From dc470f4dc729121afa0db0b9a35071315c1e462e Mon Sep 17 00:00:00 2001 From: Jamison Bryant Date: Wed, 11 Jan 2023 22:30:20 -0500 Subject: [PATCH 01/10] Declare some missing dynamic properties in tests (#229) * Add AllowDynamic trait to suppress deprecation warning * Explicitly declare properties instead * Fix stan Co-authored-by: Jamison Bryant --- tests/TestCase/Command/PolicyCommandTest.php | 5 +++++ .../Component/AuthorizationComponentTest.php | 10 ++++++++++ 2 files changed, 15 insertions(+) diff --git a/tests/TestCase/Command/PolicyCommandTest.php b/tests/TestCase/Command/PolicyCommandTest.php index d061d4e0..7e1055fd 100644 --- a/tests/TestCase/Command/PolicyCommandTest.php +++ b/tests/TestCase/Command/PolicyCommandTest.php @@ -28,6 +28,11 @@ class PolicyCommandTest extends ConsoleIntegrationTestCase { use StringCompareTrait; + /** + * @var string + */ + protected $comparisonDir = ''; + /** * @var string */ diff --git a/tests/TestCase/Controller/Component/AuthorizationComponentTest.php b/tests/TestCase/Controller/Component/AuthorizationComponentTest.php index c56cce44..bbcc7a6c 100644 --- a/tests/TestCase/Controller/Component/AuthorizationComponentTest.php +++ b/tests/TestCase/Controller/Component/AuthorizationComponentTest.php @@ -43,6 +43,16 @@ */ class AuthorizationComponentTest extends TestCase { + /** + * @var \Cake\Controller\Controller + */ + protected $Controller; + + /** + * @var \Cake\Controller\ComponentRegistry + */ + protected $ComponentRegistry; + /** * @var \Authorization\Controller\Component\AuthorizationComponent */ From b17778fd9d7c930f07568b92c4d3e62be7809ab1 Mon Sep 17 00:00:00 2001 From: Noel da Costa Date: Fri, 3 Mar 2023 14:27:07 +0000 Subject: [PATCH 02/10] Update policies.rst Added a link to applying policies as it's not obvious from this page that such is necessary, nor how to do so. --- docs/en/policies.rst | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docs/en/policies.rst b/docs/en/policies.rst index 322eaa13..94acf3da 100644 --- a/docs/en/policies.rst +++ b/docs/en/policies.rst @@ -131,3 +131,7 @@ Before hooks are expected to return one of three values: - ``false`` The user is not allowed to proceed with the action. - ``null`` The before hook did not make a decision, and the authorization method will be invoked. + +Applying Policies +----------------- +https://book.cakephp.org/authorization/2/en/component.html#applying-policy-scopes From c3bc2e20db3b729a0e339ab389e89ee13f796619 Mon Sep 17 00:00:00 2001 From: Mark Story Date: Sun, 5 Mar 2023 21:31:10 -0500 Subject: [PATCH 03/10] Fix nesting of documentation sections Refs #231 --- docs/en/policies.rst | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs/en/policies.rst b/docs/en/policies.rst index 322eaa13..5464ee8d 100644 --- a/docs/en/policies.rst +++ b/docs/en/policies.rst @@ -85,7 +85,7 @@ Any return value that is not ``true`` or a ``ResultInterface`` object will be considered a failure. Policy Scopes -------------- +============= In addition to policies being able to define pass/fail authorization checks, they can also define 'scopes'. Scope methods allow you to modify another object @@ -103,7 +103,7 @@ a list view to the current user:: } Policy Pre-conditions ---------------------- +===================== In some policies you may wish to apply common checks across all operations in a policy. This is useful when you need to deny all actions to the provided From e4532287ae4d2a700a1c9ee93c8daf73261b802a Mon Sep 17 00:00:00 2001 From: Mark Story Date: Sat, 18 Mar 2023 15:20:02 -0400 Subject: [PATCH 04/10] Update base image. --- docs.Dockerfile | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docs.Dockerfile b/docs.Dockerfile index c363cc58..fef95c7d 100644 --- a/docs.Dockerfile +++ b/docs.Dockerfile @@ -1,5 +1,5 @@ # Generate the HTML output. -FROM markstory/cakephp-docs-builder as builder +FROM ghcr.io/cakephp/docs-builder as builder COPY docs /data/docs @@ -10,7 +10,7 @@ RUN cd /data/docs-builder && \ make website LANGS="$LANGS" SOURCE=/data/docs DEST=/data/website # Build a small nginx container with just the static site in it. -FROM markstory/cakephp-docs-builder:runtime as runtime +FROM ghcr.io/cakephp/docs-builder:runtime as runtime # Configure search index script ENV LANGS="en es fr ja" From 5b0ed4134a3fa62a5be0e51f4a37e9ddabc8549b Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Mon, 27 Mar 2023 21:59:01 +0000 Subject: [PATCH 05/10] Bump actions/stale from 7 to 8 Bumps [actions/stale](https://github.com/actions/stale) from 7 to 8. - [Release notes](https://github.com/actions/stale/releases) - [Changelog](https://github.com/actions/stale/blob/main/CHANGELOG.md) - [Commits](https://github.com/actions/stale/compare/v7...v8) --- updated-dependencies: - dependency-name: actions/stale dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/stale.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml index 51fc8adb..a604ba5c 100644 --- a/.github/workflows/stale.yml +++ b/.github/workflows/stale.yml @@ -16,7 +16,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/stale@v7 + - uses: actions/stale@v8 with: repo-token: ${{ secrets.GITHUB_TOKEN }} stale-issue-message: 'This issue is stale because it has been open for 120 days with no activity. Remove the `stale` label or comment or this will be closed in 15 days' From 4ab87ac5bdfa1cda22c855cdbe2a97d0627133d4 Mon Sep 17 00:00:00 2001 From: jadlebe418 Date: Mon, 10 Apr 2023 14:35:12 -0400 Subject: [PATCH 06/10] Fix syntax error in code sample. --- docs/en/index.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/index.rst b/docs/en/index.rst index 5680b119..aab35969 100644 --- a/docs/en/index.rst +++ b/docs/en/index.rst @@ -50,7 +50,7 @@ Then make your application's ``middleware()`` method look like:: ->add(new BodyParserMiddleware()) // If you are using Authentication it should be *before* Authorization. - ->add(new AuthenticationMiddleware($this)); + ->add(new AuthenticationMiddleware($this)) // Add the AuthorizationMiddleware *after* routing, body parser // and authentication middleware. From 63ae9d545fe6605fb8bdbc7092bed9f6534712bc Mon Sep 17 00:00:00 2001 From: Kevin Pfeifer Date: Tue, 25 Apr 2023 19:15:46 +0200 Subject: [PATCH 07/10] update CI config --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 775a5f17..fc5f75cc 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -11,7 +11,7 @@ on: jobs: testsuite: - runs-on: ubuntu-18.04 + runs-on: ubuntu-22.04 strategy: fail-fast: false matrix: @@ -80,7 +80,7 @@ jobs: cs-stan: name: Coding Standard & Static Analysis - runs-on: ubuntu-18.04 + runs-on: ubuntu-22.04 steps: - uses: actions/checkout@v3 From 7d61f4f1826ce4c89b3cba2b9be6defaf9b57236 Mon Sep 17 00:00:00 2001 From: Kevin Pfeifer Date: Sat, 20 May 2023 21:25:58 +0200 Subject: [PATCH 08/10] adjust CI to not ignore-platform-reqs --- .github/workflows/ci.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index fc5f75cc..58f8c8a5 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -50,9 +50,7 @@ jobs: - name: Composer install run: | - if [[ ${{ matrix.php-version }} == '8.2' ]]; then - composer update --ignore-platform-reqs - elif ${{ matrix.prefer-lowest == 'prefer-lowest' }}; then + if ${{ matrix.prefer-lowest == 'prefer-lowest' }}; then composer update --prefer-lowest --prefer-stable else composer update From a77ffe8bbbd94bbb785e1232dd7b97eba62fec9a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Robert=20Pustu=C5=82ka?= Date: Wed, 7 Jun 2023 09:53:02 +0200 Subject: [PATCH 09/10] Add support for magic calls in scope --- src/AuthorizationService.php | 2 +- tests/TestCase/AuthorizationServiceTest.php | 19 ++++++++++++++++++- .../TestApp/Policy/MagicCallPolicy.php | 4 ++++ 3 files changed, 23 insertions(+), 2 deletions(-) diff --git a/src/AuthorizationService.php b/src/AuthorizationService.php index c0e248a6..db7b331d 100644 --- a/src/AuthorizationService.php +++ b/src/AuthorizationService.php @@ -156,7 +156,7 @@ protected function getScopeHandler($policy, $action): callable { $method = 'scope' . ucfirst($action); - if (!method_exists($policy, $method)) { + if (!method_exists($policy, $method) && !method_exists($policy, '__call')) { throw new MissingMethodException([$method, $action, get_class($policy)]); } diff --git a/tests/TestCase/AuthorizationServiceTest.php b/tests/TestCase/AuthorizationServiceTest.php index 1a462434..31158363 100644 --- a/tests/TestCase/AuthorizationServiceTest.php +++ b/tests/TestCase/AuthorizationServiceTest.php @@ -96,7 +96,7 @@ public function testAuthorizationCheckedWithCan() $this->assertTrue($service->authorizationChecked()); } - public function testCallingMagicCallPolicy() + public function testCallingMagicCanCallPolicy() { $resolver = new MapResolver([ Article::class => MagicCallPolicy::class, @@ -113,6 +113,23 @@ public function testCallingMagicCallPolicy() $this->assertFalse($service->can($user, 'cantDoThis', $article)); } + public function testCallingMagicScopeCallPolicy() + { + $resolver = new MapResolver([ + Article::class => MagicCallPolicy::class, + ]); + $service = new AuthorizationService($resolver); + + $user = new IdentityDecorator($service, [ + 'id' => 9, + 'role' => 'admin', + ]); + + $article = new Article(); + $this->assertTrue($service->applyScope($user, 'this', $article)); + $this->assertFalse($service->applyScope($user, 'somethingElse', $article)); + } + public function testAuthorizationCheckedWithApplyScope() { $resolver = new MapResolver([ diff --git a/tests/test_app/TestApp/Policy/MagicCallPolicy.php b/tests/test_app/TestApp/Policy/MagicCallPolicy.php index 4b45b3f8..4e1a4607 100644 --- a/tests/test_app/TestApp/Policy/MagicCallPolicy.php +++ b/tests/test_app/TestApp/Policy/MagicCallPolicy.php @@ -21,6 +21,10 @@ public function __call($name, $arguments) return true; } + if ($name === 'scopeThis') { + return true; + } + return false; } } From 14968b44803f9f0a7ddc8722dc6e24feae20b2d4 Mon Sep 17 00:00:00 2001 From: Mark Story Date: Wed, 5 Jul 2023 11:35:29 -0400 Subject: [PATCH 10/10] Apply suggestions from code review --- docs/en/policies.rst | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/en/policies.rst b/docs/en/policies.rst index 94acf3da..72c2da03 100644 --- a/docs/en/policies.rst +++ b/docs/en/policies.rst @@ -134,4 +134,4 @@ Before hooks are expected to return one of three values: Applying Policies ----------------- -https://book.cakephp.org/authorization/2/en/component.html#applying-policy-scopes +See :ref:`applying-policy-scopes` for how to apply policies in your controller actions.