MAGETWO-36063: Update REST and SOAP controllers to filter out attributes based on ACL

- Add more unit tests

Author: Bryant Luk

lib/internal/Magento/Framework/Reflection/DataObjectProcessor.php

@@ -84,8 +84,11 @@ public function buildOutputDataArray($dataObject, $dataObjectType)
             }
 
             $value = $dataObject->{$methodName}();
-            $isMethodRequired = $this->methodsMapProcessor->isMethodRequired($dataObjectType, $methodName);
-            if ($value === null && !$isMethodRequired) {
+            $isMethodReturnValueRequired = $this->methodsMapProcessor->isMethodReturnValueRequired(
+                $dataObjectType,
+                $methodName
+            );
+            if ($value === null && !$isMethodReturnValueRequired) {
                 continue;
             }
 

lib/internal/Magento/Framework/Reflection/ExtensionAttributesProcessor.php

@@ -112,10 +112,6 @@ public function buildOutputDataArray(ExtensionAttributesInterface $dataObject, $
                 continue;
             }
 
-            // should write field?
-            // isWriterValid
-            // what value should be written
-
             $returnType = $this->methodsMapProcessor->getMethodReturnType($dataObjectType, $methodName);
 
             if (is_object($value) && !($value instanceof Phrase)) {

lib/internal/Magento/Framework/Reflection/FieldNamer.php

@@ -14,7 +14,7 @@
 use Zend\Code\Reflection\MethodReflection;
 
 /**
- * Determines the name to use for fields given metadata.
+ * Determines the name to use for fields in a data output array given method metadata.
  */
 class FieldNamer
 {
@@ -23,6 +23,8 @@ class FieldNamer
     const GETTER_PREFIX = 'get';
 
     /**
+     * Converts a method's name into a data field name.
+     *
      * @param string $methodName
      * @return string|null
      */

lib/internal/Magento/Framework/Reflection/MethodsMap.php

@@ -10,7 +10,7 @@
 use Zend\Code\Reflection\MethodReflection;
 
 /**
- * Determines method metadata information.
+ * Gathers method metadata information.
  */
 class MethodsMap
 {
@@ -56,15 +56,15 @@ public function __construct(
     }
 
     /**
-     * Get return type by interface name and method
+     * Get return type by type name and method name.
      *
-     * @param string $interfaceName
+     * @param string $typeName
      * @param string $methodName
      * @return string
      */
-    public function getMethodReturnType($interfaceName, $methodName)
+    public function getMethodReturnType($typeName, $methodName)
     {
-        return $this->getMethodsMap($interfaceName)[$methodName]['type'];
+        return $this->getMethodsMap($typeName)[$methodName]['type'];
     }
 
     /**
@@ -142,6 +142,8 @@ private function isSuitableMethod($method)
     }
 
     /**
+     * Determines if the given method's on the given type is suitable for an output data array.
+     *
      * @param string $type
      * @param string $methodName
      * @return bool
@@ -164,11 +166,13 @@ public function isMethodValidForDataField($type, $methodName)
     }
 
     /**
+     * If the method has only non-null return types
+     *
      * @param string $type
      * @param string $methodName
      * @return bool
      */
-    public function isMethodRequired($type, $methodName)
+    public function isMethodReturnValueRequired($type, $methodName)
     {
         $methods = $this->getMethodsMap($type);
         return $methods[$methodName]['isRequired'];

lib/internal/Magento/Framework/Reflection/Test/Unit/ExtensionAttributesObject.php

@@ -0,0 +1,30 @@
+<?php
+/**
+ * Copyright © 2015 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Framework\Reflection\Test\Unit;
+
+use Magento\Framework\Api\ExtensionAttributesInterface;
+
+/**
+ * Dummy data object to be used by ExtensionAttributesProcessorTest
+ */
+class ExtensionAttributesObject implements ExtensionAttributesInterface
+{
+    /**
+     * @return string
+     */
+    public function getAttrName()
+    {
+        return 'attrName';
+    }
+
+    /**
+     * @return bool
+     */
+    public function isActive()
+    {
+        return false;
+    }
+}

lib/internal/Magento/Framework/Reflection/Test/Unit/ExtensionAttributesProcessorTest.php

@@ -0,0 +1,173 @@
+<?php
+/**
+ * Copyright © 2015 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\Framework\Reflection\Test\Unit;
+
+use Magento\Framework\Api\Config\Converter;
+use Magento\Framework\Api\Config\Reader;
+use Magento\Framework\AuthorizationInterface;
+use Magento\Framework\Reflection\ExtensionAttributesProcessor;
+use Magento\Framework\Reflection\FieldNamer;
+use Magento\Framework\Reflection\MethodsMap;
+use Magento\Framework\Reflection\TypeCaster;
+use Magento\Framework\Reflection\TypeProcessor;
+
+/**
+ * ExtensionAttributesProcessor test
+ */
+class ExtensionsAttributesProcessorTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @var ExtensionAttributesProcessor
+     */
+    private $model;
+
+    /**
+     * @var DataObjectProcessor
+     */
+    private $dataObjectProcessor;
+
+    /**
+     * @var MethodsMap
+     */
+    private $methodsMapProcessor;
+
+    /**
+     * @var FieldNamer
+     */
+    private $fieldNamerMock;
+
+    /**
+     * @var TypeCaster
+     */
+    private $typeCasterMock;
+
+    /**
+     * @var Reader
+     */
+    private $configReaderMock;
+
+    /**
+     * @var AuthorizationInterface
+     */
+    private $authorizationMock;
+    /**
+     * Set up helper.
+     */
+    public function setUp()
+    {
+        $objectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
+
+        $this->dataObjectProcessorMock = $this->getMockBuilder('Magento\Framework\Reflection\DataObjectProcessor')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->methodsMapProcessorMock = $this->getMockBuilder('Magento\Framework\Reflection\MethodsMap')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->typeCasterMock = $this->getMockBuilder('Magento\Framework\Reflection\TypeCaster')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->fieldNamerMock = $this->getMockBuilder('Magento\Framework\Reflection\FieldNamer')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->configReaderMock = $this->getMockBuilder('Magento\Framework\Api\Config\Reader')
+            ->disableOriginalConstructor()
+            ->getMock();
+        $this->authorizationMock = $this->getMockBuilder('Magento\Framework\AuthorizationInterface')
+            ->disableOriginalConstructor()
+            ->getMock();
+
+        $this->model = $objectManager->getObject(
+            'Magento\Framework\Reflection\ExtensionAttributesProcessor',
+            [
+                'dataObjectProcessor' => $this->dataObjectProcessorMock,
+                'methodsMapProcessor' => $this->methodsMapProcessorMock,
+                'typeCaster' => $this->typeCasterMock,
+                'fieldNamer' => $this->fieldNamerMock,
+                'authorization' => $this->authorizationMock,
+                'configReader' => $this->configReaderMock,
+                'isPermissionChecked' => true,
+            ]
+        );
+    }
+
+    /**
+     * @param bool $isPermissionAllowed
+     * @param array $expectedValue
+     * @dataProvider buildOutputDataArrayWithPermissionProvider
+     */
+    public function testBuildOutputDataArrayWithPermission($isPermissionAllowed, $expectedValue)
+    {
+        $dataObject = new \Magento\Framework\Reflection\Test\Unit\ExtensionAttributesObject();
+        $dataObjectType = 'Magento\Framework\Reflection\Test\Unit\ExtensionAttributesObject';
+        $methodName = 'getAttrName';
+        $attributeName = 'attr_name';
+        $attributeValue = 'attrName';
+
+        $this->methodsMapProcessorMock->expects($this->once())
+            ->method('getMethodsMap')
+            ->with($dataObjectType)
+            ->will($this->returnValue([$methodName => []]));
+        $this->methodsMapProcessorMock->expects($this->once())
+            ->method('isMethodValidForDataField')
+            ->with($dataObjectType, $methodName)
+            ->will($this->returnValue(true));
+        $this->fieldNamerMock->expects($this->once())
+            ->method('getFieldNameForMethodName')
+            ->with($methodName)
+            ->will($this->returnValue($attributeName));
+        $permissionName = 'Magento_Permission';
+        $this->configReaderMock->expects($this->once())
+            ->method('read')
+            ->will($this->returnValue([
+                $dataObjectType => [
+                    $attributeName => [ Converter::RESOURCE_PERMISSIONS => [ $permissionName ] ]
+                ]
+              ]));
+        $this->authorizationMock->expects($this->once())
+            ->method('isAllowed')
+            ->with($permissionName)
+            ->will($this->returnValue($isPermissionAllowed));
+
+        if ($isPermissionAllowed) {
+            $this->methodsMapProcessorMock->expects($this->once())
+                ->method('getMethodReturnType')
+                ->with($dataObjectType, $methodName)
+                ->will($this->returnValue('string'));
+            $this->typeCasterMock->expects($this->once())
+                ->method('castValueToType')
+                ->with($attributeValue, 'string')
+                ->will($this->returnValue($attributeValue));
+        }
+
+        $value = $this->model->buildOutputDataArray(
+            $dataObject,
+            $dataObjectType
+        );
+
+        $this->assertEquals(
+            $value,
+            $expectedValue
+        );
+    }
+
+    public function buildOutputDataArrayWithPermissionProvider()
+    {
+        return [
+            'permission allowed' => [
+                true,
+                [
+                    'attr_name' => 'attrName',
+                ],
+            ],
+            'permission not allowed' => [
+                false,
+                [],
+            ],
+        ];
+    }
+
+}

lib/internal/Magento/Framework/Reflection/Test/Unit/FieldNamerTest.php

@@ -0,0 +1,52 @@
+<?php
+/**
+ * Copyright © 2015 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+namespace Magento\Framework\Reflection\Test\Unit;
+
+use Magento\Framework\Reflection\FieldNamer;
+
+/**
+ * Field namer Test
+ */
+class FieldNamerTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @var FieldNamer
+     */
+    private $model;
+
+    /**
+     * Set up helper.
+     */
+    public function setUp()
+    {
+        $objectManager = new \Magento\Framework\TestFramework\Unit\Helper\ObjectManager($this);
+        $this->model = $objectManager->getObject('Magento\Framework\Reflection\FieldNamer');
+    }
+
+    /**
+     * @param string $methodName
+     * @param string $expectedName
+     * @dataProvider methodNameProvider
+     */
+    public function testGetFieldNameForMethodName($methodName, $expectedName)
+    {
+        $value = $this->model->getFieldNameForMethodName($methodName);
+        $this->assertEquals($value, $expectedName);
+    }
+
+    /**
+     * @return array
+     */
+    public function methodNameProvider()
+    {
+        return [
+            'isMethod' => ['isValid', 'valid'],
+            'getMethod' => ['getValue', 'value'],
+            'hasMethod' => ['hasStuff', 'stuff'],
+            'randomMethod' => ['randomMethod', null],
+        ];
+    }
+}