Example #1
0
 /**
  * @group ZF-9643
  */
 public function testRemoveAllowWithNullResourceAppliesToAllResources()
 {
     $this->_acl->addRole('guest');
     $this->_acl->addResource('blogpost');
     $this->_acl->addResource('newsletter');
     $this->_acl->allow('guest', 'blogpost', 'read');
     $this->_acl->allow('guest', 'newsletter', 'read');
     $this->assertTrue($this->_acl->isAllowed('guest', 'blogpost', 'read'));
     $this->assertTrue($this->_acl->isAllowed('guest', 'newsletter', 'read'));
     $this->_acl->removeAllow('guest', 'newsletter', 'read');
     $this->assertTrue($this->_acl->isAllowed('guest', 'blogpost', 'read'));
     $this->assertFalse($this->_acl->isAllowed('guest', 'newsletter', 'read'));
     $this->_acl->removeAllow('guest', null, 'read');
     $this->assertFalse($this->_acl->isAllowed('guest', 'blogpost', 'read'));
     $this->assertFalse($this->_acl->isAllowed('guest', 'newsletter', 'read'));
     // ensure allow null/all resoures works
     $this->_acl->allow('guest', null, 'read');
     $this->assertTrue($this->_acl->isAllowed('guest', 'blogpost', 'read'));
     $this->assertTrue($this->_acl->isAllowed('guest', 'newsletter', 'read'));
 }
Example #2
0
 /**
  * Ensures that an example for a content management system is operable
  *
  * @return void
  */
 public function testCMSExample()
 {
     // Add some roles to the Role registry
     $this->_acl->addRole(new Zend_Acl_Role('guest'))->addRole(new Zend_Acl_Role('staff'), 'guest')->addRole(new Zend_Acl_Role('editor'), 'staff')->addRole(new Zend_Acl_Role('administrator'));
     // Guest may only view content
     $this->_acl->allow('guest', null, 'view');
     // Staff inherits view privilege from guest, but also needs additional privileges
     $this->_acl->allow('staff', null, array('edit', 'submit', 'revise'));
     // Editor inherits view, edit, submit, and revise privileges, but also needs additional privileges
     $this->_acl->allow('editor', null, array('publish', 'archive', 'delete'));
     // Administrator inherits nothing but is allowed all privileges
     $this->_acl->allow('administrator');
     // Access control checks based on above permission sets
     $this->assertTrue($this->_acl->isAllowed('guest', null, 'view'));
     $this->assertFalse($this->_acl->isAllowed('guest', null, 'edit'));
     $this->assertFalse($this->_acl->isAllowed('guest', null, 'submit'));
     $this->assertFalse($this->_acl->isAllowed('guest', null, 'revise'));
     $this->assertFalse($this->_acl->isAllowed('guest', null, 'publish'));
     $this->assertFalse($this->_acl->isAllowed('guest', null, 'archive'));
     $this->assertFalse($this->_acl->isAllowed('guest', null, 'delete'));
     $this->assertFalse($this->_acl->isAllowed('guest', null, 'unknown'));
     $this->assertFalse($this->_acl->isAllowed('guest'));
     $this->assertTrue($this->_acl->isAllowed('staff', null, 'view'));
     $this->assertTrue($this->_acl->isAllowed('staff', null, 'edit'));
     $this->assertTrue($this->_acl->isAllowed('staff', null, 'submit'));
     $this->assertTrue($this->_acl->isAllowed('staff', null, 'revise'));
     $this->assertFalse($this->_acl->isAllowed('staff', null, 'publish'));
     $this->assertFalse($this->_acl->isAllowed('staff', null, 'archive'));
     $this->assertFalse($this->_acl->isAllowed('staff', null, 'delete'));
     $this->assertFalse($this->_acl->isAllowed('staff', null, 'unknown'));
     $this->assertFalse($this->_acl->isAllowed('staff'));
     $this->assertTrue($this->_acl->isAllowed('editor', null, 'view'));
     $this->assertTrue($this->_acl->isAllowed('editor', null, 'edit'));
     $this->assertTrue($this->_acl->isAllowed('editor', null, 'submit'));
     $this->assertTrue($this->_acl->isAllowed('editor', null, 'revise'));
     $this->assertTrue($this->_acl->isAllowed('editor', null, 'publish'));
     $this->assertTrue($this->_acl->isAllowed('editor', null, 'archive'));
     $this->assertTrue($this->_acl->isAllowed('editor', null, 'delete'));
     $this->assertFalse($this->_acl->isAllowed('editor', null, 'unknown'));
     $this->assertFalse($this->_acl->isAllowed('editor'));
     $this->assertTrue($this->_acl->isAllowed('administrator', null, 'view'));
     $this->assertTrue($this->_acl->isAllowed('administrator', null, 'edit'));
     $this->assertTrue($this->_acl->isAllowed('administrator', null, 'submit'));
     $this->assertTrue($this->_acl->isAllowed('administrator', null, 'revise'));
     $this->assertTrue($this->_acl->isAllowed('administrator', null, 'publish'));
     $this->assertTrue($this->_acl->isAllowed('administrator', null, 'archive'));
     $this->assertTrue($this->_acl->isAllowed('administrator', null, 'delete'));
     $this->assertTrue($this->_acl->isAllowed('administrator', null, 'unknown'));
     $this->assertTrue($this->_acl->isAllowed('administrator'));
     // Some checks on specific areas, which inherit access controls from the root ACL node
     $this->_acl->add(new Zend_Acl_Resource('newsletter'))->add(new Zend_Acl_Resource('pending'), 'newsletter')->add(new Zend_Acl_Resource('gallery'))->add(new Zend_Acl_Resource('profiles', 'gallery'))->add(new Zend_Acl_Resource('config'))->add(new Zend_Acl_Resource('hosts'), 'config');
     $this->assertTrue($this->_acl->isAllowed('guest', 'pending', 'view'));
     $this->assertTrue($this->_acl->isAllowed('staff', 'profiles', 'revise'));
     $this->assertTrue($this->_acl->isAllowed('staff', 'pending', 'view'));
     $this->assertTrue($this->_acl->isAllowed('staff', 'pending', 'edit'));
     $this->assertFalse($this->_acl->isAllowed('staff', 'pending', 'publish'));
     $this->assertFalse($this->_acl->isAllowed('staff', 'pending'));
     $this->assertFalse($this->_acl->isAllowed('editor', 'hosts', 'unknown'));
     $this->assertTrue($this->_acl->isAllowed('administrator', 'pending'));
     // Add a new group, marketing, which bases its permissions on staff
     $this->_acl->addRole(new Zend_Acl_Role('marketing'), 'staff');
     // Refine the privilege sets for more specific needs
     // Allow marketing to publish and archive newsletters
     $this->_acl->allow('marketing', 'newsletter', array('publish', 'archive'));
     // Allow marketing to publish and archive latest news
     $this->_acl->add(new Zend_Acl_Resource('news'))->add(new Zend_Acl_Resource('latest'), 'news');
     $this->_acl->allow('marketing', 'latest', array('publish', 'archive'));
     // Deny staff (and marketing, by inheritance) rights to revise latest news
     $this->_acl->deny('staff', 'latest', 'revise');
     // Deny everyone access to archive news announcements
     $this->_acl->add(new Zend_Acl_Resource('announcement'), 'news');
     $this->_acl->deny(null, 'announcement', 'archive');
     // Access control checks for the above refined permission sets
     $this->assertTrue($this->_acl->isAllowed('marketing', null, 'view'));
     $this->assertTrue($this->_acl->isAllowed('marketing', null, 'edit'));
     $this->assertTrue($this->_acl->isAllowed('marketing', null, 'submit'));
     $this->assertTrue($this->_acl->isAllowed('marketing', null, 'revise'));
     $this->assertFalse($this->_acl->isAllowed('marketing', null, 'publish'));
     $this->assertFalse($this->_acl->isAllowed('marketing', null, 'archive'));
     $this->assertFalse($this->_acl->isAllowed('marketing', null, 'delete'));
     $this->assertFalse($this->_acl->isAllowed('marketing', null, 'unknown'));
     $this->assertFalse($this->_acl->isAllowed('marketing'));
     $this->assertTrue($this->_acl->isAllowed('marketing', 'newsletter', 'publish'));
     $this->assertFalse($this->_acl->isAllowed('staff', 'pending', 'publish'));
     $this->assertTrue($this->_acl->isAllowed('marketing', 'pending', 'publish'));
     $this->assertTrue($this->_acl->isAllowed('marketing', 'newsletter', 'archive'));
     $this->assertFalse($this->_acl->isAllowed('marketing', 'newsletter', 'delete'));
     $this->assertFalse($this->_acl->isAllowed('marketing', 'newsletter'));
     $this->assertTrue($this->_acl->isAllowed('marketing', 'latest', 'publish'));
     $this->assertTrue($this->_acl->isAllowed('marketing', 'latest', 'archive'));
     $this->assertFalse($this->_acl->isAllowed('marketing', 'latest', 'delete'));
     $this->assertFalse($this->_acl->isAllowed('marketing', 'latest', 'revise'));
     $this->assertFalse($this->_acl->isAllowed('marketing', 'latest'));
     $this->assertFalse($this->_acl->isAllowed('marketing', 'announcement', 'archive'));
     $this->assertFalse($this->_acl->isAllowed('staff', 'announcement', 'archive'));
     $this->assertFalse($this->_acl->isAllowed('administrator', 'announcement', 'archive'));
     $this->assertFalse($this->_acl->isAllowed('staff', 'latest', 'publish'));
     $this->assertFalse($this->_acl->isAllowed('editor', 'announcement', 'archive'));
     // Remove some previous permission specifications
     // Marketing can no longer publish and archive newsletters
     $this->_acl->removeAllow('marketing', 'newsletter', array('publish', 'archive'));
     // Marketing can no longer archive the latest news
     $this->_acl->removeAllow('marketing', 'latest', 'archive');
     // Now staff (and marketing, by inheritance) may revise latest news
     $this->_acl->removeDeny('staff', 'latest', 'revise');
     // Access control checks for the above refinements
     $this->assertFalse($this->_acl->isAllowed('marketing', 'newsletter', 'publish'));
     $this->assertFalse($this->_acl->isAllowed('marketing', 'newsletter', 'archive'));
     $this->assertFalse($this->_acl->isAllowed('marketing', 'latest', 'archive'));
     $this->assertTrue($this->_acl->isAllowed('staff', 'latest', 'revise'));
     $this->assertTrue($this->_acl->isAllowed('marketing', 'latest', 'revise'));
     // Grant marketing all permissions on the latest news
     $this->_acl->allow('marketing', 'latest');
     // Access control checks for the above refinement
     $this->assertTrue($this->_acl->isAllowed('marketing', 'latest', 'archive'));
     $this->assertTrue($this->_acl->isAllowed('marketing', 'latest', 'publish'));
     $this->assertTrue($this->_acl->isAllowed('marketing', 'latest', 'edit'));
     $this->assertTrue($this->_acl->isAllowed('marketing', 'latest'));
 }
Example #3
0
 /**
  * @group ZF-8039
  *
  * Meant to test for the (in)existance of this notice:
  * "Notice: Undefined index: allPrivileges in lib/Zend/Acl.php on line 682"
  */
 public function testMethodRemoveAllowDoesNotThrowNotice()
 {
     $acl = new Zend_Acl();
     $acl->addRole('admin');
     $acl->addResource('blog');
     $acl->allow('admin', 'blog', 'read');
     $acl->removeAllow(array('admin'), array('blog'), null);
 }