OXDEV-7713: Adjust NotAuthorizedAccessCest to check for new message

OXID-eSales · Jan 17, 2024 · e239f54 · e239f54
1 parent 20d9c49
commit e239f54
Showing 1 changed file with 181 additions and 58 deletions.
diff --git a/tests/Codeception/Acceptance/NotAuthorizedAccessCest.php b/tests/Codeception/Acceptance/NotAuthorizedAccessCest.php
@@ -20,104 +20,196 @@
 final class NotAuthorizedAccessCest extends BaseCest
 {
     #[DataProvider('themeGettersDataProvider')]
-    #[DataProvider('themeMutationsDataProvider')]
-    #[DataProvider('listQueriesDataProvider')]
     #[DataProvider('moduleGettersDataProvider')]
-    #[DataProvider('moduleMutationsDataProvider')]
     #[DataProvider('shopGettersDataProvider')]
-    #[DataProvider('shopMutationsDataProvider')]
-    public function testGetSettingNotAuthorized(AcceptanceTester $I, \Codeception\Example $example): void
+    public function testGetSettingNotAuthorizedQuery(AcceptanceTester $I, \Codeception\Example $example): void
+    {
+        $I->login($this->getAgentUsername(), $this->getAgentPassword());
+
+        $result = $this->runSimplifiedAccessCheckQuery(
+            I: $I,
+            queryName: $example['queryName'],
+            field: $example['field'],
+            location: $example['location'],
+            isList: false
+        );
+
+        $this->assertQueryNotFoundErrorInResult($I, $result);
+    }
+
+    #[DataProvider('listQueriesDataProvider')]
+    public function testGetSettingNotAuthorizedQueryList(AcceptanceTester $I, \Codeception\Example $example): void
     {
         $I->login($this->getAgentUsername(), $this->getAgentPassword());
 
         $result = $this->runSimplifiedAccessCheckQuery(
             I: $I,
-            queryType: $example['queryType'],
             queryName: $example['queryName'],
-            field: $example['field']
+            field: $example['field'],
+            location: $example['location'],
+            isList: true
         );
 
-        $this->assertQueryNotFoundErrorInResult($I, $result, $example['queryName'], $example['queryType']);
+        $this->assertQueryNotFoundErrorInResult($I, $result);
+    }
+
+    #[DataProvider('themeMutationsDataProvider')]
+    #[DataProvider('moduleMutationsDataProvider')]
+    #[DataProvider('shopMutationsDataProvider')]
+    public function testGetSettingNotAuthorizedMutation(AcceptanceTester $I, \Codeception\Example $example): void
+    {
+        $I->login($this->getAgentUsername(), $this->getAgentPassword());
+
+        $result = $this->runSimplifiedAccessCheckMutation(
+            I: $I,
+            queryName: $example['queryName'],
+            field: $example['field'],
+            value: $example['value'],
+            location: $example['location']
+        );
+
+        $this->assertQueryNotFoundErrorInResult($I, $result);
     }
 
     protected function themeGettersDataProvider(): \Generator
     {
-        yield ['queryType' => 'query', 'queryName' => 'themeSettingInteger', 'field' => 'name'];
-        yield ['queryType' => 'query', 'queryName' => 'themeSettingFloat', 'field' => 'name'];
-        yield ['queryType' => 'query', 'queryName' => 'themeSettingBoolean', 'field' => 'name'];
-        yield ['queryType' => 'query', 'queryName' => 'themeSettingString', 'field' => 'name'];
-        yield ['queryType' => 'query', 'queryName' => 'themeSettingSelect', 'field' => 'name'];
-        yield ['queryType' => 'query', 'queryName' => 'themeSettingCollection', 'field' => 'name'];
-        yield ['queryType' => 'query', 'queryName' => 'themeSettingAssocCollection', 'field' => 'name'];
+        yield ['queryName' => 'themeSettingInteger', 'field' => 'name', 'location' => 'theme'];
+        yield ['queryName' => 'themeSettingFloat', 'field' => 'name', 'location' => 'theme'];
+        yield ['queryName' => 'themeSettingBoolean', 'field' => 'name', 'location' => 'theme'];
+        yield ['queryName' => 'themeSettingString', 'field' => 'name', 'location' => 'theme'];
+        yield ['queryName' => 'themeSettingSelect', 'field' => 'name', 'location' => 'theme'];
+        yield ['queryName' => 'themeSettingCollection', 'field' => 'name', 'location' => 'theme'];
+        yield ['queryName' => 'themeSettingAssocCollection', 'field' => 'name', 'location' => 'theme'];
     }
 
     protected function themeMutationsDataProvider(): \Generator
     {
-        yield ['queryType' => 'mutation', 'queryName' => 'themeSettingIntegerChange', 'field' => 'name'];
-        yield ['queryType' => 'mutation', 'queryName' => 'themeSettingFloatChange', 'field' => 'name'];
-        yield ['queryType' => 'mutation', 'queryName' => 'themeSettingBooleanChange', 'field' => 'name'];
-        yield ['queryType' => 'mutation', 'queryName' => 'themeSettingStringChange', 'field' => 'name'];
-        yield ['queryType' => 'mutation', 'queryName' => 'themeSettingSelectChange', 'field' => 'name'];
-        yield ['queryType' => 'mutation', 'queryName' => 'themeSettingCollectionChange', 'field' => 'name'];
-        yield ['queryType' => 'mutation', 'queryName' => 'themeSettingAssocCollectionChange', 'field' => 'name'];
+        yield ['queryName' => 'themeSettingIntegerChange', 'field' => 'name', 'value' => '1', 'location' => 'theme'];
+        yield ['queryName' => 'themeSettingFloatChange', 'field' => 'name', 'value' => '1.1', 'location' => 'theme'];
+        yield [
+            'queryName' => 'themeSettingBooleanChange',
+            'field' => 'name',
+            'value' => 'false',
+            'location' => 'theme'
+        ];
+        yield [
+            'queryName' => 'themeSettingStringChange',
+            'field' => 'name',
+            'value' => '"test"',
+            'location' => 'theme'
+        ];
+        yield [
+            'queryName' => 'themeSettingSelectChange',
+            'field' => 'name',
+            'value' => '"test"',
+            'location' => 'theme'
+        ];
+        yield [
+            'queryName' => 'themeSettingCollectionChange',
+            'field' => 'name',
+            'value' => '"test"',
+            'location' => 'theme'
+        ];
+        yield [
+            'queryName' => 'themeSettingAssocCollectionChange',
+            'field' => 'name',
+            'value' => '"test"',
+            'location' => 'theme'
+        ];
     }
 
     protected function listQueriesDataProvider(): \Generator
     {
-        yield ['queryType' => 'query', 'queryName' => 'themeSettings', 'field' => 'name'];
-        yield ['queryType' => 'query', 'queryName' => 'moduleSettings', 'field' => 'name'];
-        yield ['queryType' => 'query', 'queryName' => 'shopSettings', 'field' => 'name'];
+        yield ['queryName' => 'themeSettings', 'field' => 'name', 'location' => 'theme'];
+        yield ['queryName' => 'moduleSettings', 'field' => 'name', 'location' => 'module'];
+        yield ['queryName' => 'shopSettings', 'field' => 'name', 'location' => 'shop'];
     }
 
     protected function moduleGettersDataProvider(): \Generator
     {
-        yield ['queryType' => 'query', 'queryName' => 'moduleSettingInteger', 'field' => 'name'];
-        yield ['queryType' => 'query', 'queryName' => 'moduleSettingFloat', 'field' => 'name'];
-        yield ['queryType' => 'query', 'queryName' => 'moduleSettingBoolean', 'field' => 'name'];
-        yield ['queryType' => 'query', 'queryName' => 'moduleSettingString', 'field' => 'name'];
-        yield ['queryType' => 'query', 'queryName' => 'moduleSettingCollection', 'field' => 'name'];
+        yield ['queryName' => 'moduleSettingInteger', 'field' => 'name', 'location' => 'module'];
+        yield ['queryName' => 'moduleSettingFloat', 'field' => 'name', 'location' => 'module'];
+        yield ['queryName' => 'moduleSettingBoolean', 'field' => 'name', 'location' => 'module'];
+        yield ['queryName' => 'moduleSettingString', 'field' => 'name', 'location' => 'module'];
+        yield ['queryName' => 'moduleSettingCollection', 'field' => 'name', 'location' => 'module'];
     }
 
     protected function moduleMutationsDataProvider(): \Generator
     {
-        yield ['queryType' => 'mutation', 'queryName' => 'moduleSettingIntegerChange', 'field' => 'name'];
-        yield ['queryType' => 'mutation', 'queryName' => 'moduleSettingFloatChange', 'field' => 'name'];
-        yield ['queryType' => 'mutation', 'queryName' => 'moduleSettingBooleanChange', 'field' => 'name'];
-        yield ['queryType' => 'mutation', 'queryName' => 'moduleSettingStringString', 'field' => 'name'];
-        yield ['queryType' => 'mutation', 'queryName' => 'moduleSettingCollectionChange', 'field' => 'name'];
+        yield ['queryName' => 'moduleSettingIntegerChange', 'field' => 'name', 'value' => '1', 'location' => 'module'];
+        yield ['queryName' => 'moduleSettingFloatChange', 'field' => 'name', 'value' => '1.1', 'location' => 'module'];
+        yield [
+            'queryName' => 'moduleSettingBooleanChange',
+            'field' => 'name',
+            'value' => 'false',
+            'location' => 'module'
+        ];
+        yield [
+            'queryName' => 'moduleSettingStringChange',
+            'field' => 'name',
+            'value' => '"test"',
+            'location' => 'module'
+        ];
+        yield [
+            'queryName' => 'moduleSettingCollectionChange',
+            'field' => 'name',
+            'value' => '"test"',
+            'location' => 'module'
+        ];
     }
 
     protected function shopGettersDataProvider(): \Generator
     {
-        yield ['queryType' => 'query', 'queryName' => 'shopSettingInteger', 'field' => 'name'];
-        yield ['queryType' => 'query', 'queryName' => 'shopSettingFloat', 'field' => 'name'];
-        yield ['queryType' => 'query', 'queryName' => 'shopSettingBoolean', 'field' => 'name'];
-        yield ['queryType' => 'query', 'queryName' => 'shopSettingString', 'field' => 'name'];
-        yield ['queryType' => 'query', 'queryName' => 'shopSettingSelect', 'field' => 'name'];
-        yield ['queryType' => 'query', 'queryName' => 'shopSettingCollection', 'field' => 'name'];
-        yield ['queryType' => 'query', 'queryName' => 'shopSettingAssocCollection', 'field' => 'name'];
+        yield ['queryName' => 'shopSettingInteger', 'field' => 'name', 'location' => 'shop'];
+        yield ['queryName' => 'shopSettingFloat', 'field' => 'name', 'location' => 'shop'];
+        yield ['queryName' => 'shopSettingBoolean', 'field' => 'name', 'location' => 'shop'];
+        yield ['queryName' => 'shopSettingString', 'field' => 'name', 'location' => 'shop'];
+        yield ['queryName' => 'shopSettingSelect', 'field' => 'name', 'location' => 'shop'];
+        yield ['queryName' => 'shopSettingCollection', 'field' => 'name', 'location' => 'shop'];
+        yield ['queryName' => 'shopSettingAssocCollection', 'field' => 'name', 'location' => 'shop'];
     }
 
     protected function shopMutationsDataProvider(): \Generator
     {
-        yield ['queryType' => 'mutation', 'queryName' => 'shopSettingIntegerChange', 'field' => 'name'];
-        yield ['queryType' => 'mutation', 'queryName' => 'shopSettingFloatChange', 'field' => 'name'];
-        yield ['queryType' => 'mutation', 'queryName' => 'shopSettingBooleanChange', 'field' => 'name'];
-        yield ['queryType' => 'mutation', 'queryName' => 'shopSettingStringChange', 'field' => 'name'];
-        yield ['queryType' => 'mutation', 'queryName' => 'shopSettingSelectChange', 'field' => 'name'];
-        yield ['queryType' => 'mutation', 'queryName' => 'shopSettingCollectionChange', 'field' => 'name'];
-        yield ['queryType' => 'mutation', 'queryName' => 'shopSettingAssocCollectionChange', 'field' => 'name'];
+        yield ['queryName' => 'shopSettingIntegerChange', 'field' => 'name', 'value' => '1', 'location' => 'shop'];
+        yield ['queryName' => 'shopSettingFloatChange', 'field' => 'name', 'value' => '1.1', 'location' => 'shop'];
+        yield ['queryName' => 'shopSettingBooleanChange', 'field' => 'name', 'value' => 'false', 'location' => 'shop'];
+        yield ['queryName' => 'shopSettingStringChange', 'field' => 'name', 'value' => '"test"', 'location' => 'shop'];
+        yield ['queryName' => 'shopSettingSelectChange', 'field' => 'name', 'value' => '"test"', 'location' => 'shop'];
+        yield [
+            'queryName' => 'shopSettingCollectionChange',
+            'field' => 'name',
+            'value' => '"test"',
+            'location' => 'shop'
+        ];
+        yield [
+            'queryName' => 'shopSettingAssocCollectionChange',
+            'field' => 'name',
+            'value' => '"test"',
+            'location' => 'shop'
+        ];
     }
 
     private function runSimplifiedAccessCheckQuery(
         AcceptanceTester $I,
-        string $queryType,
         string $queryName,
         string $field,
+        string $location,
+        bool $isList
     ): array {
+        $parameters = [];
+        if (!$isList) {
+            $parameters[] = 'name: "testSetting"';
+        }
+        $locationCondition = $this->getLocationParameterString($location);
+        if ($locationCondition) {
+            $parameters[] = $locationCondition;
+        }
+
+        $parameterString = !empty($parameters) ? '(' . implode(',', $parameters) . ')' : '';
         $I->sendGQLQuery(
-            $queryType . '{
-                ' . $queryName . '{
+            'query {
+                ' . $queryName . $parameterString . '  {
                     ' . $field . '
                 }
             }'
@@ -128,15 +220,46 @@ private function runSimplifiedAccessCheckQuery(
         return $I->grabJsonResponseAsArray();
     }
 
-    protected function assertQueryNotFoundErrorInResult(
+    private function runSimplifiedAccessCheckMutation(
         AcceptanceTester $I,
-        array $result,
-        string $query,
-        string $queryType
-    ): void {
+        string $queryName,
+        string $field,
+        mixed $value,
+        string $location
+    ): array {
+        $parameters = ['name:"testSetting"', 'value:' . $value];
+        $locationCondition = $this->getLocationParameterString($location);
+        if ($locationCondition) {
+            $parameters[] = $locationCondition;
+        }
+
+        $I->sendGQLQuery(
+            'mutation {
+                ' . $queryName . '(' . implode(',', $parameters) . ') {
+                    ' . $field . '
+                }
+            }'
+        );
+
+        $I->seeResponseIsJson();
+
+        return $I->grabJsonResponseAsArray();
+    }
+
+    private function getLocationParameterString(string $location): ?string
+    {
+        return match ($location) {
+            'module' => 'moduleId: "testModule"',
+            'theme' => 'themeId: "testTheme"',
+            default => null
+        };
+    }
+
+    protected function assertQueryNotFoundErrorInResult(AcceptanceTester $I, array $result): void
+    {
         $errorMessage = $result['errors'][0]['message'];
         $I->assertSame(
-            'Cannot query field "' . $query . '" on type "' . ucfirst($queryType) . '".',
+            'You do not have sufficient rights to access this field',
             $errorMessage
         );
     }