diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 51fc8adb..a604ba5c 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/stale@v7 + - uses: actions/stale@v8 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'This issue is stale because it has been open for 120 days with no activity. Remove the `stale` label or comment or this will be closed in 15 days' diff --git a/docs.Dockerfile b/docs.Dockerfile index c363cc58..fef95c7d 100644 --- a/docs.Dockerfile +++ b/docs.Dockerfile @@ -1,5 +1,5 @@ # Generate the HTML output. -FROM markstory/cakephp-docs-builder as builder +FROM ghcr.io/cakephp/docs-builder as builder COPY docs /data/docs @@ -10,7 +10,7 @@ RUN cd /data/docs-builder && \ make website LANGS="$LANGS" SOURCE=/data/docs DEST=/data/website # Build a small nginx container with just the static site in it. -FROM markstory/cakephp-docs-builder:runtime as runtime +FROM ghcr.io/cakephp/docs-builder:runtime as runtime # Configure search index script ENV LANGS="en es fr ja" diff --git a/docs/en/index.rst b/docs/en/index.rst index 5680b119..aab35969 100644 --- a/docs/en/index.rst +++ b/docs/en/index.rst @@ -50,7 +50,7 @@ Then make your application's ``middleware()`` method look like:: ->add(new BodyParserMiddleware()) // If you are using Authentication it should be *before* Authorization. - ->add(new AuthenticationMiddleware($this)); + ->add(new AuthenticationMiddleware($this)) // Add the AuthorizationMiddleware *after* routing, body parser // and authentication middleware. diff --git a/docs/en/policies.rst b/docs/en/policies.rst index 322eaa13..60445a7d 100644 --- a/docs/en/policies.rst +++ b/docs/en/policies.rst @@ -85,7 +85,7 @@ Any return value that is not ``true`` or a ``ResultInterface`` object will be considered a failure. Policy Scopes -------------- +============= In addition to policies being able to define pass/fail authorization checks, they can also define 'scopes'. Scope methods allow you to modify another object @@ -103,7 +103,7 @@ a list view to the current user:: } Policy Pre-conditions ---------------------- +===================== In some policies you may wish to apply common checks across all operations in a policy. This is useful when you need to deny all actions to the provided @@ -131,3 +131,7 @@ Before hooks are expected to return one of three values: - ``false`` The user is not allowed to proceed with the action. - ``null`` The before hook did not make a decision, and the authorization method will be invoked. + +Applying Policies +----------------- +See :ref:`applying-policy-scopes` for how to apply policies in your controller actions. diff --git a/tests/TestCase/AuthorizationServiceTest.php b/tests/TestCase/AuthorizationServiceTest.php index 457c75f2..36d4c985 100644 --- a/tests/TestCase/AuthorizationServiceTest.php +++ b/tests/TestCase/AuthorizationServiceTest.php @@ -186,7 +186,7 @@ public function testAuthorizationCheckedWithCan() $this->assertTrue($service->authorizationChecked()); } - public function testCallingMagicCallPolicy() + public function testCallingMagicCanCallPolicy() { $resolver = new MapResolver([ Article::class => MagicCallPolicy::class, @@ -203,6 +203,23 @@ public function testCallingMagicCallPolicy() $this->assertFalse($service->can($user, 'cantDoThis', $article)); } + public function testCallingMagicScopeCallPolicy() + { + $resolver = new MapResolver([ + Article::class => MagicCallPolicy::class, + ]); + $service = new AuthorizationService($resolver); + + $user = new IdentityDecorator($service, [ + 'id' => 9, + 'role' => 'admin', + ]); + + $article = new Article(); + $this->assertTrue($service->applyScope($user, 'this', $article)); + $this->assertFalse($service->applyScope($user, 'somethingElse', $article)); + } + public function testAuthorizationCheckedWithApplyScope() { $resolver = new MapResolver([ diff --git a/tests/TestCase/Command/PolicyCommandTest.php b/tests/TestCase/Command/PolicyCommandTest.php index 283a3db8..66073a5f 100644 --- a/tests/TestCase/Command/PolicyCommandTest.php +++ b/tests/TestCase/Command/PolicyCommandTest.php @@ -30,6 +30,11 @@ class PolicyCommandTest extends TestCase use ConsoleIntegrationTestTrait; use StringCompareTrait; + /** + * @var string + */ + protected $comparisonDir = ''; + /** * @var string */ diff --git a/tests/TestCase/Controller/Component/AuthorizationComponentTest.php b/tests/TestCase/Controller/Component/AuthorizationComponentTest.php index 82da73a4..3406917d 100644 --- a/tests/TestCase/Controller/Component/AuthorizationComponentTest.php +++ b/tests/TestCase/Controller/Component/AuthorizationComponentTest.php @@ -43,6 +43,16 @@ */ class AuthorizationComponentTest extends TestCase { + /** + * @var \Cake\Controller\Controller + */ + protected $Controller; + + /** + * @var \Cake\Controller\ComponentRegistry + */ + protected $ComponentRegistry; + /** * @var \Authorization\Controller\Component\AuthorizationComponent */ diff --git a/tests/test_app/TestApp/Policy/MagicCallPolicy.php b/tests/test_app/TestApp/Policy/MagicCallPolicy.php index 4b45b3f8..4e1a4607 100644 --- a/tests/test_app/TestApp/Policy/MagicCallPolicy.php +++ b/tests/test_app/TestApp/Policy/MagicCallPolicy.php @@ -21,6 +21,10 @@ public function __call($name, $arguments) return true; } + if ($name === 'scopeThis') { + return true; + } + return false; } }