feat: Policies

Author: matteoc99

README.md

@@ -22,6 +22,7 @@ This Laravel package aims to store and manage user settings/preferences in a sim
     * [Available Casts](#available-casts)
     * [Custom Caster](#custom-caster)
 * [Custom Rules](#custom-rules)
+* [Policies](#policies)
 * [Routing](#routing)
     * [Anantomy](#anantomy)
     * [Example](#example)
@@ -235,6 +236,9 @@ Signature:
 - $user the logged in user
 - PolicyAction enum: the action the user wants to perform index/get/update/delete
 
+> this is just the bare minimum regarding Authorization.  
+> For more fine-grained authorization checks refer to [Policies](#policies)
+
 #### Example implementation:
 
 ```php
@@ -375,6 +379,35 @@ class MyRule implements ValidationRule
             ->withRule(new MyRule("Europe","Asia"))
 ```
 
+## Policies
+
+each preference can have a Policy, should [isUserAuthorized](#isuserauthorized) not be enough for your usecase
+
+### Creating policies
+
+implement `PreferencePolicy` and the 4 methods defined by the contract
+
+| parameter                   | description                                                |   
+|-----------------------------|------------------------------------------------------------|
+| Authenticatable $user       | the currently logged in user, if any                       |
+| PreferenceableModel $model  | the model on which you are trying to modify the preference |
+| PreferenceGroup $preference | the preference enum in question                            |
+
+### Adding policies
+
+````php
+    PreferenceBuilder::init(Preferences::LANGUAGE)
+        ->withPolicy(new MyPolicy())
+        ->updateOrCreate()
+
+
+    PreferenceBuilder::initBulk([
+        'name' => Preferences::LANGUAGE,
+        'policy' => new MyPolicy()
+     ]);
+
+````
+
 ## Routing
 
 off by default, enable it in the config

database/migrations/2024_04_14_10000_switch_from_json_to_text.php

@@ -12,9 +12,9 @@ public function up()
         $preferenceTable = (new Preference())->getTable();
 
         Schema::table($preferenceTable, function (Blueprint $table) {
-            $table->text('policy')->change();
-            $table->text('cast')->change();
-            $table->text('rule')->change();
+            $table->text('policy')->nullable()->change();
+            $table->text('cast')->nullable()->change();
+            $table->text('rule')->nullable()->change();
         });
     }
 
@@ -23,9 +23,9 @@ public function down()
         $preferenceTable = (new Preference())->getTable();
 
         Schema::table($preferenceTable, function (Blueprint $table) {
-            $table->json('policy')->change();
-            $table->json('cast')->change();
-            $table->json('rule')->change();
+            $table->json('policy')->nullable()->change();
+            $table->json('cast')->nullable()->change();
+            $table->json('rule')->nullable()->change();
         });
     }
 };

src/Contracts/PreferencePolicy.php

@@ -7,11 +7,11 @@
 
 interface PreferencePolicy
 {
-    public function index(Authenticatable $user, string $preferences): bool;
+    public function index(?Authenticatable $user, PreferenceableModel $model, PreferenceGroup $preference): bool;
 
-    public function get(Authenticatable $user, Preference $preference, mixed $value): bool;
+    public function get(?Authenticatable $user, PreferenceableModel $model, PreferenceGroup $preference): bool;
 
-    public function update(Authenticatable $user, Preference $preference, mixed $value): bool;
+    public function update(?Authenticatable $user, PreferenceableModel $model, PreferenceGroup $preference): bool;
 
-    public function delete(Authenticatable $user, Preference $preference, mixed $value): bool;
+    public function delete(?Authenticatable $user, PreferenceableModel $model, PreferenceGroup $preference): bool;
 }

src/Traits/HasPreferences.php

@@ -8,6 +8,7 @@
 use Illuminate\Support\Facades\Auth;
 use Illuminate\Validation\ValidationException;
 use Matteoc99\LaravelPreference\Contracts\PreferenceGroup;
+use Matteoc99\LaravelPreference\Contracts\PreferencePolicy;
 use Matteoc99\LaravelPreference\Enums\PolicyAction;
 use Matteoc99\LaravelPreference\Exceptions\PreferenceNotFoundException;
 use Matteoc99\LaravelPreference\Models\Preference;
@@ -40,9 +41,8 @@ private function userPreferences(): MorphMany
     public function getPreference(PreferenceGroup|Preference $preference, mixed $default = null): mixed
     {
 
-        $this->authorize(PolicyAction::GET);
 
-        $preference = $this->validateAndRetrievePreference($preference);
+        $preference = $this->validateAndRetrievePreference($preference, PolicyAction::GET);
 
         $userPreference = $this->userPreferences()->where('preference_id', $preference->id)->first();
 
@@ -65,9 +65,8 @@ public function getPreference(PreferenceGroup|Preference $preference, mixed $def
      */
     public function setPreference(PreferenceGroup|Preference $preference, mixed $value): void
     {
-        $this->authorize(PolicyAction::UPDATE);
 
-        $preference = $this->validateAndRetrievePreference($preference);
+        $preference = $this->validateAndRetrievePreference($preference, PolicyAction::UPDATE);
 
         ValidationHelper::validateValue(
             $value,
@@ -90,9 +89,8 @@ public function setPreference(PreferenceGroup|Preference $preference, mixed $val
      */
     public function removePreference(PreferenceGroup|Preference $preference): int
     {
-        $this->authorize(PolicyAction::DELETE);
 
-        $preference = $this->validateAndRetrievePreference($preference);
+        $preference = $this->validateAndRetrievePreference($preference, PolicyAction::DELETE);
 
 
         return $this->userPreferences()->where('preference_id', $preference->id)->delete();
@@ -123,13 +121,17 @@ public function getPreferences(string $group = null): Collection
      * Validate existence of a preference and retrieve it.
      *
      * @param PreferenceGroup|Preference $preference Preference name.
+     * @param PolicyAction               $action
      *
      * @return Preference
-     * @throws PreferenceNotFoundException If preference not found.
+     * @throws AuthorizationException
+     * @throws PreferenceNotFoundException
      */
-    private function validateAndRetrievePreference(PreferenceGroup|Preference $preference): Preference
+    private function validateAndRetrievePreference(PreferenceGroup|Preference $preference, PolicyAction $action): Preference
     {
 
+        $this->authorize($action);
+
         if (!$preference instanceof Preference) {
 
             SerializeHelper::conformNameAndGroup($preference, $group);
@@ -141,7 +143,27 @@ private function validateAndRetrievePreference(PreferenceGroup|Preference $prefe
             throw new PreferenceNotFoundException("Preference not found: $preference in group $group");
         }
 
-        //Todo Gate
+        if (!empty($preference->policy)) {
+            $policy     = $preference->policy;
+            $authorized = false;
+
+            $enum = SerializeHelper::reversePreferenceToEnum($preference);
+
+            if ($policy instanceof PreferencePolicy) {
+                $authorized = match ($action) {
+                    PolicyAction::INDEX => $policy->index(Auth::user(), $this, $enum),
+                    PolicyAction::GET => $policy->get(Auth::user(), $this, $enum),
+                    PolicyAction::UPDATE => $policy->update(Auth::user(), $this, $enum),
+                    PolicyAction::DELETE => $policy->delete(Auth::user(), $this, $enum),
+                    default => throw new AuthorizationException("Unknown Policy: " . $action->name),
+                };
+            }
+
+            if (!$authorized) {
+                throw new AuthorizationException("The user is not authorized to perform the action: " . $action->name);
+            }
+
+        }
 
         return $preference;
     }

src/Utils/SerializeHelper.php

@@ -5,6 +5,7 @@
 use BackedEnum;
 use InvalidArgumentException;
 use Matteoc99\LaravelPreference\Contracts\PreferenceGroup;
+use Matteoc99\LaravelPreference\Models\Preference;
 use RuntimeException;
 
 class SerializeHelper
@@ -16,6 +17,14 @@ public static function enumToString(PreferenceGroup|string $value): string
         return $value->value;
     }
 
+    /**
+     * splits a preference enum into name and group as string
+     *
+     * @param PreferenceGroup|string $name
+     * @param string|null            $group
+     *
+     * @return void
+     */
     public static function conformNameAndGroup(PreferenceGroup|string &$name, string|null &$group): void
     {
         //auto set group scope for enums
@@ -29,4 +38,29 @@ public static function conformNameAndGroup(PreferenceGroup|string &$name, string
 
         $name = SerializeHelper::enumToString($name);
     }
+
+    /**
+     * inverse of the above, reconstructs the original enum
+     *
+     * @param Preference $preference
+     *
+     * @return PreferenceGroup
+     */
+    public static function reversePreferenceToEnum(Preference $preference): PreferenceGroup
+    {
+
+        $enumClass = $preference->group;
+        $enumValue = $preference->name;
+
+        if (!class_exists($enumClass)) {
+            throw new InvalidArgumentException("Enum class $enumClass does not exist.");
+        }
+
+        if (!in_array(BackedEnum::class, class_implements($enumClass))) {
+            throw new InvalidArgumentException("Enum class $enumClass must be a backed enum.");
+        }
+
+        return $enumClass::tryFrom($enumValue);
+
+    }
 }

tests/PolicyTest.php

@@ -0,0 +1,56 @@
+<?php
+
+namespace Matteoc99\LaravelPreference\Tests;
+
+use Illuminate\Auth\Access\AuthorizationException;
+use Illuminate\Support\Facades\Auth;
+use Matteoc99\LaravelPreference\Factory\PreferenceBuilder;
+use Matteoc99\LaravelPreference\Tests\TestSubjects\Enums\General;
+use Matteoc99\LaravelPreference\Tests\TestSubjects\Policies\MyPolicy;
+
+class PolicyTest extends TestCase
+{
+
+    private MyPolicy $policy;
+
+    public function setUp(): void
+    {
+        parent::setUp();
+
+        $this->policy = new MyPolicy();
+        PreferenceBuilder::init(General::LANGUAGE)->withPolicy($this->policy)->nullable()->create();
+    }
+
+    /** @test */
+    public function no_user_fails_auth()
+    {
+        Auth::logout();
+        $this->expectException(AuthorizationException::class);
+        $this->testUser->setPreference(General::LANGUAGE, "it");
+    }
+
+    /** @test */
+    public function test_user_can_set_and_get_preference()
+    {
+        Auth::login($this->testUser);
+        $this->testUser->setPreference(General::LANGUAGE, "it");
+
+        $this->assertEquals('it', $this->testUser->getPreference(General::LANGUAGE));
+    }
+
+    /** @test */
+    public function test_user_can_not_set_and_get_admin()
+    {
+        Auth::login($this->testUser);
+        $this->expectException(AuthorizationException::class);
+        $this->adminUser->setPreference(General::LANGUAGE, "it");
+    }
+
+    /** @test */
+    public function noone_can_delete()
+    {
+        $this->expectException(AuthorizationException::class);
+        $this->adminUser->removePreference(General::LANGUAGE,);
+    }
+
+}

tests/TestCase.php

@@ -7,7 +7,6 @@
 use Illuminate\Foundation\Application;
 use Illuminate\Foundation\Testing\RefreshDatabase;
 use Illuminate\Support\Facades\Auth;
-use Illuminate\Support\Facades\Schema;
 use Matteoc99\LaravelPreference\PreferenceServiceProvider;
 use Matteoc99\LaravelPreference\Tests\TestSubjects\Models\User;
 
@@ -17,6 +16,7 @@ class TestCase extends \Orchestra\Testbench\TestCase
 
     protected User $testUser;
     protected User $otherUser;
+    protected User $adminUser;
 
     public function setUp(): void
     {
@@ -35,8 +35,14 @@ public function setUp(): void
         $this->testUser = new User([
             'email' => '[email protected]'
         ]);
+
+        $this->adminUser = new User([
+            'email' => '[email protected]',
+            'admin' => true,
+        ]);
         $this->testUser->save();
         $this->otherUser->save();
+        $this->adminUser->save();
 
         Auth::login($this->testUser);
     }
@@ -90,6 +96,7 @@ protected function setUpDatabase()
         $this->getSchema()->create('users', function (Blueprint $table) {
             $table->increments('id');
             $table->string('email');
+            $table->boolean('admin')->default(false);
             $table->softDeletes();
             $table->timestamps();
         });

tests/TestSubjects/Models/User.php

@@ -11,10 +11,10 @@ class User extends \Illuminate\Foundation\Auth\User implements PreferenceableMod
 {
     use HasPreferences;
 
-    protected $fillable = ['email'];
+    protected $fillable = ['email', "admin"];
 
     public function isUserAuthorized(?Authenticatable $user, PolicyAction $action): bool
     {
-        return $user?->id == $this->id ;
+        return $user?->id == $this->id;
     }
 }