updated tests and documentation

Signed-off-by: Jurj-Bogdan <[email protected]>

Author: Jurj-Bogdan

docs/book/v3/configuration.md

@@ -63,7 +63,7 @@ return [
                                    'route' => 'controller route name',
                                    'actions' => [], //list of actions to apply, or empty array for all actions,
                                    // by default, authorization passes if all permissions are present(AND)
-                                   'roles' => [], //list of roles to allow,
+                                   'roles' => ['admin'], //list of roles to allow,
                                ],
                             ],
                         ],
@@ -76,14 +76,14 @@ return [
                                     'route' => 'controller route name',
                                     'actions' => [], //list of actions to apply, or empty array for all actions,
                                     // by default, authorization passes if all permissions are present(AND)
-                                    'permissions' => [], //list of permissions to allow,
+                                    'permissions' => ['authenticated'], //list of permissions to allow,
                                 ],
                                 [
                                     'route' => 'controller route name',
                                     'actions' => [], //list of actions to apply, or empty array for all actions,
                                     'permissions' => [
                                         //permission can be defined in this way too, for all permission type guards
-                                        'permissions' => [], //list of permissions,
+                                        'permissions' => ['authenticated'], //list of permissions,
                                         'condition' => \Dot\Rbac\Guard\GuardInterface::CONDITION_OR,
                                     ],
                                 ]
@@ -105,11 +105,15 @@ return [
 ];
 ```
 
+> It is **strongly recommended** to explicitly define permissions or roles and not leave the values empty, especially if using `GuardInterface::POLICY_DENY`!
+
 ## Route Name Placeholders
 
 Route **names** are allowed to contain `*` as placeholders, allowing more compact specifications.
 This feature is available for all types of guards.
 
+> Note that route rules are verified in order of their writing, take care of the order when using placeholder routes, as not to overwrite any specific routes!
+
 ```php
 [
     'type' => 'Route',

test/Guard/ControllerGuardTest.php

@@ -8,6 +8,7 @@
 use Dot\Rbac\Role\RoleServiceInterface;
 use Laminas\Diactoros\ServerRequest;
 use Mezzio\Router\RouteResult;
+use PHPUnit\Framework\Attributes\DataProvider;
 use PHPUnit\Framework\MockObject\Exception;
 use PHPUnit\Framework\TestCase;
 
@@ -19,24 +20,22 @@ class ControllerGuardTest extends TestCase
 
     protected array $rules = [
         [
-            'route'       => 'account',
-            'actions'     => [
+            'route'   => 'account',
+            'actions' => [
                 'avatar',
                 'details',
                 'changePassword',
                 'deleteAccount',
                 'index',
             ],
-            'permissions' => ['unauthenticated'],
-            'roles'       => ['*'],
+            'roles'   => ['*'],
         ],
         [
-            'route'       => 'page',
-            'actions'     => [
+            'route'   => 'page',
+            'actions' => [
                 'premium-content',
             ],
-            'permissions' => ['premium'],
-            'roles'       => [],
+            'roles'   => [],
         ],
         [
             'route' => 'invalidRoute',
@@ -165,4 +164,81 @@ public function testIsGranted(): void
         $result = $this->subject->isGranted($request);
         $this->assertTrue($result);
     }
+
+    public function rulesProvider(): array
+    {
+        return [
+            'valid-placeholder'             => [
+                [
+                    [
+                        'route'   => 'account-*',
+                        'actions' => [],
+                        'roles'   => ['*'],
+                    ],
+                    [
+                        'route'   => 'account-view',
+                        'actions' => [],
+                        'roles'   => ['*'],
+                    ],
+                ],
+                'account-view',
+                true,
+            ],
+            'invalid-placeholder'           => [
+                [
+                    [
+                        'route'   => 'account-*',
+                        'actions' => [],
+                        'roles'   => ['*'],
+                    ],
+                ],
+                'different-account-route',
+                false,
+            ],
+            'valid-composite-placeholder'   => [
+                [
+                    [
+                        'route'   => 'user-*-form',
+                        'actions' => [],
+                        'roles'   => ['*'],
+                    ],
+                ],
+                'user-create-form',
+                true,
+            ],
+            'invalid-composite-placeholder' => [
+                [
+                    [
+                        'route'   => 'user-*-form',
+                        'actions' => [],
+                        'roles'   => ['*'],
+                    ],
+                ],
+                'user-create-avatar',
+                false,
+            ],
+        ];
+    }
+
+    #[DataProvider('rulesProvider')]
+    public function testPlaceholderRoutes(array $rules, string $matchedRoute, bool $isValid): void
+    {
+        $request     = $this->createMock(ServerRequest::class);
+        $routeResult = $this->createMock(RouteResult::class);
+
+        $this->subject->setRules($rules);
+
+        $request->expects($this->once())
+            ->method('getAttribute')
+            ->with(RouteResult::class)
+            ->willReturn($routeResult);
+        $routeResult->expects($this->any())
+            ->method('getMatchedParams')
+            ->willReturn([]);
+        $routeResult->expects($this->atLeastOnce())
+            ->method('getMatchedRouteName')
+            ->willReturn($matchedRoute);
+
+        $this->assertEquals($isValid, $this->subject->isGranted($request));
+    }
 }

test/Guard/ControllerPermissionGuardTest.php

@@ -8,6 +8,7 @@
 use Dot\Rbac\Guard\Guard\ControllerPermissionGuard;
 use Laminas\Diactoros\ServerRequest;
 use Mezzio\Router\RouteResult;
+use PHPUnit\Framework\Attributes\DataProvider;
 use PHPUnit\Framework\MockObject\Exception;
 use PHPUnit\Framework\TestCase;
 
@@ -28,7 +29,6 @@ class ControllerPermissionGuardTest extends TestCase
                 'index',
             ],
             'permissions' => ['*'],
-            'roles'       => ['*'],
         ],
         [
             'route'       => 'page',
@@ -174,4 +174,81 @@ public function testSetAuthorizationService(): void
         $result = $this->subject->getAuthorizationService();
         $this->assertInstanceOf(AuthorizationInterface::class, $result);
     }
+
+    public function rulesProvider(): array
+    {
+        return [
+            'valid-placeholder'             => [
+                [
+                    [
+                        'route'       => 'account-*',
+                        'actions'     => [],
+                        'permissions' => ['*'],
+                    ],
+                    [
+                        'route'       => 'account-view',
+                        'actions'     => [],
+                        'permissions' => ['*'],
+                    ],
+                ],
+                'account-view',
+                true,
+            ],
+            'invalid-placeholder'           => [
+                [
+                    [
+                        'route'       => 'account-*',
+                        'actions'     => [],
+                        'permissions' => ['*'],
+                    ],
+                ],
+                'different-account-route',
+                false,
+            ],
+            'valid-composite-placeholder'   => [
+                [
+                    [
+                        'route'       => 'user-*-form',
+                        'actions'     => [],
+                        'permissions' => ['*'],
+                    ],
+                ],
+                'user-create-form',
+                true,
+            ],
+            'invalid-composite-placeholder' => [
+                [
+                    [
+                        'route'       => 'user-*-form',
+                        'actions'     => [],
+                        'permissions' => ['*'],
+                    ],
+                ],
+                'user-create-avatar',
+                false,
+            ],
+        ];
+    }
+
+    #[DataProvider('rulesProvider')]
+    public function testPlaceholderRoutes(array $rules, string $matchedRoute, bool $isValid): void
+    {
+        $request     = $this->createMock(ServerRequest::class);
+        $routeResult = $this->createMock(RouteResult::class);
+
+        $this->subject->setRules($rules);
+
+        $request->expects($this->once())
+            ->method('getAttribute')
+            ->with(RouteResult::class)
+            ->willReturn($routeResult);
+        $routeResult->expects($this->any())
+            ->method('getMatchedParams')
+            ->willReturn([]);
+        $routeResult->expects($this->atLeastOnce())
+            ->method('getMatchedRouteName')
+            ->willReturn($matchedRoute);
+
+        $this->assertEquals($isValid, $this->subject->isGranted($request));
+    }
 }

test/Guard/RouteGuardTest.php

@@ -8,6 +8,7 @@
 use Dot\Rbac\Role\RoleServiceInterface;
 use Laminas\Diactoros\ServerRequest;
 use Mezzio\Router\RouteResult;
+use PHPUnit\Framework\Attributes\DataProvider;
 use PHPUnit\Framework\MockObject\Exception;
 use PHPUnit\Framework\TestCase;
 
@@ -145,4 +146,70 @@ public function testIsGranted(): void
         $result = $this->subject->isGranted($request);
         $this->assertTrue($result);
     }
+
+    public function rulesProvider(): array
+    {
+        return [
+            'valid-placeholder'             => [
+                [
+                    'account-*'    => [
+                        'view',
+                        'create',
+                    ],
+                    'account-view' => [],
+                ],
+                'account-view',
+                true,
+            ],
+            'invalid-placeholder'           => [
+                [
+                    'account-*' => [
+                        'view',
+                        'create',
+                    ],
+                ],
+                'different-account-route',
+                false,
+            ],
+            'valid-composite-placeholder'   => [
+                [
+                    'user-*-form' => [
+                        'user-create-form',
+                        'user-edit-form',
+                    ],
+                ],
+                'user-create-form',
+                true,
+            ],
+            'invalid-composite-placeholder' => [
+                [
+                    'user-*-form' => [
+                        'user-create-form',
+                        'user-edit-form',
+                    ],
+                ],
+                'user-create-avatar',
+                false,
+            ],
+        ];
+    }
+
+    #[DataProvider('rulesProvider')]
+    public function testPlaceholderRoutes(array $rules, string $matchedRoute, bool $isValid): void
+    {
+        $request     = $this->createMock(ServerRequest::class);
+        $routeResult = $this->createMock(RouteResult::class);
+
+        $this->subject->setRules($rules);
+
+        $request->expects($this->once())
+            ->method('getAttribute')
+            ->with(RouteResult::class)
+            ->willReturn($routeResult);
+        $routeResult->expects($this->atLeastOnce())
+            ->method('getMatchedRouteName')
+            ->willReturn($matchedRoute);
+
+        $this->assertEquals($isValid, $this->subject->isGranted($request));
+    }
 }