dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "Type hint against LinkTarget in WatchedItemStore"
[lhc/web/wiklou.git] / tests / phpunit / includes / Rest / BasicAccess / MWBasicRequestAuthorizerTest.php
1 <?php
2
3 namespace MediaWiki\Tests\Rest\BasicAccess;
4
5 use GuzzleHttp\Psr7\Uri;
6 use MediaWiki\Permissions\PermissionManager;
7 use MediaWiki\Rest\BasicAccess\MWBasicAuthorizer;
8 use MediaWiki\Rest\Handler;
9 use MediaWiki\Rest\RequestData;
10 use MediaWiki\Rest\ResponseFactory;
11 use MediaWiki\Rest\Router;
12 use MediaWiki\User\UserIdentity;
13 use MediaWikiTestCase;
14 use User;
15
16 /**
17 * @group Database
18 *
19 * @covers \MediaWiki\Rest\BasicAccess\BasicAuthorizerBase
20 * @covers \MediaWiki\Rest\BasicAccess\MWBasicAuthorizer
21 * @covers \MediaWiki\Rest\BasicAccess\BasicRequestAuthorizer
22 * @covers \MediaWiki\Rest\BasicAccess\MWBasicRequestAuthorizer
23 */
24 class MWBasicRequestAuthorizerTest extends MediaWikiTestCase {
25 private function createRouter( $userRights ) {
26 $user = User::newFromName( 'Test user' );
27
28 $pm = new class( $user, $userRights ) extends PermissionManager {
29 private $testUser;
30 private $testUserRights;
31
32 public function __construct( $user, $userRights ) {
33 $this->testUser = $user;
34 $this->testUserRights = $userRights;
35 }
36
37 public function userHasRight( UserIdentity $user, $action = '' ) {
38 if ( $user === $this->testUser ) {
39 return $this->testUserRights[$action] ?? false;
40 }
41 return parent::userHasRight( $user, $action );
42 }
43 };
44
45 global $IP;
46
47 return new Router(
48 [ "$IP/tests/phpunit/unit/includes/Rest/testRoutes.json" ],
49 [],
50 '/rest',
51 new \EmptyBagOStuff(),
52 new ResponseFactory(),
53 new MWBasicAuthorizer( $user, $pm ) );
54 }
55
56 public function testReadDenied() {
57 $router = $this->createRouter( [ 'read' => false ] );
58 $request = new RequestData( [ 'uri' => new Uri( '/rest/user/joe/hello' ) ] );
59 $response = $router->execute( $request );
60 $this->assertSame( 403, $response->getStatusCode() );
61
62 $body = $response->getBody();
63 $body->rewind();
64 $data = json_decode( $body->getContents(), true );
65 $this->assertSame( 'rest-read-denied', $data['error'] );
66 }
67
68 public function testReadAllowed() {
69 $router = $this->createRouter( [ 'read' => true ] );
70 $request = new RequestData( [ 'uri' => new Uri( '/rest/user/joe/hello' ) ] );
71 $response = $router->execute( $request );
72 $this->assertSame( 200, $response->getStatusCode() );
73 }
74
75 public static function writeHandlerFactory() {
76 return new class extends Handler {
77 public function needsWriteAccess() {
78 return true;
79 }
80
81 public function execute() {
82 return '';
83 }
84 };
85 }
86
87 public function testWriteDenied() {
88 $router = $this->createRouter( [ 'read' => true, 'writeapi' => false ] );
89 $request = new RequestData( [
90 'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
91 ] );
92 $response = $router->execute( $request );
93 $this->assertSame( 403, $response->getStatusCode() );
94
95 $body = $response->getBody();
96 $body->rewind();
97 $data = json_decode( $body->getContents(), true );
98 $this->assertSame( 'rest-write-denied', $data['error'] );
99 }
100
101 public function testWriteAllowed() {
102 $router = $this->createRouter( [ 'read' => true, 'writeapi' => true ] );
103 $request = new RequestData( [
104 'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
105 ] );
106 $response = $router->execute( $request );
107
108 $this->assertSame( 200, $response->getStatusCode() );
109 }
110 }
Wiklou, le Wiki du Wiklou