Merge pull request #243 from cakephp/3.x-merge

merge 2.x => 3.x

Author: markstory

.github/workflows/stale.yml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - uses: actions/stale@v7
+    - uses: actions/stale@v8
       with:
         repo-token: ${{ secrets.GITHUB_TOKEN }}
         stale-issue-message: 'This issue is stale because it has been open for 120 days with no activity. Remove the `stale` label or comment or this will be closed in 15 days'

docs.Dockerfile

@@ -1,5 +1,5 @@
 # Generate the HTML output.
-FROM markstory/cakephp-docs-builder as builder
+FROM ghcr.io/cakephp/docs-builder as builder
 
 COPY docs /data/docs
 
@@ -10,7 +10,7 @@ RUN cd /data/docs-builder && \
   make website LANGS="$LANGS" SOURCE=/data/docs DEST=/data/website
 
 # Build a small nginx container with just the static site in it.
-FROM markstory/cakephp-docs-builder:runtime as runtime
+FROM ghcr.io/cakephp/docs-builder:runtime as runtime
 
 # Configure search index script
 ENV LANGS="en es fr ja"

docs/en/index.rst

@@ -50,7 +50,7 @@ Then make your application's ``middleware()`` method look like::
             ->add(new BodyParserMiddleware())
 
             // If you are using Authentication it should be *before* Authorization.
-            ->add(new AuthenticationMiddleware($this));
+            ->add(new AuthenticationMiddleware($this))
 
             // Add the AuthorizationMiddleware *after* routing, body parser
             // and authentication middleware.

docs/en/policies.rst

@@ -85,7 +85,7 @@ Any return value that is not ``true`` or a ``ResultInterface`` object will be
 considered a failure.
 
 Policy Scopes
--------------
+=============
 
 In addition to policies being able to define pass/fail authorization checks,
 they can also define 'scopes'. Scope methods allow you to modify another object
@@ -103,7 +103,7 @@ a list view to the current user::
     }
 
 Policy Pre-conditions
----------------------
+=====================
 
 In some policies you may wish to apply common checks across all operations in
 a policy. This is useful when you need to deny all actions to the provided
@@ -131,3 +131,7 @@ Before hooks are expected to return one of three values:
 - ``false`` The user is not allowed to proceed with the action.
 - ``null`` The before hook did not make a decision, and the authorization method
   will be invoked.
+  
+Applying Policies
+-----------------
+See :ref:`applying-policy-scopes` for how to apply policies in your controller actions.

tests/TestCase/AuthorizationServiceTest.php

@@ -186,7 +186,7 @@ public function testAuthorizationCheckedWithCan()
         $this->assertTrue($service->authorizationChecked());
     }
 
-    public function testCallingMagicCallPolicy()
+    public function testCallingMagicCanCallPolicy()
     {
         $resolver = new MapResolver([
             Article::class => MagicCallPolicy::class,
@@ -203,6 +203,23 @@ public function testCallingMagicCallPolicy()
         $this->assertFalse($service->can($user, 'cantDoThis', $article));
     }
 
+    public function testCallingMagicScopeCallPolicy()
+    {
+        $resolver = new MapResolver([
+            Article::class => MagicCallPolicy::class,
+        ]);
+        $service = new AuthorizationService($resolver);
+
+        $user = new IdentityDecorator($service, [
+            'id' => 9,
+            'role' => 'admin',
+        ]);
+
+        $article = new Article();
+        $this->assertTrue($service->applyScope($user, 'this', $article));
+        $this->assertFalse($service->applyScope($user, 'somethingElse', $article));
+    }
+
     public function testAuthorizationCheckedWithApplyScope()
     {
         $resolver = new MapResolver([

tests/TestCase/Command/PolicyCommandTest.php

@@ -30,6 +30,11 @@ class PolicyCommandTest extends TestCase
     use ConsoleIntegrationTestTrait;
     use StringCompareTrait;
 
+    /**
+     * @var string
+     */
+    protected $comparisonDir = '';
+
     /**
      * @var string
      */

tests/TestCase/Controller/Component/AuthorizationComponentTest.php

@@ -43,6 +43,16 @@
  */
 class AuthorizationComponentTest extends TestCase
 {
+    /**
+     * @var \Cake\Controller\Controller
+     */
+    protected $Controller;
+
+    /**
+     * @var \Cake\Controller\ComponentRegistry
+     */
+    protected $ComponentRegistry;
+
     /**
      * @var \Authorization\Controller\Component\AuthorizationComponent
      */

tests/test_app/TestApp/Policy/MagicCallPolicy.php

@@ -21,6 +21,10 @@ public function __call($name, $arguments)
             return true;
         }
 
+        if ($name === 'scopeThis') {
+            return true;
+        }
+
         return false;
     }
 }