Refactor access control to use interface and trait

KroderDev · KroderDev · commit fbe0c6b0d55e · 2025-06-23T20:38:52.000-04:00
Introduced AccessUserInterface and HasAccess trait to standardize user access methods. Updated ExternalUser to implement the interface and use the trait. Refactored PermissionsClient and LoadAccess middleware to depend on the interface, improving flexibility. Added tests for the trait and PermissionsClient.
diff --git a/src/Auth/ExternalUser.php b/src/Auth/ExternalUser.php
@@ -4,14 +4,14 @@
 
 use Illuminate\Foundation\Auth\User as Authenticatable;
 use Illuminate\Notifications\Notifiable;
+use Kroderdev\LaravelMicroserviceCore\Contracts\AccessUserInterface;
+use Kroderdev\LaravelMicroserviceCore\Traits\HasAccess;
 
-class ExternalUser extends Authenticatable
+class ExternalUser extends Authenticatable implements AccessUserInterface
 {
-    use Notifiable;
+    use Notifiable, HasAccess;
     
     protected $attributes = [];
-    protected array $roles = [];
-    protected array $permissions = [];
 
     public function __construct(array $attributes = [])
     {
@@ -25,30 +25,4 @@ public function getAuthIdentifier() { return $this->attributes[$this->getAuthIde
     public function getAuthPassword() { return null; }
     public function __get($key){ return $this->attributes[$key] ?? null; }
 
-    // Permissions
-    public function loadAccess(array $roles, array $permissions): void
-    {
-        $this->roles = $roles;
-        $this->permissions = $permissions;
-    }
-
-    public function hasRole(string $role): bool
-    {
-        return in_array($role, $this->roles);
-    }
-
-    public function hasPermissionTo(string $permission): bool
-    {
-        return in_array($permission, $this->permissions);
-    }
-
-    public function getRoleNames(): array
-    {
-        return $this->roles;
-    }
-
-    public function getPermissions(): array
-    {
-        return $this->permissions;
-    }
 }
diff --git a/src/Contracts/AccessUserInterface.php b/src/Contracts/AccessUserInterface.php
@@ -0,0 +1,26 @@
+<?php
+
+namespace Kroderdev\LaravelMicroserviceCore\Contracts;
+
+use Illuminate\Contracts\Auth\Authenticatable;
+
+/**
+ * Contract for user models that expose roles and permissions.
+ */
+interface AccessUserInterface extends Authenticatable
+{
+    /** Load roles and permissions for the user */
+    public function loadAccess(array $roles, array $permissions): void;
+
+    /** Check if the user has the given role */
+    public function hasRole(string $role): bool;
+
+    /** Check if the user has the given permission */
+    public function hasPermissionTo(string $permission): bool;
+
+    /** Return all role names */
+    public function getRoleNames(): array;
+
+    /** Return all permissions */
+    public function getPermissions(): array;
+}
diff --git a/src/Http/Middleware/LoadAccess.php b/src/Http/Middleware/LoadAccess.php
@@ -3,11 +3,9 @@
 namespace Kroderdev\LaravelMicroserviceCore\Http\Middleware;
 
 use Closure;
-use Firebase\JWT\JWT;
-use Firebase\JWT\Key;
 use Illuminate\Http\Request;
 use Illuminate\Support\Facades\Auth;
-use Kroderdev\LaravelMicroserviceCore\Auth\ExternalUser;
+use Kroderdev\LaravelMicroserviceCore\Contracts\AccessUserInterface;
 use Kroderdev\LaravelMicroserviceCore\Services\PermissionsClient;
 use Symfony\Component\HttpFoundation\Response;
 
@@ -34,15 +32,16 @@ public function handle(Request $request, Closure $next): Response
             ], Response::HTTP_UNAUTHORIZED);
         }
 
-        try {
-            $access = app(PermissionsClient::class)->getAccessFor($user);
-            $user->loadAccess(
-                $access['roles'] ?? [],
-                $access['permissions'] ?? []
-            );
-        } catch (\Throwable $e) {
-            // Do nothing
-            // $user->loadAccess([], []);
+        if ($user instanceof AccessUserInterface) {
+            try {
+                $access = app(PermissionsClient::class)->getAccessFor($user);
+                $user->loadAccess(
+                    $access['roles'] ?? [],
+                    $access['permissions'] ?? []
+                );
+            } catch (\Throwable $e) {
+                // Do nothing
+            }
         }
 
         return $next($request);
diff --git a/src/Services/PermissionsClient.php b/src/Services/PermissionsClient.php
@@ -3,7 +3,7 @@
 namespace Kroderdev\LaravelMicroserviceCore\Services;
 
 use Illuminate\Support\Facades\Cache;
-use Kroderdev\LaravelMicroserviceCore\Auth\ExternalUser;
+use Kroderdev\LaravelMicroserviceCore\Contracts\AccessUserInterface;
 use Kroderdev\LaravelMicroserviceCore\Contracts\ApiGatewayClientInterface;
 
 class PermissionsClient
@@ -15,7 +15,7 @@ public function __construct(ApiGatewayClientInterface $gateway)
         $this->gateway = $gateway;
     }
 
-    public function getAccessFor(ExternalUser $user): array
+    public function getAccessFor(AccessUserInterface $user): array
     {
         $cacheKey = "user_access:{$user->getAuthIdentifier()}";
         $ttl = config('microservice.permissions_cache_ttl', 60);
diff --git a/src/Traits/HasAccess.php b/src/Traits/HasAccess.php
@@ -0,0 +1,50 @@
+<?php
+
+namespace Kroderdev\LaravelMicroserviceCore\Traits;
+
+trait HasAccess
+{
+    protected array $roles = [];
+    protected array $permissions = [];
+
+    /**
+     * Load roles and permissions for the user.
+     */
+    public function loadAccess(array $roles, array $permissions): void
+    {
+        $this->roles = $roles;
+        $this->permissions = $permissions;
+    }
+
+    /**
+     * Determine if the user has the given role.
+     */
+    public function hasRole(string $role): bool
+    {
+        return in_array($role, $this->roles);
+    }
+
+    /**
+     * Determine if the user has the given permission.
+     */
+    public function hasPermissionTo(string $permission): bool
+    {
+        return in_array($permission, $this->permissions);
+    }
+
+    /**
+     * Get all role names for the user.
+     */
+    public function getRoleNames(): array
+    {
+        return $this->roles;
+    }
+
+    /**
+     * Get all permissions for the user.
+     */
+    public function getPermissions(): array
+    {
+        return $this->permissions;
+    }
+}
diff --git a/tests/Auth/AccessTraitTest.php b/tests/Auth/AccessTraitTest.php
@@ -0,0 +1,29 @@
+<?php
+
+namespace Tests\Auth;
+
+use Illuminate\Foundation\Auth\User;
+use Kroderdev\LaravelMicroserviceCore\Traits\HasAccess;
+use Orchestra\Testbench\TestCase;
+
+class DefaultUser extends User
+{
+    use HasAccess;
+    protected $fillable = ['id'];
+}
+
+class AccessTraitTest extends TestCase
+{
+    /** @test */
+    public function trait_adds_access_methods_to_user()
+    {
+        $user = new DefaultUser(['id' => 1]);
+        $user->loadAccess(['admin'], ['edit.posts']);
+
+        $this->assertTrue($user->hasRole('admin'));
+        $this->assertFalse($user->hasRole('guest'));
+        $this->assertTrue($user->hasPermissionTo('edit.posts'));
+        $this->assertEquals(['admin'], $user->getRoleNames());
+        $this->assertEquals(['edit.posts'], $user->getPermissions());
+    }
+}
diff --git a/tests/Services/PermissionClientTest.php b/tests/Services/PermissionClientTest.php
@@ -0,0 +1,59 @@
+<?php
+
+namespace Tests\Services;
+
+use Illuminate\Support\Facades\Cache;
+use Orchestra\Testbench\TestCase;
+use Kroderdev\LaravelMicroserviceCore\Contracts\ApiGatewayClientInterface;
+use Kroderdev\LaravelMicroserviceCore\Services\PermissionsClient;
+use Kroderdev\LaravelMicroserviceCore\Traits\HasAccess;
+use Kroderdev\LaravelMicroserviceCore\Contracts\AccessUserInterface;
+use Illuminate\Foundation\Auth\User;
+
+require_once __DIR__.'/FakeGatewayClient.php';
+
+class DummyUser extends User implements AccessUserInterface
+{
+    use HasAccess;
+    protected $fillable = ['id'];
+}
+
+class PermissionsClientTest extends TestCase
+{
+    protected FakeGatewayClient $gateway;
+
+    protected function setUp(): void
+    {
+        parent::setUp();
+        $this->gateway = new class extends FakeGatewayClient {
+            public function get(string $uri, array $query = [])
+            {
+                parent::get($uri, $query);
+                return new class {
+                    public function failed() { return false; }
+                    public function json() { return ['roles' => ['admin'], 'permissions' => ['edit.posts']]; }
+                };
+            }
+        };
+        $this->app->bind(ApiGatewayClientInterface::class, fn () => $this->gateway);
+        Cache::flush();
+    }
+
+    protected function getPackageProviders($app)
+    {
+        return [\Kroderdev\LaravelMicroserviceCore\Providers\MicroserviceServiceProvider::class];
+    }
+
+    /** @test */
+    public function retrieves_access_for_any_user_model()
+    {
+        $client = new PermissionsClient($this->app->make(ApiGatewayClientInterface::class));
+        $user = new DummyUser(['id' => 5]);
+
+        $access = $client->getAccessFor($user);
+
+        $this->assertEquals(['admin'], $access['roles']);
+        $this->assertEquals(['edit.posts'], $access['permissions']);
+        $this->assertSame('/auth/permissions/5', $this->gateway->getCalls()[0]['uri']);
+    }
+}

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,7 @@`
`3`	`3`	`namespace Kroderdev\LaravelMicroserviceCore\Services;`
`4`	`4`
`5`	`5`	`use Illuminate\Support\Facades\Cache;`
`6`		`-use Kroderdev\LaravelMicroserviceCore\Auth\ExternalUser;`
	`6`	`+use Kroderdev\LaravelMicroserviceCore\Contracts\AccessUserInterface;`
`7`	`7`	`use Kroderdev\LaravelMicroserviceCore\Contracts\ApiGatewayClientInterface;`
`8`	`8`
`9`	`9`	`class PermissionsClient`
`@@ -15,7 +15,7 @@ public function __construct(ApiGatewayClientInterface $gateway)`
`15`	`15`	`$this->gateway = $gateway;`
`16`	`16`	`}`
`17`	`17`
`18`		`- public function getAccessFor(ExternalUser $user): array`
	`18`	`+ public function getAccessFor(AccessUserInterface $user): array`
`19`	`19`	`{`
`20`	`20`	`$cacheKey = "user_access:{$user->getAuthIdentifier()}";`
`21`	`21`	`$ttl = config('microservice.permissions_cache_ttl', 60);`