3 namespace MediaWiki\Tests\Rest\BasicAccess
;
5 use GuzzleHttp\Psr7\Uri
;
6 use MediaWiki\Permissions\PermissionManager
;
7 use MediaWiki\Rest\BasicAccess\MWBasicAuthorizer
;
8 use MediaWiki\Rest\Handler
;
9 use MediaWiki\Rest\RequestData
;
10 use MediaWiki\Rest\ResponseFactory
;
11 use MediaWiki\Rest\Router
;
12 use MediaWiki\User\UserIdentity
;
13 use MediaWikiTestCase
;
19 * @covers \MediaWiki\Rest\BasicAccess\BasicAuthorizerBase
20 * @covers \MediaWiki\Rest\BasicAccess\MWBasicAuthorizer
21 * @covers \MediaWiki\Rest\BasicAccess\BasicRequestAuthorizer
22 * @covers \MediaWiki\Rest\BasicAccess\MWBasicRequestAuthorizer
24 class MWBasicRequestAuthorizerTest
extends MediaWikiTestCase
{
25 private function createRouter( $userRights ) {
26 $user = User
::newFromName( 'Test user' );
28 $pm = new class( $user, $userRights ) extends PermissionManager
{
30 private $testUserRights;
32 public function __construct( $user, $userRights ) {
33 $this->testUser
= $user;
34 $this->testUserRights
= $userRights;
37 public function userHasRight( UserIdentity
$user, $action = '' ) {
38 if ( $user === $this->testUser
) {
39 return $this->testUserRights
[$action] ??
false;
41 return parent
::userHasRight( $user, $action );
48 [ "$IP/tests/phpunit/unit/includes/Rest/testRoutes.json" ],
51 new \
EmptyBagOStuff(),
52 new ResponseFactory(),
53 new MWBasicAuthorizer( $user, $pm ) );
56 public function testReadDenied() {
57 $router = $this->createRouter( [ 'read' => false ] );
58 $request = new RequestData( [ 'uri' => new Uri( '/rest/user/joe/hello' ) ] );
59 $response = $router->execute( $request );
60 $this->assertSame( 403, $response->getStatusCode() );
62 $body = $response->getBody();
64 $data = json_decode( $body->getContents(), true );
65 $this->assertSame( 'rest-read-denied', $data['error'] );
68 public function testReadAllowed() {
69 $router = $this->createRouter( [ 'read' => true ] );
70 $request = new RequestData( [ 'uri' => new Uri( '/rest/user/joe/hello' ) ] );
71 $response = $router->execute( $request );
72 $this->assertSame( 200, $response->getStatusCode() );
75 public static function writeHandlerFactory() {
76 return new class extends Handler
{
77 public function needsWriteAccess() {
81 public function execute() {
87 public function testWriteDenied() {
88 $router = $this->createRouter( [ 'read' => true, 'writeapi' => false ] );
89 $request = new RequestData( [
90 'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
92 $response = $router->execute( $request );
93 $this->assertSame( 403, $response->getStatusCode() );
95 $body = $response->getBody();
97 $data = json_decode( $body->getContents(), true );
98 $this->assertSame( 'rest-write-denied', $data['error'] );
101 public function testWriteAllowed() {
102 $router = $this->createRouter( [ 'read' => true, 'writeapi' => true ] );
103 $request = new RequestData( [
104 'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
106 $response = $router->execute( $request );
108 $this->assertSame( 200, $response->getStatusCode() );