function setup_role_manager_mocks(Permission $permission, Role $role, RoleSet $role_set, RoleManager $role_manager)
{
$permission->permission_id = 1;
$permission->name = 'Permission Name';
$permission->description = 'A dummy permission';
$role->role_id = 1;
$role->name = 'members';
$role->description = 'A dummy role';
$role->hasPermission(Argument::type('RBAC\\Permission'))->willReturn(true);
$role->getPermissions()->willReturn(array($permission));
$role->addPermission(Argument::any())->willReturn(true);
$role_set->addRole(Argument::type('RBAC\\Role\\Role'))->willReturn(true);
$role_set->has_permission('Permission Name')->willReturn(true);
$role_manager->roleFetchByName('members')->willReturn($role);
$role_manager->roleFetch()->willReturn(array($role));
$role_manager->roleSave(Argument::any())->willReturn(true);
$role_manager->permissionFetch()->willReturn(array($permission));
//assigns a role set object to the UserAccount object
$role_manager->loadSubjectRoles(Argument::type('PolyAuth\\UserAccount'))->will(function ($args) use($role_set) {
$user = $args[0];
$user->loadRoleSet($role_set);
return $user;
});
//adds a role to the role set of the role object
$role_manager->roleAddSubject(Argument::cetera())->will(function ($args) {
$role = $args[0];
$user = $args[1];
$role_set = $user->getRoleSet();
$role_set->addRole($role);
$user->loadRoleSet($role_set);
return $user;
});
return ['role_manager' => $role_manager];
}
/**
* {@inheritDoc}
*/
public function getRoles(array $roleNames)
{
$roles = [];
foreach ($roleNames as $roleName) {
// If no config, we create a simple role with no permission
if (!isset($this->rolesConfig[$roleName])) {
$roles[] = new Role($roleName);
continue;
}
$roleConfig = $this->rolesConfig[$roleName];
if (isset($roleConfig['children'])) {
$role = new HierarchicalRole($roleName);
$childRoles = (array) $roleConfig['children'];
foreach ($this->getRoles($childRoles) as $childRole) {
$role->addChild($childRole);
}
} else {
$role = new Role($roleName);
}
$permissions = isset($roleConfig['permissions']) ? $roleConfig['permissions'] : [];
foreach ($permissions as $permission) {
$role->addPermission($permission);
}
$roles[] = $role;
}
return $roles;
}
/**
* @covers Rbac\Role\Role::getPermissions
*/
public function testRoleCanGetPermissions()
{
$role = new Role('php');
$role->addPermission('foo');
$role->addPermission('bar');
$expectedPermissions = ['foo' => 'foo', 'bar' => 'bar'];
$this->assertEquals($expectedPermissions, $role->getPermissions());
}
/**
* @covers Rbac\Rbac::isGranted
*/
public function testCanCheckHierarchicalRole()
{
$childRole = new Role('Bar');
$childRole->addPermission('permission');
$parentRole = new HierarchicalRole('Foo');
$parentRole->addChild($childRole);
$rbac = new Rbac();
$this->assertTrue($rbac->isGranted($parentRole, 'permission'));
}
/**
* @covers Rbac\Role\Role::addPermission
*/
public function testRoleCanAddPermission()
{
$role = new Role('php');
$role->addPermission('debug');
$this->assertTrue($role->hasPermission('debug'));
$permission = $this->getMock('Rbac\\Permission\\PermissionInterface');
$permission->expects($this->once())->method('__toString')->will($this->returnValue('interface'));
$role->addPermission($permission);
$this->assertTrue($role->hasPermission('interface'));
}
public function getRoles(array $roleNames)
{
$identity = $this->authenticationService->getIdentity();
$authenticatedIdentity = [];
$keypart = 'guest';
if ($identity instanceof AuthenticatedIdentity) {
$authenticatedIdentity = $identity->getAuthenticationIdentity();
$keypart = $authenticatedIdentity['client_id'] . $authenticatedIdentity['access_token'];
}
$key = implode('_', array(implode('', $roleNames), $keypart));
if (isset($this->roleCache[$key])) {
return $this->roleCache[$key];
}
$roles = [];
foreach ($roleNames as $roleName) {
$roleEntity = $this->roleMapper->fetchEntity($roleName);
if (!$roleEntity) {
$roles[] = new Role($roleName);
continue;
}
$role = new Role($roleName);
$permissions = $roleEntity->getScopes();
if (!empty($permissions)) {
$permissions = explode(' ', $permissions);
} else {
$permissions = [];
}
$client_permissions = $permissions;
if (isset($authenticatedIdentity['client_data'])) {
if (isset($authenticatedIdentity['client_data']['scope']) && !empty($authenticatedIdentity['client_data']['scope'])) {
$client_permissions = explode(' ', $authenticatedIdentity['client_data']['scope']);
}
}
$token_permissions = $permissions;
if (isset($authenticatedIdentity['scope']) && !empty($authenticatedIdentity['scope'])) {
$token_permissions = explode(' ', $authenticatedIdentity['scope']);
}
$permissions = array_intersect($permissions, $client_permissions, $token_permissions);
foreach ($permissions as $permission) {
$role->addPermission($permission);
}
$roles[] = $role;
}
$this->roleCache[$key] = $roles;
return $roles;
}
public function generateRole($name = false, $desc = "blah desc")
{
if (!$name) {
$name = "role_{$this->current_role_num}";
}
$role = Role::create($name, $desc);
$role->role_id = ++$this->current_role_num;
return $role;
}
/**
* @expectedException \RBAC\Exception\InsufficientPermission
*/
public function testRequirePermission()
{
$p1 = Permission::create("test_1", "", 1);
$p2 = Permission::create("test_2", "", 2);
$r1 = Role::create("role_1", "", [$p1, $p2]);
$subject = new Subject(1, new RoleSet([$r1]));
$subject->requirePermission($p1);
$subject->requirePermission($p2->name);
$subject->requirePermission("bs_perm");
}
public function testPermissions()
{
$p1 = Permission::create("test_1", "", 1);
$p2 = Permission::create("test_2", "", 2);
$p3 = Permission::create("test_3", "", 3);
$p4 = Permission::create("test_4", "", 4);
$r1 = Role::create("role_1", "", [$p1, $p2]);
$r2 = Role::create("role_2", "", [$p1, $p2, $p4]);
$role_set = new RoleSet([$r1, $r2]);
$permissions = $role_set->getPermissions();
$this->assertEquals(3, sizeof($permissions));
}
/**
* Creates or updates a single role given a role name and optionally a role description
* Use this function if you just want to register a single role.
*
* @param $role_name string
* @param $role_desc string
* @return $roles array of objects
*/
public function register_role($role_name, $role_desc = false)
{
//check if the role already exists
if ($role_object = $this->role_manager->roleFetchByName($role_name)) {
//update the existing role (if the role_desc actually exists)
$role_object->description = $role_desc ? $role_desc : $role_object->description;
} else {
//create the new role (if the role_desc is false, pass an empty role desc string)
$role_desc = $role_desc ? $role_desc : '';
$role_object = Role::create($role_name, $role_desc);
}
if (!$this->role_manager->roleSave($role_object)) {
throw new RoleSaveException($this->lang('role_save_unsuccessful'));
}
return $role_object;
}
protected function seed()
{
$default_users = array(array('id' => '1', 'ipAddress' => inet_pton('127.0.0.1'), 'username' => 'administrator', 'password' => '$2y$10$EiqipvSt3lnD//nchj4u9OgOTL9R3J4AbZ5bUVVrh.Tq/gmc5xIvS', 'passwordChange' => '0', 'email' => '*****@*****.**', 'createdOn' => date('Y-m-d H:i:s'), 'lastLogin' => date('Y-m-d H:i:s'), 'active' => '1', 'sharedKey' => '9tThG2rFhZv+LslrrPy0I6QcCn9E3kNcyv5rqb3qKLywvFCfwHiSZ2fH2qQAgQXAkfBIrd0zHP+1v/FJ4W/kMA=='));
//default user to roles
$default_users_to_roles = array(array('admin', 'member'));
//roles to descriptions
$default_roles = array('admin' => 'Site Administrators', 'member' => 'General Members');
//roles to permissions to permission descriptions
$default_role_permissions = array('admin' => array('admin_create' => 'Creating administration resources.', 'admin_read' => 'Viewing administration resources.', 'admin_update' => 'Editing administration resources.', 'admin_delete' => 'Deleting administration resources.'), 'member' => array('public_read' => 'Viewing public resources.'));
//seeding user accounts
foreach ($default_users as $user) {
$this->db->insert('user_accounts', $user);
}
//seeding roles and permissions
$role_manager = new RoleManager(new MySQLAdapter($this->db->conn_id, new Options()));
foreach ($default_role_permissions as $role => $permissions_array) {
//create the role
$created_role = Role::create($role, $default_roles[$role]);
foreach ($permissions_array as $permission => $reason) {
//create the permission
$created_permission = Permission::create($permission, $reason);
//save the permission to the database
$role_manager->permissionSave($created_permission);
//add the permission to the role
$created_role->addPermission($created_permission);
}
$role_manager->roleSave($created_role);
}
//assign the role to the users
foreach ($default_users_to_roles as $key => $roles) {
$user_id = $default_users[$key]['id'];
foreach ($roles as $role) {
$assignable_role = $role_manager->roleFetchByName($role);
$role_manager->roleAddSubjectId($assignable_role, $user_id);
}
}
}
/**
* Get role by role name
*
* @param $roleName
* @return RoleInterface
*/
protected function getRole($roleName)
{
if (isset($this->roles[$roleName])) {
return $this->roles[$roleName];
}
// If no config, we create a simple role with no permission
if (!isset($this->rolesConfig[$roleName])) {
$role = new Role($roleName);
$this->roles[$roleName] = $role;
return $role;
}
$roleConfig = $this->rolesConfig[$roleName];
if (isset($roleConfig['children'])) {
$role = new HierarchicalRole($roleName);
$childRoles = (array) $roleConfig['children'];
foreach ($childRoles as $childRole) {
$childRole = $this->getRole($childRole);
$role->addChild($childRole);
}
} else {
$role = new Role($roleName);
}
$permissions = isset($roleConfig['permissions']) ? $roleConfig['permissions'] : [];
foreach ($permissions as $permission) {
$role->addPermission($permission);
}
$this->roles[$roleName] = $role;
return $role;
}
/**
* @param Role $role
*
* @return bool
*/
public function roleSave(Role $role)
{
if ($role->role_id) {
$query = "\n UPDATE\n auth_role\n SET\n `name` = :name, description = :description, updated_on = " . $this->sql_time_func . "\n WHERE\n role_id = :role_id\n ";
} else {
$query = "\n INSERT INTO auth_role\n (name, description, added_on, updated_on)\n VALUES\n (:name, :description, " . $this->sql_time_func . ", " . $this->sql_time_func . ")\n ";
}
$cur = $this->db->prepare($query);
$cur->bindParam(":name", $role->name, PDO::PARAM_STR, 32);
$cur->bindParam(":description", $role->description, PDO::PARAM_STR);
if ($role->role_id) {
$cur->bindParam(":role_id", $role->role_id, PDO::PARAM_INT);
}
$this->db->beginTransaction();
try {
$cur->execute();
if (!$role->role_id) {
$role->role_id = (int) $this->db->lastInsertId();
}
$this->db->commit();
} catch (PDOException $db_err) {
$this->db->rollBack();
if ($this->logger) {
$this->logger->error("Failed to save role to DB", ['exception' => $db_err]);
}
return false;
}
foreach ($role->getPermissions() as $permission) {
// TODO: Something on fail
$this->rolePermissionAdd($role, $permission);
}
return true;
}
/**
* @expectedException \RBAC\Exception\ValidationError
*/
public function testRolePermissionAddInvalidRole()
{
$this->rm->rolePermissionAdd(Role::create("blah"), $this->generatePerm());
}
public function testToString()
{
$this->assertEquals("test_role", (string) Role::create("test_role"));
}
