public function setUp() { Access::config(array( 'test_rulebased' => array( 'adapter' => 'Rules' ) )); }
public function testNoConfigurations() { Access::reset(); $this->assertIdentical(array(), Access::config()); $this->expectException("Configuration `test_no_config` has not been defined."); Access::check('test_no_config', false, new Request()); }
public function setUp() { Access::config(array( 'test_access' => array( 'adapter' => 'Simple' ) )); }
public function testNoRolesConfigured() { $request = new Request(); $config = Access::config('test_no_roles_configured'); $request->params = array('controller' => 'Tests', 'action' => 'granted'); $this->assertTrue(empty($config['roles'])); $this->expectException('No roles defined for adapter configuration.'); Access::check('test_no_roles_configured', array('guest' => null), $request); }
<?php /** * li3_access configuration file */ use lithium\security\Auth; use li3_access\security\Access; /** * Auth configurations * Users authorized trough 'inactive' configuration gets message about inactive account! */ Auth::config(array('default' => array('adapter' => 'Form', 'scope' => array('active' => true), 'query' => 'firstWithGroup'), 'inactive' => array('adapter' => 'Form', 'scope' => array('active' => false)))); /** * Access adapters configurations * For details se `li3_access` documentation */ Access::config(array('acl' => array('adapter' => 'DbAcl'), 'rules' => array('adapter' => 'Rules')));
FlashMessage::write($action_access['message'], 'default'); if ($user) { header('Location: ' . Router::match($action_access['redirect'])); } else { header('Location: ' . Router::match(array('library' => 'li3b_users', 'controller' => 'users', 'action' => 'login'))); } // None shall pass. exit; } } // Sets the current user in each request for convenience. $params['request']->user = $user; return $next; // return $chain->next($self, $params, $chain); }); Access::config(array('default' => array('adapter' => 'Rules', 'filters' => array()))); // Set some basic rules to be used from anywhere // Allow access for users with a role of "administrator" or "content_editor" Access::adapter('default')->add('allowManagers', function ($user, $request, $options) { if ($user && ($user['role'] == 'administrator' || $user['role'] == 'content_editor')) { return true; } return false; }); // Restrict access to documents that have a published field marked as true // (except for users with a role of "administrator" or "content_editor") Access::adapter('default')->add('allowIfPublished', function ($user, $request, $options) { if (isset($options['document']['published']) && $options['document']['published'] === true) { return true; } if ($user && ($user['role'] == 'administrator' || $user['role'] == 'content_editor')) {
* * Of course, alternatively, a 3rd party library could use Access in any way it * needs and/or use a completely different system for access control. */ use \lithium\action\Dispatcher; use \lithium\action\Response; use li3_access\security\Access; use \lithium\security\Auth; Access::config(array( 'minerva_access' => array( 'adapter' => 'Rules', // optional filters applied for each configuration 'filters' => array( /*function($self, $params, $chain) { // Any config can have filters that get applied var_dump('filter on check, applied from Access::confg() in minerva_boostrap.php'); exit(); return $chain->next($self, $params, $chain); }*/ ) ) )); // Set some rules to be used from anywhere // Allow access for users with a role of "administrator" or "content_editor" Access::adapter('minerva_access')->add('allowManagers', function($user, $request, $options) { if(($user) && ($user['role'] == 'administrator' || $user['role'] == 'content_editor')) { return true; } return false;
public function setUp() { Auth::clear('user'); $this->_request = new Request(array( 'params' => array( 'library' => 'test_library', 'controller' => 'test_controllers', 'action' => 'test_action' ) )); Auth::config(array( 'user' => array( 'adapter' => 'li3_access\tests\mocks\extensions\adapter\auth\MockAuthAdapter' ) )); Access::config(array( 'no_roles' => array( 'adapter' => 'AuthRbac' ), 'test_check' => array( 'adapter' => 'AuthRbac', 'roles' => array( array( 'resources' => 'user', 'match' => '*::*' ), array( 'resources' => 'user', 'match' => 'Pages::index' ) ) ), 'test_closures' => array( 'adapter' => 'AuthRbac', 'roles' => array( array( 'resources' => '*', 'allow' => array(function($request, &$roleOptions) { $roleOptions['message'] = 'Test allow options set.'; return $request->params['allow']; }), 'match' => array( function($request) { return $request->params['match']; }, 'controller' => 'TestControllers', 'action' => 'test_action' ) ) ) ), 'test_option_override' => array( 'adapter' => 'AuthRbac', 'roles' => array( array( 'allow' => false, 'resources' => '*', 'match' => '*::*' ), array( 'message' => 'Rule access denied message.', 'redirect' => '/', 'options' => array( 'class' => 'notice' ), 'resources' => 'user', 'match' => 'TestControllers::test_action' ), array( 'message' => 'Test no overwrite.', 'redirect' => 'Test::no_overwrite', 'match' => null ) ) ) )); }