Merge pull request #236 from cakephp/3.x-can-params

3.x: add ability to add multiple optional parameters to can and canResult

Author: LordSimal

docs/en/3-0-migration-guide.rst

@@ -14,11 +14,14 @@ The following interfaces now have appropriate parameter and return types added:
 - ``RequestPolicyInterface.php``
 - ``ResolverInterface``
 
-Multiple optional arguments for ``applyScope``
-----------------------------------------------
-
-``IdentityInterface::applyScope`` as well as ``AuthorizationServiceInterface::applyScope``
-allow multiple optional arguments to be added.
+Multiple optional arguments for ``applyScope``, ``can`` and ``canResult``
+-------------------------------------------------------------------------
+
+The following interface methods have been adjusted to pass on multiple optional arguments.
+- ``IdentityInterface::applyScope``
+- ``AuthorizationServiceInterface::applyScope``
+- ``AuthorizationServiceInterface::can``
+- ``AuthorizationServiceInterface::canResult``
 
 Removed methods
 ---------------

src/AuthorizationService.php

@@ -51,19 +51,19 @@ public function __construct(ResolverInterface $resolver)
     /**
      * @inheritDoc
      */
-    public function can(?IdentityInterface $user, string $action, $resource): bool
+    public function can(?IdentityInterface $user, string $action, $resource, ...$optionalArgs): bool
     {
-        $result = $this->performCheck($user, $action, $resource);
+        $result = $this->performCheck($user, $action, $resource, ...$optionalArgs);
 
         return is_bool($result) ? $result : $result->getStatus();
     }
 
     /**
      * @inheritDoc
      */
-    public function canResult(?IdentityInterface $user, string $action, $resource): ResultInterface
+    public function canResult(?IdentityInterface $user, string $action, $resource, ...$optionalArgs): ResultInterface
     {
-        $result = $this->performCheck($user, $action, $resource);
+        $result = $this->performCheck($user, $action, $resource, ...$optionalArgs);
 
         return is_bool($result) ? new Result($result) : $result;
     }
@@ -74,10 +74,15 @@ public function canResult(?IdentityInterface $user, string $action, $resource):
      * @param \Authorization\IdentityInterface|null $user The user to check permissions for.
      * @param string $action The action/operation being performed.
      * @param mixed $resource The resource being operated on.
+     * @param mixed $optionalArgs Multiple additional arguments which are passed on
      * @return \Authorization\Policy\ResultInterface|bool
      */
-    protected function performCheck(?IdentityInterface $user, string $action, mixed $resource): bool|ResultInterface
-    {
+    protected function performCheck(
+        ?IdentityInterface $user,
+        string $action,
+        mixed $resource,
+        mixed ...$optionalArgs
+    ): bool|ResultInterface {
         $this->authorizationChecked = true;
         $policy = $this->resolver->getPolicy($resource);
 
@@ -90,7 +95,7 @@ protected function performCheck(?IdentityInterface $user, string $action, mixed
         }
 
         $handler = $this->getCanHandler($policy, $action);
-        $result = $handler($user, $resource);
+        $result = $handler($user, $resource, ...$optionalArgs);
 
         assert(
             is_bool($result) || $result instanceof ResultInterface,

src/AuthorizationServiceInterface.php

@@ -32,9 +32,10 @@ interface AuthorizationServiceInterface
      * @param \Authorization\IdentityInterface|null $user The user to check permissions for.
      * @param string $action The action/operation being performed.
      * @param mixed $resource The resource being operated on.
+     * @param mixed $optionalArgs Multiple additional arguments which are passed to the scope
      * @return bool
      */
-    public function can(?IdentityInterface $user, string $action, mixed $resource): bool;
+    public function can(?IdentityInterface $user, string $action, mixed $resource, mixed ...$optionalArgs): bool;
 
     /**
      * Check whether the provided user can perform an action on a resource.
@@ -45,9 +46,15 @@ public function can(?IdentityInterface $user, string $action, mixed $resource):
      * @param \Authorization\IdentityInterface|null $user The user to check permissions for.
      * @param string $action The action/operation being performed.
      * @param mixed $resource The resource being operated on.
+     * @param mixed $optionalArgs Multiple additional arguments which are passed to the scope
      * @return \Authorization\Policy\ResultInterface
      */
-    public function canResult(?IdentityInterface $user, string $action, mixed $resource): ResultInterface;
+    public function canResult(
+        ?IdentityInterface $user,
+        string $action,
+        mixed $resource,
+        mixed ...$optionalArgs
+    ): ResultInterface;
 
     /**
      * Apply authorization scope conditions/restrictions.

tests/TestCase/AuthorizationServiceTest.php

@@ -66,6 +66,50 @@ public function testCan()
         $this->assertTrue($result);
     }
 
+    public function testCanWithAdditionalParams()
+    {
+        $resolver = new MapResolver([
+            Article::class => ArticlePolicy::class,
+        ]);
+
+        $service = new AuthorizationService($resolver);
+
+        $user = new IdentityDecorator($service, [
+            'role' => 'admin',
+        ]);
+
+        $innerService = function () {
+            return true;
+        };
+
+        $result = $service->can($user, 'withService', new Article(), $innerService);
+        $this->assertTrue($result);
+    }
+
+    public function testCanWithAdditionalNamedParams()
+    {
+        $resolver = new MapResolver([
+            Article::class => ArticlePolicy::class,
+        ]);
+
+        $service = new AuthorizationService($resolver);
+
+        $user = new IdentityDecorator($service, [
+            'role' => 'admin',
+        ]);
+
+        $innerService1 = function () {
+            return true;
+        };
+
+        $innerService2 = function () {
+            return false;
+        };
+
+        $result = $service->can(user: $user, action: 'withMultipleServices', resource: new Article(), service2: $innerService2, service1: $innerService1);
+        $this->assertFalse($result);
+    }
+
     public function testCanWithResult()
     {
         $resolver = new MapResolver([
@@ -82,6 +126,50 @@ public function testCanWithResult()
         $this->assertInstanceOf(ResultInterface::class, $result);
     }
 
+    public function testCanWithResultAndAdditionalParams()
+    {
+        $resolver = new MapResolver([
+            Article::class => ArticlePolicy::class,
+        ]);
+
+        $service = new AuthorizationService($resolver);
+
+        $user = new IdentityDecorator($service, [
+            'role' => 'admin',
+        ]);
+
+        $innerService = function () {
+            return true;
+        };
+
+        $result = $service->canResult($user, 'withService', new Article(), $innerService);
+        $this->assertInstanceOf(ResultInterface::class, $result);
+    }
+
+    public function testCanWithResultAndAdditionalNamedParams()
+    {
+        $resolver = new MapResolver([
+            Article::class => ArticlePolicy::class,
+        ]);
+
+        $service = new AuthorizationService($resolver);
+
+        $user = new IdentityDecorator($service, [
+            'role' => 'admin',
+        ]);
+
+        $innerService1 = function () {
+            return true;
+        };
+
+        $innerService2 = function () {
+            return false;
+        };
+
+        $result = $service->canResult(user: $user, action: 'withMultipleServices', resource: new Article(), service2: $innerService2, service1: $innerService1);
+        $this->assertInstanceOf(ResultInterface::class, $result);
+    }
+
     public function testAuthorizationCheckedWithCan()
     {
         $resolver = new MapResolver([

tests/test_app/TestApp/Policy/ArticlePolicy.php

@@ -4,6 +4,7 @@
 namespace TestApp\Policy;
 
 use Authorization\Policy\Result;
+use Closure;
 use TestApp\Model\Entity\Article;
 
 class ArticlePolicy
@@ -116,4 +117,14 @@ public function canPublish($user, Article $article)
 
         return new Result($article->get('user_id') === $user['id']);
     }
+
+    public function canWithService($user, Article $article, Closure $service)
+    {
+        return $service();
+    }
+
+    public function canWithMultipleServices($user, Article $article, Closure $service1, Closure $service2)
+    {
+        return $service1() && $service2();
+    }
 }