public static function isAllowed($model, $action)
{
// commandline always have full-access
if (Context::isTrusted() || $model instanceof Auth && $model->isTrustedAction()) {
return true;
}
$is_allowed = false;
$instance = static::getInstance();
$collection_name = $instance->getCollectioName($model);
$instance->token = AuthToken::current();
$roles = $instance->getConfig($collection_name, $action);
// Ensure array type for roles
if (!is_array($roles)) {
$roles = array($roles);
}
foreach ($roles as $role) {
// At least one of the configured roles must match
if ($is_allowed) {
break;
}
if (in_array($role, $instance->builtInRoles)) {
$is_allowed = call_user_func_array(array($instance, 'check' . ucfirst($role)), array($model));
} else {
$is_allowed = $instance->checkRole($role);
}
}
return $is_allowed;
}
public function tearDown()
{
// restore commandline key
AppKey::current()->type = AppKey::TYPE_CLI;
Context::setTrusted(false);
// reset active auth token
AuthToken::setCurrent(null);
}
public function testOwnerReadSuccess()
{
$this->setConfig(App::collection('restricted_content')->getTable(), 'read', 'owner');
$auth_id = 1;
App::collection('restricted_content')->create(array('name' => "Read success", 'auth_id' => $auth_id));
App::collection('restricted_content')->create(array('name' => "Read fail", 'auth_id' => 2));
// mock authorized user
$auth_token = new AuthToken(array('auth_id' => $auth_id));
AuthToken::setCurrent($auth_token);
$this->assertTrue(is_array(App::collection('restricted_content')->where('auth_id', 1)->first()->toArray()));
// wrong auth_id, throw exception
$this->setExpectedException('Hook\\Exceptions\\NotAllowedException');
App::collection('restricted_content')->where('auth_id', 2)->first()->toArray();
}
protected function isAuthenticated()
{
$auth_token = AuthToken::current();
return $auth_token && $auth_token->auth_id == $this->_id;
}