Fixed role entity permissions ignoring inheritance

ssddanbrown · ssddanbrown · commit 1fa5a3196060 · 2023-01-24T21:26:41.000Z
Added additional scnenario tests to cover
diff --git a/app/Auth/Permissions/EntityPermissionEvaluator.php b/app/Auth/Permissions/EntityPermissionEvaluator.php
@@ -66,6 +66,10 @@ protected function collapseAndCategorisePermissions(array $typeIdChain, array $p
                     $permitsByType[$type][$roleId] = $permission->{$this->action};
                 }
             }
+
+            if (isset($permitsByType['fallback'][0])) {
+                break;
+            }
         }
 
         return $permitsByType;
diff --git a/dev/docs/permission-scenario-testing.md b/dev/docs/permission-scenario-testing.md
@@ -317,4 +317,27 @@ User granted page permission.
 - Role B has no entity chapter permissions.
 - User has Role A & B.
 
+User denied page permission.
+
+#### test_90_fallback_overrides_parent_entity_role_deny
+
+- Chapter permissions have inherit disabled.
+- Page permissions have inherit disabled.
+- Chapter fallback has entity deny permission.
+- Page fallback has entity deny permission.
+- Role A has entity allow chapter permission.
+- User has Role A.
+
+User denied page permission.
+
+#### test_91_fallback_overrides_parent_entity_role_inherit
+
+- Book permissions have inherit disabled.
+- Chapter permissions have inherit disabled. 
+- Page permissions have inherit enabled.
+- Book fallback has entity deny permission.
+- Chapter fallback has entity deny permission.
+- Role A has entity allow book permission.
+- User has Role A.
+
 User denied page permission.
diff --git a/tests/Permissions/Scenarios/EntityRolePermissionsTest.php b/tests/Permissions/Scenarios/EntityRolePermissionsTest.php
@@ -293,4 +293,31 @@ public function test_89_fallback_override_deny_multi_role_inherit()
 
         $this->assertNotVisibleToUser($page, $user);
     }
+
+    public function test_90_fallback_overrides_parent_entity_role_deny()
+    {
+        [$user, $roleA] = $this->users->newUserWithRole();
+        $page = $this->entities->page();
+        $chapter = $page->chapter;
+
+        $this->permissions->setFallbackPermissions($chapter, []);
+        $this->permissions->setFallbackPermissions($page, []);
+        $this->permissions->addEntityPermission($chapter, ['view'], $roleA);
+
+        $this->assertNotVisibleToUser($page, $user);
+    }
+
+    public function test_91_fallback_overrides_parent_entity_role_inherit()
+    {
+        [$user, $roleA] = $this->users->newUserWithRole();
+        $page = $this->entities->page();
+        $chapter = $page->chapter;
+        $book = $page->book;
+
+        $this->permissions->setFallbackPermissions($book, []);
+        $this->permissions->setFallbackPermissions($chapter, []);
+        $this->permissions->addEntityPermission($book, ['view'], $roleA);
+
+        $this->assertNotVisibleToUser($page, $user);
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -66,6 +66,10 @@ protected function collapseAndCategorisePermissions(array $typeIdChain, array $p`
`66`	`66`	`$permitsByType[$type][$roleId] = $permission->{$this->action};`
`67`	`67`	`}`
`68`	`68`	`}`
	`69`	`+`
	`70`	`+ if (isset($permitsByType['fallback'][0])) {`
	`71`	`+ break;`
	`72`	`+ }`
`69`	`73`	`}`
`70`	`74`
`71`	`75`	`return $permitsByType;`