Ejemplo n.º 1
0
 /**
  * @ApiDoc(
  *  section="ACL Management",
  *  description="Saves the given rules"
  * )
  *
  * @Rest\RequestParam(name="targetId", requirements=".+", strict=true, description="Target id")
  * @Rest\RequestParam(name="targetType", requirements=".+", strict=true, description="Target type")
  * @Rest\RequestParam(name="rules", strict=false, description="ACL rules array")
  *
  * @Rest\Post("/user/acl")
  *
  * @param  int $targetId
  * @param  int $targetType
  * @param  array $rules
  *
  * @return bool
  */
 public function saveAcl($targetId, $targetType, $rules = null)
 {
     $targetId += 0;
     $targetType += 0;
     AclQuery::create()->filterByTargetId($targetId)->filterByTargetType($targetType)->delete();
     if (0 < count($rules)) {
         $i = 1;
         if (is_array($rules)) {
             foreach ($rules as $rule) {
                 $ruleObject = new Acl();
                 $ruleObject->setPrio($i);
                 $ruleObject->setTargetType($targetType);
                 $ruleObject->setTargetId($targetId);
                 $ruleObject->setTargetId($targetId);
                 $ruleObject->setObject(Objects::normalizeObjectKey(@$rule['object']));
                 $ruleObject->setSub(filter_var(@$rule['sub'], FILTER_VALIDATE_BOOLEAN));
                 $ruleObject->setAccess(filter_var(@$rule['access'], FILTER_VALIDATE_BOOLEAN));
                 $ruleObject->setFields(@$rule['fields']);
                 $ruleObject->setConstraintType(@$rule['constraintType']);
                 $ruleObject->setConstraintCode(@$rule['constraintCode']);
                 $ruleObject->setMode(@$rule['mode'] + 0);
                 $ruleObject->save();
                 $i++;
             }
         }
     }
     $this->cacher->invalidateCache('core/acl');
     return true;
 }
Ejemplo n.º 2
0
 public function setObject($mode, $objectKey, $constraintType, $constraintCode, $withSub = false, $targetType, $targetId, $access, $fields = null)
 {
     $objectKey = Objects::normalizeObjectKey($objectKey);
     $acl = new AclObject();
     $acl->setMode($mode);
     $acl->setTargetType($targetType);
     $acl->setTargetId($targetId);
     $acl->setSub($withSub);
     $acl->setAccess($access);
     if ($fields) {
         $acl->setFields(json_encode($fields));
     }
     $acl->setObject($objectKey);
     $acl->setConstraintCode(is_array($constraintCode) ? json_encode($constraintCode) : $constraintCode);
     $acl->setConstraintType($constraintType);
     $query = new \Jarves\Model\AclQuery();
     $query->select('Prio');
     $query->filterByObject($objectKey);
     $query->filterByMode($mode);
     $query->orderByPrio(Criteria::DESC);
     $highestPrio = (int) $query->findOne();
     $acl->setPrio($highestPrio + 1);
     $this->cache[$objectKey . '_' . $mode] = null;
     $acl->save();
     return $acl;
 }
Ejemplo n.º 3
0
 public function testNestedSubPermission()
 {
     $this->getACL()->setCaching(false);
     $this->getACL()->removeObjectRules('jarves/node');
     $tokenStorage = $this->getTokenStorage();
     $token = new UsernamePasswordToken(UserQuery::create()->findOneByUsername('test'), null, "main");
     $tokenStorage->setToken($token);
     $user = $this->getPageStack()->getUser();
     $this->assertEquals('test', $user->getUsername());
     $domain = DomainQuery::create()->findOne();
     $root = NodeQuery::create()->findRoot($domain->getId());
     $subNode = new Node();
     $subNode->setTitle('TestNode tree');
     $subNode->insertAsFirstChildOf($root);
     $subNode->save();
     $subNode2 = new Node();
     $subNode2->setTitle('TestNode sub');
     $subNode2->insertAsFirstChildOf($subNode);
     $subNode2->save();
     //make access for all
     $rule = new Acl();
     $rule->setAccess(true);
     $rule->setObject('jarves/node');
     $rule->setTargetType(\Jarves\ACL::TARGET_TYPE_USER);
     $rule->setTargetId($user->getId());
     $rule->setMode(\Jarves\ACL::MODE_ALL);
     $rule->setConstraintType(\Jarves\ACL::CONSTRAINT_ALL);
     $rule->setPrio(2);
     $rule->save();
     //revoke access for all children of `TestNode tree`
     $rule2 = new Acl();
     $rule2->setAccess(false);
     $rule2->setObject('jarves/node');
     $rule2->setTargetType(\Jarves\ACL::TARGET_TYPE_USER);
     $rule2->setTargetId($user->getId());
     $rule2->setMode(\Jarves\ACL::MODE_ALL);
     $rule2->setConstraintType(\Jarves\ACL::CONSTRAINT_CONDITION);
     $rule2->setConstraintCode(json_encode(['title', '=', 'TestNode tree']));
     $rule2->setPrio(3);
     $rule2->setSub(true);
     $rule2->save();
     $this->getCacher()->invalidateCache('core');
     $node1RequestListing = ACLRequest::create('jarves/node', $subNode->getId())->onlyListingMode();
     $node2RequestListing = ACLRequest::create('jarves/node', $subNode2->getId())->onlyListingMode();
     $this->assertFalse($this->getACL()->check($node1RequestListing));
     $this->assertFalse($this->getACL()->check($node2RequestListing));
     $items = $this->getObjects()->getBranch('jarves/node', $subNode->getId(), null, 1, null, ['permissionCheck' => true]);
     $this->assertNull($items, 'rule2 revokes the access to all elements');
     $item = $this->getObjects()->get('jarves/node', $subNode2->getId(), ['permissionCheck' => true]);
     $this->assertNull($item);
     // Deactivate sub
     $rule2->setSub(false);
     $rule2->save();
     $this->assertFalse($this->getACL()->check($node1RequestListing));
     $this->assertTrue($this->getACL()->check($node2RequestListing));
     $items = $this->getObjects()->getBranch('jarves/node', $subNode->getId(), null, 1, null, ['permissionCheck' => true]);
     $this->assertEquals('TestNode sub', $items[0]['title'], 'We got TestNode sub');
     $item = $this->getObjects()->get('jarves/node', $subNode2->getId(), ['permissionCheck' => true]);
     $this->assertEquals('TestNode sub', $item['title'], 'We got TestNode sub');
     // Activate access
     $rule2->setAccess(true);
     $rule2->save();
     $this->assertTrue($this->getACL()->check($node1RequestListing));
     $this->assertTrue($this->getACL()->check($node2RequestListing));
     $items = $this->getObjects()->getBranch('jarves/node', $subNode->getId(), null, 1, null, ['permissionCheck' => true]);
     $this->assertEquals('TestNode sub', $items[0]['title'], 'We got TestNode sub');
     $subNode->delete();
     $subNode2->delete();
     $rule->delete();
     $rule2->delete();
     $this->getACL()->setCaching(true);
 }