added traits for access

hyperf-ext · Dec 24, 2020 · f3f208b · f3f208b
1 parent 8824bcf
commit f3f208b
Show file tree

Hide file tree

Showing 5 changed files with 187 additions and 9 deletions.
diff --git a/src/Access/Authorizable.php b/src/Access/Authorizable.php
@@ -0,0 +1,53 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * This file is part of hyperf-ext/auth.
+ *
+ * @link     https://github.com/hyperf-ext/auth
+ * @contact  eric@zhu.email
+ * @license  https://github.com/hyperf-ext/auth/blob/master/LICENSE
+ */
+namespace HyperfExt\Auth\Access;
+
+use Hyperf\Utils\ApplicationContext;
+use HyperfExt\Auth\Contracts\Access\GateManagerInterface;
+
+trait Authorizable
+{
+    /**
+     * Determine if the entity has the given abilities.
+     *
+     * @param iterable|string $abilities
+     * @param array|mixed $arguments
+     */
+    public function can($abilities, $arguments = []): bool
+    {
+        return ApplicationContext::getContainer()
+            ->get(GateManagerInterface::class)
+            ->forUser($this)
+            ->check($abilities, $arguments);
+    }
+
+    /**
+     * Determine if the entity does not have the given abilities.
+     *
+     * @param iterable|string $abilities
+     * @param array|mixed $arguments
+     */
+    public function cant($abilities, $arguments = []): bool
+    {
+        return ! $this->can($abilities, $arguments);
+    }
+
+    /**
+     * Determine if the entity does not have the given abilities.
+     *
+     * @param iterable|string $abilities
+     * @param array|mixed $arguments
+     */
+    public function cannot($abilities, $arguments = []): bool
+    {
+        return $this->cant($abilities, $arguments);
+    }
+}
diff --git a/src/Access/AuthorizesRequests.php b/src/Access/AuthorizesRequests.php
@@ -0,0 +1,104 @@
+<?php
+
+declare(strict_types=1);
+/**
+ * This file is part of hyperf-ext/auth.
+ *
+ * @link     https://github.com/hyperf-ext/auth
+ * @contact  eric@zhu.email
+ * @license  https://github.com/hyperf-ext/auth/blob/master/LICENSE
+ */
+namespace HyperfExt\Auth\Access;
+
+use Hyperf\Utils\ApplicationContext;
+use HyperfExt\Auth\Contracts\Access\GateManagerInterface;
+use HyperfExt\Auth\Contracts\AuthenticatableInterface;
+
+trait AuthorizesRequests
+{
+    /**
+     * Authorize a given action for the current user.
+     *
+     * @param mixed $ability
+     * @param array|mixed $arguments
+     * @throws \HyperfExt\Auth\Exceptions\AuthorizationException
+     * @return \HyperfExt\Auth\Access\Response
+     */
+    public function authorize($ability, $arguments = [])
+    {
+        [$ability, $arguments] = $this->parseAbilityAndArguments($ability, $arguments);
+
+        return ApplicationContext::getContainer()
+            ->get(GateManagerInterface::class)
+            ->authorize($ability, $arguments);
+    }
+
+    /**
+     * Authorize a given action for a user.
+     *
+     * @param mixed $ability
+     * @param array|mixed $arguments
+     * @throws \HyperfExt\Auth\Exceptions\AuthorizationException
+     * @return \HyperfExt\Auth\Access\Response
+     */
+    public function authorizeForUser(AuthenticatableInterface $user, $ability, $arguments = [])
+    {
+        [$ability, $arguments] = $this->parseAbilityAndArguments($ability, $arguments);
+
+        return ApplicationContext::getContainer()
+            ->get(GateManagerInterface::class)
+            ->forUser($user)
+            ->authorize($ability, $arguments);
+    }
+
+    /**
+     * Guesses the ability's name if it wasn't provided.
+     *
+     * @param mixed $ability
+     * @param array|mixed $arguments
+     */
+    protected function parseAbilityAndArguments($ability, $arguments): array
+    {
+        if (is_string($ability) && strpos($ability, '\\') === false) {
+            return [$ability, $arguments];
+        }
+
+        $method = debug_backtrace(DEBUG_BACKTRACE_IGNORE_ARGS, 3)[2]['function'];
+
+        return [$this->normalizeGuessedAbilityName($method), $ability];
+    }
+
+    /**
+     * Normalize the ability name that has been guessed from the method name.
+     */
+    protected function normalizeGuessedAbilityName(string $ability): string
+    {
+        $map = $this->resourceAbilityMap();
+
+        return $map[$ability] ?? $ability;
+    }
+
+    /**
+     * Get the map of resource methods to ability names.
+     */
+    protected function resourceAbilityMap(): array
+    {
+        return [
+            'index' => 'viewAny',
+            'show' => 'view',
+            'create' => 'create',
+            'store' => 'create',
+            'edit' => 'update',
+            'update' => 'update',
+            'destroy' => 'delete',
+        ];
+    }
+
+    /**
+     * Get the list of resource methods which do not have model parameters.
+     */
+    protected function resourceMethodsWithoutModels(): array
+    {
+        return ['index', 'create', 'store'];
+    }
+}
diff --git a/tests/AuthGuardTest.php b/tests/AuthGuardTest.php
@@ -8,12 +8,10 @@
  * @contact  eric@zhu.email
  * @license  https://github.com/hyperf-ext/auth/blob/master/LICENSE
  */
-
 namespace HyperfTest;
 
 use Hyperf\Contract\SessionInterface;
 use Hyperf\HttpMessage\Cookie\Cookie;
-use HyperfExt\Cookie\Contract\CookieJarInterface;
 use Hyperf\HttpMessage\Uri\Uri;
 use Hyperf\HttpServer\Request;
 use Hyperf\Utils\Context;
@@ -29,6 +27,7 @@
 use HyperfExt\Auth\Exceptions\AuthenticationException;
 use HyperfExt\Auth\Guards\SessionGuard;
 use HyperfExt\Auth\Recaller;
+use HyperfExt\Cookie\Contract\CookieJarInterface;
 use HyperfExt\Cookie\CookieJar;
 use Mockery as m;
 use PHPUnit\Framework\TestCase;

diff --git a/tests/AuthJwtGuardTest.php b/tests/AuthJwtGuardTest.php
@@ -8,20 +8,21 @@
  * @contact  eric@zhu.email
  * @license  https://github.com/hyperf-ext/auth/blob/master/LICENSE
  */
-
 namespace HyperfTest;
 
 use Hyperf\HttpServer\Request;
 use Hyperf\Utils\Context;
+use HyperfExt\Auth\Contracts\AuthenticatableInterface;
 use HyperfExt\Auth\Contracts\UserProviderInterface;
 use HyperfExt\Auth\Guards\JwtGuard;
-use HyperfExt\Auth\Guards\TokenGuard;
+use HyperfExt\Jwt\Contracts\JwtSubjectInterface;
+use HyperfExt\Jwt\Jwt;
+use HyperfExt\Jwt\JwtFactory;
 use Mockery as m;
 use PHPUnit\Framework\TestCase;
 use Psr\Container\ContainerInterface;
-use HyperfExt\Jwt\JwtFactory;
-use Psr\Http\Message\ServerRequestInterface;
 use Psr\EventDispatcher\EventDispatcherInterface;
+use Psr\Http\Message\ServerRequestInterface;
 
 /**
  * @internal
@@ -94,12 +95,22 @@ protected function createRequest(array $params = [], array $headers = [])
     }
 }
 
-class AuthJwtGuardTestUser extends User
+class AuthJwtGuardTestUser extends User implements AuthenticatableInterface, JwtSubjectInterface
 {
     public $id;
 
     public function getAuthIdentifier()
     {
         return $this->id;
     }
+
+    public function getJwtIdentifier()
+    {
+        return $this->id;
+    }
+
+    public function getJwtCustomClaims(): array
+    {
+        return [];
+    }
 }
diff --git a/tests/AuthTokenGuardTest.php b/tests/AuthTokenGuardTest.php
@@ -8,13 +8,14 @@
  * @contact  eric@zhu.email
  * @license  https://github.com/hyperf-ext/auth/blob/master/LICENSE
  */
-
 namespace HyperfTest;
 
 use Hyperf\HttpServer\Request;
 use Hyperf\Utils\Context;
+use HyperfExt\Auth\Contracts\AuthenticatableInterface;
 use HyperfExt\Auth\Contracts\UserProviderInterface;
 use HyperfExt\Auth\Guards\TokenGuard;
+use HyperfExt\Jwt\Contracts\JwtSubjectInterface;
 use Mockery as m;
 use PHPUnit\Framework\TestCase;
 use Psr\Http\Message\ServerRequestInterface;
@@ -250,12 +251,22 @@ protected function createRequest(array $params = [], array $headers = [])
     }
 }
 
-class AuthTokenGuardTestUser extends User
+class AuthTokenGuardTestUser extends User implements AuthenticatableInterface, JwtSubjectInterface
 {
     public $id;
 
     public function getAuthIdentifier()
     {
         return $this->id;
     }
+
+    public function getJwtIdentifier()
+    {
+        return $this->id;
+    }
+
+    public function getJwtCustomClaims(): array
+    {
+        return [];
+    }
 }