|
18 | 18 | use ApiPlatform\Metadata\ResourceAccessCheckerInterface; |
19 | 19 | use ApiPlatform\State\ProviderInterface; |
20 | 20 | use ApiPlatform\Symfony\Security\Exception\AccessDeniedException; |
| 21 | +use ApiPlatform\Symfony\Security\ObjectVariableCheckerInterface; |
21 | 22 | use ApiPlatform\Symfony\Security\State\AccessCheckerProvider; |
22 | 23 | use ApiPlatform\Tests\Fixtures\DummyEntity; |
23 | 24 | use PHPUnit\Framework\TestCase; |
@@ -61,6 +62,44 @@ public function testCheckAccessWithEventPostValidate(): void |
61 | 62 | $accessChecker->provide($operation, [], []); |
62 | 63 | } |
63 | 64 |
|
| 65 | + public function testPreReadSkipsSecurityWhenResourceAccessCheckerIsDecorated(): void |
| 66 | + { |
| 67 | + $obj = new \stdClass(); |
| 68 | + $operation = new Get(class: DummyEntity::class, security: 'is_granted("ROLE_ADMIN")'); |
| 69 | + $decorated = $this->createMock(ProviderInterface::class); |
| 70 | + $decorated->expects($this->once())->method('provide')->willReturn($obj); |
| 71 | + $resourceAccessChecker = $this->createMock(ResourceAccessCheckerInterface::class); |
| 72 | + $resourceAccessChecker->expects($this->never())->method('isGranted'); |
| 73 | + $accessChecker = new AccessCheckerProvider($decorated, $resourceAccessChecker, 'pre_read'); |
| 74 | + $this->assertSame($obj, $accessChecker->provide($operation, [], [])); |
| 75 | + } |
| 76 | + |
| 77 | + public function testPreReadChecksSecurityWhenObjectVariableIsNotUsed(): void |
| 78 | + { |
| 79 | + $obj = new \stdClass(); |
| 80 | + $operation = new Get(class: DummyEntity::class, security: 'is_granted("ROLE_ADMIN")'); |
| 81 | + $decorated = $this->createMock(ProviderInterface::class); |
| 82 | + $decorated->expects($this->once())->method('provide')->willReturn($obj); |
| 83 | + $resourceAccessChecker = $this->createMock(ResourceAccessCheckerWithObjectVariableInterface::class); |
| 84 | + $resourceAccessChecker->method('usesObjectVariable')->willReturn(false); |
| 85 | + $resourceAccessChecker->expects($this->once())->method('isGranted')->with(DummyEntity::class, 'is_granted("ROLE_ADMIN")', ['object' => null, 'previous_object' => null, 'request' => null])->willReturn(true); |
| 86 | + $accessChecker = new AccessCheckerProvider($decorated, $resourceAccessChecker, 'pre_read'); |
| 87 | + $this->assertSame($obj, $accessChecker->provide($operation, [], [])); |
| 88 | + } |
| 89 | + |
| 90 | + public function testPreReadSkipsSecurityWhenObjectVariableIsUsed(): void |
| 91 | + { |
| 92 | + $obj = new \stdClass(); |
| 93 | + $operation = new Get(class: DummyEntity::class, security: 'is_granted("ROLE_ADMIN") and object.owner == user'); |
| 94 | + $decorated = $this->createMock(ProviderInterface::class); |
| 95 | + $decorated->expects($this->once())->method('provide')->willReturn($obj); |
| 96 | + $resourceAccessChecker = $this->createMock(ResourceAccessCheckerWithObjectVariableInterface::class); |
| 97 | + $resourceAccessChecker->method('usesObjectVariable')->willReturn(true); |
| 98 | + $resourceAccessChecker->expects($this->never())->method('isGranted'); |
| 99 | + $accessChecker = new AccessCheckerProvider($decorated, $resourceAccessChecker, 'pre_read'); |
| 100 | + $this->assertSame($obj, $accessChecker->provide($operation, [], [])); |
| 101 | + } |
| 102 | + |
64 | 103 | public function testCheckAccessDenied(): void |
65 | 104 | { |
66 | 105 | $this->expectException(AccessDeniedException::class); |
@@ -91,3 +130,7 @@ public function testCheckAccessDeniedWithGraphQl(): void |
91 | 130 | $accessChecker->provide($operation, [], []); |
92 | 131 | } |
93 | 132 | } |
| 133 | + |
| 134 | +interface ResourceAccessCheckerWithObjectVariableInterface extends ResourceAccessCheckerInterface, ObjectVariableCheckerInterface |
| 135 | +{ |
| 136 | +} |
0 commit comments