Search code examples
phpsymfonyyamlsonataphpunit

Where to put tests testing the configuration in the YAML files

I'm developing an application in Symfony (version 4.2.3) and use also few bundles from the Sonata project as well the API Platform. We have 4 different user roles with different privilegies. The API is read-only and should be accessed by ROLE_USER, but ROLE_USER must not access the admin area. The other roles should access the admin area.

I have set up the firewalls and access control paths in the file config/packages/security.yaml, created my custom security handler VoterSecurityHandler and use it in config/packages/sonata_admin.yaml:

sonata_admin:
    security:
        handler: sonata.admin.security.handler.voter

The security handler is registered in config/services.yaml:

sonata.admin.security.handler.voter:
    class: App\Security\Handler\VoterSecurityHandler
    arguments: ["@security.authorization_checker", ['ROLE_SUPER_ADMIN']]

I wrote tests using LiipFunctionalTestBundle and supplying data fixtures with different users to check if their permissions are properly handled.

I'm trying to follow best practices and map the whole application structure from src/ into the directory tests/. Since I have src/Security/Handler/VoterSecurityHandler.php I created tests/Security/Handler/TestVoterSecurityHandler.php.

However the VoterSecurityHandler should manage the permissions for the sonata admin, and I'm actually testing the configuration settings in config/packages/security.yaml.

It doesn't feel right to place all the tests in the above mentioned class, but I'm wondering where should I put this kind of "smoke tests"?

My question:
Where do I put tests testing the configuration in the YAML files?

Solution

  • The good practice is to put the test files under the same architecture than your src, but it does not mean you can't write other test files.
    If you have no controller, put it directly under tests, and name it how you want (FirewallTest?)

    I personally use a dedicated functional test which tests different routes for different roles and only check if I get a 403 / 200.

    As you can see here in the documentation they put their file directly under tests : tests/ApplicationAvailabilityFunctionalTest.php