This method describes all available resources
public static getAll ( $raw = false ) : ArrayObject | ||
Résultat | ArrayObject | Returns array looks like [ resource_id => [name, description, resourceGroup, [[permission_id => description)][, ModeInterface]] ] Third value of array is optional and determines unique permissions for specified resource which can be allowed or forbidden separately. Forth value of the array is optional Resource Mode. |
/** * Verifies that Full access role is defined properly. * * All existing resources must be defined and allowed for this role. * All existing resource unique permissions must be defined and allowed for this role. * * @test * @dataProvider providerPredefinedRoles */ public function testPredefinedRoles($roleId, $allowed) { if (\Scalr::config('scalr.phpunit.skip_functional_tests')) { $this->markTestSkipped(); } $acl = \Scalr::getContainer()->acl; $role = $acl->getRole($roleId); $this->assertInstanceOf('Scalr\\Acl\\Role\\RoleObject', $role); $this->assertNotEmpty($role->getName(), 'Role name must be defined'); $this->assertEquals($roleId, $role->getRoleId()); $roleResources = $role->getResources(); $this->assertInstanceOf('ArrayObject', $roleResources); /* @var $resourceDefinition Resource\ResourceObject */ foreach (Resource\Definition::getAll() as $resourceId => $resourceDefinition) { // Absence of the record is considered as forbidden if (!$allowed && !isset($roleResources[$resourceId])) { continue; } $this->assertTrue(isset($roleResources[$resourceId]), sprintf('All resources must be defined for the %s role. ' . 'You should add records to the acl_role_resources table with role_id(%d)', $role->getName(), self::ROLE_FULL_ACCESS)); /* @var $resource Role\RoleResourceObject */ $resource = $roleResources[$resourceId]; $this->assertTrue($resource->isGranted() == $allowed, sprintf('%s resource must be %s for the %s role', $resourceDefinition->getName(), $allowed ? 'allowed' : 'forbidden', $role->getName())); $permissions = $resource->getPermissions(); $this->assertInstanceOf('ArrayObject', $permissions); foreach ($resourceDefinition->getPermissions() as $permissionId => $description) { // Absence of the record is considered as forbidden if (!$allowed && !isset($permissions[$permissionId])) { continue; } $this->assertTrue(isset($permissions[$permissionId]), sprintf('Permission [%s - %s] must be defined for the %s role. ' . 'You should add record to the acl_role_resource_permission table with ' . 'key (role_id[%d], resource_id[0x%x], perm_id[%s]).', $resourceDefinition->getName(), $permissionId, $role->getName(), $role->getRoleId(), $resource->getResourceId(), $permissionId)); /* @var $permission Role\RoleResourcePermissionObject */ $permission = $permissions[$permissionId]; $this->assertInstanceOf('Scalr\\Acl\\Role\\RoleResourcePermissionObject', $permission); $this->assertTrue($permission->isGranted() == $allowed, sprintf('Permission [%s - %s] must be %s for the %s role.', $resourceDefinition->getName(), $permissionId, $allowed ? 'allowed' : 'forbidden', $role->getName())); } } }
/** * Gets missing records for predefined global ACL roles: Full Access and Everything forbidden. * * @return string Returns sql script output that adds missing records */ public function getMissingRecords() { $output = array(); foreach (array(array(self::ROLE_ID_FULL_ACCESS, true), array(self::ROLE_ID_EVERYTHING_FORBIDDEN, false)) as $v) { $roleId = $v[0]; $allowed = $v[1]; $role = $this->getRole($roleId); $roleResources = $role->getResources(); foreach (Resource\Definition::getAll() as $resourceId => $resourceDefinition) { // Absence of the record is considered as forbidden if (!$allowed && !isset($roleResources[$resourceId])) { continue; } if (!isset($roleResources[$resourceId])) { $output .= sprintf("INSERT `acl_role_resources` " . "SET `role_id` = %d, `resource_id` = 0x%x, `granted` = %d;\n", $roleId, $resourceId, (int) $allowed); $roleResources[$resourceId] = new Role\RoleResourceObject($roleId, $resourceId, $allowed); } $resource = $roleResources[$resourceId]; if ($resource->isGranted() != $allowed) { $output .= sprintf("UPDATE `acl_role_resources` " . "SET `granted` = %d; WHERE `role_id` = %d AND `resource_id` = 0x%x;\n", (int) $allowed, $roleId, $resourceId); } $permissions = $resource->getPermissions(); foreach ($resourceDefinition->getPermissions() as $permissionId => $description) { // Absence of the record is considered as forbidden if (!$allowed && !isset($permissions[$permissionId])) { continue; } if (!isset($permissions[$permissionId])) { $output .= sprintf("INSERT `acl_role_resource_permissions` " . "SET `role_id` = %d, `resource_id` = 0x%x, `perm_id` = '%s', `granted` = %d;\n", $roleId, $resourceId, $permissionId, (int) $allowed); $permissions[$permissionId] = new Role\RoleResourcePermissionObject($roleId, $resourceId, $permissionId, $allowed); } $permission = $permissions[$permissionId]; if ($permission->isGranted() != $allowed) { $output .= sprintf("UPDATE `acl_role_resource_permissions` SET `granted` = %d; " . "WHERE `role_id` = %d AND `resource_id` = 0x%x AND `perm_id` = '%s';\n", (int) $allowed, $roleId, $resourceId, $permissionId); } } unset($permissions); } unset($role); unset($roleResources); } return $output; }
/** * Gets all resources * * Current exclude filters will be applied. * This method will return all predefined resources with its names * * @return array Returns array looks like * array(array( * 'id' => resource_id, * 'name' => resource_name, * 'group' => associative_group, * 'granted' => [1|0] is resource allowed, * 'permissions' => array( * permissionId => [1|0] is permission allowed * ), * )) */ public function getArray() { $groupOrder = Acl::getGroups(); $ret = array(); foreach (Resource\Definition::getAll() as $resource) { /* @var $resource Resource\ResourceObject */ $rec = array('id' => $resource->getResourceId(), 'name' => $resource->getName(), 'group' => $resource->getGroup(), 'groupOrder' => isset($groupOrder[$resource->getGroup()]) ? $groupOrder[$resource->getGroup()] : 0, 'granted' => $this->isAllowed($resource->getResourceId()) ? 1 : 0); $permissions = $resource->getPermissions(); if (!empty($permissions)) { $rec['permissions'] = array(); foreach ($permissions as $permissionId => $description) { $rec['permissions'][$permissionId] = $this->isAllowed($resource->getResourceId(), $permissionId) ? 1 : 0; } } $ret[] = $rec; } return $ret; }
/** * Gets iterator of all predefined resources with unique permissions * * @return \ArrayIterator */ public function getIteratorResources() { return Resource\Definition::getAll()->getIterator(); }
/** * @test */ public function testGetAll() { $definition = Definition::getAll(); $this->assertInstanceOf('ArrayObject', $definition); $this->assertNotEmpty($definition); }