public function testNewValidUserLogin() { $this->acls[] = $acl = new Acl(); $acl->toArray(); $acl->fromArray(['object' => 'jarves/entryPoint', 'targetType' => \Jarves\ACL::TARGET_TYPE_GROUP, 'targetId' => $this->testGroupPk['id'], 'sub' => true, 'mode' => 0, 'access' => true, 'constraintType' => 1, 'constraintCode' => $this->getObjects()->getObjectUrlId('jarves/entryPoint', ['path' => '/admin'])], TableMap::TYPE_CAMELNAME); $acl->save(); $this->getCacher()->invalidateCache('core/acl'); $response = $this->restCall('/jarves/admin/login', 'POST', ['username' => 'test', 'password' => 'test']); $this->assertInternalType('array', $response['data']); $this->assertEquals($this->userPk['id'], $response['data']['userId']); $this->assertEquals(true, $response['data']['access']); }
/** * @ApiDoc( * section="ACL Management", * description="Saves the given rules" * ) * * @Rest\RequestParam(name="targetId", requirements=".+", strict=true, description="Target id") * @Rest\RequestParam(name="targetType", requirements=".+", strict=true, description="Target type") * @Rest\RequestParam(name="rules", strict=false, description="ACL rules array") * * @Rest\Post("/user/acl") * * @param int $targetId * @param int $targetType * @param array $rules * * @return bool */ public function saveAcl($targetId, $targetType, $rules = null) { $targetId += 0; $targetType += 0; AclQuery::create()->filterByTargetId($targetId)->filterByTargetType($targetType)->delete(); if (0 < count($rules)) { $i = 1; if (is_array($rules)) { foreach ($rules as $rule) { $ruleObject = new Acl(); $ruleObject->setPrio($i); $ruleObject->setTargetType($targetType); $ruleObject->setTargetId($targetId); $ruleObject->setTargetId($targetId); $ruleObject->setObject(Objects::normalizeObjectKey(@$rule['object'])); $ruleObject->setSub(filter_var(@$rule['sub'], FILTER_VALIDATE_BOOLEAN)); $ruleObject->setAccess(filter_var(@$rule['access'], FILTER_VALIDATE_BOOLEAN)); $ruleObject->setFields(@$rule['fields']); $ruleObject->setConstraintType(@$rule['constraintType']); $ruleObject->setConstraintCode(@$rule['constraintCode']); $ruleObject->setMode(@$rule['mode'] + 0); $ruleObject->save(); $i++; } } } $this->cacher->invalidateCache('core/acl'); return true; }
public function setObject($mode, $objectKey, $constraintType, $constraintCode, $withSub = false, $targetType, $targetId, $access, $fields = null) { $objectKey = Objects::normalizeObjectKey($objectKey); $acl = new AclObject(); $acl->setMode($mode); $acl->setTargetType($targetType); $acl->setTargetId($targetId); $acl->setSub($withSub); $acl->setAccess($access); if ($fields) { $acl->setFields(json_encode($fields)); } $acl->setObject($objectKey); $acl->setConstraintCode(is_array($constraintCode) ? json_encode($constraintCode) : $constraintCode); $acl->setConstraintType($constraintType); $query = new \Jarves\Model\AclQuery(); $query->select('Prio'); $query->filterByObject($objectKey); $query->filterByMode($mode); $query->orderByPrio(Criteria::DESC); $highestPrio = (int) $query->findOne(); $acl->setPrio($highestPrio + 1); $this->cache[$objectKey . '_' . $mode] = null; $acl->save(); return $acl; }
public function testRuleCustom() { ItemCategoryQuery::create()->deleteAll(); ItemQuery::create()->deleteAll(); TestQuery::create()->deleteAll(); $this->getACL()->setCaching(true); $this->getACL()->removeObjectRules('test/item'); $user = new User(); $user->setUsername('testuser'); $user->save(); $item1 = new Item(); $item1->setTitle('Item 1'); $item1->save(); $item2 = new Item(); $item2->setTitle('Item test'); $item2->save(); $rule = new Acl(); $rule->setAccess(true); $rule->setObject('test/item'); $rule->setTargetType(\Jarves\ACL::TARGET_TYPE_USER); $rule->setTargetId($user->getId()); $rule->setMode(\Jarves\ACL::MODE_ALL); $rule->setConstraintType(\Jarves\ACL::CONSTRAINT_ALL); $rule->setPrio(2); $rule->save(); $rule = new Acl(); $rule->setAccess(false); $rule->setObject('test/item'); $rule->setTargetType(\Jarves\ACL::TARGET_TYPE_USER); $rule->setTargetId($user->getId()); $rule->setMode(\Jarves\ACL::MODE_ALL); $rule->setConstraintType(\Jarves\ACL::CONSTRAINT_CONDITION); $rule->setConstraintCode(json_encode([['title', 'LIKE', '%test']])); $rule->setPrio(3); $rule->save(); $item1ListingRequest = ACLRequest::create('test/item', $item1->getId())->onlyListingMode()->targetUser($user->getId()); $item2ListingRequest = ACLRequest::create('test/item', $item2->getId())->onlyListingMode()->targetUser($user->getId()); $access1 = $this->getACL()->check($item1ListingRequest); $access2 = $this->getACL()->check($item2ListingRequest); $this->assertTrue($access1, 'item1 has access as the second rule doesnt grab and first rule says all access=true'); $this->assertFalse($access2, 'no access to item2 as we have defined access=false in second rule.'); $user->delete(); $this->getACL()->setCaching(true); $this->getACL()->removeObjectRules('test/item'); }