feat(core) : RBAC #344 - RoleProcessor + gardes systeme et code immuable
This commit is contained in:
Matthieu
@@ -245,6 +245,77 @@ final class RoleApiTest extends ApiTestCase
|
||||
self::assertNull($em->getRepository(Role::class)->find($id));
|
||||
}
|
||||
|
||||
public function testDeleteSystemRoleReturns403(): void
|
||||
{
|
||||
$role = $this->getEm()->getRepository(Role::class)->findOneBy(['code' => SystemRoles::ADMIN_CODE]);
|
||||
self::assertNotNull($role);
|
||||
|
||||
$client = $this->authenticatedClient('admin', 'admin');
|
||||
$client->request('DELETE', '/api/roles/'.$role->getId());
|
||||
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
|
||||
// Le role systeme doit toujours exister.
|
||||
$em = $this->getEm();
|
||||
$em->clear();
|
||||
self::assertNotNull($em->getRepository(Role::class)->findOneBy(['code' => SystemRoles::ADMIN_CODE]));
|
||||
}
|
||||
|
||||
public function testPatchSystemRoleLabelReturns200(): void
|
||||
{
|
||||
$em = $this->getEm();
|
||||
$role = $em->getRepository(Role::class)->findOneBy(['code' => SystemRoles::ADMIN_CODE]);
|
||||
self::assertNotNull($role);
|
||||
$originalLabel = $role->getLabel();
|
||||
$roleId = $role->getId();
|
||||
|
||||
$client = $this->authenticatedClient('admin', 'admin');
|
||||
|
||||
try {
|
||||
$response = $client->request('PATCH', '/api/roles/'.$roleId, [
|
||||
'headers' => ['Content-Type' => 'application/merge-patch+json'],
|
||||
'json' => ['label' => 'Administrateur (modifie test)'],
|
||||
]);
|
||||
|
||||
self::assertResponseIsSuccessful();
|
||||
$data = $response->toArray();
|
||||
self::assertSame('Administrateur (modifie test)', $data['label']);
|
||||
self::assertSame(SystemRoles::ADMIN_CODE, $data['code']);
|
||||
self::assertTrue($data['isSystem']);
|
||||
} finally {
|
||||
// Restauration defensive du label original pour ne pas polluer
|
||||
// les tests suivants (les fixtures systeme sont partagees).
|
||||
$em = $this->getEm();
|
||||
|
||||
/** @var null|Role $reloaded */
|
||||
$reloaded = $em->getRepository(Role::class)->findOneBy(['code' => SystemRoles::ADMIN_CODE]);
|
||||
if (null !== $reloaded && $reloaded->getLabel() !== $originalLabel) {
|
||||
$reloaded->setLabel($originalLabel);
|
||||
$em->flush();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public function testPatchRoleCodeChangeReturns400(): void
|
||||
{
|
||||
$role = $this->getEm()->getRepository(Role::class)->findOneBy(['code' => 'test_editor']);
|
||||
self::assertNotNull($role);
|
||||
|
||||
$client = $this->authenticatedClient('admin', 'admin');
|
||||
$client->request('PATCH', '/api/roles/'.$role->getId(), [
|
||||
'headers' => ['Content-Type' => 'application/merge-patch+json'],
|
||||
'json' => ['code' => 'test_editor_renamed'],
|
||||
]);
|
||||
|
||||
self::assertResponseStatusCodeSame(400);
|
||||
|
||||
// Verification cote base : le code d'origine n'a pas bouge.
|
||||
$em = $this->getEm();
|
||||
$em->clear();
|
||||
self::assertNotNull($em->getRepository(Role::class)->findOneBy(['code' => 'test_editor']));
|
||||
self::assertNull($em->getRepository(Role::class)->findOneBy(['code' => 'test_editor_renamed']));
|
||||
}
|
||||
|
||||
public function testUnauthenticatedGetCollectionReturns401(): void
|
||||
{
|
||||
$client = self::createClient();
|
||||
|
||||
Reference in New Issue
Block a user