $allowed);
} }
} }
@@ -57,11 +71,21 @@ class CustomUserPolicy extends AbstractPolicy
public function create(User $actor) public function create(User $actor)
{ {
return true; return $this->allow();
} }
public function edit(User $actor, User $user) public function edit(User $actor, $target)
{
return $this->deny();
}
public function somethingRandom(User $actor, $target)
{ {
return true; return true;
} }
public function somethingElseRandom(User $actor, $target)
{
return false;
}
} }