first commit

tests/Identity/AuthorizationServiceTest.php

@@ -0,0 +1,36 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Tests\Identity;
+
+use Netig\Netslim\Identity\Application\AuthorizationApplicationService;
+use Netig\Netslim\Identity\Domain\Entity\User;
+use Netig\Netslim\Identity\Domain\Policy\Permission;
+use Netig\Netslim\Identity\Domain\Policy\RolePermissionMatrix;
+use PHPUnit\Framework\TestCase;
+
+final class AuthorizationServiceTest extends TestCase
+{
+    private AuthorizationApplicationService $service;
+
+    protected function setUp(): void
+    {
+        $this->service = new AuthorizationApplicationService(new RolePermissionMatrix());
+    }
+
+    public function testEditorGetsFineGrainedPermissions(): void
+    {
+        $editor = new User(1, 'editor', 'editor@example.test', 'hash', User::ROLE_EDITOR);
+
+        self::assertTrue($this->service->canUser($editor, Permission::CONTENT_PUBLISH));
+        self::assertTrue($this->service->canUser($editor, Permission::MEDIA_MANAGE));
+        self::assertFalse($this->service->canUser($editor, Permission::USERS_MANAGE));
+    }
+
+    public function testAdminHasWildcardPermissions(): void
+    {
+        self::assertTrue($this->service->canRole(User::ROLE_ADMIN, Permission::SETTINGS_MANAGE));
+        self::assertContains('*', $this->service->permissionsForRole(User::ROLE_ADMIN));
+    }
+}