TASK: Behat tests for workspace permissions

[bwaidelich]

Adds behat tests that document the current behavior of WorkspaceService::createPersonalWorkspaceForUserIfMissing() and WorkspaceService::getWorkspacePermissionsForUser()

Related: #4726

[bwaidelich]

@mhsdesign heart but no +1? :)

[mhsdesign]

i wanted to see if i can locally use the hack to swap out the passwort hashing^^

[mhsdesign]

The duplicated logic in createUser is bad but i have seen worse^^

[bwaidelich]

@mhsdesign do you think that would be better:

diff --git a/Neos.Neos/Tests/Behavior/Features/Bootstrap/UserServiceTrait.php b/Neos.Neos/Tests/Behavior/Features/Bootstrap/UserServiceTrait.php
index 90d15dbd09..5f5ee2aee0 100644
--- a/Neos.Neos/Tests/Behavior/Features/Bootstrap/UserServiceTrait.php
+++ b/Neos.Neos/Tests/Behavior/Features/Bootstrap/UserServiceTrait.php
@@ -14,15 +14,11 @@ declare(strict_types=1);
 
 use Behat\Gherkin\Node\TableNode;
 use Neos\Flow\Persistence\PersistenceManagerInterface;
-use Neos\Flow\Security\Account;
 use Neos\Flow\Security\AccountFactory;
-use Neos\Flow\Security\AccountRepository;
-use Neos\Flow\Security\Policy\PolicyService;
+use Neos\Flow\Security\Cryptography\HashService;
 use Neos\Neos\Domain\Model\User;
 use Neos\Neos\Domain\Service\UserService;
 use Neos\Party\Domain\Model\PersonName;
-use Neos\Party\Domain\Repository\PartyRepository;
-use Neos\Party\Domain\Service\PartyService;
 use Neos\Utility\ObjectAccess;
 
 /**
@@ -83,17 +79,25 @@ trait UserServiceTrait
         if ($id !== null) {
             ObjectAccess::setProperty($user, 'Persistence_Object_Identifier', $id, true);
         }
+
+        $accountFactory = $this->getObject(AccountFactory::class);
+
+        // NOTE: We replace the original {@see HashService} by a "mock" for performance reasons
+
+        /** @var HashService $originalHashService */
+        $originalHashService = ObjectAccess::getProperty($accountFactory, 'hashService', true);
+        $hashServiceMock = new class extends HashService {
+            public function hashPassword($password, $strategyIdentifier = 'default'): string
+            {
+                return 'hashed-password';
+            }
+        };
+        ObjectAccess::setProperty($accountFactory, 'hashService', $hashServiceMock, true);
+
         $name = new PersonName('', $firstName ?? 'John', '', $lastName ?? 'Doe', '', $username);
         $user->setName($name);
-        $account = new Account();
-        $account->setAccountIdentifier($username);
-        $account->setAuthenticationProviderName($userService->getDefaultAuthenticationProviderName());
-
-        $policyService = $this->getObject(PolicyService::class);
-        $account->setRoles(array_map($policyService->getRole(...), $roleIdentifiers ?? ['Neos.Neos:Editor']));
-        $this->getObject(PartyService::class)->assignAccountToParty($account, $user);
-        $this->getObject(PartyRepository::class)->add($user);
-        $this->getObject(AccountRepository::class)->add($account);
+        $userService->addUser($username, 'password', $user, $roleIdentifiers);
         $this->getObject(PersistenceManagerInterface::class)->persistAll();
+        ObjectAccess::setProperty($accountFactory, 'hashService', $originalHashService, true);
     }
 }

?

[mhsdesign]

i think so very much... that way one can hopefully fix this at some point. By duplicating we run into the risk of it going separate ways and rely on internals way more.

[mhsdesign]

The merge button is to easy to trigger in the car due to road bumps :D