mirror of
https://github.com/kevinveenbirkenbach/infinito.git
synced 2025-01-10 06:27:24 +01:00
Optimized draft for LawPermissionChecker
This commit is contained in:
parent
8afb91c690
commit
7575ef5edf
@ -2,116 +2,117 @@
|
|||||||
|
|
||||||
namespace App\Domain\LawManagement;
|
namespace App\Domain\LawManagement;
|
||||||
|
|
||||||
use App\Entity\Source\SourceInterface;
|
|
||||||
use PhpCollection\CollectionInterface;
|
use PhpCollection\CollectionInterface;
|
||||||
use Doctrine\Common\Collections\ArrayCollection;
|
use Doctrine\Common\Collections\ArrayCollection;
|
||||||
use App\Entity\Meta\RightInterface;
|
use App\Entity\Meta\RightInterface;
|
||||||
use Doctrine\Common\Collections\Collection;
|
use Doctrine\Common\Collections\Collection;
|
||||||
|
use App\Entity\Meta\LawInterface;
|
||||||
|
use App\Domain\RightManagement\RightChecker;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @todo Implement checking by operation sources
|
* @todo Implement checking by operation sources
|
||||||
|
* @todo chek if recievers are still neccessary and if they should be implemented
|
||||||
*
|
*
|
||||||
* @author kevinfrantz
|
* @author kevinfrantz
|
||||||
*/
|
*/
|
||||||
class LawPermissionCheckerService implements LawPermissionCheckerServiceInterface
|
final class LawPermissionCheckerService implements LawPermissionCheckerServiceInterface
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* @var SourceInterface
|
* @var LawInterface
|
||||||
*/
|
*/
|
||||||
private $clientSource;
|
private $law;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @var SourceInterface
|
* @param Collection|RightInterface[] $rights
|
||||||
*/
|
* @param string $value
|
||||||
private $requestedSource;
|
* @param string $attribut
|
||||||
|
|
||||||
/**
|
|
||||||
* @var
|
|
||||||
*/
|
|
||||||
private $permissionType;
|
|
||||||
|
|
||||||
private function getRightsByPermission(Collection $rights): Collection
|
|
||||||
{
|
|
||||||
$result = new ArrayCollection();
|
|
||||||
/*
|
|
||||||
* @var RightInterface
|
|
||||||
*/
|
|
||||||
foreach ($rights as $right) {
|
|
||||||
if ($right->getType() === $this->permissionType) {
|
|
||||||
$result->add($right);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return $result;
|
|
||||||
}
|
|
||||||
|
|
||||||
private function getRightsByClient(Collection $rights): Collection
|
|
||||||
{
|
|
||||||
$result = new ArrayCollection();
|
|
||||||
/*
|
|
||||||
* @var RightInterface
|
|
||||||
*/
|
|
||||||
foreach ($rights as $right) {
|
|
||||||
if ($right->getReciever() === $this->clientSource) {
|
|
||||||
$result->add($right);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
return $result;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @todo Implement
|
|
||||||
*
|
*
|
||||||
* @return CollectionInterface the sources to which the client belongs to
|
* @return Collection|RightInterface[]
|
||||||
*/
|
*/
|
||||||
private function getAllClientMemberships(): Collection
|
private function getFilteredRights(Collection $rights, string $value, string $attribut): Collection
|
||||||
{
|
{
|
||||||
|
$result = new ArrayCollection();
|
||||||
|
foreach ($rights as $right) {
|
||||||
|
if ($right->{'get'.$attribut}() === $value) {
|
||||||
|
$result->add($right);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param Collection|RightInterface[] $rights
|
||||||
|
* @param string $type
|
||||||
|
*
|
||||||
|
* @return Collection
|
||||||
|
*/
|
||||||
|
private function getRightsByType(Collection $rights, string $type): Collection
|
||||||
|
{
|
||||||
|
return $this->getFilteredRights($rights, $type, 'Type');
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param Collection|RightInterface[] $rights
|
||||||
|
* @param string $layer
|
||||||
|
*
|
||||||
|
* @return Collection
|
||||||
|
*/
|
||||||
|
private function getRightsByLayer(Collection $rights, string $layer): Collection
|
||||||
|
{
|
||||||
|
return $this->getFilteredRights($rights, $layer, 'Layer');
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @todo seems like this can be solved on a nicer way
|
||||||
|
*
|
||||||
|
* @param Collection|RightInterface[] $rights
|
||||||
|
*
|
||||||
|
* @return Collection|RightInterface[]
|
||||||
|
*/
|
||||||
private function sortByPriority(Collection $rights): Collection
|
private function sortByPriority(Collection $rights): Collection
|
||||||
{
|
{
|
||||||
|
$iterator = $rights->getIterator();
|
||||||
|
$iterator->uasort(function ($first, $second) {
|
||||||
|
return (int) $first->getPriority() > (int) $second->getPriority() ? 1 : -1;
|
||||||
|
});
|
||||||
|
$sorted = new ArrayCollection();
|
||||||
|
foreach ($iterator as $right) {
|
||||||
|
$sorted->add($right);
|
||||||
|
}
|
||||||
|
|
||||||
|
return $sorted;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @todo Implement priority function for locking
|
* @param CollectionInterface|RightInterface[] $rights
|
||||||
*
|
* the rights which exist
|
||||||
* @param CollectionInterface $rights the rights which exist
|
|
||||||
*
|
*
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
private function isGranted(CollectionInterface $rights): bool
|
private function isGranted(Collection $rights, RightInterface $client): bool
|
||||||
{
|
{
|
||||||
/*
|
if (0 === $rights->count()) {
|
||||||
* @var RightInterface
|
return false;
|
||||||
*/
|
|
||||||
foreach ($rights as $right) {
|
|
||||||
if ($clientSources->contains($right)) {
|
|
||||||
}
|
}
|
||||||
|
$right = $rights[0];
|
||||||
|
$rightChecker = new RightChecker($right);
|
||||||
|
|
||||||
|
return $rightChecker->isGranted($client->getLayer(), $client->getType(), $client->getSource());
|
||||||
}
|
}
|
||||||
|
|
||||||
return $result;
|
public function __construct(LawInterface $law)
|
||||||
|
{
|
||||||
|
$this->law = $law;
|
||||||
}
|
}
|
||||||
|
|
||||||
public function checkPermission(): bool
|
public function hasPermission(RightInterface $client): bool
|
||||||
{
|
{
|
||||||
$requestedSourceRights = $this->requestedSource->getLaw()->getRights();
|
$rights = clone $this->law->getRights();
|
||||||
$rightsByPermission = $this->getRightsByPermission($requestedSourceRights);
|
$rights = $this->getRightsByType($rights, $client->getType());
|
||||||
$rightsbyClient = $this->getRightsByClient($rightsByPermission);
|
$rights = $this->getRightsByLayer($rights, $client->getLayer());
|
||||||
}
|
$rights = $this->sortByPriority($rights);
|
||||||
|
|
||||||
public function setClientSource(SourceInterface $clientSource): void
|
return $this->isGranted($rights, $client);
|
||||||
{
|
|
||||||
$this->clientSource = $clientSource;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function setRequestedSource(SourceInterface $requestedSource): void
|
|
||||||
{
|
|
||||||
$this->requestedSource = $requestedSource;
|
|
||||||
}
|
|
||||||
|
|
||||||
public function setType(string $type): void
|
|
||||||
{
|
|
||||||
$this->permissionType = $type;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
namespace App\Domain\LawManagement;
|
namespace App\Domain\LawManagement;
|
||||||
|
|
||||||
use App\Entity\Source\SourceInterface;
|
use App\Entity\Meta\RightInterface;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Allows to check if a source has rights on a source.
|
* Allows to check if a source has rights on a source.
|
||||||
@ -11,16 +11,10 @@ use App\Entity\Source\SourceInterface;
|
|||||||
*/
|
*/
|
||||||
interface LawPermissionCheckerServiceInterface
|
interface LawPermissionCheckerServiceInterface
|
||||||
{
|
{
|
||||||
public function setRequestedSource(SourceInterface $requestedSource): void;
|
|
||||||
|
|
||||||
public function setClientSource(SourceInterface $clientSource): void;
|
|
||||||
|
|
||||||
public function checkPermission(): bool;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sets the permission type.
|
* Checks if the client has the right for executing.
|
||||||
*
|
*
|
||||||
* @param string $type
|
* @return bool
|
||||||
*/
|
*/
|
||||||
public function setType(string $type): void;
|
public function hasPermission(RightInterface $client): bool;
|
||||||
}
|
}
|
||||||
|
@ -5,6 +5,7 @@ namespace App\Domain\SourceManagement;
|
|||||||
use Doctrine\Common\Collections\Collection;
|
use Doctrine\Common\Collections\Collection;
|
||||||
use App\Entity\Source\SourceInterface;
|
use App\Entity\Source\SourceInterface;
|
||||||
use Doctrine\Common\Collections\ArrayCollection;
|
use Doctrine\Common\Collections\ArrayCollection;
|
||||||
|
use App\Entity\Attribut\MemberRelationAttributInterface;
|
||||||
|
|
||||||
final class SourceMemberInformation implements SourceMemberInformationInterface
|
final class SourceMemberInformation implements SourceMemberInformationInterface
|
||||||
{
|
{
|
||||||
@ -23,6 +24,9 @@ final class SourceMemberInformation implements SourceMemberInformationInterface
|
|||||||
$this->source = $source;
|
$this->source = $source;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param Collection|MemberRelationAttributInterface[] $members
|
||||||
|
*/
|
||||||
private function itterateOverMembers(Collection $members): void
|
private function itterateOverMembers(Collection $members): void
|
||||||
{
|
{
|
||||||
foreach ($members as $member) {
|
foreach ($members as $member) {
|
||||||
|
@ -3,13 +3,20 @@
|
|||||||
namespace App\Entity\Attribut;
|
namespace App\Entity\Attribut;
|
||||||
|
|
||||||
use Doctrine\Common\Collections\Collection;
|
use Doctrine\Common\Collections\Collection;
|
||||||
|
use App\Entity\Meta\RightInterface;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author kevinfrantz
|
* @author kevinfrantz
|
||||||
*/
|
*/
|
||||||
interface RightsAttributInterface
|
interface RightsAttributInterface
|
||||||
{
|
{
|
||||||
|
/**
|
||||||
|
* @param Collection|RightInterface[] $rights
|
||||||
|
*/
|
||||||
public function setRights(Collection $rights): void;
|
public function setRights(Collection $rights): void;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return Collection|RightInterface[]
|
||||||
|
*/
|
||||||
public function getRights(): Collection;
|
public function getRights(): Collection;
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1,104 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Unit\Domain\LawManagement;
|
||||||
|
|
||||||
|
use PHPUnit\Framework\TestCase;
|
||||||
|
use App\Domain\LawManagement\LawPermissionCheckerService;
|
||||||
|
use App\Domain\LawManagement\LawPermissionCheckerServiceInterface;
|
||||||
|
use App\Entity\Source\SourceInterface;
|
||||||
|
use App\Entity\Source\AbstractSource;
|
||||||
|
use App\Entity\Meta\Right;
|
||||||
|
use App\DBAL\Types\LayerType;
|
||||||
|
use App\DBAL\Types\RightType;
|
||||||
|
use App\Entity\Meta\Law;
|
||||||
|
use App\Entity\Meta\LawInterface;
|
||||||
|
use App\Entity\Meta\RightInterface;
|
||||||
|
use Doctrine\Common\Collections\ArrayCollection;
|
||||||
|
|
||||||
|
class LawPermissionCheckerTest extends TestCase
|
||||||
|
{
|
||||||
|
/**
|
||||||
|
* @var LawPermissionCheckerServiceInterface
|
||||||
|
*/
|
||||||
|
protected $lawPermissionChecker;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var LawInterface
|
||||||
|
*/
|
||||||
|
protected $law;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @var RightInterface
|
||||||
|
*/
|
||||||
|
protected $client;
|
||||||
|
|
||||||
|
private function getSourceMock(): SourceInterface
|
||||||
|
{
|
||||||
|
return new class() extends AbstractSource {
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
||||||
|
public function setUp(): void
|
||||||
|
{
|
||||||
|
$this->client = new Right();
|
||||||
|
$this->law = new Law();
|
||||||
|
$this->lawPermissionChecker = new LawPermissionCheckerService($this->law);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testGeneralPermission(): void
|
||||||
|
{
|
||||||
|
$source = $this->getSourceMock();
|
||||||
|
$this->client->setSource($source);
|
||||||
|
$this->client->setLayer(LayerType::SOURCE);
|
||||||
|
$this->client->setType(RightType::READ);
|
||||||
|
$permission = $this->lawPermissionChecker->hasPermission($this->client);
|
||||||
|
$this->assertFalse($permission);
|
||||||
|
$lawRight = clone $this->client;
|
||||||
|
$this->law->getRights()->add($lawRight);
|
||||||
|
$permission = $this->lawPermissionChecker->hasPermission($this->client);
|
||||||
|
$this->assertTrue($permission);
|
||||||
|
$this->client->setType(RightType::WRITE);
|
||||||
|
$permission = $this->lawPermissionChecker->hasPermission($this->client);
|
||||||
|
$this->assertFalse($permission);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testMemberPermission(): void
|
||||||
|
{
|
||||||
|
$parentSource = $this->getSourceMock();
|
||||||
|
$source = $this->getSourceMock();
|
||||||
|
$this->client->setSource($source);
|
||||||
|
$this->client->setLayer(LayerType::SOURCE);
|
||||||
|
$this->client->setType(RightType::READ);
|
||||||
|
$source->getMemberRelation()->getMemberships()->add($parentSource);
|
||||||
|
$parentSource->getMemberRelation()->getMembers()->add($source);
|
||||||
|
$lawRight = clone $this->client;
|
||||||
|
$lawRight->setSource($parentSource);
|
||||||
|
$this->law->getRights()->add($lawRight);
|
||||||
|
$permission = $this->lawPermissionChecker->hasPermission($this->client);
|
||||||
|
$this->assertTrue($permission);
|
||||||
|
$this->law->setRights(new ArrayCollection());
|
||||||
|
$permission = $this->lawPermissionChecker->hasPermission($this->client);
|
||||||
|
$this->assertFalse($permission);
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testSort(): void
|
||||||
|
{
|
||||||
|
$source = $this->getSourceMock();
|
||||||
|
$this->client->setSource($source);
|
||||||
|
$this->client->setLayer(LayerType::SOURCE);
|
||||||
|
$this->client->setType(RightType::READ);
|
||||||
|
$right1 = clone $this->client;
|
||||||
|
$right1->setPriority(123);
|
||||||
|
$right1->setGrant(false);
|
||||||
|
$right2 = clone $this->client;
|
||||||
|
$right2->setPriority(456);
|
||||||
|
$right2->setGrant(true);
|
||||||
|
$this->law->setRights(new ArrayCollection([$right1, $right2]));
|
||||||
|
$permission = $this->lawPermissionChecker->hasPermission($this->client);
|
||||||
|
$this->assertFalse($permission);
|
||||||
|
$right2->setPriority(789);
|
||||||
|
$right1->setPriority(101112);
|
||||||
|
$permission = $this->lawPermissionChecker->hasPermission($this->client);
|
||||||
|
$this->assertTrue($permission);
|
||||||
|
}
|
||||||
|
}
|
Loading…
Reference in New Issue
Block a user