[kahlan:api/core/Request] tests + fixed Request + fixed AuthSystemDefault

build/api/core/AuthSystemDefault.php

@@ -175,6 +175,8 @@
 		*/
 		public static function permission($module, $expected){
 
+			$error_propag = [];
+
 			/* [1] Check format -> if not array of array(s) -> ERROR
 			=========================================================*/
 			/* (1) If not array of array(s) -> ERROR*/
@@ -188,7 +190,8 @@
 			foreach($expected as $permission_group){
 
 				/* If granted -> don't go further */
-				if( self::check_permission_group($module, $permission_group) == Err::Success )
+				$error_propag[]= self::check_permission_group($module, $permission_group);
+				if( $error_propag[count($error_propag)-1] == Err::Success )
 					return new Error(Err::Success);
 
 			}
@@ -196,6 +199,9 @@
 
 			/* [3] By default return `PermissionError`
 			=========================================================*/
+			if( count($error_propag) > 0 )
+				return new Error($error_propag[count($error_propag)-1]);
+
 			return new Error(Err::PermissionError);
 		}
 
@@ -204,7 +210,7 @@
 
 
 
-		
+
 		/* VERIFICATION DES ACCES EN FONCTION DE PERMISSIONS ATTENDUES
 		*
 		* @module<String> 										Module concerné

build/api/core/Request.php

@@ -156,6 +156,8 @@
 
 			/* (2) Store instance */
 			self::$authsystem = $instance;
+
+			return true;
 		}
 
 
@@ -482,7 +484,7 @@
 
 				// try to load default AuthSystem
 				if( !file_exists(__BUILD__.'/api/core/AuthSystemDefault.php') )
-					return false;
+					return $this->error->set(Err::UnreachableResource);
 
 				// load default AuthSystem class
 				$classname =  '\\api\\core\\AuthSystemDefault';

spec/build/api/core/RequestSpec.php

@@ -4,6 +4,8 @@
 	use Kahlan\Plugin\Monkey;
 
 	use api\core\Request;
+	use api\core\AuthSystem;
+	use api\core\AuthSystemDefault;
 	use error\core\Error;
 	use error\core\Err;
 
@@ -43,6 +45,28 @@
 
 				});
 
+				describe('setAuthSystem(@instance)', function(){
+
+					it('pass when instance of AuthSystem', function(){
+
+						$instance = new AuthSystemDefault();
+
+						expect($instance)->toBeAnInstanceOf('api\core\AuthSystem');
+						expect(Request::setAuthSystem($instance))->toBeTruthy();
+
+					});
+
+					it('fail when not instance of AuthSystem', function(){
+
+						$instance = new Error(Err::Success);
+
+						expect($instance)->not->toBeAnInstanceOf('api\core\AuthSystem');
+						expect(Request::setAuthSystem($instance))->toBeFalsy();
+
+					});
+
+				});
+
 				describe('__construct(@path, @params)', function(){
 
 					context('with argument combinations', function(){
@@ -279,6 +303,192 @@
 
 					});
 
+					it('pass all right', function(){
+
+						// bypass all checks
+						allow(Request::class)->toReceive('checkPermission')->andReturn(true);
+						allow(Request::class)->toReceive('checkParams')->andReturn(true);
+
+						// bypass buildOptions();
+						allow(Request::class)->toReceive('buildOptions')->andReturn(true);
+
+						allow('json_decode')->toBeCalled()->andReturn([
+							'mo-du_leA' => [ 'POST::me-th_odA' => [] ],
+							'moduleB' => []
+						]);
+
+						$req = new Request('mo-du_leA/me-th_odA');
+						expect($req->error->get())->toBe(Err::Success);
+
+					});
+
+				});
+
+				describe('checkPermission()', function(){
+
+					it('pass when no permission', function(){
+
+						// bypass checkers
+						allow(Request::class)->toReceive('checkParams')->andReturn(true);
+						allow(Request::class)->toReceive('buildOptions')->andReturn(true);
+
+						allow('json_decode')->toBeCalled()->andReturn([
+							'moduleA' => [
+								'POST::methodA' => []
+							]
+						]);
+
+
+						$req = new Request('moduleA/methodA');
+						expect($req->error->get())->toBe(Err::Success);
+
+					});
+
+					it('pass when permission is not an array', function(){
+
+						// bypass checkers
+						allow(Request::class)->toReceive('checkParams')->andReturn(true);
+						allow(Request::class)->toReceive('buildOptions')->andReturn(true);
+
+						allow('json_decode')->toBeCalled()->andReturn([
+							'moduleA' => [
+								'POST::methodA' => [
+									'permissions' => 23.2
+								]
+							]
+						]);
+
+
+						$req = new Request('moduleA/methodA');
+						expect($req->error->get())->toBe(Err::Success);
+
+					});
+
+					it('fail if no AuthSystem and no api/core/AuthSystemDefault.php', function(){
+
+						// bypass checkers
+						allow(Request::class)->toReceive('checkParams')->andReturn(true);
+						allow(Request::class)->toReceive('buildOptions')->andReturn(true);
+
+						allow('file_exists')->toBeCalled()->andReturn(false);
+
+						allow('json_decode')->toBeCalled()->andReturn([
+							'moduleA' => [
+								'POST::methodA' => [
+									'permissions' => []
+								]
+							]
+						]);
+
+						$req = new Request('moduleA/methodA');
+						expect($req->error->get())->toBe(Err::UnreachableResource);
+
+					});
+
+					it('pass if no AuthSystem and the api/core/AuthSystemDefault.php', function(){
+
+						// bypass checkers
+						allow(Request::class)->toReceive('checkParams')->andReturn(true);
+						allow(Request::class)->toReceive('buildOptions')->andReturn(true);
+
+						allow('json_decode')->toBeCalled()->andReturn([
+							'moduleA' => [
+								'POST::methodA' => [
+									'permissions' => []
+								]
+							]
+						]);
+
+						$req = new Request('moduleA/methodA');
+						expect($req->error->get())->toBe(Err::Success);
+
+					});
+
+					it('fail if incorrect format', function(){
+						// bypass checkers
+						allow(Request::class)->toReceive('checkParams')->andReturn(true);
+						allow(Request::class)->toReceive('buildOptions')->andReturn(true);
+
+						allow('json_decode')->toBeCalled()->andReturn([
+							'moduleA' => [
+								'POST::methodA' => [
+									'permissions' => ['a']
+								]
+							]
+						]);
+
+						$req = new Request('moduleA/methodA');
+						expect($req->error->get())->toBe(Err::FormatError);
+					});
+
+					it('fail when not \'warehouse\' granted', function(){
+						// bypass checkers
+						allow(Request::class)->toReceive('checkParams')->andReturn(true);
+						allow(Request::class)->toReceive('buildOptions')->andReturn(true);
+
+						allow('json_decode')->toBeCalled()->andReturn([
+							'moduleA' => [
+								'POST::methodA' => [
+									'permissions' => [['warehouse']]
+								]
+							]
+						]);
+
+						$req = new Request('moduleA/methodA');
+						expect($req->error->get())->toBe(Err::PermissionError);
+					});
+
+					it('fail when not \'admin\' granted', function(){
+						// bypass checkers
+						allow(Request::class)->toReceive('checkParams')->andReturn(true);
+						allow(Request::class)->toReceive('buildOptions')->andReturn(true);
+
+						allow('json_decode')->toBeCalled()->andReturn([
+							'moduleA' => [
+								'POST::methodA' => [
+									'permissions' => [['admin']]
+								]
+							]
+						]);
+
+						$req = new Request('moduleA/methodA');
+						expect($req->error->get())->toBe(Err::PermissionError);
+					});
+
+					it('fail when not \'sats\' granted', function(){
+						// bypass checkers
+						allow(Request::class)->toReceive('checkParams')->andReturn(true);
+						allow(Request::class)->toReceive('buildOptions')->andReturn(true);
+
+						allow('json_decode')->toBeCalled()->andReturn([
+							'moduleA' => [
+								'POST::methodA' => [
+									'permissions' => [['sats']]
+								]
+							]
+						]);
+
+						$req = new Request('moduleA/methodA');
+						expect($req->error->get())->toBe(Err::TokenError);
+					});
+
+					it('fail when not \'unknown permission\' granted', function(){
+						// bypass checkers
+						allow(Request::class)->toReceive('checkParams')->andReturn(true);
+						allow(Request::class)->toReceive('buildOptions')->andReturn(true);
+
+						allow('json_decode')->toBeCalled()->andReturn([
+							'moduleA' => [
+								'POST::methodA' => [
+									'permissions' => [['unk']]
+								]
+							]
+						]);
+
+						$req = new Request('moduleA/methodA');
+						expect($req->error->get())->toBe(Err::PermissionError);
+					});
+
 				});