public function test_group_permissions() { ACL::create_token( 'acltest', 'A test ACL permission', 'Administration' ); $this->assert_true( ACL::token_exists( 'acltest' ), 'Could not create acltest permission.' ); $this->assert_true( ACL::token_exists( 'acLtEst ' ), 'Permission names are not normalized.' ); $token_id = ACL::token_id( 'acltest' ); ACL::grant_group( $this->acl_group->id, $token_id, 'full' ); $this->assert_true( $this->acl_group->can( 'acltest', 'full' ), 'Could not grant acltest permission to acltest-group.' ); ACL::revoke_group_token( $this->acl_group->id, $token_id ); $this->assert_false( ACL::group_can( $this->acl_group->id, $token_id, 'full' ), 'Could not revoke acltest permission from acltest-group.' ); // check alternate means of granting a permission $this->acl_group->grant( 'acltest', 'full' ); $this->assert_true( $this->acl_group->can( 'acltest', 'full' ), 'Could not grant acltest permission to acltest-group through UserGroup call.' ); // full > read/edit $this->assert_true( $this->acl_group->can( 'acltest', 'read' ), "Group with 'full' acltest permission cannot 'read'." ); $this->assert_true( $this->acl_group->can( 'acltest', 'edit' ), "Group with 'full' acltest permission cannot 'edit'." ); $this->assert_true( $this->acl_group->can( 'acltest', 'full' ), "Group with 'full' acltest permission cannot 'full'." ); $this->assert_exception( 'InvalidArgumentException', "'write' is an invalid token flag." ); $this->acl_group->can( 'acltest', 'write' ); ACL::destroy_token( 'acltest' ); }
/** * Remove one or more permissions from a group * @param mixed a permission ID, name, or array of the same */ public function revoke( $tokens ) { $tokens = Utils::single_array( $tokens ); $tokens = array_map( array( 'ACL', 'token_id' ), $tokens ); foreach ( $tokens as $token ) { ACL::revoke_group_token( $this->id, $token ); } }