diff options
| author | Joas Schilling <coding@schilljs.com> | 2023-02-15 13:20:20 +0100 |
|---|---|---|
| committer | Joas Schilling <coding@schilljs.com> | 2023-02-23 06:18:38 +0100 |
| commit | 2be84b5867be2027bb5085819c626dc746d50faa (patch) | |
| tree | da711f0cccca0abb2cfa76b8f610b5518711270c | |
| parent | 74f97c80d11bee96f81f471beb79bd7e6ff8bc9c (diff) | |
| download | nextcloud-server-2be84b5867be2027bb5085819c626dc746d50faa.tar.gz nextcloud-server-2be84b5867be2027bb5085819c626dc746d50faa.zip | |
Validate the scope when validating operations
Signed-off-by: Joas Schilling <coding@schilljs.com>
| -rw-r--r-- | apps/workflowengine/lib/Manager.php | 13 | ||||
| -rw-r--r-- | apps/workflowengine/tests/ManagerTest.php | 113 |
2 files changed, 118 insertions, 8 deletions
diff --git a/apps/workflowengine/lib/Manager.php b/apps/workflowengine/lib/Manager.php index 34dbf507b91..8aeb588d016 100644 --- a/apps/workflowengine/lib/Manager.php +++ b/apps/workflowengine/lib/Manager.php @@ -310,7 +310,7 @@ class Manager implements IManager { string $entity, array $events ) { - $this->validateOperation($class, $name, $checks, $operation, $entity, $events); + $this->validateOperation($class, $name, $checks, $operation, $scope, $entity, $events); $this->connection->beginTransaction(); @@ -382,7 +382,7 @@ class Manager implements IManager { throw new \DomainException('Target operation not within scope'); }; $row = $this->getOperation($id); - $this->validateOperation($row['class'], $name, $checks, $operation, $entity, $events); + $this->validateOperation($row['class'], $name, $checks, $operation, $scopeContext, $entity, $events); $checkIds = []; try { @@ -482,9 +482,12 @@ class Manager implements IManager { * @param string $name * @param array[] $checks * @param string $operation + * @param ScopeContext $scope + * @param string $entity + * @param array $events * @throws \UnexpectedValueException */ - public function validateOperation($class, $name, array $checks, $operation, string $entity, array $events) { + public function validateOperation($class, $name, array $checks, $operation, ScopeContext $scope, string $entity, array $events) { try { /** @var IOperation $instance */ $instance = $this->container->query($class); @@ -496,6 +499,10 @@ class Manager implements IManager { throw new \UnexpectedValueException($this->l->t('Operation %s is invalid', [$class])); } + if (!$instance->isAvailableForScope($scope->getScope())) { + throw new \UnexpectedValueException($this->l->t('Operation %s is invalid', [$class])); + } + $this->validateEvents($entity, $events, $instance); if (count($checks) === 0) { diff --git a/apps/workflowengine/tests/ManagerTest.php b/apps/workflowengine/tests/ManagerTest.php index 612495a5b6d..6fb65f43373 100644 --- a/apps/workflowengine/tests/ManagerTest.php +++ b/apps/workflowengine/tests/ManagerTest.php @@ -288,11 +288,20 @@ class ManagerTest extends TestCase { $userScope = $this->buildScope('jackie'); $entity = File::class; + $operationMock = $this->createMock(IOperation::class); + $operationMock->expects($this->any()) + ->method('isAvailableForScope') + ->withConsecutive( + [IManager::SCOPE_ADMIN], + [IManager::SCOPE_USER] + ) + ->willReturn(true); + $this->container->expects($this->any()) ->method('query') - ->willReturnCallback(function ($class) { + ->willReturnCallback(function ($class) use ($operationMock) { if (substr($class, -2) === 'Op') { - return $this->createMock(IOperation::class); + return $operationMock; } elseif ($class === File::class) { return $this->getMockBuilder(File::class) ->setConstructorArgs([ @@ -453,6 +462,16 @@ class ManagerTest extends TestCase { $entityMock = $this->createMock(IEntity::class); $eventEntityMock = $this->createMock(IEntityEvent::class); $checkMock = $this->createMock(ICheck::class); + $scopeMock = $this->createMock(ScopeContext::class); + + $scopeMock->expects($this->any()) + ->method('getScope') + ->willReturn(IManager::SCOPE_ADMIN); + + $operationMock->expects($this->once()) + ->method('isAvailableForScope') + ->with(IManager::SCOPE_ADMIN) + ->willReturn(true); $operationMock->expects($this->once()) ->method('validateOperation') @@ -489,7 +508,7 @@ class ManagerTest extends TestCase { } }); - $this->manager->validateOperation(IOperation::class, 'test', [$check], 'operationData', IEntity::class, ['MyEvent']); + $this->manager->validateOperation(IOperation::class, 'test', [$check], 'operationData', $scopeMock, IEntity::class, ['MyEvent']); } public function testValidateOperationCheckInputLengthError() { @@ -503,6 +522,16 @@ class ManagerTest extends TestCase { $entityMock = $this->createMock(IEntity::class); $eventEntityMock = $this->createMock(IEntityEvent::class); $checkMock = $this->createMock(ICheck::class); + $scopeMock = $this->createMock(ScopeContext::class); + + $scopeMock->expects($this->any()) + ->method('getScope') + ->willReturn(IManager::SCOPE_ADMIN); + + $operationMock->expects($this->once()) + ->method('isAvailableForScope') + ->with(IManager::SCOPE_ADMIN) + ->willReturn(true); $operationMock->expects($this->once()) ->method('validateOperation') @@ -540,7 +569,7 @@ class ManagerTest extends TestCase { }); try { - $this->manager->validateOperation(IOperation::class, 'test', [$check], 'operationData', IEntity::class, ['MyEvent']); + $this->manager->validateOperation(IOperation::class, 'test', [$check], 'operationData', $scopeMock, IEntity::class, ['MyEvent']); } catch (\UnexpectedValueException $e) { $this->assertSame('The provided check value is too long', $e->getMessage()); } @@ -558,6 +587,16 @@ class ManagerTest extends TestCase { $entityMock = $this->createMock(IEntity::class); $eventEntityMock = $this->createMock(IEntityEvent::class); $checkMock = $this->createMock(ICheck::class); + $scopeMock = $this->createMock(ScopeContext::class); + + $scopeMock->expects($this->any()) + ->method('getScope') + ->willReturn(IManager::SCOPE_ADMIN); + + $operationMock->expects($this->once()) + ->method('isAvailableForScope') + ->with(IManager::SCOPE_ADMIN) + ->willReturn(true); $operationMock->expects($this->never()) ->method('validateOperation'); @@ -594,9 +633,73 @@ class ManagerTest extends TestCase { }); try { - $this->manager->validateOperation(IOperation::class, 'test', [$check], $operationData, IEntity::class, ['MyEvent']); + $this->manager->validateOperation(IOperation::class, 'test', [$check], $operationData, $scopeMock, IEntity::class, ['MyEvent']); } catch (\UnexpectedValueException $e) { $this->assertSame('The provided operation data is too long', $e->getMessage()); } } + + public function testValidateOperationScopeNotAvailable() { + $check = [ + 'class' => ICheck::class, + 'operator' => 'is', + 'value' => 'barfoo', + ]; + $operationData = str_pad('', IManager::MAX_OPERATION_VALUE_BYTES + 1, 'FooBar'); + + $operationMock = $this->createMock(IOperation::class); + $entityMock = $this->createMock(IEntity::class); + $eventEntityMock = $this->createMock(IEntityEvent::class); + $checkMock = $this->createMock(ICheck::class); + $scopeMock = $this->createMock(ScopeContext::class); + + $scopeMock->expects($this->any()) + ->method('getScope') + ->willReturn(IManager::SCOPE_ADMIN); + + $operationMock->expects($this->once()) + ->method('isAvailableForScope') + ->with(IManager::SCOPE_ADMIN) + ->willReturn(false); + + $operationMock->expects($this->never()) + ->method('validateOperation'); + + $entityMock->expects($this->any()) + ->method('getEvents') + ->willReturn([$eventEntityMock]); + + $eventEntityMock->expects($this->any()) + ->method('getEventName') + ->willReturn('MyEvent'); + + $checkMock->expects($this->any()) + ->method('supportedEntities') + ->willReturn([IEntity::class]); + $checkMock->expects($this->never()) + ->method('validateCheck'); + + $this->container->expects($this->any()) + ->method('query') + ->willReturnCallback(function ($className) use ($operationMock, $entityMock, $eventEntityMock, $checkMock) { + switch ($className) { + case IOperation::class: + return $operationMock; + case IEntity::class: + return $entityMock; + case IEntityEvent::class: + return $eventEntityMock; + case ICheck::class: + return $checkMock; + default: + return $this->createMock($className); + } + }); + + try { + $this->manager->validateOperation(IOperation::class, 'test', [$check], $operationData, $scopeMock, IEntity::class, ['MyEvent']); + } catch (\UnexpectedValueException $e) { + $this->assertSame('Operation OCP\WorkflowEngine\IOperation is invalid', $e->getMessage()); + } + } } |