Use 403 status code on AccessDenied exceptions (#12)

* use the authentication code provided by the exception thrown if available

* be more explicit with response codes and exception type

* update phpdoc

* Adding an additional test for access denied exceptions

Author: kabudu

composer.json

@@ -13,7 +13,8 @@
     "license": "Apache-2.0",
     "require": {
         "php": ">=5.4.0",
-        "psr/log": "~1.0"
+        "psr/log": "~1.0",
+        "ext-json": "*"
     },
     "require-dev": {
         "phpunit/phpunit": "~4.0",

src/Docnet/JAPI.php

@@ -19,6 +19,7 @@
 use Docnet\JAPI\Controller;
 use Docnet\JAPI\Exceptions\Routing as RoutingException;
 use Docnet\JAPI\Exceptions\Auth as AuthException;
+use Docnet\JAPI\Exceptions\AccessDenied as AccessDeniedException;
 use Psr\Log\LoggerAwareInterface;
 
 /**
@@ -68,6 +69,8 @@ public function bootstrap($controller_source)
             $this->jsonError($obj_ex, 404);
         } catch (AuthException $obj_ex) {
             $this->jsonError($obj_ex, 401);
+        } catch (AccessDeniedException $obj_ex) {
+            $this->jsonError($obj_ex, 403);
         } catch (\Exception $obj_ex) {
             $this->jsonError($obj_ex, $obj_ex->getCode());
         }

src/Docnet/JAPI/Exceptions/AccessDenied.php

@@ -0,0 +1,26 @@
+<?php
+/**
+ * Copyright 2018 Venditan Limited
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+namespace Docnet\JAPI\Exceptions;
+
+/**
+ * AccessDenied Exception
+ *
+ * @author Kamba Abudu <[email protected]>
+ */
+class AccessDenied extends \Exception
+{
+}

tests/Controllers/AccessDenied.php

@@ -0,0 +1,8 @@
+<?php
+
+class AccessDenied extends \Docnet\JAPI\Controller
+{
+    public function dispatch(){
+        throw new \Docnet\JAPI\Exceptions\AccessDenied('Error Message', 403);
+    }
+}

tests/JAPITest.php

@@ -3,6 +3,7 @@
 require_once('Controllers/Example.php');
 require_once('Controllers/Exceptional.php');
 require_once('Controllers/Whoops.php');
+require_once('Controllers/AccessDenied.php');
 
 class JAPITest extends PHPUnit_Framework_TestCase
 {
@@ -134,4 +135,21 @@ public function testNoLogger()
         $obj_japi->bootstrap(new Exceptional());
     }
 
+    /**
+     * Test an AccessDenied Exception codes are correctly passed to jsonError from the bootstrap() method
+     */
+    public function testBootstrapAccessDeniedErrorCycle()
+    {
+        // Mock JAPI
+        $obj_japi = $this->getMockBuilder('\\Docnet\\JAPI')->setMethods(['sendResponse', 'jsonError'])->getMock();
+        $obj_japi->expects($this->never())->method('sendResponse');
+        $obj_japi->expects($this->once())->method('jsonError')->with(
+            $this->equalTo(new \Docnet\JAPI\Exceptions\AccessDenied('Error Message', 403)),
+            $this->equalTo(403)
+        );
+
+        // Dispatch
+        $obj_japi->bootstrap(new AccessDenied());
+    }
+
 }