public function testMemory()
{
$acl = new \Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
$roles = array('Admin' => new \Phalcon\Acl\Role('Admin'), 'Users' => new \Phalcon\Acl\Role('Users'), 'Guests' => new \Phalcon\Acl\Role('Guests'));
$resources = array('welcome' => array('index', 'about'), 'account' => array('index'));
foreach ($roles as $role => $object) {
$acl->addRole($object);
}
foreach ($resources as $resource => $actions) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
/*
$this->assertFalse($acl->isAllowed('Admin', 'welcome', 'index'));
$this->assertFalse($acl->isAllowed('Admin', 'welcome', 'about'));
$acl->allow('Admin', 'welcome', '*');
$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'index'));
$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'about'));
$this->assertFalse($acl->isAllowed('Admin', 'account', 'index'));
$this->assertFalse($acl->isAllowed('Admin', 'account', 'about'));
$acl->allow('Admin', '*', '*');
$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'index'));
$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'about'));
$this->assertTrue($acl->isAllowed('Admin', 'account', 'index'));
$this->assertTrue($acl->isAllowed('Admin', 'account', 'about'));
$acl->deny('Admin', '*', '*');
foreach ($roles as $role => $object) {
$this->assertFalse($acl->isAllowed($role, 'welcome', 'about'));
}
*/
$acl->allow("*", "welcome", "index");
foreach ($roles as $role => $object) {
$this->assertTrue($acl->isAllowed($role, 'welcome', 'index'));
}
$acl->deny("*", "welcome", "index");
foreach ($roles as $role => $object) {
$this->assertFalse($acl->isAllowed($role, 'welcome', 'index'));
}
/*
$acl->allow('Admin', '*', 'index');
foreach ($resources as $resource => $actions) {
$this->assertTrue($acl->isAllowed('admin', $resource, 'index'));
}
$acl->allow('*', '*', 'index');
$acl->allow('*', '*', '*');
*/
}
public function testOptionsWithAcl()
{
$I = $this->tester;
$_SERVER['REQUEST_METHOD'] = 'OPTIONS';
$resource = new \Phalcon\Acl\Resource('/foo');
$role = new \Phalcon\Acl\Role('foo');
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
$acl->addResource($resource, []);
$acl->addRole($role);
$acl->addResourceAccess($resource->getName(), ['GET', 'POST', 'PUT', 'DELETE']);
$acl->allow($role->getName(), $resource->getName(), 'GET');
$acl->allow($role->getName(), $resource->getName(), 'POST');
$acl->isAllowed($role->getName(), $resource->getName(), 'GET');
$app = Rest\App::instance();
$app->setService('acl', $acl, true);
$controller = $this->getMockForAbstractClass(Rest\Controller::class, [], '', true, true, true, ['get', 'put']);
$controller->setDI($app->getDI());
$resp = $controller->handle();
$actual = $resp->getHeaders()->get('Allow');
$I->assertEquals('GET', $actual);
}
$roleName = $objRole->getName();
if ($roleName == 'Admin') {
foreach ($arrResources['Admin'] as $resource => $method) {
$acl->allow($roleName, $resource, $method);
}
}
if ($roleName == 'User') {
foreach ($arrResources['User'] as $resource => $method) {
$acl->allow($roleName, $resource, $method);
}
}
}
$app->before(function () use($app, $acl) {
$arrHandler = $app->getActiveHandler();
$controller = str_replace('Controller\\', '', get_class($arrHandler[0]));
$baseController = new BaseController();
$cacheToken = $baseController->verifyToken();
if (false == $cacheToken) {
$auth = 'User';
} else {
$auth = $cacheToken->auth;
}
$allowed = $acl->isAllowed($auth, $controller, $arrHandler[1]);
if (false == $allowed) {
$app->response = $baseController->tokenError();
// 返回无权限,提示信息和token错误一致
$app->response->send();
return false;
}
return true;
});
<?php
$acl = new Phalcon\Acl\Adapter\Memory();
//Default action is deny access
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Create some roles
$roleAdmins = new Phalcon\Acl\Role('Administrators', 'Super-User role');
$roleGuests = new Phalcon\Acl\Role('Guests');
//Add "Guests" role to acl
$acl->addRole($roleGuests);
//Add "Designers" role to acl
$acl->addRole('Designers');
//Define the "Customers" resource
$customersResource = new Phalcon\Acl\Resource('Customers', 'Customers management');
//Add "customers" resource with a couple of operations
$acl->addResource($customersResource, 'search');
$acl->addResource($customersResource, array('create', 'update'));
//Set access level for roles into resources
$acl->allow('Guests', 'Customers', 'search');
$acl->allow('Guests', 'Customers', 'create');
$acl->deny('Guests', 'Customers', 'update');
//Check whether role has access to the operations
$acl->isAllowed('Guests', 'Customers', 'edit');
//Returns 0
$acl->isAllowed('Guests', 'Customers', 'search');
//Returns 1
$acl->isAllowed('Guests', 'Customers', 'create');
//Returns 1
public function testDeepInherit()
{
/**
* Set deep inheritance rules and check them
*/
$acl = new \Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(\Phalcon\Acl::DENY);
$roleUser = new \Phalcon\Acl\Role("User", "Basic access");
$acl->addRole($roleUser);
$roleManager = new \Phalcon\Acl\Role("Manager", "Extended access");
$acl->addRole($roleManager, $roleUser);
$roleAdmin = new \Phalcon\Acl\Role("Administrator", "Super-User role");
$acl->addRole($roleAdmin, $roleManager);
$acl->addResource(new \Phalcon\Acl\Resource('Resource'), ['index', 'edit', 'delete', 'add']);
$acl->allow('User', 'Resource', 'index');
$acl->allow('Manager', 'Resource', 'edit');
$acl->allow('Manager', 'Resource', 'add');
$acl->allow('Administrator', 'Resource', 'delete');
/**
* Administrator should have access to index inherited from User
*/
$this->assertTrue($acl->isAllowed('Administrator', 'Resource', 'index'));
/**
* And Administrator should inherit access from Manager
*/
$this->assertTrue($acl->isAllowed('Administrator', 'Resource', 'edit'));
/**
* Disallow parent role resource and check if child also not have access
*/
$acl->deny('User', 'Resource', 'index');
$this->assertFalse($acl->isAllowed('Administrator', 'Resource', 'index'));
/**
* Check wildcards
*/
$acl->addResource(new \Phalcon\Acl\Resource('Resource2'), ['index', 'edit', 'delete', 'add']);
$acl->allow('User', 'Resource2', '*');
$this->assertTrue($acl->isAllowed('Administrator', 'Resource2', 'delete'));
}
/**
* Memory::dropResourceAccess test
*/
public function testMemoryDropResourceAccess()
{
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->addResource('Resource');
$acl->addResourceAccess('Resource', array('index', 'show'));
$acl->addResourceAccess('Resource', 'edit');
$acl->addRole('Role');
$acl->deny('Role', 'Resource', 'index');
$acl->deny('Role', 'Resource', 'edit');
$this->assertEquals($acl->isAllowed('Role', 'Resource', 'edit'), Phalcon\Acl::DENY);
$exceptions = 0;
try {
$acl->dropResourceAccess('Resource', 'edit');
$acl->addRole('Role 2');
$acl->deny('Role 2', 'Resource', 'edit');
} catch (Phalcon\Acl\Exception $e) {
$exceptions++;
}
$acl->addResourceAccess('Resource', 'edit');
try {
$acl->dropResourceAccess('Resource', array('edit'));
$acl->addRole('Role 3');
$acl->deny('Role 3', 'Resource', 'edit');
} catch (Phalcon\Acl\Exception $e) {
$exceptions++;
}
$this->assertEquals($exceptions, 2);
}