Code Coverage for /builds/phexium/framework/tests/AppDemo/Component/Shared/Infrastructure/RbacPermissionServiceTest.php

	Code Coverage
	Lines			Functions and Methods				Classes and Traits
Total	100.00% covered (success)	100.00%	74 / 74		n/a	0 / 0	CRAP		n/a	0 / 0

1	<?php
2
3	// ╔════════════════════════════════════════════════════════════╗
4	// ║ MIT Licence (#Expat) - https://opensource.org/licenses/MIT ║
5	// ║ Copyright 2026 Frederic Poeydomenge <dyno@phexium.com> ║
6	// ╚════════════════════════════════════════════════════════════╝
7
8	declare(strict_types=1);
9
10	pest()->group('unit');
11
12	use AppDemo\Shared\Infrastructure\RbacPermissionService;
13	use AppDemo\User\Domain\UserGroup;
14	use Phexium\Plugin\Authorization\Adapter\RbacAuthorizationService;
15
16	beforeEach(function (): void {
17	$permissionsConfig = [
18	'admin' => [
19	'can.sing',
20	'can.dance',
21	'can.fly',
22	],
23	'user' => [
24	'can.sing',
25	],
26	];
27
28	$authorizationService = new RbacAuthorizationService($permissionsConfig);
29	$this->rbacService = new RbacPermissionService($authorizationService);
30	});
31
32	describe('Permission checking', function (): void {
33	it('returns true when user group has the permission', function (): void {
34	$can = $this->rbacService->can(UserGroup::User, 'can.sing');
35
36	expect($can)->toBeTrue();
37	});
38
39	it('checks permission case sensitively', function (): void {
40	$can = $this->rbacService->can(UserGroup::User, 'CAN.SING');
41
42	expect($can)->toBeFalse();
43	});
44
45	it('returns false when user group does not have the permission', function (): void {
46	$can = $this->rbacService->can(UserGroup::User, 'can.dance');
47
48	expect($can)->toBeFalse();
49	});
50
51	it('returns false when checking empty permission string', function (): void {
52	$can = $this->rbacService->can(UserGroup::User, '');
53
54	expect($can)->toBeFalse();
55	});
56
57	it('returns true for canAny when user has at least one permission', function (): void {
58	$canAny = $this->rbacService->canAny(UserGroup::User, ['can.dance', 'can.sing', 'can.fly']);
59
60	expect($canAny)->toBeTrue();
61	});
62
63	it('returns false for canAny when user has none of the permissions', function (): void {
64	$canAny = $this->rbacService->canAny(UserGroup::User, ['can.dance', 'can.fly']);
65
66	expect($canAny)->toBeFalse();
67	});
68
69	it('returns false for canAny with empty permissions array', function (): void {
70	$canAny = $this->rbacService->canAny(UserGroup::Admin, []);
71
72	expect($canAny)->toBeFalse();
73	});
74
75	it('returns true for canAll when user has all permissions', function (): void {
76	$canAll = $this->rbacService->canAll(UserGroup::Admin, ['can.sing', 'can.dance']);
77
78	expect($canAll)->toBeTrue();
79	});
80
81	it('returns false for canAll when user is missing at least one permission', function (): void {
82	$canAll = $this->rbacService->canAll(UserGroup::User, ['can.sing', 'can.dance']);
83
84	expect($canAll)->toBeFalse();
85	});
86
87	it('returns true for canAll with empty permissions array', function (): void {
88	$canAll = $this->rbacService->canAll(UserGroup::User, []);
89
90	expect($canAll)->toBeTrue();
91	});
92	});
93
94	describe('Configuration', function (): void {
95	it('returns all permissions for a user group', function (): void {
96	$permissions = $this->rbacService->getPermissions(UserGroup::Admin);
97
98	expect($permissions)->toHaveCount(3)
99	->and($permissions)->toContain('can.sing')
100	->and($permissions)->toContain('can.dance')
101	->and($permissions)->toContain('can.fly')
102	;
103	});
104
105	it('returns empty array for user group with no permissions', function (): void {
106	$permissionsConfig = ['guest' => []];
107	$authorizationService = new RbacAuthorizationService($permissionsConfig);
108	$rbacService = new RbacPermissionService($authorizationService);
109
110	$permissions = $rbacService->getPermissions(UserGroup::User);
111
112	expect($permissions)->toBeEmpty();
113	});
114	});