diff --git a/Form/Type/Admin/ClientType.php b/Form/Type/Admin/ClientType.php index 9a1ebb1..eb5ba9d 100644 --- a/Form/Type/Admin/ClientType.php +++ b/Form/Type/Admin/ClientType.php @@ -19,9 +19,8 @@ use Eccube\Form\FormEvent; use Eccube\Form\Type\AbstractType; use Eccube\Validator\Constraints as Assert; -use GraphQL\Type\Definition\ObjectType; use League\Bundle\OAuth2ServerBundle\OAuth2Grants; -use Plugin\Api42\GraphQL\Types; +use Plugin\Api42\Service\ScopeManager; use Symfony\Component\Form\Extension\Core\Type\ChoiceType; use Symfony\Component\Form\Extension\Core\Type\TextType; @@ -31,7 +30,8 @@ class ClientType extends AbstractType * @var EccubeConfig */ protected $eccubeConfig; - private Types $types; + + private ScopeManager $scopeManager; /** * ClientType constructor. @@ -40,10 +40,10 @@ class ClientType extends AbstractType */ public function __construct( EccubeConfig $eccubeConfig, - Types $types + ScopeManager $scopeManager ) { $this->eccubeConfig = $eccubeConfig; - $this->types = $types; + $this->scopeManager = $scopeManager; } /** @@ -53,21 +53,11 @@ public function __construct( */ public function buildForm(FormBuilder $builder, array $options) { - $allTypes = array_filter($this->types->getAll(), function (ObjectType $type) { - return !empty($type->getFields()); - }); - asort($allTypes); - $scopes = array_reduce( - $allTypes, - function ($acc, $type) { - $read = 'read:'.$type->name; - $write = 'write:'.$type->name; - $acc[$read] = $read; - $acc[$write] = $write; - - return $acc; - }, - []); + $scopes = array_reduce($this->scopeManager->getScopes(), function ($acc, $val) { + $scope = (string) $val; + $acc[$scope] = $scope; + return $acc; + }, []); $builder ->add('identifier', TextType::class, [ diff --git a/Service/ScopeManager.php b/Service/ScopeManager.php index 902a75f..94bf764 100644 --- a/Service/ScopeManager.php +++ b/Service/ScopeManager.php @@ -54,4 +54,9 @@ public function save(Scope $scope): void { // NOP } + + public function getScopes(): array + { + return $this->scopes; + } } diff --git a/Tests/Web/Admin/OAuth2Bundle/AuthorizationControllerTest.php b/Tests/Web/Admin/OAuth2Bundle/AuthorizationControllerTest.php index 7e5cd1c..65a10ee 100644 --- a/Tests/Web/Admin/OAuth2Bundle/AuthorizationControllerTest.php +++ b/Tests/Web/Admin/OAuth2Bundle/AuthorizationControllerTest.php @@ -46,7 +46,7 @@ public function testRoutingAdminOauth2Authorize_ログインしている場合 'client_id' => $Client->getIdentifier(), 'redirect_uri' => (string) current($Client->getRedirectUris()), 'response_type' => 'code', - 'scope' => 'read', + 'scope' => 'read:Product', 'state' => 'xxx', ] ) @@ -69,7 +69,7 @@ public function testRoutingAdminOauth2Authorize_権限移譲を許可() 'client_id' => $Client->getIdentifier(), 'redirect_uri' => (string) current($Client->getRedirectUris()), 'response_type' => 'code', - 'scope' => 'read', + 'scope' => 'read:Product', 'state' => 'xxx', ] ); @@ -82,7 +82,7 @@ public function testRoutingAdminOauth2Authorize_権限移譲を許可() 'client_secret' => $Client->getSecret(), 'redirect_uri' => current($Client->getRedirectUris()), 'response_type' => 'code', - 'scope' => 'read', + 'scope' => 'read:Product', 'state' => 'xxx', 'approve' => '', Constant::TOKEN_NAME => 'dummy', @@ -114,7 +114,7 @@ public function testRoutingAdminOauth2Authorize_権限移譲を許可しない() 'client_id' => $Client->getIdentifier(), 'redirect_uri' => (string) current($Client->getRedirectUris()), 'response_type' => 'code', - 'scope' => 'read', + 'scope' => 'read:Product', 'state' => 'xxx', ] ); @@ -127,7 +127,7 @@ public function testRoutingAdminOauth2Authorize_権限移譲を許可しない() 'client_secret' => $Client->getSecret(), 'redirect_uri' => current($Client->getRedirectUris()), 'response_type' => 'code', - 'scope' => 'read', + 'scope' => 'read:Product', 'state' => 'xxx', 'deny' => '', Constant::TOKEN_NAME => 'dummy', @@ -187,7 +187,7 @@ private function createOAuth2Client(): Client $client_secret = hash('sha256', random_bytes(32)); $Client = new Client('', $client_id, $client_secret); $Client - ->setScopes(new Scope('read')) + ->setScopes(new Scope('read:Product')) ->setRedirectUris(new RedirectUri('http://127.0.0.1:8000/')) ->setGrants( new Grant(OAuth2Grants::AUTHORIZATION_CODE), diff --git a/Tests/Web/OAuth2Bundle/TokenControllerWithROPCTest.php b/Tests/Web/OAuth2Bundle/TokenControllerWithROPCTest.php index 4748d3c..c087f6b 100644 --- a/Tests/Web/OAuth2Bundle/TokenControllerWithROPCTest.php +++ b/Tests/Web/OAuth2Bundle/TokenControllerWithROPCTest.php @@ -46,7 +46,7 @@ public function testGetInstance() 'client_id' => $this->OAuth2Client->getIdentifier(), 'username' => $this->Customer->getEmail(), 'password' => 'password', - 'scope' => 'read write' + 'scope' => 'read:Product write:Product' ] ); @@ -73,8 +73,8 @@ protected function createOAuth2Client(): Client $Client = new Client('', $client_id, null); // public client $Client ->setScopes( - new Scope('read'), - new Scope('write') + new Scope('read:Product'), + new Scope('write:Product') ) ->setRedirectUris(new RedirectUri('http://127.0.0.1:8000/')) ->setGrants(