feat(core) : RBAC #345 - UserRbacProcessor last admin guard
This commit is contained in:
Matthieu
@@ -9,6 +9,8 @@ use ApiPlatform\State\ProcessorInterface;
|
||||
use App\Module\Core\Domain\Entity\Permission;
|
||||
use App\Module\Core\Domain\Entity\Role;
|
||||
use App\Module\Core\Domain\Entity\User;
|
||||
use App\Module\Core\Domain\Exception\LastAdminProtectionException;
|
||||
use App\Module\Core\Domain\Security\AdminHeadcountGuardInterface;
|
||||
use App\Module\Core\Infrastructure\ApiPlatform\State\Processor\UserRbacProcessor;
|
||||
use Doctrine\ORM\EntityManagerInterface;
|
||||
use Doctrine\ORM\UnitOfWork;
|
||||
@@ -22,9 +24,9 @@ use Symfony\Bundle\SecurityBundle\Security;
|
||||
use Symfony\Component\HttpKernel\Exception\BadRequestHttpException;
|
||||
|
||||
/**
|
||||
* Tests unitaires du UserRbacProcessor : couvre la garde "auto-suicide" et la
|
||||
* delegation au PersistProcessor Doctrine decore pour les trois champs RBAC
|
||||
* (isAdmin, roles, directPermissions).
|
||||
* Tests unitaires du UserRbacProcessor : couvre la garde "auto-suicide", la
|
||||
* garde "dernier admin global" et la delegation au PersistProcessor Doctrine
|
||||
* decore pour les trois champs RBAC (isAdmin, roles, directPermissions).
|
||||
*
|
||||
* @internal
|
||||
*/
|
||||
@@ -35,14 +37,16 @@ final class UserRbacProcessorTest extends TestCase
|
||||
private EntityManagerInterface&MockObject $entityManager;
|
||||
private MockObject&UnitOfWork $unitOfWork;
|
||||
private MockObject&Security $security;
|
||||
private AdminHeadcountGuardInterface&MockObject $adminHeadcountGuard;
|
||||
private UserRbacProcessor $processor;
|
||||
|
||||
protected function setUp(): void
|
||||
{
|
||||
$this->persistProcessor = $this->createMock(ProcessorInterface::class);
|
||||
$this->entityManager = $this->createMock(EntityManagerInterface::class);
|
||||
$this->unitOfWork = $this->createMock(UnitOfWork::class);
|
||||
$this->security = $this->createMock(Security::class);
|
||||
$this->persistProcessor = $this->createMock(ProcessorInterface::class);
|
||||
$this->entityManager = $this->createMock(EntityManagerInterface::class);
|
||||
$this->unitOfWork = $this->createMock(UnitOfWork::class);
|
||||
$this->security = $this->createMock(Security::class);
|
||||
$this->adminHeadcountGuard = $this->createMock(AdminHeadcountGuardInterface::class);
|
||||
|
||||
$this->entityManager->method('getUnitOfWork')->willReturn($this->unitOfWork);
|
||||
|
||||
@@ -50,19 +54,28 @@ final class UserRbacProcessorTest extends TestCase
|
||||
$this->persistProcessor,
|
||||
$this->entityManager,
|
||||
$this->security,
|
||||
$this->adminHeadcountGuard,
|
||||
);
|
||||
}
|
||||
|
||||
public function testPatchPromotesUserToAdminDelegatesToPersistProcessor(): void
|
||||
{
|
||||
$target = $this->buildUser(42, 'alice', false);
|
||||
$target->setIsAdmin(true);
|
||||
$target = $this->buildUser(42, 'alice', true);
|
||||
|
||||
$currentAdmin = $this->buildUser(1, 'admin', true);
|
||||
$this->security->method('getUser')->willReturn($currentAdmin);
|
||||
|
||||
// Cible != user courant : pas de lecture d'UnitOfWork necessaire.
|
||||
$this->unitOfWork->expects(self::never())->method('getOriginalEntityData');
|
||||
// La cible gagne isAdmin (false -> true) : willLoseAdmin = false, donc
|
||||
// getOriginalEntityData est appele mais aucune garde ne bloque.
|
||||
$this->unitOfWork
|
||||
->method('getOriginalEntityData')
|
||||
->with($target)
|
||||
->willReturn([
|
||||
'id' => 42,
|
||||
'username' => 'alice',
|
||||
'isAdmin' => false,
|
||||
])
|
||||
;
|
||||
|
||||
$this->persistProcessor
|
||||
->expects(self::once())
|
||||
@@ -146,14 +159,30 @@ final class UserRbacProcessorTest extends TestCase
|
||||
|
||||
public function testPatchAdminDemotingAnotherUserIsAllowed(): void
|
||||
{
|
||||
// Un admin qui retire isAdmin a quelqu'un d'autre : autorise.
|
||||
// Un admin qui retire isAdmin a quelqu'un d'autre : autorise si d'autres
|
||||
// admins existent (guard ne leve pas d'exception).
|
||||
$target = $this->buildUser(42, 'alice', false);
|
||||
$current = $this->buildUser(1, 'admin', true);
|
||||
|
||||
$this->security->method('getUser')->willReturn($current);
|
||||
|
||||
// Cible != user courant : pas de verification d'auto-suicide.
|
||||
$this->unitOfWork->expects(self::never())->method('getOriginalEntityData');
|
||||
// La cible perd isAdmin (true -> false) : getOriginalEntityData est appele.
|
||||
$this->unitOfWork
|
||||
->method('getOriginalEntityData')
|
||||
->with($target)
|
||||
->willReturn([
|
||||
'id' => 42,
|
||||
'username' => 'alice',
|
||||
'isAdmin' => true,
|
||||
])
|
||||
;
|
||||
|
||||
// Le garde ne leve pas d'exception : d'autres admins existent.
|
||||
$this->adminHeadcountGuard
|
||||
->expects(self::once())
|
||||
->method('ensureAtLeastOneAdminRemainsAfterDemotion')
|
||||
->with($target)
|
||||
;
|
||||
|
||||
$this->persistProcessor
|
||||
->expects(self::once())
|
||||
@@ -210,6 +239,150 @@ final class UserRbacProcessorTest extends TestCase
|
||||
$this->processor->process(new stdClass(), new Patch());
|
||||
}
|
||||
|
||||
// -------------------------------------------------------------------------
|
||||
// Tests de la garde "dernier admin global"
|
||||
// -------------------------------------------------------------------------
|
||||
|
||||
public function testBlocksDemotionWhenLastAdminGlobally(): void
|
||||
{
|
||||
// L'admin courant A tente de retirer isAdmin a l'admin B (le dernier).
|
||||
$adminA = $this->buildUser(1, 'adminA', true);
|
||||
$adminB = $this->buildUser(2, 'adminB', false); // isAdmin -> false dans le PATCH
|
||||
|
||||
$this->security->method('getUser')->willReturn($adminA);
|
||||
|
||||
$this->unitOfWork
|
||||
->method('getOriginalEntityData')
|
||||
->with($adminB)
|
||||
->willReturn([
|
||||
'id' => 2,
|
||||
'username' => 'adminB',
|
||||
'isAdmin' => true,
|
||||
])
|
||||
;
|
||||
|
||||
// Le garde signale qu'il n'y aurait plus aucun admin.
|
||||
$this->adminHeadcountGuard
|
||||
->expects(self::once())
|
||||
->method('ensureAtLeastOneAdminRemainsAfterDemotion')
|
||||
->with($adminB)
|
||||
->willThrowException(new LastAdminProtectionException())
|
||||
;
|
||||
|
||||
$this->persistProcessor->expects(self::never())->method('process');
|
||||
|
||||
$this->expectException(BadRequestHttpException::class);
|
||||
$this->expectExceptionMessage('Impossible : au moins un administrateur doit rester sur l\'instance.');
|
||||
|
||||
$this->processor->process($adminB, new Patch());
|
||||
}
|
||||
|
||||
public function testDelegatesDemotionWhenAdminsRemain(): void
|
||||
{
|
||||
// L'admin courant A retire isAdmin a l'admin B, mais d'autres admins existent.
|
||||
$adminA = $this->buildUser(1, 'adminA', true);
|
||||
$adminB = $this->buildUser(2, 'adminB', false); // isAdmin -> false dans le PATCH
|
||||
|
||||
$this->security->method('getUser')->willReturn($adminA);
|
||||
|
||||
$this->unitOfWork
|
||||
->method('getOriginalEntityData')
|
||||
->with($adminB)
|
||||
->willReturn([
|
||||
'id' => 2,
|
||||
'username' => 'adminB',
|
||||
'isAdmin' => true,
|
||||
])
|
||||
;
|
||||
|
||||
// Le garde ne leve pas d'exception : il reste au moins un admin.
|
||||
$this->adminHeadcountGuard
|
||||
->expects(self::once())
|
||||
->method('ensureAtLeastOneAdminRemainsAfterDemotion')
|
||||
->with($adminB)
|
||||
;
|
||||
|
||||
$this->persistProcessor
|
||||
->expects(self::once())
|
||||
->method('process')
|
||||
->with($adminB)
|
||||
->willReturn($adminB)
|
||||
;
|
||||
|
||||
$result = $this->processor->process($adminB, new Patch());
|
||||
|
||||
self::assertSame($adminB, $result);
|
||||
}
|
||||
|
||||
public function testDoesNotCallGuardWhenIsAdminUntouched(): void
|
||||
{
|
||||
// PATCH qui ne touche pas isAdmin (reste false) : la garde ne doit pas etre appelee.
|
||||
$target = $this->buildUser(42, 'alice', false);
|
||||
$current = $this->buildUser(1, 'admin', true);
|
||||
|
||||
$this->security->method('getUser')->willReturn($current);
|
||||
|
||||
$this->unitOfWork
|
||||
->method('getOriginalEntityData')
|
||||
->with($target)
|
||||
->willReturn([
|
||||
'id' => 42,
|
||||
'username' => 'alice',
|
||||
'isAdmin' => false,
|
||||
])
|
||||
;
|
||||
|
||||
// isAdmin reste false : willLoseAdmin = false, garde jamais appelee.
|
||||
$this->adminHeadcountGuard
|
||||
->expects(self::never())
|
||||
->method('ensureAtLeastOneAdminRemainsAfterDemotion')
|
||||
;
|
||||
|
||||
$this->persistProcessor
|
||||
->expects(self::once())
|
||||
->method('process')
|
||||
->with($target)
|
||||
->willReturn($target)
|
||||
;
|
||||
|
||||
$result = $this->processor->process($target, new Patch());
|
||||
|
||||
self::assertSame($target, $result);
|
||||
}
|
||||
|
||||
public function testAutoSuicideTakesPrecedenceOverLastAdminGlobal(): void
|
||||
{
|
||||
// L'unique admin tente de se retirer lui-meme son propre flag.
|
||||
// La garde auto-suicide doit court-circuiter avant la garde dernier-admin.
|
||||
$self = $this->buildUser(1, 'admin', false); // isAdmin -> false dans le PATCH
|
||||
|
||||
$this->security->method('getUser')->willReturn($self);
|
||||
|
||||
$this->unitOfWork
|
||||
->method('getOriginalEntityData')
|
||||
->with($self)
|
||||
->willReturn([
|
||||
'id' => 1,
|
||||
'username' => 'admin',
|
||||
'isAdmin' => true,
|
||||
])
|
||||
;
|
||||
|
||||
// La garde dernier-admin ne doit jamais etre appelee : l'auto-suicide
|
||||
// court-circuite avant.
|
||||
$this->adminHeadcountGuard
|
||||
->expects(self::never())
|
||||
->method('ensureAtLeastOneAdminRemainsAfterDemotion')
|
||||
;
|
||||
|
||||
$this->persistProcessor->expects(self::never())->method('process');
|
||||
|
||||
$this->expectException(BadRequestHttpException::class);
|
||||
$this->expectExceptionMessage('Vous ne pouvez pas retirer vos propres droits administrateur.');
|
||||
|
||||
$this->processor->process($self, new Patch());
|
||||
}
|
||||
|
||||
/**
|
||||
* Construit un User avec un id force via reflection (les mocks
|
||||
* d'UnitOfWork n'alimentent pas l'id tout seul).
|
||||
|
||||
Reference in New Issue
Block a user