Example #1
0
 /**
  * @ApiDoc(
  *  section="ACL Management",
  *  description="Saves the given rules"
  * )
  *
  * @Rest\RequestParam(name="targetId", requirements=".+", strict=true, description="Target id")
  * @Rest\RequestParam(name="targetType", requirements=".+", strict=true, description="Target type")
  * @Rest\RequestParam(name="rules", strict=false, description="ACL rules array")
  *
  * @Rest\Post("/user/acl")
  *
  * @param  int $targetId
  * @param  int $targetType
  * @param  array $rules
  *
  * @return bool
  */
 public function saveAcl($targetId, $targetType, $rules = null)
 {
     $targetId += 0;
     $targetType += 0;
     AclQuery::create()->filterByTargetId($targetId)->filterByTargetType($targetType)->delete();
     if (0 < count($rules)) {
         $i = 1;
         if (is_array($rules)) {
             foreach ($rules as $rule) {
                 $ruleObject = new Acl();
                 $ruleObject->setPrio($i);
                 $ruleObject->setTargetType($targetType);
                 $ruleObject->setTargetId($targetId);
                 $ruleObject->setTargetId($targetId);
                 $ruleObject->setObject(Objects::normalizeObjectKey(@$rule['object']));
                 $ruleObject->setSub(filter_var(@$rule['sub'], FILTER_VALIDATE_BOOLEAN));
                 $ruleObject->setAccess(filter_var(@$rule['access'], FILTER_VALIDATE_BOOLEAN));
                 $ruleObject->setFields(@$rule['fields']);
                 $ruleObject->setConstraintType(@$rule['constraintType']);
                 $ruleObject->setConstraintCode(@$rule['constraintCode']);
                 $ruleObject->setMode(@$rule['mode'] + 0);
                 $ruleObject->save();
                 $i++;
             }
         }
     }
     $this->cacher->invalidateCache('core/acl');
     return true;
 }
Example #2
0
 public function setObject($mode, $objectKey, $constraintType, $constraintCode, $withSub = false, $targetType, $targetId, $access, $fields = null)
 {
     $objectKey = Objects::normalizeObjectKey($objectKey);
     $acl = new AclObject();
     $acl->setMode($mode);
     $acl->setTargetType($targetType);
     $acl->setTargetId($targetId);
     $acl->setSub($withSub);
     $acl->setAccess($access);
     if ($fields) {
         $acl->setFields(json_encode($fields));
     }
     $acl->setObject($objectKey);
     $acl->setConstraintCode(is_array($constraintCode) ? json_encode($constraintCode) : $constraintCode);
     $acl->setConstraintType($constraintType);
     $query = new \Jarves\Model\AclQuery();
     $query->select('Prio');
     $query->filterByObject($objectKey);
     $query->filterByMode($mode);
     $query->orderByPrio(Criteria::DESC);
     $highestPrio = (int) $query->findOne();
     $acl->setPrio($highestPrio + 1);
     $this->cache[$objectKey . '_' . $mode] = null;
     $acl->save();
     return $acl;
 }
Example #3
0
 public function testRuleCustom()
 {
     ItemCategoryQuery::create()->deleteAll();
     ItemQuery::create()->deleteAll();
     TestQuery::create()->deleteAll();
     $this->getACL()->setCaching(true);
     $this->getACL()->removeObjectRules('test/item');
     $user = new User();
     $user->setUsername('testuser');
     $user->save();
     $item1 = new Item();
     $item1->setTitle('Item 1');
     $item1->save();
     $item2 = new Item();
     $item2->setTitle('Item test');
     $item2->save();
     $rule = new Acl();
     $rule->setAccess(true);
     $rule->setObject('test/item');
     $rule->setTargetType(\Jarves\ACL::TARGET_TYPE_USER);
     $rule->setTargetId($user->getId());
     $rule->setMode(\Jarves\ACL::MODE_ALL);
     $rule->setConstraintType(\Jarves\ACL::CONSTRAINT_ALL);
     $rule->setPrio(2);
     $rule->save();
     $rule = new Acl();
     $rule->setAccess(false);
     $rule->setObject('test/item');
     $rule->setTargetType(\Jarves\ACL::TARGET_TYPE_USER);
     $rule->setTargetId($user->getId());
     $rule->setMode(\Jarves\ACL::MODE_ALL);
     $rule->setConstraintType(\Jarves\ACL::CONSTRAINT_CONDITION);
     $rule->setConstraintCode(json_encode([['title', 'LIKE', '%test']]));
     $rule->setPrio(3);
     $rule->save();
     $item1ListingRequest = ACLRequest::create('test/item', $item1->getId())->onlyListingMode()->targetUser($user->getId());
     $item2ListingRequest = ACLRequest::create('test/item', $item2->getId())->onlyListingMode()->targetUser($user->getId());
     $access1 = $this->getACL()->check($item1ListingRequest);
     $access2 = $this->getACL()->check($item2ListingRequest);
     $this->assertTrue($access1, 'item1 has access as the second rule doesnt grab and first rule says all access=true');
     $this->assertFalse($access2, 'no access to item2 as we have defined access=false in second rule.');
     $user->delete();
     $this->getACL()->setCaching(true);
     $this->getACL()->removeObjectRules('test/item');
 }