chore: auth improvements (#646)

brendt · web-flow · commit 31497adedb5b · 2024-10-30T07:03:15.000+01:00
diff --git a/src/Tempest/Auth/src/AuthConfig.php b/src/Tempest/Auth/src/AuthConfig.php
@@ -4,6 +4,8 @@
 
 namespace Tempest\Auth;
 
+use Tempest\Auth\Install\User;
+
 final class AuthConfig
 {
     public function __construct(
diff --git a/src/Tempest/Auth/src/AuthInstaller.php b/src/Tempest/Auth/src/AuthInstaller.php
@@ -20,12 +20,12 @@ public function getName(): string
     public function install(): void
     {
         $publishFiles = [
-            __DIR__ . '/User.php' => src_path('User.php'),
-            __DIR__ . '/UserMigration.php' => src_path('UserMigration.php'),
-            __DIR__ . '/Permission.php' => src_path('Permission.php'),
-            __DIR__ . '/PermissionMigration.php' => src_path('PermissionMigration.php'),
-            __DIR__ . '/UserPermission.php' => src_path('UserPermission.php'),
-            __DIR__ . '/UserPermissionMigration.php' => src_path('UserPermissionMigration.php'),
+            __DIR__ . '/Install/User.php' => src_path('Auth/User.php'),
+            __DIR__ . '/Install/UserMigration.php' => src_path('Auth/UserMigration.php'),
+            __DIR__ . '/Install/Permission.php' => src_path('Auth/Permission.php'),
+            __DIR__ . '/Install/PermissionMigration.php' => src_path('Auth/PermissionMigration.php'),
+            __DIR__ . '/Install/UserPermission.php' => src_path('Auth/UserPermission.php'),
+            __DIR__ . '/Install/UserPermissionMigration.php' => src_path('Auth/UserPermissionMigration.php'),
         ];
 
         foreach ($publishFiles as $source => $destination) {
diff --git a/src/Tempest/Auth/src/Install/Permission.php b/src/Tempest/Auth/src/Install/Permission.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-namespace Tempest\Auth;
+namespace Tempest\Auth\Install;
 
 use BackedEnum;
 use Tempest\Database\DatabaseModel;
@@ -18,12 +18,13 @@ public function __construct(
     ) {
     }
 
-    public function matches(string|UnitEnum $match): bool
+    public function matches(string|UnitEnum|Permission $match): bool
     {
         $match = match(true) {
             is_string($match) => $match,
             $match instanceof BackedEnum => $match->value,
             $match instanceof UnitEnum => $match->name,
+            default => $match->name,
         };
 
         return $this->name === $match;
diff --git a/src/Tempest/Auth/src/Install/PermissionMigration.php b/src/Tempest/Auth/src/Install/PermissionMigration.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-namespace Tempest\Auth;
+namespace Tempest\Auth\Install;
 
 use Tempest\Core\DoNotDiscover;
 use Tempest\Database\Migration;
diff --git a/src/Tempest/Auth/src/Install/User.php b/src/Tempest/Auth/src/Install/User.php
@@ -2,10 +2,12 @@
 
 declare(strict_types=1);
 
-namespace Tempest\Auth;
+namespace Tempest\Auth\Install;
 
 use BackedEnum;
 use SensitiveParameter;
+use Tempest\Auth\CanAuthenticate;
+use Tempest\Auth\CanAuthorize;
 use Tempest\Database\DatabaseModel;
 use Tempest\Database\IsDatabaseModel;
 use function Tempest\Support\arr;
@@ -20,7 +22,7 @@ final class User implements DatabaseModel, CanAuthenticate, CanAuthorize
     public function __construct(
         public string $name,
         public string $email,
-        /** @var \Tempest\Auth\UserPermission[] $userPermissions */
+        /** @var \Tempest\Auth\Install\UserPermission[] $userPermissions */
         public array $userPermissions = [],
     ) {
     }
@@ -35,37 +37,54 @@ public function setPassword(#[SensitiveParameter] string $password): self
         return $this;
     }
 
-    public function grantPermission(string|UnitEnum $permission): self
+    public function grantPermission(string|UnitEnum|Permission $permission): self
     {
-        $permission = match(true) {
-            is_string($permission) => $permission,
-            $permission instanceof BackedEnum => $permission->value,
-            $permission instanceof UnitEnum => $permission->name,
-        };
+        $permission = $this->resolvePermission($permission);
 
         (new UserPermission(
             user: $this,
-            permission: new Permission($permission)
+            permission: $permission,
         ))->save();
 
         return $this->load('userPermissions.permission');
     }
 
-    public function revokePermission(string|UnitEnum $permission): self
+    public function revokePermission(string|UnitEnum|Permission $permission): self
     {
         $this->getPermission($permission)?->delete();
 
         return $this->load('userPermissions.permission');
     }
 
-    public function hasPermission(UnitEnum|string $permission): bool
+    public function hasPermission(string|UnitEnum|Permission $permission): bool
     {
         return $this->getPermission($permission) !== null;
     }
 
-    public function getPermission(UnitEnum|string $permission): ?UserPermission
+    public function getPermission(string|UnitEnum|Permission $permission): ?UserPermission
     {
         return arr($this->userPermissions)
             ->first(fn (UserPermission $userPermission) => $userPermission->permission->matches($permission));
     }
+
+    private function resolvePermission(string|UnitEnum|Permission $permission): Permission
+    {
+        if ($permission instanceof Permission) {
+            return $permission;
+        }
+
+        $name = match (true) {
+            is_string($permission) => $permission,
+            $permission instanceof BackedEnum => $permission->value,
+            $permission instanceof UnitEnum => $permission->name,
+        };
+
+        $permission = Permission::query()->whereField('name', $name)->first();
+
+        if ($permission === null) {
+            return (new Permission($name))->save();
+        }
+
+        return $permission;
+    }
 }
diff --git a/src/Tempest/Auth/src/Install/UserMigration.php b/src/Tempest/Auth/src/Install/UserMigration.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-namespace Tempest\Auth;
+namespace Tempest\Auth\Install;
 
 use Tempest\Core\DoNotDiscover;
 use Tempest\Database\Migration;
diff --git a/src/Tempest/Auth/src/Install/UserPermission.php b/src/Tempest/Auth/src/Install/UserPermission.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-namespace Tempest\Auth;
+namespace Tempest\Auth\Install;
 
 use Tempest\Database\DatabaseModel;
 use Tempest\Database\IsDatabaseModel;
diff --git a/src/Tempest/Auth/src/Install/UserPermissionMigration.php b/src/Tempest/Auth/src/Install/UserPermissionMigration.php
@@ -2,7 +2,7 @@
 
 declare(strict_types=1);
 
-namespace Tempest\Auth;
+namespace Tempest\Auth\Install;
 
 use Tempest\Core\DoNotDiscover;
 use Tempest\Database\Migration;
diff --git a/tests/Integration/Auth/AuthInstallerTest.php b/tests/Integration/Auth/AuthInstallerTest.php
@@ -43,17 +43,17 @@ public function test_install_auth(): void
         ];
 
         foreach ($publishItems as $publishItem) {
-            $path = "App/{$publishItem}.php";
+            $path = "App/Auth/{$publishItem}.php";
 
             $this->installer
                 ->assertFileExists($path)
-                ->assertFileContains($path, 'namespace App;')
+                ->assertFileContains($path, 'namespace App\Auth;')
                 ->assertFileNotContains($path, 'DoNotDiscover');
         }
 
         $this->installer->assertFileContains(
-            'App/User.php',
-            'use App\UserPermission',
+            'App/Auth/User.php',
+            'use App\Auth\UserPermission',
         );
     }
 }
diff --git a/tests/Integration/Auth/AuthorizerTest.php b/tests/Integration/Auth/AuthorizerTest.php
@@ -5,10 +5,10 @@
 namespace Tests\Tempest\Integration\Auth;
 
 use Tempest\Auth\Authenticator;
-use Tempest\Auth\PermissionMigration;
-use Tempest\Auth\User;
-use Tempest\Auth\UserMigration;
-use Tempest\Auth\UserPermissionMigration;
+use Tempest\Auth\Install\PermissionMigration;
+use Tempest\Auth\Install\User;
+use Tempest\Auth\Install\UserMigration;
+use Tempest\Auth\Install\UserPermissionMigration;
 use Tempest\Clock\Clock;
 use Tempest\Database\Migrations\CreateMigrationsTable;
 use Tempest\Http\Session\Managers\FileSessionManager;
diff --git a/tests/Integration/Auth/Fixtures/CustomAuthorizer.php b/tests/Integration/Auth/Fixtures/CustomAuthorizer.php
@@ -6,7 +6,7 @@
 
 use Tempest\Auth\Authorizer;
 use Tempest\Auth\CanAuthorize;
-use Tempest\Auth\User;
+use Tempest\Auth\Install\User;
 
 final readonly class CustomAuthorizer implements Authorizer
 {
diff --git a/tests/Integration/Auth/SessionAuthenticatorTest.php b/tests/Integration/Auth/SessionAuthenticatorTest.php
@@ -6,11 +6,11 @@
 
 use Tempest\Auth\Authenticator;
 use Tempest\Auth\CurrentUserNotLoggedIn;
-use Tempest\Auth\PermissionMigration;
+use Tempest\Auth\Install\PermissionMigration;
+use Tempest\Auth\Install\User;
+use Tempest\Auth\Install\UserMigration;
+use Tempest\Auth\Install\UserPermissionMigration;
 use Tempest\Auth\SessionAuthenticator;
-use Tempest\Auth\User;
-use Tempest\Auth\UserMigration;
-use Tempest\Auth\UserPermissionMigration;
 use Tempest\Clock\Clock;
 use Tempest\Database\Migrations\CreateMigrationsTable;
 use Tempest\Http\Session\Managers\FileSessionManager;
diff --git a/tests/Integration/Auth/UserModelTest.php b/tests/Integration/Auth/UserModelTest.php
@@ -4,10 +4,11 @@
 
 namespace Tests\Tempest\Integration\Auth;
 
-use Tempest\Auth\PermissionMigration;
-use Tempest\Auth\User;
-use Tempest\Auth\UserMigration;
-use Tempest\Auth\UserPermissionMigration;
+use Tempest\Auth\Install\Permission;
+use Tempest\Auth\Install\PermissionMigration;
+use Tempest\Auth\Install\User;
+use Tempest\Auth\Install\UserMigration;
+use Tempest\Auth\Install\UserPermissionMigration;
 use Tempest\Database\Migrations\CreateMigrationsTable;
 use Tests\Tempest\Integration\Auth\Fixtures\UserPermissionBackedEnum;
 use Tests\Tempest\Integration\Auth\Fixtures\UserPermissionUnitEnum;
@@ -72,6 +73,40 @@ public function test_grant_permission_unit_enum(): void
         $this->assertFalse($user->hasPermission(UserPermissionUnitEnum::GUEST));
     }
 
+    public function test_grant_permission_model(): void
+    {
+        $permission = (new Permission('admin'))->save();
+
+        $user = (new User(
+            name: 'Brent',
+            email: 'brendt@stitcher.io',
+        ))
+            ->setPassword('password')
+            ->save()
+            ->grantPermission($permission);
+
+        $this->assertTrue($user->hasPermission($permission));
+        $this->assertTrue($user->hasPermission('admin'));
+        $this->assertFalse($user->hasPermission('guest'));
+    }
+
+    public function test_permissions_are_not_duplicated(): void
+    {
+        $user = (new User(
+            name: 'Brent',
+            email: 'brendt@stitcher.io',
+        ))
+            ->setPassword('password')
+            ->save();
+
+        $user->grantPermission('admin');
+        $user->grantPermission(UserPermissionBackedEnum::ADMIN);
+
+        $permissions = Permission::all();
+
+        $this->assertCount(1, $permissions);
+    }
+
     public function test_revoke_permission(): void
     {
         $user = (new User(

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,8 @@`
`4`	`4`
`5`	`5`	`namespace Tempest\Auth;`
`6`	`6`
	`7`	`+use Tempest\Auth\Install\User;`
	`8`	`+`
`7`	`9`	`final class AuthConfig`
`8`	`10`	`{`
`9`	`11`	`public function __construct(`
Original file line number	Diff line number	Diff line change
`@@ -43,17 +43,17 @@ public function test_install_auth(): void`
`43`	`43`	`];`
`44`	`44`
`45`	`45`	`foreach ($publishItems as $publishItem) {`
`46`		`- $path = "App/{$publishItem}.php";`
	`46`	`+ $path = "App/Auth/{$publishItem}.php";`
`47`	`47`
`48`	`48`	`$this->installer`
`49`	`49`	`->assertFileExists($path)`
`50`		`- ->assertFileContains($path, 'namespace App;')`
	`50`	`+ ->assertFileContains($path, 'namespace App\Auth;')`
`51`	`51`	`->assertFileNotContains($path, 'DoNotDiscover');`
`52`	`52`	`}`
`53`	`53`
`54`	`54`	`$this->installer->assertFileContains(`
`55`		`- 'App/User.php',`
`56`		`- 'use App\UserPermission',`
	`55`	`+ 'App/Auth/User.php',`
	`56`	`+ 'use App\Auth\UserPermission',`
`57`	`57`	`);`
`58`	`58`	`}`
`59`	`59`	`}`