public function isValid() { $account = $this->authenticationService->getAccountEntity(); if (!$account) { return false; } $permission = $this->resource . '.' . $this->permission; return $this->authorizationService->isGranted('account-' . $account->getId()->toString(), $permission); }
public function testCanMatchIdentityRoles() { $adminRole = new Role('admin'); $adminRole->addPermission('delete'); $rbac = new Rbac(); $rbac->addRole($adminRole); $authorizationService = new RbacService($rbac, array('admin')); $this->assertTrue($authorizationService->matchIdentityRoles(array('admin'))); }
public function __invoke($permission, $assert = null, AccountInterface $account = null) { if ($account === null) { $account = $this->authenticationService->getAccountEntity(); } //$groups = $account->getGroups(); //var_dump($groups->count()); //exit; return $this->authorizationService->isGranted('account-' . $account->getId()->toString(), $permission, $assert); }
public function createService(ServiceLocatorInterface $serviceLocator) { /** @var AuthenticationService $authenticationService */ $authenticationService = $serviceLocator->get('Zend\\Authentication\\AuthenticationService'); /** @var AccountInterface $account */ $account = $authenticationService->getAccountEntity(); $rbac = new Rbac(); if ($account) { $role = $this->createAccountRole($account); $rbac->addRole($role); } return $rbac; }
/** * Recupera as permissoes do banco de dados e as distribui no objeto \Zend\Permissions\Rbac\Rbac. * * Role Based Access Controll * Metodo de controle de acesso que permite heranca de permissoes. * * @param type $userRole */ public function setupPermissions($userRole, $module) { // Primeiro role, referente diretamente ao cargo do usuario. $mainRole = new Role($userRole); // Permissoes para o cargo principal $permissionBoClass = Config::getZf2libConfig('permissionBusinessClass', $module); $permissionBO = new $permissionBoClass(); $permissions = $permissionBO->getListByRole($userRole); foreach ($permissions as $allow) { $mainRole->addPermission($allow->module->getPkModule() . '.' . $allow->controller->getName() . '.' . $allow->permission->getFkAction()); } $this->control = new Rbac(); $this->control->addRole($mainRole); }
/** * * @param mixed $permission * @return boolean */ public function isGranted($permission) { if (!$this->identityRoles) { return false; } $isGranted = false; foreach ($this->identityRoles as $role) { if ($this->rbac->isGranted($role, $permission)) { $isGranted = true; break; } } return $isGranted; }
/** * Recursive function to add roles according to their parent role. * * @param Rbac $rbac * @param $roles * @param int $parentName * @return void */ protected function recursiveRoles(Rbac $rbac, $roles, $parentName = 0) { if (!isset($roles[$parentName])) { return; } foreach ((array) $roles[$parentName] as $role) { if ($parentName) { $rbac->getRole($parentName)->addChild($role); } else { $rbac->addRole($role); } if (!empty($roles[$role])) { $this->recursiveroles($rbac, $roles, $role); } } }
public function assert(Rbac $rbac) { $return = false; $role = $rbac->getRole('PermissionXML'); $accessResult = $role->doc->query($this->accessQuery); if ($accessResult->length > 0) { $limitationQuery = trim($accessResult->item(0)->nodeValue); if ($limitationQuery) { if ($this->contextDoc instanceof \BaseXMS\Stdlib\DOMDocument) { $return = $this->contextDoc->query($limitationQuery)->length > 0; } } else { $return = true; } } return $return; }
/** * @tesdox Test adding custom child roles works */ public function testAddCustomChildRole() { $role = $this->getMockForAbstractClass('Zend\\Permissions\\Rbac\\RoleInterface'); $this->rbac->setCreateMissingRoles(true)->addRole($role, array('parent')); $role->expects($this->any())->method('getName')->will($this->returnValue('customchild')); $role->expects($this->once())->method('hasPermission')->with('test')->will($this->returnValue(true)); $this->assertTrue($this->rbac->isGranted('parent', 'test')); }
public function testAddRoleWithAutomaticParentsUsingRbac() { $foo = new Rbac\Role('foo'); $bar = new Rbac\Role('bar'); $this->rbac->setCreateMissingRoles(true); $this->rbac->addRole($bar, $foo); $this->assertEquals($bar->getParent(), $foo); $this->assertEquals(1, count($foo->getChildren())); }
/** * * @param ServiceLocatorInterface $serviceLocator * @return Rbac */ public function createService(ServiceLocatorInterface $serviceLocator) { /* @var $moduleOptions ModuleOptions */ $moduleOptions = $serviceLocator->get('UghAuthorization\\Options\\ModuleOptions'); /* @var $pluginManager RoleProviderPluginManager */ $pluginManager = $serviceLocator->get('UghAuthorization\\Permissions\\Rbac\\RoleProviderPluginManager'); $roleProviderConfig = $moduleOptions->getRoleProvider(); /* @var $roleProvider RoleProvider */ $roleProvider = $pluginManager->get(key($roleProviderConfig), current($roleProviderConfig)); /* @var $identityProvider IdentityProvider */ $identityProvider = $serviceLocator->get($moduleOptions->getIdentityProvider()); $identity = $identityProvider->getIdentity(); $roles = $roleProvider->getRoles($identity->getRoles()); $rbac = new Rbac(); foreach ($roles as $role) { $rbac->addRole($role); } return $rbac; }
/** * Load the requested resources into RBAC. * * @param Rbac $rbac * @param string $role * @param string|null $permission * @return \Doctrine\DBAL\Query\QueryBuilder */ protected function load($rbac, $role, $permission = null) { $options = $this->options; $builder = new QueryBuilder($this->connection); // Role always present $builder->select('node.name')->from($options->getRoleTable(), 'node')->from($options->getRoleTable(), 'parent')->where('node.lft BETWEEN parent.lft AND parent.rgt')->andWhere('parent.name = :role')->orderBy('node.lft'); $builder->setParameter('role', $role); // Permission optional if ($permission) { $builder->addSelect('permission.name AS permission')->leftJoin('node', 'role_permission', 'rp', 'node.id = rp.role_id')->leftJoin('node', 'permission', 'permission', 'rp.permission_id = permission.id')->andWhere('(permission.name = :permission OR permission.name IS NULL)'); $builder->setParameter('permission', $permission); } $parent = null; foreach ($builder->execute() as $row) { if ($parent) { if (!$rbac->hasRole($row['name'])) { $rbac->getRole($parent)->addChild($row['name']); } } elseif (!$rbac->hasRole($row['name'])) { $rbac->addRole($row['name']); } if ($permission) { if ($row['permission']) { $rbac->getRole($row['name'])->addPermission($row['permission']); } } $parent = $row['name']; } return $builder; }
<?php require __DIR__ . '/../vendor/autoload.php'; use FUnit as fu; use Zend\Permissions\Rbac\Rbac; use Knlv\Zf2\Permissions\Rbac\Assertion\Callback as RbacCallback; fu::setup(function () { $rbac = new Rbac(); $rbac->addRole('member'); $rbac->addRole('guest', 'member'); $rbac->getRole('guest')->addPermission('read'); $rbac->getRole('member')->addPermission('write'); fu::fixture('rbac', $rbac); }); fu::test('Test rbac callback assertion', function () { $rbac = fu::fixture('rbac'); $test = $rbac->isGranted('guest', 'read') && $rbac->isGranted('member', 'read') && !$rbac->isGranted('guest', 'write') && $rbac->isGranted('member', 'write'); fu::ok($test, 'Test rbac without assertions'); $assertTrue = new RbacCallback(function () { return true; }); $assertFalse = new RbacCallback(function () { return false; }); fu::not_ok($rbac->isGranted('member', 'read', $assertFalse), 'Assert permission not granted when callback returns false'); fu::ok($rbac->isGranted('member', 'write', $assertTrue), 'Assert permission granted when callback returns true'); });