test(approval): unapproved content can only be seen by allowed users

Signed-off-by: Sami Mazouz <ilyasmazouz@gmail.com>
flarum · Jul 8, 2022 · ab6cee1 · ab6cee1
1 parent 2e840dc
commit ab6cee1
Show file tree

Hide file tree

Showing 10 changed files with 305 additions and 3 deletions.
diff --git a/.github/workflows/flarum-approval-backend.yml b/.github/workflows/flarum-approval-backend.yml
@@ -6,6 +6,6 @@ jobs:
   run:
     uses: ./.github/workflows/REUSABLE_backend.yml
     with:
-      enable_backend_testing: false
+      enable_backend_testing: true
 
       backend_directory: ./extensions/approval
diff --git a/extensions/approval/composer.json b/extensions/approval/composer.json
@@ -52,7 +52,7 @@
                 "prettier": true,
                 "typescript": false,
                 "bundlewatch": false,
-                "backendTesting": false,
+                "backendTesting": true,
                 "editorConfig": true,
                 "styleci": true
             }
@@ -65,5 +65,28 @@
         }
     ],
     "minimum-stability": "dev",
-    "prefer-stable": true
+    "prefer-stable": true,
+    "autoload-dev": {
+        "psr-4": {
+            "Flarum\\Approval\\Tests\\": "tests/"
+        }
+    },
+    "scripts": {
+        "test": [
+            "@test:unit",
+            "@test:integration"
+        ],
+        "test:unit": "phpunit -c tests/phpunit.unit.xml",
+        "test:integration": "phpunit -c tests/phpunit.integration.xml",
+        "test:setup": "@php tests/integration/setup.php"
+    },
+    "scripts-descriptions": {
+        "test": "Runs all tests.",
+        "test:unit": "Runs all unit tests.",
+        "test:integration": "Runs all integration tests.",
+        "test:setup": "Sets up a database for use with integration tests. Execute this only once."
+    },
+    "require-dev": {
+        "flarum/testing": "^1.0.0"
+    }
 }
diff --git a/extensions/approval/tests/fixtures/.gitkeep b/extensions/approval/tests/fixtures/.gitkeep
diff --git a/extensions/approval/tests/integration/InteractsWithUnapprovedContent.php b/extensions/approval/tests/integration/InteractsWithUnapprovedContent.php
@@ -0,0 +1,75 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Approval\Tests\integration;
+
+use Carbon\Carbon;
+
+trait InteractsWithUnapprovedContent
+{
+    protected function prepareUnapprovedDatabaseContent()
+    {
+        $this->prepareDatabase([
+            'users' => [
+                ['id' => 1, 'username' => 'Muralf', 'email' => 'muralf@machine.local', 'is_email_confirmed' => 1],
+                $this->normalUser(),
+                ['id' => 3, 'username' => 'acme', 'email' => 'acme@machine.local', 'is_email_confirmed' => 1],
+                ['id' => 4, 'username' => 'luceos', 'email' => 'luceos@machine.local', 'is_email_confirmed' => 1],
+            ],
+            'discussions' => [
+                ['id' => 1, 'title' => __CLASS__, 'created_at' => Carbon::now(), 'last_posted_at' => Carbon::now(), 'user_id' => 4, 'first_post_id' => 1, 'comment_count' => 1, 'is_approved' => 1, 'is_private' => 0],
+                ['id' => 2, 'title' => __CLASS__, 'created_at' => Carbon::now(), 'last_posted_at' => Carbon::now(), 'user_id' => 4, 'first_post_id' => 2, 'comment_count' => 1, 'is_approved' => 0, 'is_private' => 1],
+                ['id' => 3, 'title' => __CLASS__, 'created_at' => Carbon::now(), 'last_posted_at' => Carbon::now(), 'user_id' => 4, 'first_post_id' => 3, 'comment_count' => 1, 'is_approved' => 0, 'is_private' => 1],
+                ['id' => 4, 'title' => __CLASS__, 'created_at' => Carbon::now(), 'last_posted_at' => Carbon::now(), 'user_id' => 4, 'first_post_id' => 4, 'comment_count' => 1, 'is_approved' => 1, 'is_private' => 0],
+                ['id' => 5, 'title' => __CLASS__, 'created_at' => Carbon::now(), 'last_posted_at' => Carbon::now(), 'user_id' => 4, 'first_post_id' => 5, 'comment_count' => 1, 'is_approved' => 1, 'is_private' => 0],
+                ['id' => 6, 'title' => __CLASS__, 'created_at' => Carbon::now(), 'last_posted_at' => Carbon::now(), 'user_id' => 4, 'first_post_id' => 6, 'comment_count' => 1, 'is_approved' => 0, 'is_private' => 1],
+                ['id' => 7, 'title' => __CLASS__, 'created_at' => Carbon::now(), 'last_posted_at' => Carbon::now(), 'user_id' => 4, 'first_post_id' => 7, 'comment_count' => 1, 'is_approved' => 1, 'is_private' => 0],
+            ],
+            'posts' => [
+                ['id' => 1, 'discussion_id' => 1, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'is_private' => 0, 'is_approved' => 1, 'number' => 1],
+                ['id' => 2, 'discussion_id' => 2, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'is_private' => 0, 'is_approved' => 1, 'number' => 1],
+                ['id' => 3, 'discussion_id' => 3, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'is_private' => 0, 'is_approved' => 1, 'number' => 1],
+                ['id' => 4, 'discussion_id' => 4, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'is_private' => 0, 'is_approved' => 1, 'number' => 1],
+                ['id' => 5, 'discussion_id' => 5, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'is_private' => 0, 'is_approved' => 1, 'number' => 1],
+                ['id' => 6, 'discussion_id' => 6, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'is_private' => 0, 'is_approved' => 1, 'number' => 1],
+                ['id' => 7, 'discussion_id' => 7, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'is_private' => 0, 'is_approved' => 1, 'number' => 1],
+
+                ['id' => 8, 'discussion_id' => 7, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'is_private' => 0, 'is_approved' => 1, 'number' => 2],
+                ['id' => 9, 'discussion_id' => 7, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'is_private' => 1, 'is_approved' => 0, 'number' => 3],
+                ['id' => 10, 'discussion_id' => 7, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'is_private' => 0, 'is_approved' => 1, 'number' => 4],
+                ['id' => 11, 'discussion_id' => 7, 'user_id' => 4, 'type' => 'comment', 'content' => '<t><p>Text</p></t>', 'is_private' => 1, 'is_approved' => 0, 'number' => 5],
+            ],
+            'groups' => [
+                ['id' => 4, 'name_singular' => 'Acme', 'name_plural' => 'Acme', 'is_hidden' => 0]
+            ],
+            'group_user' => [
+                ['user_id' => 3, 'group_id' => 4]
+            ],
+            'group_permission' => [
+                ['permission' => 'discussion.approvePosts', 'group_id' => 4]
+            ]
+        ]);
+    }
+
+    /**
+     * null: Guest, 2: Normal User.
+     */
+    public function unallowedUsers(): array
+    {
+        return [[null], [2]];
+    }
+
+    /**
+     * 1: Admin, 3: Permission Given, 4: Discussions Author.
+     */
+    public function allowedUsers(): array
+    {
+        return [[1], [3], [4]];
+    }
+}
diff --git a/extensions/approval/tests/integration/api/ListDiscussionsTest.php b/extensions/approval/tests/integration/api/ListDiscussionsTest.php
@@ -0,0 +1,62 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Approval\Tests\integration\api;
+
+use Flarum\Approval\Tests\integration\InteractsWithUnapprovedContent;
+use Flarum\Testing\integration\RetrievesAuthorizedUsers;
+use Flarum\Testing\integration\TestCase;
+use Illuminate\Support\Arr;
+
+class ListDiscussionsTest extends TestCase
+{
+    use RetrievesAuthorizedUsers;
+    use InteractsWithUnapprovedContent;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->extension('flarum-approval');
+
+        $this->prepareUnapprovedDatabaseContent();
+    }
+
+    /**
+     * @dataProvider unallowedUsers
+     * @test
+     */
+    public function can_only_see_approved_if_not_allowed_to_approve(?int $authenticatedAs)
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/discussions', compact('authenticatedAs'))
+        );
+
+        $body = json_decode($response->getBody()->getContents(), true);
+
+        $this->assertEquals(200, $response->getStatusCode());
+        $this->assertEqualsCanonicalizing([1, 4, 5, 7], Arr::pluck($body['data'], 'id'));
+    }
+
+    /**
+     * @dataProvider allowedUsers
+     * @test
+     */
+    public function can_see_unapproved_if_allowed_to_approve(int $authenticatedAs)
+    {
+        $response = $this->send(
+            $this->request('GET', '/api/discussions', compact('authenticatedAs'))
+        );
+
+        $body = json_decode($response->getBody()->getContents(), true);
+
+        $this->assertEquals(200, $response->getStatusCode());
+        $this->assertEqualsCanonicalizing([1, 2, 3, 4, 5, 6, 7], Arr::pluck($body['data'], 'id'));
+    }
+}
diff --git a/extensions/approval/tests/integration/api/ListPostsTest.php b/extensions/approval/tests/integration/api/ListPostsTest.php
@@ -0,0 +1,74 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+namespace Flarum\Approval\Tests\integration\api;
+
+use Flarum\Approval\Tests\integration\InteractsWithUnapprovedContent;
+use Flarum\Testing\integration\RetrievesAuthorizedUsers;
+use Flarum\Testing\integration\TestCase;
+use Illuminate\Support\Arr;
+
+class ListPostsTest extends TestCase
+{
+    use RetrievesAuthorizedUsers;
+    use InteractsWithUnapprovedContent;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+
+        $this->extension('flarum-approval');
+
+        $this->prepareUnapprovedDatabaseContent();
+    }
+
+    /**
+     * @dataProvider unallowedUsers
+     * @test
+     */
+    public function can_only_see_approved_if_not_allowed_to_approve(?int $authenticatedAs)
+    {
+        $response = $this->send(
+            $this
+                ->request('GET', '/api/posts', compact('authenticatedAs'))
+                ->withQueryParams([
+                    'filter' => [
+                        'discussion' => 7
+                    ]
+                ])
+        );
+
+        $body = json_decode($response->getBody()->getContents(), true);
+
+        $this->assertEquals(200, $response->getStatusCode());
+        $this->assertEqualsCanonicalizing([7, 8, 10], Arr::pluck($body['data'], 'id'));
+    }
+
+    /**
+     * @dataProvider allowedUsers
+     * @test
+     */
+    public function can_see_unapproved_if_allowed_to_approve(int $authenticatedAs)
+    {
+        $response = $this->send(
+            $this
+                ->request('GET', '/api/posts', compact('authenticatedAs'))
+                ->withQueryParams([
+                    'filter' => [
+                        'discussion' => 7
+                    ]
+                ])
+        );
+
+        $body = json_decode($response->getBody()->getContents(), true);
+
+        $this->assertEquals(200, $response->getStatusCode());
+        $this->assertEqualsCanonicalizing([7, 8, 9, 10, 11], Arr::pluck($body['data'], 'id'));
+    }
+}
diff --git a/extensions/approval/tests/integration/setup.php b/extensions/approval/tests/integration/setup.php
@@ -0,0 +1,16 @@
+<?php
+
+/*
+ * This file is part of Flarum.
+ *
+ * For detailed copyright and license information, please view the
+ * LICENSE file that was distributed with this source code.
+ */
+
+use Flarum\Testing\integration\Setup\SetupScript;
+
+require __DIR__.'/../../vendor/autoload.php';
+
+$setup = new SetupScript();
+
+$setup->run();
diff --git a/extensions/approval/tests/phpunit.integration.xml b/extensions/approval/tests/phpunit.integration.xml
@@ -0,0 +1,25 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.3/phpunit.xsd"
+    backupGlobals="false"
+    backupStaticAttributes="false"
+    colors="true"
+    convertErrorsToExceptions="true"
+    convertNoticesToExceptions="true"
+    convertWarningsToExceptions="true"
+    processIsolation="true"
+    stopOnFailure="false"
+>
+    <coverage processUncoveredFiles="true">
+        <include>
+            <directory suffix=".php">../src/</directory>
+        </include>
+    </coverage>
+    <testsuites>
+        <testsuite name="Flarum Integration Tests">
+            <directory suffix="Test.php">./integration</directory>
+             <exclude>./integration/tmp</exclude>
+        </testsuite>
+    </testsuites>
+</phpunit>
diff --git a/extensions/approval/tests/phpunit.unit.xml b/extensions/approval/tests/phpunit.unit.xml
@@ -0,0 +1,27 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<phpunit
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/9.3/phpunit.xsd"
+    backupGlobals="false"
+    backupStaticAttributes="false"
+    colors="true"
+    convertErrorsToExceptions="true"
+    convertNoticesToExceptions="true"
+    convertWarningsToExceptions="true"
+    processIsolation="false"
+    stopOnFailure="false"
+>
+    <coverage processUncoveredFiles="true">
+        <include>
+            <directory suffix=".php">../src/</directory>
+        </include>
+    </coverage>
+    <testsuites>
+        <testsuite name="Flarum Unit Tests">
+            <directory suffix="Test.php">./unit</directory>
+        </testsuite>
+    </testsuites>
+    <listeners>
+        <listener class="\Mockery\Adapter\Phpunit\TestListener" />
+    </listeners>
+</phpunit>
diff --git a/extensions/approval/tests/unit/.gitkeep b/extensions/approval/tests/unit/.gitkeep