public function cannot($policyName, $addl = null) { if ($addl !== null) { $addl = !is_array($addl) ? [$addl] : $addl; } $policy = $this->policies[$policyName]; if ($policy === null) { throw new \InvalidArgumentException('Invalid policy name: ' . $policyName); } $enforcer = new Enforcer(); return !$enforcer->evaluate($this->subject, $policy, $addl); }
$admin = $action; $user = "******"; $attacker = "Encrypt"; //Create base Policies for the 3 groups we have switch ($group) { case 0: $actionRule = $admin; break; case 1: $actionRule = $user; break; case 2: $actionRule = $attacker; break; } $enforcer = new Enforcer(); $decider = new Decider(); $enforcer->setDecider($decider); // Create some Matches //Action requested by the user $match1 = new Match('StringEqual', 'property1', 'TestMatch1', $action); //Action allowed by what policy states that group can do $match2 = new Match('StringEqual', 'property1', 'TestMatch2', $actionRule); // Create a Target container for our Matches $target = new Target(); $target->addMatches(array($match1, $match2)); // Make a new Rule and add the Target to it $rule1 = new Rule(); $rule1->setTarget($target)->setId('TestRule')->setEffect('Permit')->setDescription('Test to see if there is an attribute on the subject' . 'that exactly matches the word "test"')->setAlgorithm(new DenyOverrides()); // Make two new policies and add the Rule to it (with our Match) $policy1 = new Policy();
/** * Test that an exception is thrown when teh policy name isn't found * * @expectedException \InvalidArgumentException */ public function testPolicyNameNotFoundAllows() { $policySet = PolicySet::instance(); $subject = new Subject((object) ['username' => 'ccornutt']); $en = new Enforcer($policySet); $en->allows('policy1', $subject); }
<?php // property-based auth* require_once 'User.php'; require_once 'Enforcer.php'; require_once 'Policy.php'; require_once 'Check.php'; // ------------------------- $enforcer = new Enforcer(); $myUser = new User(['username' => 'ccornutt', 'permissions' => ['test1']]); $myPolicy = new Policy(); // $myPolicy->hasUsername('ccornutt')->notPermissions(['test']); $myPolicy->hasUsername(['ccornutt', 'ccornutt1'], Policy::ANY); // ->notUsername(['ccornutt', 'ccornutt2'], Policy::ANY); // ->notUsername(['ccornutt2'], Policy::ANY); // ->notPermissions(['test']); print_r($myPolicy); $result = $enforcer->evaluate($myUser, $myPolicy); echo 'RESULT: ' . var_export($result, true) . "\n\n";