public function testPermitObject()
{
Permit::$routes = array();
Permit::$executed = null;
$this->assertEqual(count(Permit::$routes), 0);
Permit::access(array('controller' => array('permit_tests', 'tags'), 'action' => array('add', 'edit', 'delete')), array('auth' => array('group' => 'admin')), array('redirect' => array('controller' => 'users', 'action' => 'login')));
$this->assertEqual(count(Permit::$routes), 1);
Permit::access(array('controller' => 'permit_tests', 'action' => array('add', 'edit', 'delete')), array('auth' => array('group' => 'admin')), array('redirect' => array('controller' => 'users', 'action' => 'login')));
$this->assertEqual(count(Permit::$routes), 2);
Permit::access(array('controller' => 'users'), array('auth' => true), array('element' => 'auth_error', 'redirect' => array('controller' => 'users', 'action' => 'login')));
$this->assertEqual(count(Permit::$routes), 3);
$expected = array('route' => array('controller' => array('permit_tests', 'tags'), 'action' => array('add', 'edit', 'delete')), 'rules' => array('auth' => array('group' => 'admin')), 'redirect' => array('controller' => 'users', 'action' => 'login'), 'message' => __('Access denied', true), 'element' => 'default', 'params' => array(), 'key' => 'flash');
$this->assertEqual(current(Permit::$routes), $expected);
reset(Permit::$routes);
$expected = array('route' => array('controller' => 'users'), 'rules' => array('auth' => true), 'redirect' => array('controller' => 'users', 'action' => 'login'), 'message' => __('Access denied', true), 'element' => 'auth_error', 'params' => array(), 'key' => 'flash');
$this->assertEqual(end(Permit::$routes), $expected);
reset(Permit::$routes);
}
/**
* Determines whether the given user is authorized to perform an action. The result of
* a failed request depends upon the options for the route
*
* @param array $route A Permit Route
* @return boolean True if redirect should be executed, false otherwise
*/
protected function _execute($route)
{
Permit::$executed = $this->executed = $route;
if (empty($route['rules'])) {
return false;
}
if (isset($route['rules']['deny'])) {
return $route['rules']['deny'] == true;
}
if (!isset($route['rules']['auth'])) {
return false;
}
if (is_bool($route['rules']['auth'])) {
$isAuthed = $this->Session->read("{$this->settings['path']}.{$this->settings['check']}");
if ($route['rules']['auth'] == true && !$isAuthed) {
return true;
}
if ($route['rules']['auth'] == false && $isAuthed) {
return true;
}
return false;
} elseif (!is_array($route['rules']['auth'])) {
return false;
}
if ($this->user == false) {
return true;
}
$fieldsBehavior = 'and';
if (!empty($route['rules']['fields_behavior'])) {
$fieldsBehavior = strtolower($route['rules']['fields_behavior']);
}
if (!in_array($fieldsBehavior, array('and', 'or'))) {
$fieldsBehavior = 'and';
}
$count = count(Set::flatten($route['rules']['auth']));
foreach ($route['rules']['auth'] as $path => $condition) {
$path = '/' . str_replace('.', '/', $path);
$path = preg_replace('/^([\\/]+)/', '/', $path);
$check = $condition;
$continue = false;
$decrement = 1;
$values = Set::extract($path, $this->user);
// Support for OR Model-syntax
foreach (array('or', 'OR') as $anOr) {
if (is_array($condition) && array_key_exists($anOr, $condition)) {
$check = $condition[$anOr];
$continue = true;
$decrement = count($check);
}
}
if ($fieldsBehavior == 'or') {
$check = $condition;
$continue = true;
$decrement = count($check);
}
foreach ((array) $check as $cond) {
if (in_array($cond, (array) $values)) {
$count -= $decrement;
if ($continue) {
continue 2;
}
}
}
}
return $count !== 0;
}
