preferencable authorization

matteoc99 · matteoc99 · commit de01aaede888 · 2024-04-01T18:37:58.000+02:00
diff --git a/.github/workflows/tests.yml b/.github/workflows/tests.yml
@@ -39,9 +39,4 @@ jobs:
           composer require "laravel/framework:${{ matrix.laravel }}" "orchestra/testbench:${{ matrix.testbench }}"
           composer update
       - name: Execute tests
-        run: vendor/bin/phpunit ./tests
-      - name: Upload coverage reports to Codecov
-        uses: codecov/codecov-action@v4.0.1
-        with:
-          token: ${{ secrets.CODECOV_TOKEN }}
-          slug: matteoc99/laravel-preference
+        run: vendor/bin/phpunit ./tests
diff --git a/routes/api.php b/routes/api.php
@@ -24,8 +24,8 @@
                     ->name($name . ".get");
                 Route::match(['PUT', 'PATCH'], "{scope_id}/$group/{preference}", [PreferenceController::class, 'update'])
                     ->name($name . ".update");
-                Route::delete("{scope_id}/$group/{preference}", [PreferenceController::class, 'destroy'])
-                    ->name($name . ".destroy");
+                Route::delete("{scope_id}/$group/{preference}", [PreferenceController::class, 'delete'])
+                    ->name($name . ".delete");
             }
         });
     }
diff --git a/src/Contracts/PreferenceableModel.php b/src/Contracts/PreferenceableModel.php
@@ -2,8 +2,10 @@
 
 namespace Matteoc99\LaravelPreference\Contracts;
 
+use Illuminate\Contracts\Auth\Authenticatable;
 use Illuminate\Support\Collection;
 use Illuminate\Validation\ValidationException;
+use Matteoc99\LaravelPreference\Enums\PolicyAction;
 use Matteoc99\LaravelPreference\Exceptions\PreferenceNotFoundException;
 
 interface PreferenceableModel
@@ -49,4 +51,15 @@ public function setPreference(PreferenceGroup $name, mixed $value): void;
      */
     public function getPreference(PreferenceGroup $name, mixed $default = null): mixed;
 
+
+    /**
+     * check if the user is authorized
+     *
+     * @param Authenticatable|null $user
+     * @param PolicyAction         $action
+     *
+     * @return bool
+     */
+    public function isUserAuthorized(?Authenticatable $user, PolicyAction $action): bool;
+
 }
diff --git a/src/Enums/PolicyAction.php b/src/Enums/PolicyAction.php
@@ -0,0 +1,11 @@
+<?php
+
+namespace Matteoc99\LaravelPreference\Enums;
+
+enum PolicyAction
+{
+    case INDEX;
+    case GET;
+    case UPDATE;
+    case DELETE;
+}
diff --git a/src/Http/Controllers/PreferenceController.php b/src/Http/Controllers/PreferenceController.php
@@ -55,7 +55,7 @@ public function update(PreferenceUpdateRequest $request): JsonResponse
         );
     }
 
-    public function destroy(Request $request): JsonResponse
+    public function delete(Request $request): JsonResponse
     {
         $this->scope->removePreference($this->group);
 
diff --git a/src/Http/Middlewares/PreferenceMiddleware.php b/src/Http/Middlewares/PreferenceMiddleware.php
@@ -3,9 +3,12 @@
 namespace Matteoc99\LaravelPreference\Http\Middlewares;
 
 use Closure;
+use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Http\Request;
 use Illuminate\Http\Response;
 use Matteoc99\LaravelPreference\Exceptions\PreferenceNotFoundException;
+use Symfony\Component\HttpKernel\Exception\HttpException;
+use Symfony\Component\HttpKernel\Exception\NotFoundHttpException;
 
 class PreferenceMiddleware
 {
@@ -14,11 +17,11 @@ public function handle(Request $request, Closure $next)
 
         /**@var Response $response * */
         $response = $next($request);
-        if ($response->exception) {
-            return match ($response?->exception::class) {
-                PreferenceNotFoundException::class => response()->json([
-                    'error' => $response->exception->getMessage()
-                ], 404),
+        $e        = $response?->exception;
+        if ($e) {
+            return match ($e::class) {
+                PreferenceNotFoundException::class => throw new NotFoundHttpException($e->getMessage(), $e),
+                AuthorizationException::class => throw new HttpException(403, $e->getMessage(), $e),
                 default => $response,
             };
         }
diff --git a/src/Traits/HasPreferences.php b/src/Traits/HasPreferences.php
@@ -2,11 +2,14 @@
 
 namespace Matteoc99\LaravelPreference\Traits;
 
+use Illuminate\Auth\Access\AuthorizationException;
 use Illuminate\Database\Eloquent\Relations\MorphMany;
 use Illuminate\Support\Collection;
+use Illuminate\Support\Facades\Auth;
 use Illuminate\Support\Facades\Validator;
 use Illuminate\Validation\ValidationException;
 use Matteoc99\LaravelPreference\Contracts\PreferenceGroup;
+use Matteoc99\LaravelPreference\Enums\PolicyAction;
 use Matteoc99\LaravelPreference\Exceptions\PreferenceNotFoundException;
 use Matteoc99\LaravelPreference\Models\Preference;
 use Matteoc99\LaravelPreference\Models\UserPreference;
@@ -32,6 +35,7 @@ private function userPreferences(): MorphMany
      */
     public function getPreference(PreferenceGroup $name, mixed $default = null): mixed
     {
+        $this->authorize(PolicyAction::GET);
         SerializeHelper::conformNameAndGroup($name, $group);
         /**@var string $name * */
         $preference = $this->validateAndRetrievePreference($name, $group);
@@ -43,19 +47,6 @@ public function getPreference(PreferenceGroup $name, mixed $default = null): mix
         return $userPreference?->value ?? $this->getDefaultPreferenceValue($name, $group) ?? $default;
     }
 
-    /**
-     * Retrieve the default value for a preference from its configuration.
-     *
-     * @param string $name
-     * @param string $group
-     *
-     * @return mixed
-     */
-    private function getDefaultPreferenceValue(string $name, string $group): mixed
-    {
-        return Preference::where('group', $group)->where('name', $name)->first()?->default_value ?? null;
-    }
-
     /**
      * Set a preference value, handling validation and persistence.
      *
@@ -67,6 +58,7 @@ private function getDefaultPreferenceValue(string $name, string $group): mixed
      */
     public function setPreference(PreferenceGroup $name, mixed $value): void
     {
+        $this->authorize(PolicyAction::UPDATE);
 
         SerializeHelper::conformNameAndGroup($name, $group);
         /**@var string $name * */
@@ -93,6 +85,8 @@ public function setPreference(PreferenceGroup $name, mixed $value): void
      */
     public function removePreference(PreferenceGroup $name): int
     {
+        $this->authorize(PolicyAction::DELETE);
+
         SerializeHelper::conformNameAndGroup($name, $group);
         /**@var string $name * */
         $preference = $this->validateAndRetrievePreference($name, $group);
@@ -109,6 +103,8 @@ public function removePreference(PreferenceGroup $name): int
      */
     public function getPreferences(string $group = null): Collection
     {
+        $this->authorize(PolicyAction::INDEX);
+
         $query = $this->userPreferences()->with('preference');
 
         if ($group) {
@@ -130,4 +126,17 @@ private function validateAndRetrievePreference(string $name, string $group): Pre
         }
         return $preference;
     }
+
+
+    private function getDefaultPreferenceValue(string $name, string $group): mixed
+    {
+        return Preference::where('group', $group)->where('name', $name)->first()?->default_value ?? null;
+    }
+
+    private function authorize(PolicyAction $action): void
+    {
+        if (!$this->isUserAuthorized(Auth::user(), $action)) {
+            throw new AuthorizationException("the user is not authorized to perform the action: " . $action->name);
+        }
+    }
 }
diff --git a/tests/ApiTest/ApiTestCase.php b/tests/ApiTest/ApiTestCase.php
@@ -16,16 +16,12 @@
 class ApiTestCase extends TestCase
 {
 
-    protected Preference $dummyPref;
-
     public function setUp(): void
     {
         parent::setUp();
 
-        $this->dummyPref = PreferenceBuilder::init(General::LANGUAGE)->withRule(new InRule('it', 'en', 'de'))->create();
-        PreferenceBuilder::init(VideoPreferences::QUALITY, Cast::INT)->withDefaultValue(2)->withRule(new LowerThanRule(5))->create();
+        PreferenceBuilder::init(General::LANGUAGE)->withRule(new InRule('it', 'en', 'de'))->create();
     }
-
     /**
      * Define environment setup.
      *
diff --git a/tests/ApiTest/DeleteTest.php b/tests/ApiTest/DeleteTest.php
@@ -0,0 +1,37 @@
+<?php
+
+namespace Matteoc99\LaravelPreference\Tests\ApiTest;
+
+class DeleteTest extends ApiTestCase
+{
+    /** @test */
+    public function test_delete_action()
+    {
+
+        $response = $this->delete(route('preferences.user.general.delete', ['scope_id' => 1,'preference' => 'language']));
+
+        $response->assertStatus(200);
+    }
+
+    public function test_delete_invalid_scope()
+    {
+        $response = $this->delete(route('preferences.user.general.delete', ['scope_id' => 200, 'preference' => 'language']));
+
+        $response->assertNotFound();
+    }
+    public function test_delete_invalid_permission()
+    {
+        $response = $this->delete(route('preferences.user.general.delete', ['scope_id' => 2, 'preference' => 'language']));
+
+        $response->assertForbidden();
+    }
+
+    /** @test */
+
+    public function test_delete_invalid_pref()
+    {
+        $response = $this->delete(route('preferences.user.general.delete', ['scope_id' => 1, 'preference' => 'languageee']));
+
+        $response->assertNotFound();
+    }
+}
diff --git a/tests/ApiTest/DestroyTest.php b/tests/ApiTest/DestroyTest.php
diff --git a/tests/ApiTest/GetTest.php b/tests/ApiTest/GetTest.php
@@ -17,10 +17,18 @@ public function test_get_action()
 
     public function test_get_invalid_scope()
     {
-        $response = $this->get(route('preferences.user.general.get', ['scope_id' => 2, 'preference' => 'language']));
+        $response = $this->get(route('preferences.user.general.get', ['scope_id' => 200, 'preference' => 'language']));
 
         $response->assertNotFound();
     }
+    /** @test */
+
+    public function test_get_invalid_permission()
+    {
+        $response = $this->get(route('preferences.user.general.get', ['scope_id' => 2, 'preference' => 'language']));
+
+        $response->assertForbidden();
+    }
 
     /** @test */
     public function test_get_invalid_pref()
diff --git a/tests/ApiTest/IndexTest.php b/tests/ApiTest/IndexTest.php
@@ -17,7 +17,7 @@ public function test_index_action()
 
     public function test_index_invalid_scope()
     {
-        $response = $this->get(route('preferences.user.general.index', ['scope_id' => 2]));
+        $response = $this->get(route('preferences.user.general.index', ['scope_id' => 200]));
 
         $response->assertNotFound();
     }
diff --git a/tests/ApiTest/UpdateTest.php b/tests/ApiTest/UpdateTest.php
@@ -41,7 +41,7 @@ public function test_update_success_action()
 
     public function test_update_invalid_scope()
     {
-        $response = $this->patch(route('preferences.user.general.update', ['scope_id' => 2, 'preference' => 'language']));
+        $response = $this->patch(route('preferences.user.general.update', ['scope_id' => 200, 'preference' => 'language']));
 
         $response->assertNotFound();
     }
diff --git a/tests/ApiTest/WorkflowTest.php b/tests/ApiTest/WorkflowTest.php
@@ -2,10 +2,19 @@
 
 namespace Matteoc99\LaravelPreference\Tests\ApiTest;
 
+use Matteoc99\LaravelPreference\Enums\Cast;
+use Matteoc99\LaravelPreference\Factory\PreferenceBuilder;
+use Matteoc99\LaravelPreference\Rules\InRule;
+use Matteoc99\LaravelPreference\Tests\TestSubjects\Enums\General;
+use Matteoc99\LaravelPreference\Tests\TestSubjects\Enums\VideoPreferences;
+use Matteoc99\LaravelPreference\Tests\TestSubjects\Models\LowerThanRule;
+
 class WorkflowTest extends ApiTestCase
 {
 
 
+
+
     /** @test */
     public function test_workflow()
     {
@@ -19,8 +28,9 @@ public function test_workflow()
     }
 
     /** @test */
-    public function test_get_and_set()
+    public function test_int_workflow()
     {
+        PreferenceBuilder::init(VideoPreferences::QUALITY, Cast::INT)->withDefaultValue(2)->withRule(new LowerThanRule(5))->create();
 
         $video = $this->get(route('preferences.user.video.get', ['scope_id' => 1, 'preference' => 'quality']));
         $video->assertSuccessful();
@@ -32,6 +42,9 @@ public function test_get_and_set()
         ]);
         $video->assertJson(['value'=>4]);
 
+        $video = $this->delete(route('preferences.user.video.delete', ['scope_id' => 1, 'preference' => 'quality']));
+
+        $video->assertJson(['value'=>2]);
 
         $video = $this->patch(route('preferences.user.video.update', ['scope_id' => 1, 'preference' => 'quality']),[
             'value'=>40
diff --git a/tests/TestCase.php b/tests/TestCase.php
diff --git a/tests/TestSubjects/Models/User.php b/tests/TestSubjects/Models/User.php

Original file line number	Diff line number	Diff line change
`@@ -24,8 +24,8 @@`
`24`	`24`	`->name($name . ".get");`
`25`	`25`	`Route::match(['PUT', 'PATCH'], "{scope_id}/$group/{preference}", [PreferenceController::class, 'update'])`
`26`	`26`	`->name($name . ".update");`
`27`		`- Route::delete("{scope_id}/$group/{preference}", [PreferenceController::class, 'destroy'])`
`28`		`- ->name($name . ".destroy");`
	`27`	`+ Route::delete("{scope_id}/$group/{preference}", [PreferenceController::class, 'delete'])`
	`28`	`+ ->name($name . ".delete");`
`29`	`29`	`}`
`30`	`30`	`});`
`31`	`31`	`}`
Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@ public function update(PreferenceUpdateRequest $request): JsonResponse`
`55`	`55`	`);`
`56`	`56`	`}`
`57`	`57`
`58`		`- public function destroy(Request $request): JsonResponse`
	`58`	`+ public function delete(Request $request): JsonResponse`
`59`	`59`	`{`
`60`	`60`	`$this->scope->removePreference($this->group);`
`61`	`61`
Original file line number	Diff line number	Diff line change
`@@ -16,16 +16,12 @@`
`16`	`16`	`class ApiTestCase extends TestCase`
`17`	`17`	`{`
`18`	`18`
`19`		`- protected Preference $dummyPref;`
`20`		`-`
`21`	`19`	`public function setUp(): void`
`22`	`20`	`{`
`23`	`21`	`parent::setUp();`
`24`	`22`
`25`		`- $this->dummyPref = PreferenceBuilder::init(General::LANGUAGE)->withRule(new InRule('it', 'en', 'de'))->create();`
`26`		`- PreferenceBuilder::init(VideoPreferences::QUALITY, Cast::INT)->withDefaultValue(2)->withRule(new LowerThanRule(5))->create();`
	`23`	`+ PreferenceBuilder::init(General::LANGUAGE)->withRule(new InRule('it', 'en', 'de'))->create();`
`27`	`24`	`}`
`28`		`-`
`29`	`25`	`/**`
`30`	`26`	`* Define environment setup.`
`31`	`27`	`*`
Original file line number	Diff line number	Diff line change
`@@ -17,7 +17,7 @@ public function test_index_action()`
`17`	`17`
`18`	`18`	`public function test_index_invalid_scope()`
`19`	`19`	`{`
`20`		`- $response = $this->get(route('preferences.user.general.index', ['scope_id' => 2]));`
	`20`	`+ $response = $this->get(route('preferences.user.general.index', ['scope_id' => 200]));`
`21`	`21`
`22`	`22`	`$response->assertNotFound();`
`23`	`23`	`}`
Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ public function test_update_success_action()`
`41`	`41`
`42`	`42`	`public function test_update_invalid_scope()`
`43`	`43`	`{`
`44`		`- $response = $this->patch(route('preferences.user.general.update', ['scope_id' => 2, 'preference' => 'language']));`
	`44`	`+ $response = $this->patch(route('preferences.user.general.update', ['scope_id' => 200, 'preference' => 'language']));`
`45`	`45`
`46`	`46`	`$response->assertNotFound();`
`47`	`47`	`}`