namespace MediaWiki\Tests\Rest\BasicAccess;
use GuzzleHttp\Psr7\Uri;
-use MediaWiki\Permissions\PermissionManager;
+use MediaWiki\MediaWikiServices;
use MediaWiki\Rest\BasicAccess\MWBasicAuthorizer;
use MediaWiki\Rest\Handler;
use MediaWiki\Rest\RequestData;
use MediaWiki\Rest\ResponseFactory;
use MediaWiki\Rest\Router;
-use MediaWiki\User\UserIdentity;
+use MediaWiki\Rest\Validator\Validator;
use MediaWikiTestCase;
+use Psr\Container\ContainerInterface;
use User;
+use Wikimedia\ObjectFactory;
/**
* @group Database
* @covers \MediaWiki\Rest\BasicAccess\MWBasicRequestAuthorizer
*/
class MWBasicRequestAuthorizerTest extends MediaWikiTestCase {
- private function createRouter( $userRights ) {
+ private function createRouter( $userRights, $request ) {
$user = User::newFromName( 'Test user' );
-
- $pm = new class( $user, $userRights ) extends PermissionManager {
- private $testUser;
- private $testUserRights;
-
- public function __construct( $user, $userRights ) {
- $this->testUser = $user;
- $this->testUserRights = $userRights;
- }
-
- public function userHasRight( UserIdentity $user, $action = '' ) {
- if ( $user === $this->testUser ) {
- return $this->testUserRights[$action] ?? false;
- }
- return parent::userHasRight( $user, $action );
- }
- };
+ // Don't allow the rights to everybody so that user rights kick in.
+ $this->mergeMwGlobalArrayValue( 'wgGroupPermissions', [ '*' => $userRights ] );
+ $this->overrideUserPermissions(
+ $user,
+ array_keys( array_filter( $userRights ), function ( $value ) {
+ return $value === true;
+ } )
+ );
global $IP;
+ $objectFactory = new ObjectFactory(
+ $this->getMockForAbstractClass( ContainerInterface::class )
+ );
+
return new Router(
[ "$IP/tests/phpunit/unit/includes/Rest/testRoutes.json" ],
[],
'/rest',
new \EmptyBagOStuff(),
new ResponseFactory(),
- new MWBasicAuthorizer( $user, $pm ) );
+ new MWBasicAuthorizer( $user, MediaWikiServices::getInstance()->getPermissionManager() ),
+ $objectFactory,
+ new Validator( $objectFactory, $request, $user )
+ );
}
public function testReadDenied() {
- $router = $this->createRouter( [ 'read' => false ] );
$request = new RequestData( [ 'uri' => new Uri( '/rest/user/joe/hello' ) ] );
+ $router = $this->createRouter( [ 'read' => false ], $request );
$response = $router->execute( $request );
$this->assertSame( 403, $response->getStatusCode() );
}
public function testReadAllowed() {
- $router = $this->createRouter( [ 'read' => true ] );
$request = new RequestData( [ 'uri' => new Uri( '/rest/user/joe/hello' ) ] );
+ $router = $this->createRouter( [ 'read' => true ], $request );
$response = $router->execute( $request );
$this->assertSame( 200, $response->getStatusCode() );
}
}
public function testWriteDenied() {
- $router = $this->createRouter( [ 'read' => true, 'writeapi' => false ] );
$request = new RequestData( [
'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
] );
+ $router = $this->createRouter( [ 'read' => true, 'writeapi' => false ], $request );
$response = $router->execute( $request );
$this->assertSame( 403, $response->getStatusCode() );
}
public function testWriteAllowed() {
- $router = $this->createRouter( [ 'read' => true, 'writeapi' => true ] );
$request = new RequestData( [
'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
] );
+ $router = $this->createRouter( [ 'read' => true, 'writeapi' => true ], $request );
$response = $router->execute( $request );
$this->assertSame( 200, $response->getStatusCode() );