Rest: inject Authority into Handler

Bug: T239753
Change-Id: Iddde137c5a86786357d67458f28fe3e4d6e98710

4 files changed, 41 insertions, 54 deletions

diff --git a/tests/phpunit/includes/Rest/BasicAccess/MWBasicRequestAuthorizerTest.php b/tests/phpunit/includes/Rest/BasicAccess/MWBasicRequestAuthorizerTest.php
index d1d20f023956..2984bf1ae70f 100644
--- a/tests/phpunit/includes/Rest/BasicAccess/MWBasicRequestAuthorizerTest.php
+++ b/tests/phpunit/includes/Rest/BasicAccess/MWBasicRequestAuthorizerTest.php
@@ -3,7 +3,7 @@
 namespace MediaWiki\Tests\Rest\BasicAccess;
 
 use GuzzleHttp\Psr7\Uri;
-use MediaWiki\Permissions\PermissionManager;
+use MediaWiki\Permissions\SimpleAuthority;
 use MediaWiki\Rest\BasicAccess\MWBasicAuthorizer;
 use MediaWiki\Rest\Handler;
 use MediaWiki\Rest\RequestData;
@@ -29,13 +29,7 @@ class MWBasicRequestAuthorizerTest extends MediaWikiIntegrationTestCase {
 		$objectFactory = new ObjectFactory(
 			$this->getMockForAbstractClass( ContainerInterface::class )
 		);
-		$permissionManager = $this->createMock( PermissionManager::class );
-		// Don't allow the rights to everybody so that user rights kick in.
-		$permissionManager->method( 'isEveryoneAllowed' )->willReturn( false );
-		$permissionManager->method( 'userHasRight' )
-			->will( $this->returnCallback( function ( $user, $action ) use ( $userRights ) {
-				return isset( $userRights[$action] ) && $userRights[$action];
-			} ) );
+		$authority = new SimpleAuthority( $user, $userRights );
 
 		global $IP;
 
@@ -46,16 +40,17 @@ class MWBasicRequestAuthorizerTest extends MediaWikiIntegrationTestCase {
 			'/rest',
 			new \EmptyBagOStuff(),
 			new ResponseFactory( [] ),
-			new MWBasicAuthorizer( $user, $permissionManager ),
+			new MWBasicAuthorizer( $authority ),
+			$authority,
 			$objectFactory,
-			new Validator( $objectFactory, $permissionManager, $request, $user ),
+			new Validator( $objectFactory, $request, $authority ),
 			$this->createHookContainer()
 		);
 	}
 
 	public function testReadDenied() {
 		$request = new RequestData( [ 'uri' => new Uri( '/rest/mock/RouterTest/hello' ) ] );
-		$router = $this->createRouter( [ 'read' => false ], $request );
+		$router = $this->createRouter( [], $request );
 		$response = $router->execute( $request );
 		$this->assertSame( 403, $response->getStatusCode() );
 
@@ -67,7 +62,7 @@ class MWBasicRequestAuthorizerTest extends MediaWikiIntegrationTestCase {
 
 	public function testReadAllowed() {
 		$request = new RequestData( [ 'uri' => new Uri( '/rest/mock/RouterTest/hello' ) ] );
-		$router = $this->createRouter( [ 'read' => true ], $request );
+		$router = $this->createRouter( [ 'read' ], $request );
 		$response = $router->execute( $request );
 		$this->assertSame( 200, $response->getStatusCode() );
 	}
@@ -88,7 +83,7 @@ class MWBasicRequestAuthorizerTest extends MediaWikiIntegrationTestCase {
 		$request = new RequestData( [
 			'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
 		] );
-		$router = $this->createRouter( [ 'read' => true, 'writeapi' => false ], $request );
+		$router = $this->createRouter( [ 'read' ], $request );
 		$response = $router->execute( $request );
 		$this->assertSame( 403, $response->getStatusCode() );
 
@@ -102,7 +97,7 @@ class MWBasicRequestAuthorizerTest extends MediaWikiIntegrationTestCase {
 		$request = new RequestData( [
 			'uri' => new Uri( '/rest/mock/MWBasicRequestAuthorizerTest/write' )
 		] );
-		$router = $this->createRouter( [ 'read' => true, 'writeapi' => true ], $request );
+		$router = $this->createRouter( [ 'read', 'writeapi' ], $request );
 		$response = $router->execute( $request );
 
 		$this->assertSame( 200, $response->getStatusCode() );
diff --git a/tests/phpunit/includes/Rest/EntryPointTest.php b/tests/phpunit/includes/Rest/EntryPointTest.php
index eb75c1c50e41..eefa4a4f61db 100644
--- a/tests/phpunit/includes/Rest/EntryPointTest.php
+++ b/tests/phpunit/includes/Rest/EntryPointTest.php
@@ -5,7 +5,7 @@ namespace MediaWiki\Tests\Rest;
 use EmptyBagOStuff;
 use GuzzleHttp\Psr7\Stream;
 use GuzzleHttp\Psr7\Uri;
-use MediaWiki\Permissions\PermissionManager;
+use MediaWiki\Permissions\UltimateAuthority;
 use MediaWiki\Rest\BasicAccess\StaticBasicAuthorizer;
 use MediaWiki\Rest\CorsUtils;
 use MediaWiki\Rest\EntryPoint;
@@ -34,8 +34,8 @@ class EntryPointTest extends \MediaWikiIntegrationTestCase {
 		$objectFactory = new ObjectFactory(
 			$this->getMockForAbstractClass( ContainerInterface::class )
 		);
-		$permissionManager = $this->createMock( PermissionManager::class );
 		$user = $this->createMock( UserIdentity::class );
+		$authority = new UltimateAuthority( $user );
 
 		return new Router(
 			[ "$IP/tests/phpunit/unit/includes/Rest/testRoutes.json" ],
@@ -45,8 +45,9 @@ class EntryPointTest extends \MediaWikiIntegrationTestCase {
 			new EmptyBagOStuff(),
 			new ResponseFactory( [] ),
 			new StaticBasicAuthorizer(),
+			$authority,
 			$objectFactory,
-			new Validator( $objectFactory, $permissionManager, $request, $user ),
+			new Validator( $objectFactory, $request, $authority ),
 			$this->createHookContainer()
 		);
 	}
diff --git a/tests/phpunit/unit/includes/Rest/Handler/HandlerTestTrait.php b/tests/phpunit/unit/includes/Rest/Handler/HandlerTestTrait.php
index ea460b2762be..4ebb6f8e4b51 100644
--- a/tests/phpunit/unit/includes/Rest/Handler/HandlerTestTrait.php
+++ b/tests/phpunit/unit/includes/Rest/Handler/HandlerTestTrait.php
@@ -3,7 +3,9 @@
 namespace MediaWiki\Tests\Rest\Handler;
 
 use MediaWiki\Linker\LinkTarget;
+use MediaWiki\Permissions\Authority;
 use MediaWiki\Permissions\PermissionManager;
+use MediaWiki\Permissions\UltimateAuthority;
 use MediaWiki\Rest\Handler;
 use MediaWiki\Rest\HttpException;
 use MediaWiki\Rest\RequestInterface;
@@ -50,8 +52,14 @@ trait HandlerTestTrait {
 	 * @param RequestInterface $request
 	 * @param array $config
 	 * @param array $hooks Hook overrides
+	 * @param Authority|null $authority
 	 */
-	private function initHandler( Handler $handler, RequestInterface $request, $config = [], $hooks = []
+	private function initHandler(
+		Handler $handler,
+		RequestInterface $request,
+		$config = [],
+		$hooks = [],
+		Authority $authority = null
 	) {
 		$formatter = $this->createMock( ITextFormatter::class );
 		$formatter->method( 'format' )->willReturnCallback( function ( MessageValue $msg ) {
@@ -70,9 +78,10 @@ trait HandlerTestTrait {
 			return wfAppendQuery( 'https://wiki.example.com/rest' . $route, $query );
 		} );
 
+		$authority = $authority ?: new UltimateAuthority( new UserIdentityValue( 0, 'Fake User', 0 ) );
 		$hookContainer = $this->createHookContainer( $hooks );
 
-		$handler->init( $router, $request, $config, $responseFactory, $hookContainer );
+		$handler->init( $router, $request, $config, $authority, $responseFactory, $hookContainer );
 	}
 
 	/**
@@ -81,30 +90,17 @@ trait HandlerTestTrait {
 	 * @internal to the trait
 	 * @param Handler $handler
 	 * @param null|Validator $validator
-	 * @param User|null $user User provided by request
 	 * @throws HttpException
 	 */
 	private function validateHandler(
 		Handler $handler,
-		Validator $validator = null,
-		?User $user = null
+		Validator $validator = null
 	) {
 		if ( !$validator ) {
-			/** @var PermissionManager|MockObject $permissionManager */
-			$permissionManager = $this->createNoOpMock(
-				PermissionManager::class, [ 'userCan', 'userHasRight' ]
-			);
-			$permissionManager->method( 'userCan' )->willReturn( true );
-			$permissionManager->method( 'userHasRight' )->willReturn( true );
-
 			/** @var ServiceContainer|MockObject $serviceContainer */
 			$serviceContainer = $this->createNoOpMock( ServiceContainer::class );
 			$objectFactory = new ObjectFactory( $serviceContainer );
-
-			if ( !$user ) {
-				$user = new UserIdentityValue( 0, 'Fake User', 0 );
-			}
-			$validator = new Validator( $objectFactory, $permissionManager, $handler->getRequest(), $user );
+			$validator = new Validator( $objectFactory, $handler->getRequest(), $handler->getAuthority() );
 		}
 		$handler->validate( $validator );
 	}
@@ -137,8 +133,9 @@ trait HandlerTestTrait {
 	 * @param array $hooks Hook overrides
 	 * @param array $validatedParams Path/query params to return as already valid
 	 * @param array $validatedBody Body params to return as already valid
-	 * @param User|null $user User provided by request
+	 * @param Authority|null $authority
 	 * @return ResponseInterface
+	 * @throws HttpException
 	 */
 	private function executeHandler(
 		Handler $handler,
@@ -147,18 +144,18 @@ trait HandlerTestTrait {
 		$hooks = [],
 		$validatedParams = [],
 		$validatedBody = [],
-		?User $user = null
+		Authority $authority = null
 	) {
 		// supply defaults for required fields in $config
 		$config += [ 'path' => '/test' ];
 
-		$this->initHandler( $handler, $request, $config, $hooks );
+		$this->initHandler( $handler, $request, $config, $hooks, $authority );
 		$validator = null;
 		if ( $validatedParams || $validatedBody ) {
 			/** @var Validator|MockObject $validator */
 			$validator = $this->getMockValidator( $validatedParams, $validatedBody );
 		}
-		$this->validateHandler( $handler, $validator, $user );
+		$this->validateHandler( $handler, $validator );
 
 		// Check conditional request headers
 		$earlyResponse = $handler->checkPreconditions();
@@ -185,9 +182,9 @@ trait HandlerTestTrait {
 	 * @param RequestInterface $request
 	 * @param array $config
 	 * @param array $hooks
-	 * @param array $validatedParams Path/query params to return as already valid
-	 * @param array $validatedBody Body params to return as already valid
-	 * @param User|null $user User provided by request
+	 * @param array $validatedParams
+	 * @param array $validatedBody
+	 * @param Authority|null $authority
 	 * @return array
 	 */
 	private function executeHandlerAndGetBodyData(
@@ -197,17 +194,10 @@ trait HandlerTestTrait {
 		$hooks = [],
 		$validatedParams = [],
 		$validatedBody = [],
-		?User $user = null
+		Authority $authority = null
 	) {
-		$response = $this->executeHandler(
-			 $handler,
-			 $request,
-			 $config,
-			 $hooks,
-			 $validatedParams,
-			 $validatedBody,
-			 $user
-		);
+		$response = $this->executeHandler( $handler, $request, $config, $hooks,
+			$validatedParams, $validatedBody, $authority );
 
 		$this->assertTrue(
 			$response->getStatusCode() >= 200 && $response->getStatusCode() < 300,
diff --git a/tests/phpunit/unit/includes/Rest/RouterTest.php b/tests/phpunit/unit/includes/Rest/RouterTest.php
index be3fe18cd970..f14d80c2df6c 100644
--- a/tests/phpunit/unit/includes/Rest/RouterTest.php
+++ b/tests/phpunit/unit/includes/Rest/RouterTest.php
@@ -3,7 +3,7 @@
 namespace MediaWiki\Tests\Rest;
 
 use GuzzleHttp\Psr7\Uri;
-use MediaWiki\Permissions\PermissionManager;
+use MediaWiki\Permissions\UltimateAuthority;
 use MediaWiki\Rest\BasicAccess\StaticBasicAuthorizer;
 use MediaWiki\Rest\Handler;
 use MediaWiki\Rest\HttpException;
@@ -31,8 +31,8 @@ class RouterTest extends \MediaWikiUnitTestCase {
 		$objectFactory = new ObjectFactory(
 			$this->getMockForAbstractClass( ContainerInterface::class )
 		);
-		$permissionManager = $this->createMock( PermissionManager::class );
 		$routeFiles = array_merge( [ __DIR__ . '/testRoutes.json' ], $additionalRouteFiles );
+		$authority = new UltimateAuthority( new User );
 		return new Router(
 			$routeFiles,
 			[],
@@ -41,8 +41,9 @@ class RouterTest extends \MediaWikiUnitTestCase {
 			new \EmptyBagOStuff(),
 			new ResponseFactory( [] ),
 			new StaticBasicAuthorizer( $authError ),
+			$authority,
 			$objectFactory,
-			new Validator( $objectFactory, $permissionManager, $request, new User ),
+			new Validator( $objectFactory, $request, $authority ),
 			$this->createHookContainer()
 		);
 	}