/** * @covers PolicySet */ public function testPolicySet() { // Test combining algorithm and default effect. $policySet = new PolicySet(); self::assertEquals(COMBINING_DENY_OVERRIDES, $policySet->getCombiningAlgorithm()); self::assertEquals(AUTHORIZATION_DENY, $policySet->getEffectIfNoPolicyApplies()); $policySet = new PolicySet(COMBINING_PERMIT_OVERRIDES); $policySet->setEffectIfNoPolicyApplies(AUTHORIZATION_PERMIT); self::assertEquals(COMBINING_PERMIT_OVERRIDES, $policySet->getCombiningAlgorithm()); self::assertEquals(AUTHORIZATION_PERMIT, $policySet->getEffectIfNoPolicyApplies()); // Test adding policies. $policySet->addPolicy($policy1 = new AuthorizationPolicy('policy1')); $policySet->addPolicy($policy2 = new AuthorizationPolicy('policy2')); $policySet->addPolicy($policy3 = new AuthorizationPolicy('policy3'), $addToTop = true); self::assertEquals(array($policy3, $policy1, $policy2), $policySet->getPolicies()); }
/** * Evaluate the given set of policies against the subject * * @param Subject $subject Current subject * @param PolicySet $policySet Set of policies * @param Action $action * * @return bool */ public function evaluate(Subject $subject, PolicySet $policySet, Action $action) { // get the subject's attributes $this->setSubjectAttributes($subject->getAttributes()); $policyResults = $this->handlePolicies($policySet->getPolicies()); if (count($policyResults) == 1) { return array_shift($policyResults); } else { // we're working with a set of policies, go with the algorithm // if we have one... $algorithm = $policySet->getAlgorithm(); if ($algorithm === null) { // default to most secure - deny overrides! $algorithm = new Algorithm\DenyOverrides(); } return $algorithm = $algorithm->evaluate($policyResults); } }