Add feedback and tests

This commit is contained in:
Philipp Holzer 2021-10-07 19:46:24 +02:00
parent 9e6962eac6
commit 03164d00e8
Signed by: nupplaPhil
GPG key ID: 24A7501396EB5432
6 changed files with 250 additions and 50 deletions

View file

@ -22,7 +22,6 @@
namespace Friendica; namespace Friendica;
use Dice\Dice; use Dice\Dice;
use Friendica\Security\PermissionSet\Depository\PermissionSet;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;
/** /**
@ -443,20 +442,14 @@ abstract class DI
return self::$dice->create(Repository\Introduction::class); return self::$dice->create(Repository\Introduction::class);
} }
/** public static function permissionSet(): Security\PermissionSet\Depository\PermissionSet
* @return PermissionSet
*/
public static function permissionSet()
{ {
return self::$dice->create(PermissionSet::class); return self::$dice->create(Security\PermissionSet\Depository\PermissionSet::class);
} }
/** public static function permissionSetFactory(): Security\PermissionSet\Factory\PermissionSet
* @return \Friendica\Security\PermissionSet\Factory\PermissionSet
*/
public static function permissionSetFactory()
{ {
return self::$dice->create(\Friendica\Security\PermissionSet\Factory\PermissionSet::class); return self::$dice->create(Security\PermissionSet\Factory\PermissionSet::class);
} }
/** /**

View file

@ -23,6 +23,7 @@ namespace Friendica\Model;
use Friendica\BaseModel; use Friendica\BaseModel;
use Friendica\Database\Database; use Friendica\Database\Database;
use Friendica\Security\PermissionSet\Depository\PermissionSet as PermissionSetDepository;
use Friendica\Security\PermissionSet\Entity\PermissionSet; use Friendica\Security\PermissionSet\Entity\PermissionSet;
use Psr\Log\LoggerInterface; use Psr\Log\LoggerInterface;
@ -46,10 +47,10 @@ class ProfileField extends BaseModel
/** @var PermissionSet */ /** @var PermissionSet */
private $permissionset; private $permissionset;
/** @var \Friendica\Security\PermissionSet\Depository\PermissionSet */ /** @var PermissionSetDepository */
private $permissionSetDepository; private $permissionSetDepository;
public function __construct(Database $dba, LoggerInterface $logger,\Friendica\Security\PermissionSet\Depository\PermissionSet $permissionSetDepository, array $data = []) public function __construct(Database $dba, LoggerInterface $logger, PermissionSetDepository $permissionSetDepository, array $data = [])
{ {
parent::__construct($dba, $logger, $data); parent::__construct($dba, $logger, $data);
@ -62,7 +63,7 @@ class ProfileField extends BaseModel
switch ($name) { switch ($name) {
case 'permissionset': case 'permissionset':
$this->permissionset = $this->permissionset ?? $this->permissionSetDepository->selectOneById($this->psid); $this->permissionset = $this->permissionset ?? $this->permissionSetDepository->selectOneForUser($this->uid, $this->psid);
$return = $this->permissionset; $return = $this->permissionset;
break; break;

View file

@ -70,6 +70,24 @@ class PermissionSet extends BaseDepository
return new Collection\PermissionSets(parent::_select($condition, $params)->getArrayCopy()); return new Collection\PermissionSets(parent::_select($condition, $params)->getArrayCopy());
} }
/**
* Converts a given PermissionSet into a DB compatible row array
*
* @param Entity\PermissionSet $permissionSet
*
* @return array
*/
protected function convertToTableRow(Entity\PermissionSet $permissionSet): array
{
return [
'uid' => $permissionSet->uid,
'allow_cid' => $this->aclFormatter->toString($permissionSet->allow_cid),
'allow_gid' => $this->aclFormatter->toString($permissionSet->allow_gid),
'deny_cid' => $this->aclFormatter->toString($permissionSet->deny_cid),
'deny_gid' => $this->aclFormatter->toString($permissionSet->deny_gid),
];
}
/** /**
* @param int $id * @param int $id
* *
@ -159,6 +177,23 @@ class PermissionSet extends BaseDepository
return $this->selectOrCreate($this->factory->createFromString($uid)); return $this->selectOrCreate($this->factory->createFromString($uid));
} }
/**
* Fetch one PermissionSet with check for ownership
*
* @param int $uid The user id
* @param int $id The unique id of the PermissionSet
*
* @return Entity\PermissionSet
* @throws NotFoundException in case either the id is invalid or the PermissionSet does not relay to the given user
*/
public function selectOneForUser(int $uid, int $id): Entity\PermissionSet
{
return $this->selectOne([
'id' => $id,
'uid' => $uid,
]);
}
/** /**
* Selects or creates a PermissionSet based on it's fields * Selects or creates a PermissionSet based on it's fields
* *
@ -172,16 +207,8 @@ class PermissionSet extends BaseDepository
return $permissionSet; return $permissionSet;
} }
$fields = [
'uid' => $permissionSet->uid,
'allow_cid' => $this->aclFormatter->toString($permissionSet->allow_cid),
'allow_gid' => $this->aclFormatter->toString($permissionSet->allow_gid),
'deny_cid' => $this->aclFormatter->toString($permissionSet->deny_cid),
'deny_gid' => $this->aclFormatter->toString($permissionSet->deny_gid),
];
try { try {
return $this->selectOne($fields); return $this->selectOne($this->convertToTableRow($permissionSet));
} catch (NotFoundException $exception) { } catch (NotFoundException $exception) {
return $this->save($permissionSet); return $this->save($permissionSet);
} }
@ -189,13 +216,7 @@ class PermissionSet extends BaseDepository
public function save(Entity\PermissionSet $permissionSet): Entity\PermissionSet public function save(Entity\PermissionSet $permissionSet): Entity\PermissionSet
{ {
$fields = [ $fields = $this->convertToTableRow($permissionSet);
'uid' => $permissionSet->uid,
'allow_cid' => $this->aclFormatter->toString($permissionSet->allow_cid),
'allow_gid' => $this->aclFormatter->toString($permissionSet->allow_gid),
'deny_cid' => $this->aclFormatter->toString($permissionSet->deny_cid),
'deny_gid' => $this->aclFormatter->toString($permissionSet->deny_gid),
];
if ($permissionSet->id) { if ($permissionSet->id) {
$this->db->update(self::$table_name, $fields, ['id' => $permissionSet->id]); $this->db->update(self::$table_name, $fields, ['id' => $permissionSet->id]);

View file

@ -20,39 +20,45 @@ class PermissionSet extends BaseFactory implements ICanCreateFromTableRow
$this->formatter = $formatter; $this->formatter = $formatter;
} }
/**
* @inheritDoc
*/
public function createFromTableRow(array $row): Entity\PermissionSet public function createFromTableRow(array $row): Entity\PermissionSet
{ {
return new Entity\PermissionSet( return new Entity\PermissionSet(
$row['uid'], $row['uid'],
$this->formatter->expand($row['allow_cid'] ?? []), $this->formatter->expand($row['allow_cid'] ?? ''),
$this->formatter->expand($row['allow_gid'] ?? []), $this->formatter->expand($row['allow_gid'] ?? ''),
$this->formatter->expand($row['deny_cid'] ?? []), $this->formatter->expand($row['deny_cid'] ?? ''),
$this->formatter->expand($row['deny_gid'] ?? []), $this->formatter->expand($row['deny_gid'] ?? ''),
$row['id'] ?? null $row['id'] ?? null
); );
} }
/**
* Creates a new PermissionSet based on it's fields
*
* @param int $uid
* @param string $allow_cid
* @param string $allow_gid
* @param string $deny_cid
* @param string $deny_gid
*
* @return Entity\PermissionSet
*/
public function createFromString( public function createFromString(
int $uid, int $uid,
string $allow_cid = '', string $allow_cid = '',
string $allow_gid = '', string $allow_gid = '',
string $deny_cid = '', string $deny_cid = '',
string $deny_gid = '') string $deny_gid = ''): Entity\PermissionSet
{ {
return new Entity\PermissionSet( return $this->createFromTableRow([
$uid, 'uid' => $uid,
$this->formatter->expand($allow_cid), 'allow_cid' => $allow_cid,
$this->formatter->expand($allow_gid), 'allow_gid' => $allow_gid,
$this->formatter->expand($deny_cid), 'deny_cid' => $deny_cid,
$this->formatter->expand($deny_gid) 'deny_gid' => $deny_gid,
); ]);
}
public function createPrototypeForUser(int $uid, string $allowCid): Entity\PermissionSet
{
return new Entity\PermissionSet(
$uid,
$this->formatter->expand($allowCid)
);
} }
} }

View file

@ -0,0 +1,45 @@
<?php
namespace Friendica\Test\src\Security\PermissionSet\Entity;
use Friendica\Security\PermissionSet\Entity\PermissionSet;
use Friendica\Test\MockedTest;
class PermissionSetTest extends MockedTest
{
public function dateAllowedContacts()
{
return [
'default' => [
'id' => 10,
'allow_cid' => ['1', '2'],
'allow_gid' => ['3', '4'],
'deny_cid' => ['5', '6', '7'],
'deny_gid' => ['8'],
'update_cid' => ['10'],
],
];
}
/**
* Test if the call "withAllowedContacts()" creates a clone
*
* @dataProvider dateAllowedContacts
*/
public function testWithAllowedContacts(int $id, array $allow_cid, array $allow_gid, array $deny_cid, array $deny_gid, array $update_cid)
{
$permissionSetOrig = new PermissionSet(
$id,
$allow_cid,
$allow_gid,
$deny_cid,
$deny_gid
);
$permissionSetNew = $permissionSetOrig->withAllowedContacts($update_cid);
self::assertNotSame($permissionSetOrig, $permissionSetNew);
self::assertEquals($update_cid, $permissionSetNew->allow_cid);
self::assertEquals($allow_cid, $permissionSetOrig->allow_cid);
}
}

View file

@ -0,0 +1,134 @@
<?php
namespace Friendica\Test\src\Security\PermissionSet\Factory;
use Friendica\Security\PermissionSet\Factory\PermissionSet;
use Friendica\Test\MockedTest;
use Friendica\Util\ACLFormatter;
use Psr\Log\NullLogger;
class PermissionSetTest extends MockedTest
{
/** @var PermissionSet */
protected $permissionSet;
protected function setUp(): void
{
parent::setUp();
$this->permissionSet = new PermissionSet(new NullLogger(), new ACLFormatter());
}
public function dataInput()
{
return [
'new' => [
'input' => [
'uid' => 12,
'allow_cid' => '<1>,<2>',
'allow_gid' => '<3>,<4>',
'deny_cid' => '<6>',
'deny_gid' => '<8>',
],
'assertion' => [
'id' => null,
'uid' => 12,
'allow_cid' => ['1', '2'],
'allow_gid' => ['3', '4'],
'deny_cid' => ['6'],
'deny_gid' => ['8'],
],
],
'full' => [
'input' => [
'id' => 3,
'uid' => 12,
'allow_cid' => '<1>,<2>',
'allow_gid' => '<3>,<4>',
'deny_cid' => '<6>',
'deny_gid' => '<8>',
],
'assertion' => [
'id' => 3,
'uid' => 12,
'allow_cid' => ['1', '2'],
'allow_gid' => ['3', '4'],
'deny_cid' => ['6'],
'deny_gid' => ['8'],
],
],
'mini' => [
'input' => [
'id' => null,
'uid' => 12,
],
'assertion' => [
'id' => null,
'uid' => 12,
'allow_cid' => [],
'allow_gid' => [],
'deny_cid' => [],
'deny_gid' => [],
],
],
'wrong' => [
'input' => [
'id' => 3,
'uid' => 12,
'allow_cid' => '<1,<2>',
],
'assertion' => [
'id' => 3,
'uid' => 12,
'allow_cid' => ['2'],
'allow_gid' => [],
'deny_cid' => [],
'deny_gid' => [],
],
]
];
}
protected function assertPermissionSet(\Friendica\Security\PermissionSet\Entity\PermissionSet $permissionSet, array $assertion)
{
self::assertEquals($assertion['id'] ?? null, $permissionSet->id);
self::assertNotNull($permissionSet->uid);
self::assertEquals($assertion['uid'], $permissionSet->uid);
self::assertEquals($assertion['allow_cid'], $permissionSet->allow_cid);
self::assertEquals($assertion['allow_gid'], $permissionSet->allow_gid);
self::assertEquals($assertion['deny_cid'], $permissionSet->deny_cid);
self::assertEquals($assertion['deny_gid'], $permissionSet->deny_gid);
}
/**
* Test the createFromTableRow method
*
* @dataProvider dataInput
*/
public function testCreateFromTableRow(array $input, array $assertion)
{
$permissionSet = $this->permissionSet->createFromTableRow($input);
$this->assertPermissionSet($permissionSet, $assertion);
}
/**
* Test the createFromString method
*
* @dataProvider dataInput
*/
public function testCreateFromString(array $input, array $assertion)
{
$permissionSet = $this->permissionSet->createFromString(
$input['uid'],
$input['allow_cid'] ?? '',
$input['allow_gid'] ?? '',
$input['deny_cid'] ?? '',
$input['deny_gid'] ?? ''
);
unset($assertion['id']);
$this->assertPermissionSet($permissionSet, $assertion);
}
}