diff --git a/build/api/core/AuthSystemDefault.php b/build/api/core/AuthSystemDefault.php index 03c8f4c..0887245 100755 --- a/build/api/core/AuthSystemDefault.php +++ b/build/api/core/AuthSystemDefault.php @@ -175,6 +175,8 @@ */ public static function permission($module, $expected){ + $error_propag = []; + /* [1] Check format -> if not array of array(s) -> ERROR =========================================================*/ /* (1) If not array of array(s) -> ERROR*/ @@ -188,7 +190,8 @@ foreach($expected as $permission_group){ /* If granted -> don't go further */ - if( self::check_permission_group($module, $permission_group) == Err::Success ) + $error_propag[]= self::check_permission_group($module, $permission_group); + if( $error_propag[count($error_propag)-1] == Err::Success ) return new Error(Err::Success); } @@ -196,6 +199,9 @@ /* [3] By default return `PermissionError` =========================================================*/ + if( count($error_propag) > 0 ) + return new Error($error_propag[count($error_propag)-1]); + return new Error(Err::PermissionError); } @@ -204,7 +210,7 @@ - + /* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES * * @module Module concerné diff --git a/build/api/core/Request.php b/build/api/core/Request.php index f908680..d086908 100644 --- a/build/api/core/Request.php +++ b/build/api/core/Request.php @@ -156,6 +156,8 @@ /* (2) Store instance */ self::$authsystem = $instance; + + return true; } @@ -482,7 +484,7 @@ // try to load default AuthSystem if( !file_exists(__BUILD__.'/api/core/AuthSystemDefault.php') ) - return false; + return $this->error->set(Err::UnreachableResource); // load default AuthSystem class $classname = '\\api\\core\\AuthSystemDefault'; diff --git a/spec/build/api/core/RequestSpec.php b/spec/build/api/core/RequestSpec.php index 91ce6d4..19bee02 100644 --- a/spec/build/api/core/RequestSpec.php +++ b/spec/build/api/core/RequestSpec.php @@ -4,6 +4,8 @@ use Kahlan\Plugin\Monkey; use api\core\Request; + use api\core\AuthSystem; + use api\core\AuthSystemDefault; use error\core\Error; use error\core\Err; @@ -43,6 +45,28 @@ }); + describe('setAuthSystem(@instance)', function(){ + + it('pass when instance of AuthSystem', function(){ + + $instance = new AuthSystemDefault(); + + expect($instance)->toBeAnInstanceOf('api\core\AuthSystem'); + expect(Request::setAuthSystem($instance))->toBeTruthy(); + + }); + + it('fail when not instance of AuthSystem', function(){ + + $instance = new Error(Err::Success); + + expect($instance)->not->toBeAnInstanceOf('api\core\AuthSystem'); + expect(Request::setAuthSystem($instance))->toBeFalsy(); + + }); + + }); + describe('__construct(@path, @params)', function(){ context('with argument combinations', function(){ @@ -279,6 +303,192 @@ }); + it('pass all right', function(){ + + // bypass all checks + allow(Request::class)->toReceive('checkPermission')->andReturn(true); + allow(Request::class)->toReceive('checkParams')->andReturn(true); + + // bypass buildOptions(); + allow(Request::class)->toReceive('buildOptions')->andReturn(true); + + allow('json_decode')->toBeCalled()->andReturn([ + 'mo-du_leA' => [ 'POST::me-th_odA' => [] ], + 'moduleB' => [] + ]); + + $req = new Request('mo-du_leA/me-th_odA'); + expect($req->error->get())->toBe(Err::Success); + + }); + + }); + + describe('checkPermission()', function(){ + + it('pass when no permission', function(){ + + // bypass checkers + allow(Request::class)->toReceive('checkParams')->andReturn(true); + allow(Request::class)->toReceive('buildOptions')->andReturn(true); + + allow('json_decode')->toBeCalled()->andReturn([ + 'moduleA' => [ + 'POST::methodA' => [] + ] + ]); + + + $req = new Request('moduleA/methodA'); + expect($req->error->get())->toBe(Err::Success); + + }); + + it('pass when permission is not an array', function(){ + + // bypass checkers + allow(Request::class)->toReceive('checkParams')->andReturn(true); + allow(Request::class)->toReceive('buildOptions')->andReturn(true); + + allow('json_decode')->toBeCalled()->andReturn([ + 'moduleA' => [ + 'POST::methodA' => [ + 'permissions' => 23.2 + ] + ] + ]); + + + $req = new Request('moduleA/methodA'); + expect($req->error->get())->toBe(Err::Success); + + }); + + it('fail if no AuthSystem and no api/core/AuthSystemDefault.php', function(){ + + // bypass checkers + allow(Request::class)->toReceive('checkParams')->andReturn(true); + allow(Request::class)->toReceive('buildOptions')->andReturn(true); + + allow('file_exists')->toBeCalled()->andReturn(false); + + allow('json_decode')->toBeCalled()->andReturn([ + 'moduleA' => [ + 'POST::methodA' => [ + 'permissions' => [] + ] + ] + ]); + + $req = new Request('moduleA/methodA'); + expect($req->error->get())->toBe(Err::UnreachableResource); + + }); + + it('pass if no AuthSystem and the api/core/AuthSystemDefault.php', function(){ + + // bypass checkers + allow(Request::class)->toReceive('checkParams')->andReturn(true); + allow(Request::class)->toReceive('buildOptions')->andReturn(true); + + allow('json_decode')->toBeCalled()->andReturn([ + 'moduleA' => [ + 'POST::methodA' => [ + 'permissions' => [] + ] + ] + ]); + + $req = new Request('moduleA/methodA'); + expect($req->error->get())->toBe(Err::Success); + + }); + + it('fail if incorrect format', function(){ + // bypass checkers + allow(Request::class)->toReceive('checkParams')->andReturn(true); + allow(Request::class)->toReceive('buildOptions')->andReturn(true); + + allow('json_decode')->toBeCalled()->andReturn([ + 'moduleA' => [ + 'POST::methodA' => [ + 'permissions' => ['a'] + ] + ] + ]); + + $req = new Request('moduleA/methodA'); + expect($req->error->get())->toBe(Err::FormatError); + }); + + it('fail when not \'warehouse\' granted', function(){ + // bypass checkers + allow(Request::class)->toReceive('checkParams')->andReturn(true); + allow(Request::class)->toReceive('buildOptions')->andReturn(true); + + allow('json_decode')->toBeCalled()->andReturn([ + 'moduleA' => [ + 'POST::methodA' => [ + 'permissions' => [['warehouse']] + ] + ] + ]); + + $req = new Request('moduleA/methodA'); + expect($req->error->get())->toBe(Err::PermissionError); + }); + + it('fail when not \'admin\' granted', function(){ + // bypass checkers + allow(Request::class)->toReceive('checkParams')->andReturn(true); + allow(Request::class)->toReceive('buildOptions')->andReturn(true); + + allow('json_decode')->toBeCalled()->andReturn([ + 'moduleA' => [ + 'POST::methodA' => [ + 'permissions' => [['admin']] + ] + ] + ]); + + $req = new Request('moduleA/methodA'); + expect($req->error->get())->toBe(Err::PermissionError); + }); + + it('fail when not \'sats\' granted', function(){ + // bypass checkers + allow(Request::class)->toReceive('checkParams')->andReturn(true); + allow(Request::class)->toReceive('buildOptions')->andReturn(true); + + allow('json_decode')->toBeCalled()->andReturn([ + 'moduleA' => [ + 'POST::methodA' => [ + 'permissions' => [['sats']] + ] + ] + ]); + + $req = new Request('moduleA/methodA'); + expect($req->error->get())->toBe(Err::TokenError); + }); + + it('fail when not \'unknown permission\' granted', function(){ + // bypass checkers + allow(Request::class)->toReceive('checkParams')->andReturn(true); + allow(Request::class)->toReceive('buildOptions')->andReturn(true); + + allow('json_decode')->toBeCalled()->andReturn([ + 'moduleA' => [ + 'POST::methodA' => [ + 'permissions' => [['unk']] + ] + ] + ]); + + $req = new Request('moduleA/methodA'); + expect($req->error->get())->toBe(Err::PermissionError); + }); + });