Add DecisionType-type

tvdijen · tvdijen · commit a3056b9db8c6 · 2025-06-17T18:01:09.000+02:00
diff --git a/src/SAML11/Type/DecisionTypeValue.php b/src/SAML11/Type/DecisionTypeValue.php
@@ -0,0 +1,57 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\SAML11\Type;
+
+use SimpleSAML\Assert\Assert;
+use SimpleSAML\SAML11\XML\saml\DecisionTypeEnum;
+use SimpleSAML\XML\Exception\SchemaViolationException;
+use SimpleSAML\XML\Type\StringValue;
+
+use function array_column;
+
+/**
+ * @package simplesamlphp/saml11
+ */
+class DecisionTypeValue extends StringValue
+{
+    /** @var string */
+    public const SCHEMA_TYPE = 'decisionType';
+
+
+    /**
+     * Validate the value.
+     *
+     * @param string $value  The value
+     * @throws \Exception on failure
+     * @return void
+     */
+    protected function validateValue(string $value): void
+    {
+        Assert::oneOf(
+            $this->sanitizeValue($value),
+            array_column(DecisionTypeEnum::cases(), 'value'),
+            SchemaViolationException::class,
+        );
+    }
+
+
+    /**
+     * @param \SimpleSAML\XSD\XML\xsd\DecisionTypeEnum $value
+     * @return static
+     */
+    public static function fromEnum(DecisionTypeEnum $value): static
+    {
+        return new static($value->value);
+    }
+
+
+    /**
+     * @return \SimpleSAML\XSD\XML\xsd\DecisionTypeEnum $value
+     */
+    public function toEnum(): DecisionTypeEnum
+    {
+        return DecisionTypeEnum::from($this->getValue());
+    }
+}
diff --git a/src/SAML11/XML/saml/AbstractAuthorizationDecisionStatementType.php b/src/SAML11/XML/saml/AbstractAuthorizationDecisionStatementType.php
@@ -6,7 +6,7 @@
 
 use DOMElement;
 use SimpleSAML\Assert\Assert;
-use SimpleSAML\SAML11\Type\SAMLStringValue;
+use SimpleSAML\SAML11\Type\{DecisionTypeValue, SAMLStringValue};
 use SimpleSAML\XML\Exception\{
     InvalidDOMElementException,
     MissingElementException,
@@ -28,7 +28,7 @@ abstract class AbstractAuthorizationDecisionStatementType extends AbstractSubjec
      * Initialize a saml:AuthorizationDecisionStatementType from scratch
      *
      * @param \SimpleSAML\XML\Type\AnyURIValue $resource
-     * @param \SimpleSAML\SAML11\XML\saml\DecisionTypeEnum $decision
+     * @param \SimpleSAML\SAML11\Type\DecisionTypeValue $decision
      * @param \SimpleSAML\SAML11\XML\saml\Subject $subject
      * @param array<\SimpleSAML\SAML11\XML\saml\Action> $action
      * @param \SimpleSAML\SAML11\XML\saml\Evidence|null $evidence
@@ -37,7 +37,7 @@ final public function __construct(
         Subject $subject,
         // Uses the base AnyURIValue because the SAML specification allows this attribute to be an empty string
         protected AnyURIValue $resource,
-        protected DecisionTypeEnum $decision,
+        protected DecisionTypeValue $decision,
         protected array $action = [],
         protected ?Evidence $evidence = null,
     ) {
@@ -62,9 +62,9 @@ public function getResource(): AnyURIValue
     /**
      * Collect the value of the decision-property
      *
-     * @return \SimpleSAML\SAML11\XML\saml\DecisionTypeEnum
+     * @return \SimpleSAML\SAML11\Type\DecisionTypeValue
      */
-    public function getDecision(): DecisionTypeEnum
+    public function getDecision(): DecisionTypeValue
     {
         return $this->decision;
     }
@@ -116,9 +116,7 @@ public static function fromXML(DOMElement $xml): static
         return new static(
             array_pop($subject),
             self::getAttribute($xml, 'Resource', AnyURIValue::class),
-            DecisionTypeEnum::from(
-                strval(self::getAttribute($xml, 'Decision', SAMLStringValue::class)),
-            ),
+            self::getAttribute($xml, 'Decision', DecisionTypeValue::class),
             Action::getChildrenOfClass($xml),
             array_pop($evidence),
         );
@@ -137,7 +135,7 @@ public function toXML(?DOMElement $parent = null): DOMElement
         $e = parent::toXML($parent);
 
         $e->setAttribute('Resource', strval($this->getResource()));
-        $e->setAttribute('Decision', $this->getDecision()->value);
+        $e->setAttribute('Decision', strval($this->getDecision()));
 
         foreach ($this->getAction() as $action) {
             $action->toXML($e);
diff --git a/tests/src/SAML11/Type/DecisionTypeValueTest.php b/tests/src/SAML11/Type/DecisionTypeValueTest.php
@@ -0,0 +1,63 @@
+<?php
+
+declare(strict_types=1);
+
+namespace SimpleSAML\Test\SAML11\Type;
+
+use PHPUnit\Framework\Attributes\{CoversClass, DataProvider, DependsOnClass};
+use PHPUnit\Framework\TestCase;
+use SimpleSAML\SAML11\Type\DecisionTypeValue;
+use SimpleSAML\SAML11\XML\saml\DecisionTypeEnum;
+use SimpleSAML\XML\Exception\SchemaViolationException;
+
+/**
+ * Class \SimpleSAML\Test\SAML11\Type\DecisionTypeValueTest
+ *
+ * @package simplesamlphp/saml11
+ */
+#[CoversClass(DecisionTypeValue::class)]
+final class DecisionTypeValueTest extends TestCase
+{
+    /**
+     * @param string $decisionType
+     * @param bool $expected
+     */
+    #[DataProvider('provideDecisionType')]
+    public function testDecisionTypeValue(string $decisionType, bool $shouldPass): void
+    {
+        try {
+            DecisionTypeValue::fromString($decisionType);
+            $this->assertTrue($shouldPass);
+        } catch (SchemaViolationException $e) {
+            $this->assertFalse($shouldPass);
+        }
+    }
+
+
+    /**
+     * Test helpers
+     */
+    public function testHelpers(): void
+    {
+        $x = DecisionTypeValue::fromEnum(DecisionTypeEnum::Deny);
+        $this->assertEquals(DecisionTypeEnum::Deny, $x->toEnum());
+
+        $y = DecisionTypeValue::fromString('Deny');
+        $this->assertEquals(DecisionTypeEnum::Deny, $y->toEnum());
+    }
+
+
+    /**
+     * @return array<string, array{0: string, 1: string}>
+     */
+    public static function provideDecisionType(): array
+    {
+        return [
+            'deny' => ['Deny', true],
+            'indeterminate' => ['Indeterminate', true],
+            'permit' => ['Permit', true],
+            'undefined' => ['undefined', false],
+            'empty' => ['', false],
+        ];
+    }
+}
diff --git a/tests/src/SAML11/XML/saml/AuthorizationDecisionStatementTest.php b/tests/src/SAML11/XML/saml/AuthorizationDecisionStatementTest.php
@@ -8,7 +8,7 @@
 use PHPUnit\Framework\Attributes\{CoversClass, Group};
 use PHPUnit\Framework\TestCase;
 use SimpleSAML\SAML11\Compat\{AbstractContainer, ContainerSingleton};
-use SimpleSAML\SAML11\Type\SAMLAnyURIValue;
+use SimpleSAML\SAML11\Type\{DecisionTypeValue, SAMLAnyURIValue};
 use SimpleSAML\SAML11\XML\saml\{
     AbstractAuthorizationDecisionStatementType,
     AbstractSamlElement,
@@ -116,7 +116,7 @@ public function testMarshalling(): void
         $authzDecisionStatement = new AuthorizationDecisionStatement(
             $subject,
             SAMLAnyURIValue::fromString('urn:x-simplesamlphp:resource'),
-            DecisionTypeEnum::Permit,
+            DecisionTypeValue::fromEnum(DecisionTypeEnum::Permit),
             [$action],
             $evidence,
         );
