ISSUE-345: admin privileges

Author: tatevikg1

src/Domain/Identity/Model/Administrator.php

@@ -6,6 +6,7 @@
 
 use DateTime;
 use Doctrine\ORM\Mapping as ORM;
+use InvalidArgumentException;
 use PhpList\Core\Domain\Common\Model\Interfaces\CreationDate;
 use PhpList\Core\Domain\Common\Model\Interfaces\DomainModel;
 use PhpList\Core\Domain\Common\Model\Interfaces\Identity;
@@ -72,6 +73,7 @@ public function __construct()
         $this->createdAt = new DateTime();
         $this->updatedAt = null;
         $this->email = '';
+        $this->privileges = null;
     }
 
     public function getLoginName(): string
@@ -159,6 +161,24 @@ public function setPrivileges(Privileges $privileges): self
         return $this;
     }
 
+    /**
+     * @SuppressWarnings(PHPMD.StaticAccess)
+     * @throws InvalidArgumentException
+     */
+    public function setPrivilegesFromArray(array $privilegesData): void
+    {
+        $privileges = new Privileges();
+        foreach ($privilegesData as $key => $value) {
+            $flag = PrivilegeFlag::tryFrom($key);
+            if (!$flag) {
+                throw new InvalidArgumentException('Unknown privilege key: '. $key);
+            }
+
+            $privileges = $value ? $privileges->grant($flag) : $privileges->revoke($flag);
+        }
+        $this->setPrivileges($privileges);
+    }
+
     /**
      * @SuppressWarnings(PHPMD.StaticAccess)
      */

src/Domain/Identity/Model/Dto/CreateAdministratorDto.php

@@ -14,6 +14,7 @@ public function __construct(
         public readonly string $password,
         public readonly string $email,
         public readonly bool $isSuperUser = false,
+        public readonly array $privileges = [],
     ) {
     }
 }

src/Domain/Identity/Model/Dto/UpdateAdministratorDto.php

@@ -12,6 +12,7 @@ public function __construct(
         public readonly ?string $password = null,
         public readonly ?string $email = null,
         public readonly ?bool $superAdmin = null,
+        public readonly array $privileges = [],
     ) {
     }
 }

src/Domain/Identity/Model/Privileges.php

@@ -4,6 +4,9 @@
 
 namespace PhpList\Core\Domain\Identity\Model;
 
+use InvalidArgumentException;
+use UnexpectedValueException;
+
 class Privileges
 {
     /**
@@ -14,7 +17,7 @@ class Privileges
     /**
      * @SuppressWarnings(PHPMD.StaticAccess)
      */
-    private function __construct(array $flags = [])
+    public function __construct(?array $flags = [])
     {
         foreach (PrivilegeFlag::cases() as $flag) {
             $key = $flag->value;
@@ -28,9 +31,18 @@ public static function fromSerialized(?string $serialized): self
             return new self();
         }
 
-        $data = @unserialize($serialized);
+        set_error_handler(function () {
+            throw new InvalidArgumentException('Invalid serialized privileges string.');
+        });
+
+        try {
+            $data = unserialize($serialized);
+        } finally {
+            restore_error_handler();
+        }
+
         if (!is_array($data)) {
-            return new self();
+            throw new UnexpectedValueException('Privileges must deserialize to an array.');
         }
 
         return new self($data);
@@ -65,4 +77,3 @@ public function all(): array
         return $this->flags;
     }
 }
-

src/Domain/Identity/Service/AdministratorManager.php

@@ -5,9 +5,12 @@
 namespace PhpList\Core\Domain\Identity\Service;
 
 use Doctrine\ORM\EntityManagerInterface;
+use InvalidArgumentException;
 use PhpList\Core\Domain\Identity\Model\Administrator;
 use PhpList\Core\Domain\Identity\Model\Dto\CreateAdministratorDto;
 use PhpList\Core\Domain\Identity\Model\Dto\UpdateAdministratorDto;
+use PhpList\Core\Domain\Identity\Model\PrivilegeFlag;
+use PhpList\Core\Domain\Identity\Model\Privileges;
 use PhpList\Core\Security\HashGenerator;
 
 class AdministratorManager
@@ -29,6 +32,7 @@ public function createAdministrator(CreateAdministratorDto $dto): Administrator
         $administrator->setSuperUser($dto->isSuperUser);
         $hashedPassword = $this->hashGenerator->createPasswordHash($dto->password);
         $administrator->setPasswordHash($hashedPassword);
+        $administrator->setPrivilegesFromArray($dto->privileges);
 
         $this->entityManager->persist($administrator);
         $this->entityManager->flush();
@@ -51,6 +55,7 @@ public function updateAdministrator(Administrator $administrator, UpdateAdminist
             $hashedPassword = $this->hashGenerator->createPasswordHash($dto->password);
             $administrator->setPasswordHash($hashedPassword);
         }
+        $administrator->setPrivilegesFromArray($dto->privileges);
 
         $this->entityManager->flush();
     }

tests/Unit/Domain/Identity/Model/AdministratorTest.php

@@ -4,8 +4,11 @@
 
 namespace PhpList\Core\Tests\Unit\Domain\Identity\Model;
 
+use DateTime;
 use PhpList\Core\Domain\Common\Model\Interfaces\DomainModel;
 use PhpList\Core\Domain\Identity\Model\Administrator;
+use PhpList\Core\Domain\Identity\Model\Privileges;
+use PhpList\Core\Domain\Identity\Model\PrivilegeFlag;
 use PhpList\Core\TestingSupport\Traits\ModelTestTrait;
 use PhpList\Core\TestingSupport\Traits\SimilarDatesAssertionTrait;
 use PHPUnit\Framework\TestCase;
@@ -75,7 +78,7 @@ public function testUpdateModificationDateSetsModificationDateToNow(): void
     {
         $this->subject->updateUpdatedAt();
 
-        self::assertSimilarDates(new \DateTime(), $this->subject->getUpdatedAt());
+        self::assertSimilarDates(new DateTime(), $this->subject->getUpdatedAt());
     }
 
     public function testGetPasswordHashInitiallyReturnsEmptyString(): void
@@ -98,7 +101,7 @@ public function testGetPasswordChangeDateInitiallyReturnsNull(): void
 
     public function testSetPasswordHashSetsPasswordChangeDateToNow(): void
     {
-        $date = new \DateTime();
+        $date = new DateTime();
         $this->subject->setPasswordHash('Zaphod Beeblebrox');
 
         self::assertSimilarDates($date, $this->subject->getPasswordChangeDate());
@@ -127,4 +130,42 @@ public function testSetSuperUserSetsSuperUser(): void
 
         self::assertTrue($this->subject->isSuperUser());
     }
+
+    public function testGetPrivilegesInitiallyReturnsEmptyPrivileges(): void
+    {
+        $privileges = $this->subject->getPrivileges();
+
+        self::assertInstanceOf(Privileges::class, $privileges);
+
+        foreach (PrivilegeFlag::cases() as $flag) {
+            self::assertFalse($privileges->has($flag));
+        }
+    }
+
+    public function testSetPrivilegesSetsPrivileges(): void
+    {
+        $privileges = Privileges::fromSerialized('');
+        $privileges = $privileges->grant(PrivilegeFlag::Subscribers);
+
+        $this->subject->setPrivileges($privileges);
+
+        $retrievedPrivileges = $this->subject->getPrivileges();
+        self::assertTrue($retrievedPrivileges->has(PrivilegeFlag::Subscribers));
+        self::assertFalse($retrievedPrivileges->has(PrivilegeFlag::Campaigns));
+    }
+
+    public function testSetPrivilegesWithMultiplePrivileges(): void
+    {
+        $privileges = Privileges::fromSerialized('');
+        $privileges = $privileges
+            ->grant(PrivilegeFlag::Subscribers)
+            ->grant(PrivilegeFlag::Campaigns);
+
+        $this->subject->setPrivileges($privileges);
+
+        $retrievedPrivileges = $this->subject->getPrivileges();
+        self::assertTrue($retrievedPrivileges->has(PrivilegeFlag::Subscribers));
+        self::assertTrue($retrievedPrivileges->has(PrivilegeFlag::Campaigns));
+        self::assertFalse($retrievedPrivileges->has(PrivilegeFlag::Statistics));
+    }
 }

tests/Unit/Domain/Identity/Model/PrivilegeFlagTest.php

@@ -0,0 +1,45 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpList\Core\Tests\Unit\Domain\Identity\Model;
+
+use PhpList\Core\Domain\Identity\Model\PrivilegeFlag;
+use PHPUnit\Framework\TestCase;
+
+/**
+ * Testcase for the PrivilegeFlag enum.
+ */
+class PrivilegeFlagTest extends TestCase
+{
+    public function testEnumHasSubscribersCase(): void
+    {
+        self::assertSame('subscribers', PrivilegeFlag::Subscribers->value);
+    }
+
+    public function testEnumHasCampaignsCase(): void
+    {
+        self::assertSame('campaigns', PrivilegeFlag::Campaigns->value);
+    }
+
+    public function testEnumHasStatisticsCase(): void
+    {
+        self::assertSame('statistics', PrivilegeFlag::Statistics->value);
+    }
+
+    public function testEnumHasSettingsCase(): void
+    {
+        self::assertSame('settings', PrivilegeFlag::Settings->value);
+    }
+
+    public function testEnumHasFourCases(): void
+    {
+        $cases = PrivilegeFlag::cases();
+        
+        self::assertCount(4, $cases);
+        self::assertContains(PrivilegeFlag::Subscribers, $cases);
+        self::assertContains(PrivilegeFlag::Campaigns, $cases);
+        self::assertContains(PrivilegeFlag::Statistics, $cases);
+        self::assertContains(PrivilegeFlag::Settings, $cases);
+    }
+}

tests/Unit/Domain/Identity/Model/PrivilegesTest.php

@@ -0,0 +1,102 @@
+<?php
+
+declare(strict_types=1);
+
+namespace PhpList\Core\Tests\Unit\Domain\Identity\Model;
+
+use InvalidArgumentException;
+use PhpList\Core\Domain\Identity\Model\Privileges;
+use PhpList\Core\Domain\Identity\Model\PrivilegeFlag;
+use PHPUnit\Framework\TestCase;
+
+/**
+ * Testcase for the Privileges class.
+ */
+class PrivilegesTest extends TestCase
+{
+    private Privileges $subject;
+
+    protected function setUp(): void
+    {
+        $this->subject = Privileges::fromSerialized('');
+    }
+
+    public function testFromSerializedWithInvalidDataThrowsError(): void
+    {
+        $this->expectException(InvalidArgumentException::class);
+        $this->expectExceptionMessage('Invalid serialized privileges string.');
+
+        Privileges::fromSerialized('invalid data');
+    }
+
+    public function testFromSerializedWithValidDataReturnsPopulatedPrivileges(): void
+    {
+        $data = [PrivilegeFlag::Subscribers->value => true];
+        $serialized = serialize($data);
+        
+        $privileges = Privileges::fromSerialized($serialized);
+        
+        self::assertTrue($privileges->has(PrivilegeFlag::Subscribers));
+    }
+
+    public function testToSerializedReturnsSerializedData(): void
+    {
+        $privileges = Privileges::fromSerialized('');
+        $privileges = $privileges->grant(PrivilegeFlag::Subscribers);
+        
+        $serialized = $privileges->toSerialized();
+        $data = unserialize($serialized);
+        
+        self::assertTrue($data[PrivilegeFlag::Subscribers->value]);
+    }
+
+    public function testHasReturnsFalseForUnsetPrivilege(): void
+    {
+        self::assertFalse($this->subject->has(PrivilegeFlag::Subscribers));
+    }
+
+    public function testHasReturnsTrueForSetPrivilege(): void
+    {
+        $this->subject = $this->subject->grant(PrivilegeFlag::Subscribers);
+        
+        self::assertTrue($this->subject->has(PrivilegeFlag::Subscribers));
+    }
+
+    public function testGrantSetsPrivilege(): void
+    {
+        $result = $this->subject->grant(PrivilegeFlag::Subscribers);
+        
+        self::assertTrue($result->has(PrivilegeFlag::Subscribers));
+    }
+
+    public function testGrantReturnsNewInstance(): void
+    {
+        $result = $this->subject->grant(PrivilegeFlag::Subscribers);
+        
+        self::assertNotSame($this->subject, $result);
+    }
+
+    public function testRevokeClearsPrivilege(): void
+    {
+        $this->subject = $this->subject->grant(PrivilegeFlag::Subscribers);
+        $result = $this->subject->revoke(PrivilegeFlag::Subscribers);
+        
+        self::assertFalse($result->has(PrivilegeFlag::Subscribers));
+    }
+
+    public function testRevokeReturnsNewInstance(): void
+    {
+        $result = $this->subject->revoke(PrivilegeFlag::Subscribers);
+        
+        self::assertNotSame($this->subject, $result);
+    }
+
+    public function testAllReturnsAllPrivileges(): void
+    {
+        $this->subject = $this->subject->grant(PrivilegeFlag::Subscribers);
+        $all = $this->subject->all();
+        
+        self::assertTrue($all[PrivilegeFlag::Subscribers->value]);
+        self::assertFalse($all[PrivilegeFlag::Campaigns->value]);
+    }
+}