/**
* @group ZF-9643
*/
public function testRemoveAllowWithNullResourceAppliesToAllResources()
{
$this->_acl->addRole('guest');
$this->_acl->addResource('blogpost');
$this->_acl->addResource('newsletter');
$this->_acl->allow('guest', 'blogpost', 'read');
$this->_acl->allow('guest', 'newsletter', 'read');
$this->assertTrue($this->_acl->isAllowed('guest', 'blogpost', 'read'));
$this->assertTrue($this->_acl->isAllowed('guest', 'newsletter', 'read'));
$this->_acl->removeAllow('guest', 'newsletter', 'read');
$this->assertTrue($this->_acl->isAllowed('guest', 'blogpost', 'read'));
$this->assertFalse($this->_acl->isAllowed('guest', 'newsletter', 'read'));
$this->_acl->removeAllow('guest', null, 'read');
$this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
$this->assertFalse($this->_acl->isAllowed('guest', 'newsletter', 'read'));
// ensure allow null/all resoures works
$this->_acl->allow('guest', null, 'read');
$this->assertTrue($this->_acl->isAllowed('guest', 'blogpost', 'read'));
$this->assertTrue($this->_acl->isAllowed('guest', 'newsletter', 'read'));
}
/**
* Ensures that an example for a content management system is operable
*
* @return void
*/
public function testCMSExample()
{
// Add some roles to the Role registry
$this->_acl->addRole(new Zend_Acl_Role('guest'))->addRole(new Zend_Acl_Role('staff'), 'guest')->addRole(new Zend_Acl_Role('editor'), 'staff')->addRole(new Zend_Acl_Role('administrator'));
// Guest may only view content
$this->_acl->allow('guest', null, 'view');
// Staff inherits view privilege from guest, but also needs additional privileges
$this->_acl->allow('staff', null, array('edit', 'submit', 'revise'));
// Editor inherits view, edit, submit, and revise privileges, but also needs additional privileges
$this->_acl->allow('editor', null, array('publish', 'archive', 'delete'));
// Administrator inherits nothing but is allowed all privileges
$this->_acl->allow('administrator');
// Access control checks based on above permission sets
$this->assertTrue($this->_acl->isAllowed('guest', null, 'view'));
$this->assertFalse($this->_acl->isAllowed('guest', null, 'edit'));
$this->assertFalse($this->_acl->isAllowed('guest', null, 'submit'));
$this->assertFalse($this->_acl->isAllowed('guest', null, 'revise'));
$this->assertFalse($this->_acl->isAllowed('guest', null, 'publish'));
$this->assertFalse($this->_acl->isAllowed('guest', null, 'archive'));
$this->assertFalse($this->_acl->isAllowed('guest', null, 'delete'));
$this->assertFalse($this->_acl->isAllowed('guest', null, 'unknown'));
$this->assertFalse($this->_acl->isAllowed('guest'));
$this->assertTrue($this->_acl->isAllowed('staff', null, 'view'));
$this->assertTrue($this->_acl->isAllowed('staff', null, 'edit'));
$this->assertTrue($this->_acl->isAllowed('staff', null, 'submit'));
$this->assertTrue($this->_acl->isAllowed('staff', null, 'revise'));
$this->assertFalse($this->_acl->isAllowed('staff', null, 'publish'));
$this->assertFalse($this->_acl->isAllowed('staff', null, 'archive'));
$this->assertFalse($this->_acl->isAllowed('staff', null, 'delete'));
$this->assertFalse($this->_acl->isAllowed('staff', null, 'unknown'));
$this->assertFalse($this->_acl->isAllowed('staff'));
$this->assertTrue($this->_acl->isAllowed('editor', null, 'view'));
$this->assertTrue($this->_acl->isAllowed('editor', null, 'edit'));
$this->assertTrue($this->_acl->isAllowed('editor', null, 'submit'));
$this->assertTrue($this->_acl->isAllowed('editor', null, 'revise'));
$this->assertTrue($this->_acl->isAllowed('editor', null, 'publish'));
$this->assertTrue($this->_acl->isAllowed('editor', null, 'archive'));
$this->assertTrue($this->_acl->isAllowed('editor', null, 'delete'));
$this->assertFalse($this->_acl->isAllowed('editor', null, 'unknown'));
$this->assertFalse($this->_acl->isAllowed('editor'));
$this->assertTrue($this->_acl->isAllowed('administrator', null, 'view'));
$this->assertTrue($this->_acl->isAllowed('administrator', null, 'edit'));
$this->assertTrue($this->_acl->isAllowed('administrator', null, 'submit'));
$this->assertTrue($this->_acl->isAllowed('administrator', null, 'revise'));
$this->assertTrue($this->_acl->isAllowed('administrator', null, 'publish'));
$this->assertTrue($this->_acl->isAllowed('administrator', null, 'archive'));
$this->assertTrue($this->_acl->isAllowed('administrator', null, 'delete'));
$this->assertTrue($this->_acl->isAllowed('administrator', null, 'unknown'));
$this->assertTrue($this->_acl->isAllowed('administrator'));
// Some checks on specific areas, which inherit access controls from the root ACL node
$this->_acl->add(new Zend_Acl_Resource('newsletter'))->add(new Zend_Acl_Resource('pending'), 'newsletter')->add(new Zend_Acl_Resource('gallery'))->add(new Zend_Acl_Resource('profiles', 'gallery'))->add(new Zend_Acl_Resource('config'))->add(new Zend_Acl_Resource('hosts'), 'config');
$this->assertTrue($this->_acl->isAllowed('guest', 'pending', 'view'));
$this->assertTrue($this->_acl->isAllowed('staff', 'profiles', 'revise'));
$this->assertTrue($this->_acl->isAllowed('staff', 'pending', 'view'));
$this->assertTrue($this->_acl->isAllowed('staff', 'pending', 'edit'));
$this->assertFalse($this->_acl->isAllowed('staff', 'pending', 'publish'));
$this->assertFalse($this->_acl->isAllowed('staff', 'pending'));
$this->assertFalse($this->_acl->isAllowed('editor', 'hosts', 'unknown'));
$this->assertTrue($this->_acl->isAllowed('administrator', 'pending'));
// Add a new group, marketing, which bases its permissions on staff
$this->_acl->addRole(new Zend_Acl_Role('marketing'), 'staff');
// Refine the privilege sets for more specific needs
// Allow marketing to publish and archive newsletters
$this->_acl->allow('marketing', 'newsletter', array('publish', 'archive'));
// Allow marketing to publish and archive latest news
$this->_acl->add(new Zend_Acl_Resource('news'))->add(new Zend_Acl_Resource('latest'), 'news');
$this->_acl->allow('marketing', 'latest', array('publish', 'archive'));
// Deny staff (and marketing, by inheritance) rights to revise latest news
$this->_acl->deny('staff', 'latest', 'revise');
// Deny everyone access to archive news announcements
$this->_acl->add(new Zend_Acl_Resource('announcement'), 'news');
$this->_acl->deny(null, 'announcement', 'archive');
// Access control checks for the above refined permission sets
$this->assertTrue($this->_acl->isAllowed('marketing', null, 'view'));
$this->assertTrue($this->_acl->isAllowed('marketing', null, 'edit'));
$this->assertTrue($this->_acl->isAllowed('marketing', null, 'submit'));
$this->assertTrue($this->_acl->isAllowed('marketing', null, 'revise'));
$this->assertFalse($this->_acl->isAllowed('marketing', null, 'publish'));
$this->assertFalse($this->_acl->isAllowed('marketing', null, 'archive'));
$this->assertFalse($this->_acl->isAllowed('marketing', null, 'delete'));
$this->assertFalse($this->_acl->isAllowed('marketing', null, 'unknown'));
$this->assertFalse($this->_acl->isAllowed('marketing'));
$this->assertTrue($this->_acl->isAllowed('marketing', 'newsletter', 'publish'));
$this->assertFalse($this->_acl->isAllowed('staff', 'pending', 'publish'));
$this->assertTrue($this->_acl->isAllowed('marketing', 'pending', 'publish'));
$this->assertTrue($this->_acl->isAllowed('marketing', 'newsletter', 'archive'));
$this->assertFalse($this->_acl->isAllowed('marketing', 'newsletter', 'delete'));
$this->assertFalse($this->_acl->isAllowed('marketing', 'newsletter'));
$this->assertTrue($this->_acl->isAllowed('marketing', 'latest', 'publish'));
$this->assertTrue($this->_acl->isAllowed('marketing', 'latest', 'archive'));
$this->assertFalse($this->_acl->isAllowed('marketing', 'latest', 'delete'));
$this->assertFalse($this->_acl->isAllowed('marketing', 'latest', 'revise'));
$this->assertFalse($this->_acl->isAllowed('marketing', 'latest'));
$this->assertFalse($this->_acl->isAllowed('marketing', 'announcement', 'archive'));
$this->assertFalse($this->_acl->isAllowed('staff', 'announcement', 'archive'));
$this->assertFalse($this->_acl->isAllowed('administrator', 'announcement', 'archive'));
$this->assertFalse($this->_acl->isAllowed('staff', 'latest', 'publish'));
$this->assertFalse($this->_acl->isAllowed('editor', 'announcement', 'archive'));
// Remove some previous permission specifications
// Marketing can no longer publish and archive newsletters
$this->_acl->removeAllow('marketing', 'newsletter', array('publish', 'archive'));
// Marketing can no longer archive the latest news
$this->_acl->removeAllow('marketing', 'latest', 'archive');
// Now staff (and marketing, by inheritance) may revise latest news
$this->_acl->removeDeny('staff', 'latest', 'revise');
// Access control checks for the above refinements
$this->assertFalse($this->_acl->isAllowed('marketing', 'newsletter', 'publish'));
$this->assertFalse($this->_acl->isAllowed('marketing', 'newsletter', 'archive'));
$this->assertFalse($this->_acl->isAllowed('marketing', 'latest', 'archive'));
$this->assertTrue($this->_acl->isAllowed('staff', 'latest', 'revise'));
$this->assertTrue($this->_acl->isAllowed('marketing', 'latest', 'revise'));
// Grant marketing all permissions on the latest news
$this->_acl->allow('marketing', 'latest');
// Access control checks for the above refinement
$this->assertTrue($this->_acl->isAllowed('marketing', 'latest', 'archive'));
$this->assertTrue($this->_acl->isAllowed('marketing', 'latest', 'publish'));
$this->assertTrue($this->_acl->isAllowed('marketing', 'latest', 'edit'));
$this->assertTrue($this->_acl->isAllowed('marketing', 'latest'));
}
/**
* @group ZF-8039
*
* Meant to test for the (in)existance of this notice:
* "Notice: Undefined index: allPrivileges in lib/Zend/Acl.php on line 682"
*/
public function testMethodRemoveAllowDoesNotThrowNotice()
{
$acl = new Zend_Acl();
$acl->addRole('admin');
$acl->addResource('blog');
$acl->allow('admin', 'blog', 'read');
$acl->removeAllow(array('admin'), array('blog'), null);
}
