test(core) : RBAC #345 - functional coverage voter + last admin guard
This commit is contained in:
Matthieu
@@ -5,6 +5,8 @@ declare(strict_types=1);
|
||||
namespace App\Tests\Module\Core\Api;
|
||||
|
||||
use App\Module\Core\Domain\Entity\Permission;
|
||||
use App\Module\Core\Domain\Entity\Role;
|
||||
use App\Module\Core\Domain\Entity\User;
|
||||
|
||||
/**
|
||||
* Tests fonctionnels de l'exposition API Platform de l'entite Permission.
|
||||
@@ -172,9 +174,69 @@ final class PermissionApiTest extends AbstractApiTestCase
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
|
||||
// --- Tests voter RBAC : non-admin avec / sans permission ---
|
||||
|
||||
public function testListPermissionsAsUserWithViewPermissionReturns200(): void
|
||||
{
|
||||
// Un non-admin portant core.permissions.view doit pouvoir lister.
|
||||
$credentials = $this->createUserWithPermission('core.permissions.view');
|
||||
$client = $this->authenticatedClient($credentials['username'], $credentials['password']);
|
||||
$client->request('GET', '/api/permissions');
|
||||
|
||||
self::assertResponseIsSuccessful();
|
||||
}
|
||||
|
||||
public function testListPermissionsAsStandardUserReturns403(): void
|
||||
{
|
||||
// alice n'a aucune permission RBAC : acces refuse.
|
||||
$client = $this->authenticatedClient('alice', 'alice');
|
||||
$client->request('GET', '/api/permissions');
|
||||
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
|
||||
public function testGetPermissionAsUserWithViewPermissionReturns200(): void
|
||||
{
|
||||
// Recupere l'id d'une permission existante pour construire l'URL GET item.
|
||||
$permission = $this->getEm()->getRepository(Permission::class)
|
||||
->findOneBy(['code' => 'test.core.users.view'])
|
||||
;
|
||||
self::assertNotNull($permission);
|
||||
|
||||
$credentials = $this->createUserWithPermission('core.permissions.view');
|
||||
$client = $this->authenticatedClient($credentials['username'], $credentials['password']);
|
||||
$client->request('GET', '/api/permissions/'.$permission->getId());
|
||||
|
||||
self::assertResponseIsSuccessful();
|
||||
}
|
||||
|
||||
public function testGetPermissionAsStandardUserReturns403(): void
|
||||
{
|
||||
$permission = $this->getEm()->getRepository(Permission::class)
|
||||
->findOneBy(['code' => 'test.core.users.view'])
|
||||
;
|
||||
self::assertNotNull($permission);
|
||||
|
||||
$client = $this->authenticatedClient('alice', 'alice');
|
||||
$client->request('GET', '/api/permissions/'.$permission->getId());
|
||||
|
||||
self::assertResponseStatusCodeSame(403);
|
||||
}
|
||||
|
||||
private function cleanupTestPermissions(): void
|
||||
{
|
||||
$this->getEm()->createQuery(
|
||||
$em = $this->getEm();
|
||||
|
||||
// Purge des users et roles jetables crees par createUserWithPermission().
|
||||
$em->createQuery(
|
||||
'DELETE FROM '.User::class.' u WHERE u.username LIKE :prefix'
|
||||
)->setParameter('prefix', 'testuser_%')->execute();
|
||||
|
||||
$em->createQuery(
|
||||
'DELETE FROM '.Role::class.' r WHERE r.code LIKE :prefix'
|
||||
)->setParameter('prefix', 'test_%')->execute();
|
||||
|
||||
$em->createQuery(
|
||||
'DELETE FROM '.Permission::class.' p WHERE p.code LIKE :prefix'
|
||||
)->setParameter('prefix', self::TEST_CODE_PREFIX.'%')->execute();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user