3 namespace MediaWiki\Tests\Rest\BasicAccess
;
5 use GuzzleHttp\Psr7\Uri
;
6 use MediaWiki\MediaWikiServices
;
7 use MediaWiki\Rest\BasicAccess\MWBasicAuthorizer
;
8 use MediaWiki\Rest\Handler
;
9 use MediaWiki\Rest\RequestData
;
10 use MediaWiki\Rest\ResponseFactory
;
11 use MediaWiki\Rest\Router
;
12 use MediaWikiTestCase
;
18 * @covers \MediaWiki\Rest\BasicAccess\BasicAuthorizerBase
19 * @covers \MediaWiki\Rest\BasicAccess\MWBasicAuthorizer
20 * @covers \MediaWiki\Rest\BasicAccess\BasicRequestAuthorizer
21 * @covers \MediaWiki\Rest\BasicAccess\MWBasicRequestAuthorizer
23 class MWBasicRequestAuthorizerTest
extends MediaWikiTestCase
{
24 private function createRouter( $userRights ) {
25 $user = User
::newFromName( 'Test user' );
26 // Don't allow the rights to everybody so that user rights kick in.
27 $this->mergeMwGlobalArrayValue( 'wgGroupPermissions', [ '*' => $userRights ] );
28 $this->overrideUserPermissions(
30 array_keys( array_filter( $userRights ), function ( $value ) {
31 return $value === true;
38 [ "$IP/tests/phpunit/unit/includes/Rest/testRoutes.json" ],
41 new \
EmptyBagOStuff(),
42 new ResponseFactory(),
43 new MWBasicAuthorizer( $user, MediaWikiServices
::getInstance()->getPermissionManager() ) );
46 public function testReadDenied() {
47 $router = $this->createRouter( [ 'read' => false ] );
48 $request = new RequestData( [ 'uri' => new Uri( '/rest/user/joe/hello' ) ] );
49 $response = $router->execute( $request );
50 $this->assertSame( 403, $response->getStatusCode() );
52 $body = $response->getBody();
54 $data = json_decode( $body->getContents(), true );
55 $this->assertSame( 'rest-read-denied', $data['error'] );
58 public function testReadAllowed() {
59 $router = $this->createRouter( [ 'read' => true ] );
60 $request = new RequestData( [ 'uri' => new Uri( '/rest/user/joe/hello' ) ] );
61 $response = $router->execute( $request );
62 $this->assertSame( 200, $response->getStatusCode() );
65 public static function writeHandlerFactory() {
66 return new class extends Handler
{
67 public function needsWriteAccess() {
71 public function execute() {
77 public function testWriteDenied() {
78 $router = $this->createRouter( [ 'read' => true, 'writeapi' => false ] );
79 $request = new RequestData( [
80 'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
82 $response = $router->execute( $request );
83 $this->assertSame( 403, $response->getStatusCode() );
85 $body = $response->getBody();
87 $data = json_decode( $body->getContents(), true );
88 $this->assertSame( 'rest-write-denied', $data['error'] );
91 public function testWriteAllowed() {
92 $router = $this->createRouter( [ 'read' => true, 'writeapi' => true ] );
93 $request = new RequestData( [
94 'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
96 $response = $router->execute( $request );
98 $this->assertSame( 200, $response->getStatusCode() );