3 namespace MediaWiki\Tests\Rest\BasicAccess
;
5 use GuzzleHttp\Psr7\Uri
;
6 use MediaWiki\MediaWikiServices
;
7 use MediaWiki\Rest\BasicAccess\MWBasicAuthorizer
;
8 use MediaWiki\Rest\Handler
;
9 use MediaWiki\Rest\RequestData
;
10 use MediaWiki\Rest\ResponseFactory
;
11 use MediaWiki\Rest\Router
;
12 use MediaWiki\Rest\Validator\Validator
;
13 use MediaWikiTestCase
;
14 use Psr\Container\ContainerInterface
;
16 use Wikimedia\ObjectFactory
;
21 * @covers \MediaWiki\Rest\BasicAccess\BasicAuthorizerBase
22 * @covers \MediaWiki\Rest\BasicAccess\MWBasicAuthorizer
23 * @covers \MediaWiki\Rest\BasicAccess\BasicRequestAuthorizer
24 * @covers \MediaWiki\Rest\BasicAccess\MWBasicRequestAuthorizer
26 class MWBasicRequestAuthorizerTest
extends MediaWikiTestCase
{
27 private function createRouter( $userRights, $request ) {
28 $user = User
::newFromName( 'Test user' );
29 // Don't allow the rights to everybody so that user rights kick in.
30 $this->mergeMwGlobalArrayValue( 'wgGroupPermissions', [ '*' => $userRights ] );
31 $this->overrideUserPermissions(
33 array_keys( array_filter( $userRights ), function ( $value ) {
34 return $value === true;
40 $objectFactory = new ObjectFactory(
41 $this->getMockForAbstractClass( ContainerInterface
::class )
45 [ "$IP/tests/phpunit/unit/includes/Rest/testRoutes.json" ],
48 new \
EmptyBagOStuff(),
49 new ResponseFactory(),
50 new MWBasicAuthorizer( $user, MediaWikiServices
::getInstance()->getPermissionManager() ),
52 new Validator( $objectFactory, $request, $user )
56 public function testReadDenied() {
57 $request = new RequestData( [ 'uri' => new Uri( '/rest/user/joe/hello' ) ] );
58 $router = $this->createRouter( [ 'read' => false ], $request );
59 $response = $router->execute( $request );
60 $this->assertSame( 403, $response->getStatusCode() );
62 $body = $response->getBody();
64 $data = json_decode( $body->getContents(), true );
65 $this->assertSame( 'rest-read-denied', $data['error'] );
68 public function testReadAllowed() {
69 $request = new RequestData( [ 'uri' => new Uri( '/rest/user/joe/hello' ) ] );
70 $router = $this->createRouter( [ 'read' => true ], $request );
71 $response = $router->execute( $request );
72 $this->assertSame( 200, $response->getStatusCode() );
75 public static function writeHandlerFactory() {
76 return new class extends Handler
{
77 public function needsWriteAccess() {
81 public function execute() {
87 public function testWriteDenied() {
88 $request = new RequestData( [
89 'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
91 $router = $this->createRouter( [ 'read' => true, 'writeapi' => false ], $request );
92 $response = $router->execute( $request );
93 $this->assertSame( 403, $response->getStatusCode() );
95 $body = $response->getBody();
97 $data = json_decode( $body->getContents(), true );
98 $this->assertSame( 'rest-write-denied', $data['error'] );
101 public function testWriteAllowed() {
102 $request = new RequestData( [
103 'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
105 $router = $this->createRouter( [ 'read' => true, 'writeapi' => true ], $request );
106 $response = $router->execute( $request );
108 $this->assertSame( 200, $response->getStatusCode() );