37 lines
1.2 KiB
PHP
37 lines
1.2 KiB
PHP
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
namespace Tests\Identity;
|
|
|
|
use Netig\Netslim\Identity\Application\AuthorizationApplicationService;
|
|
use Netig\Netslim\Identity\Domain\Entity\User;
|
|
use Netig\Netslim\Identity\Domain\Policy\Permission;
|
|
use Netig\Netslim\Identity\Domain\Policy\RolePermissionMatrix;
|
|
use PHPUnit\Framework\TestCase;
|
|
|
|
final class AuthorizationServiceTest extends TestCase
|
|
{
|
|
private AuthorizationApplicationService $service;
|
|
|
|
protected function setUp(): void
|
|
{
|
|
$this->service = new AuthorizationApplicationService(new RolePermissionMatrix());
|
|
}
|
|
|
|
public function testEditorGetsFineGrainedPermissions(): void
|
|
{
|
|
$editor = new User(1, 'editor', 'editor@example.test', 'hash', User::ROLE_EDITOR);
|
|
|
|
self::assertTrue($this->service->canUser($editor, Permission::CONTENT_PUBLISH));
|
|
self::assertTrue($this->service->canUser($editor, Permission::MEDIA_MANAGE));
|
|
self::assertFalse($this->service->canUser($editor, Permission::USERS_MANAGE));
|
|
}
|
|
|
|
public function testAdminHasWildcardPermissions(): void
|
|
{
|
|
self::assertTrue($this->service->canRole(User::ROLE_ADMIN, Permission::SETTINGS_MANAGE));
|
|
self::assertContains('*', $this->service->permissionsForRole(User::ROLE_ADMIN));
|
|
}
|
|
}
|