dotkernel · alexmerlin · Mar 14, 2025 · Mar 13, 2025 · Mar 14, 2025
diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
@@ -0,0 +1,50 @@
+on:
+  - push
+
+name: Run PHPStan checks
+
+jobs:
+  mutation:
+    name: PHPStan ${{ matrix.php }}-${{ matrix.os }}
+
+    runs-on: ${{ matrix.os }}
+
+    strategy:
+      matrix:
+        os:
+          - ubuntu-latest
+
+        php:
+          - "8.1"
+          - "8.2"
+          - "8.3"
+          - "8.4"
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Install PHP
+        uses: shivammathur/setup-php@v2
+        with:
+          php-version: "${{ matrix.php }}"
+          coverage: pcov
+          ini-values: assert.exception=1, zend.assertions=1, error_reporting=-1, log_errors_max_len=0, display_errors=On
+          tools: composer:v2, cs2pr
+
+      - name: Determine composer cache directory
+        run: echo "COMPOSER_CACHE_DIR=$(composer config cache-dir)" >> $GITHUB_ENV
+
+      - name: Cache dependencies installed with composer
+        uses: actions/cache@v4
+        with:
+          path: ${{ env.COMPOSER_CACHE_DIR }}
+          key: php${{ matrix.php }}-composer-${{ hashFiles('**/composer.json') }}
+          restore-keys: |
+            php${{ matrix.php }}-composer-
+
+      - name: Install dependencies with composer
+        run: composer install --prefer-dist --no-interaction --no-progress --optimize-autoloader --ansi
+
+      - name: Run static analysis with PHPStan
+        run:  vendor/bin/phpstan analyse
diff --git a/README.md b/README.md
@@ -8,8 +8,14 @@ The authorization is done on a role basis, not user basis as in ACL.
 Each role can have one or multiple permissions/privileges assigned.
 When deciding if a user is authorized, the requested permission is checked in all user roles and if at least one role has that permission, access is granted.
 
+## Documentation
+
+Documentation is available at: https://docs.dotkernel.org/dot-rbac/.
+
+## Badges
+
 ![OSS Lifecycle](https://img.shields.io/osslifecycle/dotkernel/dot-rbac)
-![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/dot-rbac/4.0.1)
+![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/dot-rbac/4.1.0)
 
 [![GitHub issues](https://img.shields.io/github/issues/dotkernel/dot-rbac)](https://github.com/dotkernel/dot-rbac/issues)
 [![GitHub forks](https://img.shields.io/github/forks/dotkernel/dot-rbac)](https://github.com/dotkernel/dot-rbac/network)
@@ -18,6 +24,7 @@ When deciding if a user is authorized, the requested permission is checked in al
 
 [![Build Static](https://github.com/dotkernel/dot-rbac/actions/workflows/continuous-integration.yml/badge.svg?branch=4.0)](https://github.com/dotkernel/dot-rbac/actions/workflows/continuous-integration.yml)
 [![codecov](https://codecov.io/gh/dotkernel/dot-rbac/graph/badge.svg?token=GCK6C92N83)](https://codecov.io/gh/dotkernel/dot-rbac)
+[![PHPStan](https://github.com/dotkernel/dot-rbac/actions/workflows/static-analysis.yml/badge.svg?branch=4.0)](https://github.com/dotkernel/dot-rbac/actions/workflows/static-analysis.yml)
 
 ## Installation
 

diff --git a/composer.json b/composer.json
@@ -30,8 +30,9 @@
     },
     "require-dev": {
         "laminas/laminas-coding-standard": "^3.0",
-        "phpunit/phpunit": "^10.2",
-        "vimeo/psalm": "^6.0"
+        "phpstan/phpstan": "^2.1",
+        "phpstan/phpstan-phpunit": "^2.0",
+        "phpunit/phpunit": "^10.2"
     },
     "autoload": {
         "psr-4": {
@@ -52,7 +53,6 @@
         "cs-check": "phpcs",
         "cs-fix": "phpcbf",
         "test": "phpunit --colors=always",
-        "test-coverage": "phpunit --colors=always --coverage-clover clover.xml",
-        "static-analysis": "psalm --shepherd --stats"
+        "static-analysis": "phpstan analyse --memory-limit 1G"
     }
 }
diff --git a/docs/book/v3/overview.md b/docs/book/v3/overview.md
@@ -0,0 +1,17 @@
+# dot-rbac
+
+The rbac authorization service decides if the authenticated identity or guest has access to certain parts of the application
+
+## Badges
+
+![OSS Lifecycle](https://img.shields.io/osslifecycle/dotkernel/dot-rbac)
+![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/dot-rbac/3.7.0)
+
+[![GitHub issues](https://img.shields.io/github/issues/dotkernel/dot-rbac)](https://github.com/dotkernel/dot-rbac/issues)
+[![GitHub forks](https://img.shields.io/github/forks/dotkernel/dot-rbac)](https://github.com/dotkernel/dot-rbac/network)
+[![GitHub stars](https://img.shields.io/github/stars/dotkernel/dot-rbac)](https://github.com/dotkernel/dot-rbac/stargazers)
+[![GitHub license](https://img.shields.io/github/license/dotkernel/dot-rbac)](https://github.com/dotkernel/dot-rbac/blob/3.0/LICENSE.md)
+[![Build Static](https://github.com/dotkernel/dot-rbac/actions/workflows/continuous-integration.yml/badge.svg?branch=3.0)](https://github.com/dotkernel/dot-rbac/actions/workflows/continuous-integration.yml)
+
+[![codecov](https://codecov.io/gh/dotkernel/dot-rbac/graph/badge.svg?token=GCK6C92N83)](https://codecov.io/gh/dotkernel/dot-rbac)
+[![PHPStan](https://github.com/dotkernel/dot-rbac/actions/workflows/static-analysis.yml/badge.svg?branch=3.0)](https://github.com/dotkernel/dot-rbac/actions/workflows/static-analysis.yml)
diff --git a/docs/book/v4/overview.md b/docs/book/v4/overview.md
@@ -0,0 +1,17 @@
+# dot-rbac
+
+The rbac authorization service decides if the authenticated identity or guest has access to certain parts of the application
+
+## Badges
+
+![OSS Lifecycle](https://img.shields.io/osslifecycle/dotkernel/dot-rbac)
+![PHP from Packagist (specify version)](https://img.shields.io/packagist/php-v/dotkernel/dot-rbac/4.1.0)
+
+[![GitHub issues](https://img.shields.io/github/issues/dotkernel/dot-rbac)](https://github.com/dotkernel/dot-rbac/issues)
+[![GitHub forks](https://img.shields.io/github/forks/dotkernel/dot-rbac)](https://github.com/dotkernel/dot-rbac/network)
+[![GitHub stars](https://img.shields.io/github/stars/dotkernel/dot-rbac)](https://github.com/dotkernel/dot-rbac/stargazers)
+[![GitHub license](https://img.shields.io/github/license/dotkernel/dot-rbac)](https://github.com/dotkernel/dot-rbac/blob/4.0/LICENSE.md)
+
+[![Build Static](https://github.com/dotkernel/dot-rbac/actions/workflows/continuous-integration.yml/badge.svg?branch=4.0)](https://github.com/dotkernel/dot-rbac/actions/workflows/continuous-integration.yml)
+[![codecov](https://codecov.io/gh/dotkernel/dot-rbac/graph/badge.svg?token=GCK6C92N83)](https://codecov.io/gh/dotkernel/dot-rbac)
+[![PHPStan](https://github.com/dotkernel/dot-rbac/actions/workflows/static-analysis.yml/badge.svg?branch=4.0)](https://github.com/dotkernel/dot-rbac/actions/workflows/static-analysis.yml)
diff --git a/mkdocs.yml b/mkdocs.yml
@@ -9,11 +9,13 @@ extra:
 nav:
   - Home: index.md
   - v4:
+      - Overview: v4/overview.md
       - Installation: v4/installation.md
       - Configuration: v4/configuration.md
       - Usage: v4/usage.md
       - Customization: v4/customization.md
   - v3:
+      - Overview: v3/overview.md
       - Installation: v3/installation.md
       - Configuration: v3/configuration.md
       - Usage: v3/usage.md

diff --git a/phpstan.neon b/phpstan.neon
@@ -0,0 +1,8 @@
+includes:
+    - vendor/phpstan/phpstan-phpunit/extension.neon
+parameters:
+    level: 5
+    paths:
+        - src
+        - test
+    treatPhpDocTypesAsCertain: false
diff --git a/psalm.xml b/psalm.xml
diff --git a/test/Assertion/FactoryTest.php b/test/Assertion/FactoryTest.php
@@ -51,7 +51,7 @@ public function assert(AuthorizationInterface $authorization, mixed $context = n
         $subject = new Factory($container, $assertionPluginManager);
 
         $result = $subject->create(['type' => 'testType']);
-        $this->assertInstanceOf(AssertionInterface::class, $result);
+        $this->assertContainsOnlyInstancesOf(AssertionInterface::class, [$result]);
     }
 
     /**
@@ -65,6 +65,6 @@ public function testGetAssertionPluginManager(): void
         $subject = new Factory($container, $assertionPluginManager);
 
         $result = $subject->getAssertionPluginManager();
-        $this->assertInstanceOf(AssertionPluginManager::class, $result);
+        $this->assertContainsOnlyInstancesOf(AssertionPluginManager::class, [$result]);
     }
 }
diff --git a/test/Factory/AssertionPluginManagerFactoryTest.php b/test/Factory/AssertionPluginManagerFactoryTest.php
@@ -34,6 +34,6 @@ public function testCanCreateManager(): void
             ->willReturn($config);
 
         $result = (new AssertionPluginManagerFactory())($container);
-        $this->assertInstanceOf(AssertionPluginManager::class, $result);
+        $this->assertSame(AssertionPluginManager::class, $result::class);
     }
 }
diff --git a/test/Factory/AuthenticationIdentityProviderFactoryTest.php b/test/Factory/AuthenticationIdentityProviderFactoryTest.php
@@ -39,6 +39,6 @@ public function testWillCreateService(): void
             ]);
 
         $result = (new AuthenticationIdentityProviderFactory())($this->container);
-        $this->assertInstanceOf(AuthenticationIdentityProvider::class, $result);
+        $this->assertSame(AuthenticationIdentityProvider::class, $result::class);
     }
 }
diff --git a/test/Factory/AuthorizationOptionFactoryTest.php b/test/Factory/AuthorizationOptionFactoryTest.php
@@ -28,6 +28,6 @@ public function testCanCreateInterface(): void
             ->willReturn(['dot_authorization' => null]);
 
         $interface = (new AuthorizationOptionsFactory())($container);
-        $this->assertInstanceOf(AuthorizationOptions::class, $interface);
+        $this->assertSame(AuthorizationOptions::class, $interface::class);
     }
 }
diff --git a/test/Factory/AuthorizationServiceFactoryTest.php b/test/Factory/AuthorizationServiceFactoryTest.php
@@ -47,6 +47,6 @@ public function testWillCreateService(): void
         );
 
         $service = (new AuthorizationServiceFactory())($container);
-        $this->assertInstanceOf(AuthorizationService::class, $service);
+        $this->assertSame(AuthorizationService::class, $service::class);
     }
 }
diff --git a/test/Factory/RoleProviderPluginManagerFactoryTest.php b/test/Factory/RoleProviderPluginManagerFactoryTest.php
@@ -35,6 +35,6 @@ public function testCanCreate(): void
             ->willReturn($config);
 
         $service = (new RoleProviderPluginManagerFactory())($container);
-        $this->assertInstanceOf(RoleProviderPluginManager::class, $service);
+        $this->assertSame(RoleProviderPluginManager::class, $service::class);
     }
 }
diff --git a/test/Factory/RoleServiceFactoryTest.php b/test/Factory/RoleServiceFactoryTest.php
@@ -44,7 +44,7 @@ public function testWillCreateService(): void
 
         $service = (new RoleServiceFactory())($container);
 
-        $this->assertInstanceOf(RoleService::class, $service);
+        $this->assertSame(RoleService::class, $service::class);
     }
 
     /**
-Original file line number
+Diff line change
@@ Expand Up / @@ -44,7 +44,7 @@ public function testWillCreateService(): void @@
             $service = (new RoleServiceFactory())($container);
-            $this->assertInstanceOf(RoleService::class, $service);
+            $this->assertSame(RoleService::class, $service::class);
         }
         /**
@@ Expand Down @@