use Mocks\Examples\User;
use Ovide\Libs\Mvc\Rest\App;
use Phalcon\Acl;
use Ovide\Libs\Mvc\Rest\ContentType\XmlEncoder;
App::reset();
$app = App::instance();
$handlers = $app->getHandlers();
$accept = $handlers[\Ovide\Libs\Mvc\Rest\HeaderHandler\Accept::HEADER];
$accept->setAcceptable(XmlEncoder::CONTENT_TYPE, XmlEncoder::class);
$app->mountResource(User::class);
$app->di->set('acl', function () {
$guest = new Acl\Role('guest');
$user = new Acl\Role('user');
$root = new Acl\Role('root');
$users = new Acl\Resource('users');
$acl = new Acl\Adapter\Memory();
$acl->addRole($guest);
$acl->addRole($user, $guest);
$acl->addRole($root, $user);
$acl->addResource($users, ['delete', 'get', 'getOne', 'post', 'put', 'putSelf', 'getSelf', 'deleteSelf']);
$acl->allow('guest', 'users', ['post']);
$acl->allow('user', 'users', ['getSelf', 'deleteSelf', 'putSelf']);
$acl->deny('user', 'users', 'post');
$acl->allow('root', 'users', '*');
$acl->setDefaultAction(Acl::DENY);
//Sets 'gest' as active role
$acl->isAllowed('guest', '', '');
return $acl;
}, true);
return $app;
public function isAllowed($roleName, $resourceName, $access)
{
return parent::isAllowed($roleName, $resourceName, $access);
}
public function isAllowed($roleName, $resourceName, $access, array $parameters = null)
{
return parent::isAllowed($roleName, $resourceName, $access, $parameters);
}
protected function assertAclIsConfiguredAsExpected(\Phalcon\Acl\Adapter\Memory $acl, \Phalcon\Config $config)
{
// assert default action
$this->assertEquals(\Phalcon\Acl::DENY, $acl->getDefaultAction());
// assert resources
$resources = $acl->getResources();
$this->assertInternalType('array', $resources);
$indexResource = $resources[0];
$testResource = $resources[1];
$this->assertEquals('index', $indexResource->getName());
$this->assertEquals('test', $testResource->getName());
$this->assertEquals($config->acl->resource->index->description, $indexResource->getDescription());
$this->assertEquals($config->acl->resource->test->description, $testResource->getDescription());
// assert roles
$roles = $acl->getRoles();
$this->assertInternalType('array', $roles);
$guestRole = $roles[0];
$userRole = $roles[1];
$this->assertEquals('guest', $guestRole->getName());
$this->assertEquals('user', $userRole->getName());
$this->assertEquals($config->acl->role->guest->description, $guestRole->getDescription());
$this->assertEquals($config->acl->role->user->description, $userRole->getDescription());
// assert guest rules
$this->assertTrue($acl->isAllowed('guest', 'index', 'index'));
$this->assertFalse($acl->isAllowed('guest', 'test', 'index'));
// assert user rules
// inherited from guest
$this->assertTrue($acl->isAllowed('user', 'index', 'index'));
$this->assertTrue($acl->isAllowed('user', 'test', 'index'));
}
/**
* Tests the negation of inherited roles
*
* @issue T65
*/
public function testNegationOfInheritedRoles_T65()
{
$acl = new PhAclMem();
$acl->setDefaultAction(PhAcl::DENY);
$acl->addRole('Guests');
$acl->addRole('Members', 'Guests');
$acl->addResource('Login', array('index'));
$acl->allow('Guests', 'Login', 'index');
$acl->deny('Members', 'Login', 'index');
$actual = (bool) $acl->isAllowed('Members', 'Login', 'index');
$this->assertFalse($actual, 'Negation of inherited roles not correct');
}
