Merge pull request mateusjunges#97 from mateusjunges/issue-78

Mateus Junges · web-flow · commit f16df7ed6eb7 · 2019-06-17T19:30:51.000-03:00
Fix mateusjunges#78
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,11 @@
 
 All notable changes to `mateusjunges/laravel-acl` will be documented in this file.
 
+
+## [UNRELEASED]
+- Check wildcard permissions
+- Tests for new middleware
+
 ## 1.7.5
 - Fix [#93](https://github.com/mateusjunges/laravel-acl/issues/93)
 - Add database connection check before register gates
diff --git a/src/Middlewares/HierarchicalMiddleware.php b/src/Middlewares/HierarchicalMiddleware.php
@@ -0,0 +1,41 @@
+<?php
+
+namespace Junges\ACL\Middlewares;
+
+use Closure;
+use Illuminate\Support\Facades\Auth;
+use Junges\ACL\Exceptions\UnauthorizedException;
+
+class HierarchicalMiddleware
+{
+    /**
+     * Handle an incoming request.
+     *
+     * @param $request
+     * @param Closure $next
+     * @param $permissions
+     * @return bool
+     */
+    public function handle($request, Closure $next, $permissions)
+    {
+        if (Auth::guest()) {
+            throw UnauthorizedException::notLoggedIn();
+        }
+
+        $permissions = is_array($permissions) ? $permissions : explode('|', $permissions);
+
+        foreach ($permissions as $permission) {
+            $parts = explode('.', $permission);
+            $ability = '';
+            foreach ($parts as $part) {
+                $ability .= $ability ? '.'.$part : $part;
+
+                if (Auth::user()->can($ability)) {
+                    // Grant access on the first match
+                    return $next($request);
+                }
+            }
+        }
+        throw UnauthorizedException::forPermissions();
+    }
+}
diff --git a/tests/HierarchicalPermissionsTest.php b/tests/HierarchicalPermissionsTest.php
@@ -0,0 +1,80 @@
+<?php
+
+namespace Junges\ACL\Test;
+
+use Illuminate\Http\Request;
+use Illuminate\Http\Response;
+use Illuminate\Support\Facades\Auth;
+use Junges\ACL\Exceptions\UnauthorizedException;
+use Junges\ACL\Middlewares\HierarchicalMiddleware;
+
+class HierarchicalPermissionsTest extends TestCase
+{
+    protected $hierarchicalMiddleware;
+
+    /**
+     * Set up the test.
+     */
+    public function setUp()
+    {
+        parent::setUp();
+        $this->hierarchicalMiddleware = new HierarchicalMiddleware($this->app);
+    }
+
+    /**
+     * @test
+     */
+    public function a_guest_can_not_access_a_protected_route()
+    {
+        $this->assertEquals(
+            $this->execMiddleware($this->hierarchicalMiddleware, 'edit-news.edit-website'),
+            Response::HTTP_FORBIDDEN
+        );
+    }
+
+    /**
+     * @test
+     */
+    public function logged_in_user_can_access_a_route_protected_by_hierarchical_middleware_if_one_of_the_hierarchical_permissions_match()
+    {
+        Auth::login($this->testUser);
+
+        Auth::user()->assignPermissions([
+           'admin.auth',
+        ]);
+        $this->assertEquals(
+            $this->execMiddleware($this->hierarchicalMiddleware, 'admin.auth.users'),
+            Response::HTTP_OK
+        );
+    }
+
+    /**
+     * @test
+     */
+    public function logged_in_user_can_not_access_a_route_protected_by_hierarchical_middleware_if_no_hierarchical_permissions_match()
+    {
+        Auth::login($this->testUser);
+
+        $this->assertEquals(
+            $this->execMiddleware($this->hierarchicalMiddleware, 'admin.auth.users'),
+            Response::HTTP_FORBIDDEN
+        );
+    }
+
+    /**
+     * Execute the specified middleware.
+     * @param $middleware
+     * @param $parameter
+     * @return int
+     */
+    private function execMiddleware($middleware, $parameter)
+    {
+        try {
+            return $middleware->handle(new Request(), function () {
+                return (new Response())->setContent('<html></html>');
+            }, $parameter)->status();
+        } catch (UnauthorizedException $exception) {
+            return $exception->getStatusCode();
+        }
+    }
+}
diff --git a/tests/TestCase.php b/tests/TestCase.php
@@ -126,8 +126,8 @@ public function getEnvironmentSetUp($app)
      */
     public function configureDatabase($app)
     {
-        DB::statement('DROP TABLE IF EXISTS test_users CASCADE;');
         DB::statement('DROP TABLE IF EXISTS test_permissions CASCADE;');
+        DB::statement('DROP TABLE IF EXISTS test_users CASCADE;');
         DB::statement('DROP TABLE IF EXISTS test_groups CASCADE;');
         DB::statement('DROP TABLE IF EXISTS test_user_has_permissions CASCADE;');
         DB::statement('DROP TABLE IF EXISTS test_user_has_groups CASCADE;');
@@ -169,6 +169,11 @@ public function configureDatabase($app)
         /*
          * Create the tables on the database
          */
+        (new \CreatePermissionsTable())->down();
+        (new \CreateGroupsTable())->down();
+        (new \CreateGroupHasPermissionsTable())->down();
+        (new \CreateUserHasPermissionsTable())->down();
+        (new \CreateUserHasGroupsTable())->down();
         (new \CreatePermissionsTable())->up();
         (new \CreateGroupsTable())->up();
         (new \CreateGroupHasPermissionsTable())->up();
@@ -241,5 +246,15 @@ public function configureDatabase($app)
             'slug' => 'edit-news',
             'description' => 'This permission allows you to edit the news page',
         ]);
+        Permission::create([
+            'name' => 'Test hierarchical permissions',
+            'slug' => 'admin.auth',
+            'description' => 'This is a hierarchical permission test',
+        ]);
+        Permission::create([
+            'name' => 'Test hierarchical permissions 1',
+            'slug' => 'admin.auth.users',
+            'description' => 'This is a hierarchical permission test',
+        ]);
     }
 }
