From fa87ed86064bbc5cc724bc6fced7362b56067b4c Mon Sep 17 00:00:00 2001
From: Kevin Frantz <mail@kevin-frantz.de>
Date: Tue, 1 Jan 2019 00:16:43 +0100
Subject: [PATCH] Refactored, optimized and implemented Draft for
 SecureSourceLoader

---
 .../src/Controller/DefaultController.php      |  2 +
 .../LawPermissionCheckerService.php           | 10 +--
 .../LawPermissionCheckerServiceInterface.php  |  2 +-
 .../SecureSourceLoader.php                    | 82 +++++++++++++++++++
 .../SecureSourceLoaderInterface.php           | 19 +++++
 .../MemberManagerTest.php                     |  2 +-
 .../SecureSourceLoaderTest.php                | 70 ++++++++++++++++
 .../Unit/Repository/RightRepositoryTest.php   | 14 ++--
 8 files changed, 187 insertions(+), 14 deletions(-)
 create mode 100644 application/src/Domain/SecureLoadManagement/SecureSourceLoader.php
 create mode 100644 application/src/Domain/SecureLoadManagement/SecureSourceLoaderInterface.php
 rename application/tests/Unit/Domain/{MemberManager => MemberManagement}/MemberManagerTest.php (97%)
 create mode 100644 application/tests/Unit/Domain/SecureLoadManagement/SecureSourceLoaderTest.php

diff --git a/application/src/Controller/DefaultController.php b/application/src/Controller/DefaultController.php
index f5b3587..fc6ef9e 100644
--- a/application/src/Controller/DefaultController.php
+++ b/application/src/Controller/DefaultController.php
@@ -8,6 +8,8 @@ use App\DBAL\Types\SystemSlugType;
 use App\Entity\Source\AbstractSource;
 
 /**
+ * This controller offers the standart routes for the template.
+ *
  * @author kevinfrantz
  */
 class DefaultController extends AbstractEntityController
diff --git a/application/src/Domain/LawManagement/LawPermissionCheckerService.php b/application/src/Domain/LawManagement/LawPermissionCheckerService.php
index 6a06093..1e52bfa 100644
--- a/application/src/Domain/LawManagement/LawPermissionCheckerService.php
+++ b/application/src/Domain/LawManagement/LawPermissionCheckerService.php
@@ -147,14 +147,14 @@ final class LawPermissionCheckerService implements LawPermissionCheckerServiceIn
         $this->law = $law;
     }
 
-    public function hasPermission(RightInterface $client): bool
+    public function hasPermission(RightInterface $clientRight): bool
     {
         $rights = clone $this->law->getRights();
-        $rights = $this->getRightsByType($rights, $client->getType());
-        $rights = $this->getRightsByLayer($rights, $client->getLayer());
-        $rights = $this->getRightsByReciever($rights, $client->getReciever());
+        $rights = $this->getRightsByType($rights, $clientRight->getType());
+        $rights = $this->getRightsByLayer($rights, $clientRight->getLayer());
+        $rights = $this->getRightsByReciever($rights, $clientRight->getReciever());
         $rights = $this->sortByPriority($rights);
 
-        return $this->isGranted($rights, $client);
+        return $this->isGranted($rights, $clientRight);
     }
 }
diff --git a/application/src/Domain/LawManagement/LawPermissionCheckerServiceInterface.php b/application/src/Domain/LawManagement/LawPermissionCheckerServiceInterface.php
index b890d7f..13c0130 100644
--- a/application/src/Domain/LawManagement/LawPermissionCheckerServiceInterface.php
+++ b/application/src/Domain/LawManagement/LawPermissionCheckerServiceInterface.php
@@ -16,5 +16,5 @@ interface LawPermissionCheckerServiceInterface
      *
      * @return bool
      */
-    public function hasPermission(RightInterface $client): bool;
+    public function hasPermission(RightInterface $clientRight): bool;
 }
diff --git a/application/src/Domain/SecureLoadManagement/SecureSourceLoader.php b/application/src/Domain/SecureLoadManagement/SecureSourceLoader.php
new file mode 100644
index 0000000..81b0965
--- /dev/null
+++ b/application/src/Domain/SecureLoadManagement/SecureSourceLoader.php
@@ -0,0 +1,82 @@
+<?php
+
+namespace App\Domain\SecureLoadManagement;
+
+use App\Entity\Source\SourceInterface;
+use App\Entity\Meta\RightInterface;
+use App\Domain\LawManagement\LawPermissionCheckerService;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+use Doctrine\Common\Persistence\ObjectRepository;
+
+/**
+ * @author kevinfrantz
+ */
+final class SecureSourceLoader implements SecureSourceLoaderInterface
+{
+    /**
+     * @todo It would be better to specify the type
+     *
+     * @var ObjectRepository
+     */
+    private $sourceRepository;
+
+    /**
+     * The source attribute of the right needs a slug OR id.
+     *
+     * @var RightInterface the right which is requested
+     */
+    private $requestedRight;
+
+    /**
+     * @param SourceInterface $source
+     *
+     * @return RightInterface
+     */
+    private function getClonedRightWithModifiedSource(SourceInterface $source): RightInterface
+    {
+        $requestedRight = clone $this->requestedRight;
+        $requestedRight->setSource($source);
+
+        return $requestedRight;
+    }
+
+    /**
+     * @return SourceInterface
+     */
+    private function loadSource(): SourceInterface
+    {
+        try {
+            return $this->sourceRepository->find($this->requestedRight->getSource()->getId());
+        } catch (\Error $error) {
+            return $this->sourceRepository->findOneBy(['slug' => $this->requestedRight->getSource()->getSlug()]);
+        }
+    }
+
+    private function hasPermission(SourceInterface $source): bool
+    {
+        $requestedRight = $this->getClonedRightWithModifiedSource($source);
+        $law = new LawPermissionCheckerService($source->getLaw());
+
+        return $law->hasPermission($requestedRight);
+    }
+
+    public function __construct(ObjectRepository $sourceRepository, RightInterface $requestedRight)
+    {
+        $this->sourceRepository = $sourceRepository;
+        $this->requestedRight = $requestedRight;
+    }
+
+    /**
+     * {@inheritdoc}
+     *
+     * @see \App\Domain\SecureLoadManagement\SecureSourceLoaderInterface::getSource()
+     */
+    public function getSource(): SourceInterface
+    {
+        $source = $this->loadSource();
+        if ($this->hasPermission($source)) {
+            return $source;
+        }
+        throw new AccessDeniedHttpException();
+    }
+}
diff --git a/application/src/Domain/SecureLoadManagement/SecureSourceLoaderInterface.php b/application/src/Domain/SecureLoadManagement/SecureSourceLoaderInterface.php
new file mode 100644
index 0000000..09c00a6
--- /dev/null
+++ b/application/src/Domain/SecureLoadManagement/SecureSourceLoaderInterface.php
@@ -0,0 +1,19 @@
+<?php
+
+namespace App\Domain\SecureLoadManagement;
+
+use App\Entity\Source\SourceInterface;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+
+/**
+ * @author kevinfrantz
+ */
+interface SecureSourceLoaderInterface
+{
+    /**
+     * @throws AccessDeniedHttpException
+     *
+     * @return SourceInterface
+     */
+    public function getSource(): SourceInterface;
+}
diff --git a/application/tests/Unit/Domain/MemberManager/MemberManagerTest.php b/application/tests/Unit/Domain/MemberManagement/MemberManagerTest.php
similarity index 97%
rename from application/tests/Unit/Domain/MemberManager/MemberManagerTest.php
rename to application/tests/Unit/Domain/MemberManagement/MemberManagerTest.php
index 3b3a549..a87719f 100644
--- a/application/tests/Unit/Domain/MemberManager/MemberManagerTest.php
+++ b/application/tests/Unit/Domain/MemberManagement/MemberManagerTest.php
@@ -1,6 +1,6 @@
 <?php
 
-namespace Tests\Unit\Domain\SourceManagement;
+namespace Tests\Unit\Domain\MemberManagement;
 
 use PHPUnit\Framework\TestCase;
 use App\Domain\MemberManagement\MemberManagerInterface;
diff --git a/application/tests/Unit/Domain/SecureLoadManagement/SecureSourceLoaderTest.php b/application/tests/Unit/Domain/SecureLoadManagement/SecureSourceLoaderTest.php
new file mode 100644
index 0000000..6668e88
--- /dev/null
+++ b/application/tests/Unit/Domain/SecureLoadManagement/SecureSourceLoaderTest.php
@@ -0,0 +1,70 @@
+<?php
+
+namespace Tests\Unit\Domain\SecureLoadManagement;
+
+use Symfony\Bundle\FrameworkBundle\Test\KernelTestCase;
+use Doctrine\Common\Persistence\ObjectRepository;
+use App\Entity\Source\AbstractSource;
+use Symfony\Component\HttpKernel\KernelInterface;
+use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
+use App\Domain\SecureLoadManagement\SecureSourceLoader;
+use App\Entity\Source\Primitive\Text\TextSource;
+use App\DBAL\Types\SystemSlugType;
+use App\Entity\Meta\Right;
+use App\DBAL\Types\LayerType;
+use App\DBAL\Types\RightType;
+use App\Entity\Source\Complex\UserSource;
+use App\Entity\Source\Primitive\Text\TextSourceInterface;
+
+/**
+ * @author kevinfrantz
+ *
+ * @todo Implement more tests
+ */
+class SecureSourceLoaderTest extends KernelTestCase
+{
+    /**
+     * @var ObjectRepository
+     */
+    private $sourceRepository;
+
+    public function setUp(): void
+    {
+        $kernel = self::bootKernel();
+        $this->setSourceRepository($kernel);
+    }
+
+    private function setSourceRepository(KernelInterface $kernel): void
+    {
+        $this->sourceRepository = $kernel->getContainer()
+        ->get('doctrine')
+        ->getManager()->getRepository(AbstractSource::class);
+    }
+
+    public function testAccessDeniedException(): void
+    {
+        $requestedSource = new TextSource();
+        $requestedSource->setSlug(SystemSlugType::IMPRINT);
+        $requestedRight = new Right();
+        $requestedRight->setSource($requestedSource);
+        $requestedRight->setLayer(LayerType::SOURCE);
+        $requestedRight->setType(RightType::READ);
+        $requestedRight->setReciever(new UserSource());
+        $secureSourceLoader = new SecureSourceLoader($this->sourceRepository, $requestedRight);
+        $this->expectException(AccessDeniedHttpException::class);
+        $secureSourceLoader->getSource();
+    }
+
+//     public function testGranted(): void
+//     {
+//         $requestedSource = new TextSource();
+//         $requestedSource->setSlug(SystemSlugType::IMPRINT);
+//         $requestedRight = new Right();
+//         $requestedRight->setSource($requestedSource);
+//         $requestedRight->setLayer(LayerType::SOURCE);
+//         $requestedRight->setType(RightType::READ);
+//         $requestedRight->setReciever($this->sourceRepository->findOneBy(['slug' => SystemSlugType::GUEST_USER]));
+//         $secureSourceLoader = new SecureSourceLoader($this->sourceRepository, $requestedRight);
+//         $this->assertInstanceOf(TextSourceInterface::class, $secureSourceLoader->getSource());
+//     }
+}
diff --git a/application/tests/Unit/Repository/RightRepositoryTest.php b/application/tests/Unit/Repository/RightRepositoryTest.php
index 8ab0189..8961247 100644
--- a/application/tests/Unit/Repository/RightRepositoryTest.php
+++ b/application/tests/Unit/Repository/RightRepositoryTest.php
@@ -3,7 +3,6 @@
 namespace tests\Unit\Repository;
 
 use Symfony\Bundle\FrameworkBundle\Test\KernelTestCase;
-use Doctrine\ORM\EntityManager;
 use Doctrine\ORM\EntityRepository;
 use App\Entity\Meta\RightInterface;
 use App\Entity\Meta\Right;
@@ -11,6 +10,7 @@ use App\DBAL\Types\LayerType;
 use App\DBAL\Types\RightType;
 use App\Entity\Meta\Law;
 use App\Entity\Meta\LawInterface;
+use Doctrine\ORM\EntityManagerInterface;
 
 /**
  * @todo specify tests for all attributes
@@ -22,29 +22,29 @@ class RightRepositoryTest extends KernelTestCase
     const PRIORITY = 123;
 
     /**
-     * @var EntityManager
+     * @var EntityManagerInterface
      */
-    protected $entityManager;
+    private $entityManager;
 
     /**
      * @var EntityRepository
      */
-    protected $rightRepository;
+    private $rightRepository;
 
     /**
      * @var RightInterface
      */
-    protected $loadedRight;
+    private $loadedRight;
 
     /**
      * @var RightInterface
      */
-    protected $right;
+    private $right;
 
     /**
      * @var LawInterface
      */
-    protected $law;
+    private $law;
 
     public function setUp(): void
     {