diff --git a/src/Resolvers/DataFromSomethingResolver.php b/src/Resolvers/DataFromSomethingResolver.php index 29c64209..98f621ba 100644 --- a/src/Resolvers/DataFromSomethingResolver.php +++ b/src/Resolvers/DataFromSomethingResolver.php @@ -63,7 +63,13 @@ private function ensureRequestIsValid(string $class, Request $value): void private function ensureRequestIsAuthorized(string $class): void { /** @psalm-suppress UndefinedMethod */ - if ($class::authorized() === false) { + // TODO: remove this with the next major release + if (method_exists($class, 'authorized') && $class::authorized() === false) { + throw new AuthorizationException(); + } + + /** @psalm-suppress UndefinedMethod */ + if (method_exists($class, 'authorize') && $class::authorize() === false) { throw new AuthorizationException(); } } diff --git a/src/Support/DataClass.php b/src/Support/DataClass.php index f5531d87..d5ef3143 100644 --- a/src/Support/DataClass.php +++ b/src/Support/DataClass.php @@ -76,7 +76,7 @@ private function resolveMagicalMethods() $methods = collect($this->class->getMethods(ReflectionMethod::IS_STATIC)); $this->hasAuthorizationMethod = $methods->contains( - fn (ReflectionMethod $method) => $method->getName() === 'authorized' && $method->isPublic() + fn (ReflectionMethod $method) => in_array($method->getName(), ['authorize', 'authorized']) && $method->isPublic() ); $this->creationMethods = $methods diff --git a/tests/Fakes/RequestData.php b/tests/Fakes/RequestData.php index 3935501e..fa66083f 100644 --- a/tests/Fakes/RequestData.php +++ b/tests/Fakes/RequestData.php @@ -14,6 +14,7 @@ class RequestData extends Data public static array $rules = []; public static ?Closure $validatorClosure = null; public static bool $enableAuthorizeFailure = false; + public static bool $enableAuthorizedFailure = false; public function __construct( #[Max(10)] @@ -43,13 +44,20 @@ public static function withValidator(Validator $validator): void } } - public static function authorized() + public static function authorize() { if (self::$enableAuthorizeFailure) { return false; } } + public static function authorized() + { + if (self::$enableAuthorizedFailure) { + return false; + } + } + public static function clear() { self::$attributes = []; @@ -57,5 +65,6 @@ public static function clear() self::$messages = []; self::$validatorClosure = null; self::$enableAuthorizeFailure = false; + self::$enableAuthorizedFailure = false; } } diff --git a/tests/RequestDataTest.php b/tests/RequestDataTest.php index 1c5a7adf..c27c080a 100644 --- a/tests/RequestDataTest.php +++ b/tests/RequestDataTest.php @@ -178,6 +178,14 @@ public function it_can_check_for_authorisation() $this->validRequest()->assertStatus(403); } + /** @test */ + public function it_can_check_for_authorisation_with_wrong_method_name() + { + RequestData::$enableAuthorizedFailure = true; + + $this->validRequest()->assertStatus(403); + } + /** @test */ public function it_can_manually_override_how_the_data_object_will_be_constructed() { diff --git a/tests/Support/DataClassTest.php b/tests/Support/DataClassTest.php index 0f58b041..c43a8938 100644 --- a/tests/Support/DataClassTest.php +++ b/tests/Support/DataClassTest.php @@ -67,19 +67,19 @@ public static function fromDoNotIncludeE(string $other, string $extra): static public function it_can_check_if_a_data_class_has_an_authorisation_method() { $withMethod = new class (null) extends Data { - public static function authorized(): bool + public static function authorize(): bool { } }; $withNonStaticMethod = new class (null) extends Data { - public function authorized(): bool + public function authorize(): bool { } }; $withNonPublicMethod = new class (null) extends Data { - protected static function authorized(): bool + protected static function authorize(): bool { } };