From 842816009f5b8f1d8dc8f71696cfbebe93ad13da Mon Sep 17 00:00:00 2001
From: "Eric Richer eric.richer@vistoconsulting.com"
 <eric.richer@vistoconsulting.com>
Date: Wed, 7 Aug 2024 10:13:57 -0400
Subject: [PATCH] Added setter/getter for assertions to
 AuthorizationService.php

Signed-off-by: Eric Richer eric.richer@vistoconsulting.com <eric.richer@vistoconsulting.com>
---
 src/Service/AuthorizationService.php          | 54 +++++++++++++++++++
 src/Service/AuthorizationServiceInterface.php | 37 +++++++++++++
 test/Service/AuthorizationServiceTest.php     | 54 +++++++++++++++++++
 3 files changed, 145 insertions(+)

diff --git a/src/Service/AuthorizationService.php b/src/Service/AuthorizationService.php
index 3eb56b1..1697412 100644
--- a/src/Service/AuthorizationService.php
+++ b/src/Service/AuthorizationService.php
@@ -21,6 +21,7 @@
 
 namespace Lmc\Rbac\Service;
 
+use Lmc\Rbac\Assertion\AssertionInterface;
 use Lmc\Rbac\Assertion\AssertionPluginManagerInterface;
 use Lmc\Rbac\Assertion\AssertionSet;
 use Lmc\Rbac\Identity\IdentityInterface;
@@ -59,6 +60,59 @@ public function __construct(
         $this->assertions = $assertions;
     }
 
+    /**
+     * Set assertions, either merging or replacing (default)
+     * @param array $assertions
+     * @param bool $merge
+     * @return void
+     */
+    public function setAssertions(array $assertions, bool $merge = false): void
+    {
+        $this->assertions = $merge ?
+            array_merge($this->assertions, $assertions) :
+            $assertions;
+    }
+
+    /**
+     * Set assertion for a given permission
+     * @param PermissionInterface|string $permission
+     * @param AssertionInterface|callable|string $assertion
+     * @return void
+     */
+    public function setAssertion(PermissionInterface|string $permission, AssertionInterface|callable|string $assertion): void
+    {
+        $this->assertions[(string) $permission] = $assertion;
+    }
+
+    /**
+     * Check if there are assertions for the permission
+     * @param PermissionInterface|string $permission
+     * @return bool
+     */
+    public function hasAssertion(PermissionInterface|string $permission): bool
+    {
+        return isset($this->assertions[(string) $permission]);
+    }
+
+    /**
+     * Get the assertions
+     * @return array
+     */
+    public function getAssertions(): array
+    {
+        return $this->assertions;
+    }
+
+    /**
+     * Get the assertions for the given permission
+     * @param PermissionInterface|string $permission
+     * @return AssertionInterface|callable|string|null
+     */
+    public function getAssertion(PermissionInterface|string $permission): AssertionInterface|callable|string|null
+    {
+        return $this->hasAssertion(($permission)) ? $this->assertions[(string) $permission] : null;
+    }
+
     public function isGranted(IdentityInterface|null $identity, string|PermissionInterface $permission, mixed $context = null): bool
     {
         $roles = $this->roleService->getIdentityRoles($identity, $context);
diff --git a/src/Service/AuthorizationServiceInterface.php b/src/Service/AuthorizationServiceInterface.php
index 6f11422..1fdec84 100644
--- a/src/Service/AuthorizationServiceInterface.php
+++ b/src/Service/AuthorizationServiceInterface.php
@@ -21,6 +21,7 @@
 
 namespace Lmc\Rbac\Service;
 
+use Lmc\Rbac\Assertion\AssertionInterface;
 use Lmc\Rbac\Identity\IdentityInterface;
 use Lmc\Rbac\Permission\PermissionInterface;
 
@@ -41,4 +42,40 @@ interface AuthorizationServiceInterface
      * @return bool
      */
     public function isGranted(?IdentityInterface $identity, PermissionInterface|string $permission, mixed $context = null): bool;
+
+    /**
+     * Set assertions, either merging or replacing (default)
+     * @param array $assertions
+     * @param bool $merge
+     * @return void
+     */
+    public function setAssertions(array $assertions, bool $merge = false): void;
+
+    /**
+     * Set assertion for a given permission
+     * @param PermissionInterface|string $permission
+     * @param AssertionInterface|callable|string $assertion
+     * @return void
+     */
+    public function setAssertion(PermissionInterface|string $permission, AssertionInterface|callable|string $assertion): void;
+
+    /**
+     * Check if there are assertions for the permission
+     * @param PermissionInterface|string $permission
+     * @return bool
+     */
+    public function hasAssertion(PermissionInterface|string $permission): bool;
+
+    /**
+     * Get the assertions
+     * @return array
+     */
+    public function getAssertions(): array;
+
+    /**
+     * Get the assertions for the given permission
+     * @param PermissionInterface|string $permission
+     * @return AssertionInterface|callable|string|null
+     */
+    public function getAssertion(PermissionInterface|string $permission): AssertionInterface|callable|string|null;
 }
diff --git a/test/Service/AuthorizationServiceTest.php b/test/Service/AuthorizationServiceTest.php
index 483f1b5..01666e5 100644
--- a/test/Service/AuthorizationServiceTest.php
+++ b/test/Service/AuthorizationServiceTest.php
@@ -398,4 +398,58 @@ public function testContextIsPassedToRoleService(): void
         $roleService->expects($this->once())->method('getIdentityRoles')->with($identity, $context)->willReturn([]);
         $authorizationService->isGranted($identity, 'foo', $context);
     }
+
+    public function testGetAssertions(): void
+    {
+        $assertions = [
+            'foo' => 'foo',
+        ];
+        $authorizationService = $this->createAuthorizationService($assertions);
+        $this->assertEquals($assertions, $authorizationService->getAssertions());
+        $this->assertEquals('foo', $authorizationService->getAssertion('foo'));
+        $this->assertNull($authorizationService->getAssertion('bar'));
+    }
+
+    public function testHasAssertion(): void
+    {
+        $assertions = [
+            'foo' => 'foo',
+        ];
+        $authorizationService = $this->createAuthorizationService($assertions);
+        $this->assertTrue($authorizationService->hasAssertion('foo'));
+        $this->assertFalse($authorizationService->hasAssertion('bar'));
+    }
+
+    public function testSetAssertions(): void
+    {
+        $assertions = [
+            'foo' => 'foo',
+        ];
+        $newAssertions = [
+            'bar' => 'bar',
+        ];
+        $authorizationService = $this->createAuthorizationService($assertions);
+        $authorizationService->setAssertions($newAssertions, false);
+        $this->assertEquals($newAssertions, $authorizationService->getAssertions());
+        $authorizationService->setAssertions($assertions, true);
+        $this->assertEquals(array_merge($assertions, $newAssertions), $authorizationService->getAssertions());
+
+        // Reset assertions
+        $authorizationService->setAssertions($assertions, false);
+        $authorizationService->setAssertion('bar', 'bar');
+        $this->assertEquals(array_merge($assertions, $newAssertions), $authorizationService->getAssertions());
+
+        $authorizationService->setAssertion('bar', 'foo');
+        $this->assertEquals('foo', $authorizationService->getAssertion('bar'));
+    }
+
+    private function createAuthorizationService(array $assertions): AuthorizationService
+    {
+        return new AuthorizationService(
+            $this->createMock(Rbac::class),
+            $this->createMock(RoleServiceInterface::class),
+            $this->createMock(AssertionPluginManagerInterface::class),
+            $assertions
+        );
+    }
 }