Exemple #1
0
 public function testMemory()
 {
     $acl = new \Phalcon\Acl\Adapter\Memory();
     $acl->setDefaultAction(Phalcon\Acl::DENY);
     $roles = array('Admin' => new \Phalcon\Acl\Role('Admin'), 'Users' => new \Phalcon\Acl\Role('Users'), 'Guests' => new \Phalcon\Acl\Role('Guests'));
     $resources = array('welcome' => array('index', 'about'), 'account' => array('index'));
     foreach ($roles as $role => $object) {
         $acl->addRole($object);
     }
     foreach ($resources as $resource => $actions) {
         $acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
     }
     /*		
     		$this->assertFalse($acl->isAllowed('Admin', 'welcome', 'index'));
     		$this->assertFalse($acl->isAllowed('Admin', 'welcome', 'about'));
     
     		$acl->allow('Admin', 'welcome', '*');
     
     		$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'index'));
     		$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'about'));
     
     		$this->assertFalse($acl->isAllowed('Admin', 'account', 'index'));
     		$this->assertFalse($acl->isAllowed('Admin', 'account', 'about'));
     
     		$acl->allow('Admin', '*', '*');	
     
     		$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'index'));
     		$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'about'));
     
     		$this->assertTrue($acl->isAllowed('Admin', 'account', 'index'));
     		$this->assertTrue($acl->isAllowed('Admin', 'account', 'about'));
     
     		$acl->deny('Admin', '*', '*');	
     
     		foreach ($roles as $role => $object) {
     			$this->assertFalse($acl->isAllowed($role, 'welcome', 'about'));
     		}
     */
     $acl->allow("*", "welcome", "index");
     foreach ($roles as $role => $object) {
         $this->assertTrue($acl->isAllowed($role, 'welcome', 'index'));
     }
     $acl->deny("*", "welcome", "index");
     foreach ($roles as $role => $object) {
         $this->assertFalse($acl->isAllowed($role, 'welcome', 'index'));
     }
     /*		
     		$acl->allow('Admin', '*', 'index');
     
     		foreach ($resources as $resource => $actions) {
     			$this->assertTrue($acl->isAllowed('admin', $resource, 'index'));
     		}
     
     		$acl->allow('*', '*', 'index');
     
     		$acl->allow('*', '*', '*');
     */
 }
Exemple #2
0
 public function testOptionsWithAcl()
 {
     $I = $this->tester;
     $_SERVER['REQUEST_METHOD'] = 'OPTIONS';
     $resource = new \Phalcon\Acl\Resource('/foo');
     $role = new \Phalcon\Acl\Role('foo');
     $acl = new Phalcon\Acl\Adapter\Memory();
     $acl->setDefaultAction(Phalcon\Acl::DENY);
     $acl->addResource($resource, []);
     $acl->addRole($role);
     $acl->addResourceAccess($resource->getName(), ['GET', 'POST', 'PUT', 'DELETE']);
     $acl->allow($role->getName(), $resource->getName(), 'GET');
     $acl->allow($role->getName(), $resource->getName(), 'POST');
     $acl->isAllowed($role->getName(), $resource->getName(), 'GET');
     $app = Rest\App::instance();
     $app->setService('acl', $acl, true);
     $controller = $this->getMockForAbstractClass(Rest\Controller::class, [], '', true, true, true, ['get', 'put']);
     $controller->setDI($app->getDI());
     $resp = $controller->handle();
     $actual = $resp->getHeaders()->get('Allow');
     $I->assertEquals('GET', $actual);
 }
    $roleName = $objRole->getName();
    if ($roleName == 'Admin') {
        foreach ($arrResources['Admin'] as $resource => $method) {
            $acl->allow($roleName, $resource, $method);
        }
    }
    if ($roleName == 'User') {
        foreach ($arrResources['User'] as $resource => $method) {
            $acl->allow($roleName, $resource, $method);
        }
    }
}
$app->before(function () use($app, $acl) {
    $arrHandler = $app->getActiveHandler();
    $controller = str_replace('Controller\\', '', get_class($arrHandler[0]));
    $baseController = new BaseController();
    $cacheToken = $baseController->verifyToken();
    if (false == $cacheToken) {
        $auth = 'User';
    } else {
        $auth = $cacheToken->auth;
    }
    $allowed = $acl->isAllowed($auth, $controller, $arrHandler[1]);
    if (false == $allowed) {
        $app->response = $baseController->tokenError();
        // 返回无权限,提示信息和token错误一致
        $app->response->send();
        return false;
    }
    return true;
});
<?php

$acl = new Phalcon\Acl\Adapter\Memory();
//Default action is deny access
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Create some roles
$roleAdmins = new Phalcon\Acl\Role('Administrators', 'Super-User role');
$roleGuests = new Phalcon\Acl\Role('Guests');
//Add "Guests" role to acl
$acl->addRole($roleGuests);
//Add "Designers" role to acl
$acl->addRole('Designers');
//Define the "Customers" resource
$customersResource = new Phalcon\Acl\Resource('Customers', 'Customers management');
//Add "customers" resource with a couple of operations
$acl->addResource($customersResource, 'search');
$acl->addResource($customersResource, array('create', 'update'));
//Set access level for roles into resources
$acl->allow('Guests', 'Customers', 'search');
$acl->allow('Guests', 'Customers', 'create');
$acl->deny('Guests', 'Customers', 'update');
//Check whether role has access to the operations
$acl->isAllowed('Guests', 'Customers', 'edit');
//Returns 0
$acl->isAllowed('Guests', 'Customers', 'search');
//Returns 1
$acl->isAllowed('Guests', 'Customers', 'create');
//Returns 1
Exemple #5
0
 public function testDeepInherit()
 {
     /**
      * Set deep inheritance rules and check them
      */
     $acl = new \Phalcon\Acl\Adapter\Memory();
     $acl->setDefaultAction(\Phalcon\Acl::DENY);
     $roleUser = new \Phalcon\Acl\Role("User", "Basic access");
     $acl->addRole($roleUser);
     $roleManager = new \Phalcon\Acl\Role("Manager", "Extended access");
     $acl->addRole($roleManager, $roleUser);
     $roleAdmin = new \Phalcon\Acl\Role("Administrator", "Super-User role");
     $acl->addRole($roleAdmin, $roleManager);
     $acl->addResource(new \Phalcon\Acl\Resource('Resource'), ['index', 'edit', 'delete', 'add']);
     $acl->allow('User', 'Resource', 'index');
     $acl->allow('Manager', 'Resource', 'edit');
     $acl->allow('Manager', 'Resource', 'add');
     $acl->allow('Administrator', 'Resource', 'delete');
     /**
      * Administrator should have access to index inherited from User
      */
     $this->assertTrue($acl->isAllowed('Administrator', 'Resource', 'index'));
     /**
      * And Administrator should inherit access from Manager
      */
     $this->assertTrue($acl->isAllowed('Administrator', 'Resource', 'edit'));
     /**
      * Disallow parent role resource and check if child also not have access
      */
     $acl->deny('User', 'Resource', 'index');
     $this->assertFalse($acl->isAllowed('Administrator', 'Resource', 'index'));
     /**
      * Check wildcards
      */
     $acl->addResource(new \Phalcon\Acl\Resource('Resource2'), ['index', 'edit', 'delete', 'add']);
     $acl->allow('User', 'Resource2', '*');
     $this->assertTrue($acl->isAllowed('Administrator', 'Resource2', 'delete'));
 }
Exemple #6
0
 /**
  * Memory::dropResourceAccess test
  */
 public function testMemoryDropResourceAccess()
 {
     $acl = new Phalcon\Acl\Adapter\Memory();
     $acl->addResource('Resource');
     $acl->addResourceAccess('Resource', array('index', 'show'));
     $acl->addResourceAccess('Resource', 'edit');
     $acl->addRole('Role');
     $acl->deny('Role', 'Resource', 'index');
     $acl->deny('Role', 'Resource', 'edit');
     $this->assertEquals($acl->isAllowed('Role', 'Resource', 'edit'), Phalcon\Acl::DENY);
     $exceptions = 0;
     try {
         $acl->dropResourceAccess('Resource', 'edit');
         $acl->addRole('Role 2');
         $acl->deny('Role 2', 'Resource', 'edit');
     } catch (Phalcon\Acl\Exception $e) {
         $exceptions++;
     }
     $acl->addResourceAccess('Resource', 'edit');
     try {
         $acl->dropResourceAccess('Resource', array('edit'));
         $acl->addRole('Role 3');
         $acl->deny('Role 3', 'Resource', 'edit');
     } catch (Phalcon\Acl\Exception $e) {
         $exceptions++;
     }
     $this->assertEquals($exceptions, 2);
 }