/**
* @param bool $isAllowed
* @dataProvider dataProviderBoolValues
*/
public function testIsEverythingAllowed($isAllowed)
{
$id = 10;
$this->coreRegistryMock->expects($this->once())->method('registry')->with(\Magento\User\Controller\Adminhtml\User\Role\SaveRole::RESOURCE_ALL_FORM_DATA_SESSION_KEY)->willReturn(true);
if ($isAllowed) {
$this->rootResourceMock->expects($this->exactly(2))->method('getId')->willReturnOnConsecutiveCalls($id, $id);
} else {
$this->rootResourceMock->expects($this->exactly(2))->method('getId')->willReturnOnConsecutiveCalls(11, $id);
}
$this->assertEquals($isAllowed, $this->model->isEverythingAllowed());
}
/**
* @param string $rootResourceId
* @param array $savedData
* @param bool $expectedValue
* @dataProvider isEverythingAllowedWithSavedFromDataProvider
*/
public function testIsEverythingAllowedWithSavedFromData($rootResourceId, $savedData, $expectedValue)
{
$this->registry->expects($this->once())->method('registry')->with(IntegrationController::REGISTRY_KEY_CURRENT_RESOURCE)->willReturn($savedData);
$this->rootResource->expects($this->any())->method('getId')->will($this->returnValue($rootResourceId));
$this->webapiBlock = $this->getWebapiBlock();
$this->assertEquals($expectedValue, $this->webapiBlock->isEverythingAllowed());
}
public function testGrantAllPermissions()
{
$rootResource = 'Magento_All:all';
$this->rootAclResourceMock->expects($this->any())->method('getId')->will($this->returnValue($rootResource));
$this->roleMock->expects($this->any())->method('getId')->will($this->returnValue(self::ROLE_ID));
$this->rulesMock->expects($this->any())->method('setRoleId')->with(self::ROLE_ID)->will($this->returnSelf());
$this->rulesMock->expects($this->any())->method('setResources')->with([$rootResource])->will($this->returnSelf());
$this->rulesMock->expects($this->any())->method('saveRel')->will($this->returnSelf());
$this->integrationAuthorizationService->grantAllPermissions(self::INTEGRATION_ID);
}
/**
* Save ACL resources
*
* @param \Magento\Authorization\Model\Rules $rule
* @return void
* @throws \Magento\Framework\Exception\LocalizedException
*/
public function saveRel(\Magento\Authorization\Model\Rules $rule)
{
try {
$connection = $this->getConnection();
$connection->beginTransaction();
$roleId = $rule->getRoleId();
$condition = ['role_id = ?' => (int) $roleId];
$connection->delete($this->getMainTable(), $condition);
$postedResources = $rule->getResources();
if ($postedResources) {
$row = ['resource_id' => $this->_rootResource->getId(), 'privileges' => '', 'role_id' => $roleId, 'permission' => 'allow'];
// If all was selected save it only and nothing else.
if ($postedResources === [$this->_rootResource->getId()]) {
$insertData = $this->_prepareDataForTable(new \Magento\Framework\DataObject($row), $this->getMainTable());
$connection->insert($this->getMainTable(), $insertData);
} else {
/** Give basic admin permissions to any admin */
$postedResources[] = \Magento\Backend\App\AbstractAction::ADMIN_RESOURCE;
$acl = $this->_aclBuilder->getAcl();
/** @var $resource \Magento\Framework\Acl\AclResource */
foreach ($acl->getResources() as $resourceId) {
$row['permission'] = in_array($resourceId, $postedResources) ? 'allow' : 'deny';
$row['resource_id'] = $resourceId;
$insertData = $this->_prepareDataForTable(new \Magento\Framework\DataObject($row), $this->getMainTable());
$connection->insert($this->getMainTable(), $insertData);
}
}
}
$connection->commit();
$this->_aclCache->clean();
} catch (\Magento\Framework\Exception\LocalizedException $e) {
$connection->rollBack();
throw $e;
} catch (\Exception $e) {
$connection->rollBack();
$this->_logger->critical($e);
}
}
/**
* Get selected resources
*
* @return array|mixed|\string[]
*/
public function getSelectedResources()
{
$selectedResources = $this->getData('selected_resources');
if (empty($selectedResources)) {
$allResource = $this->getCoreRegistry()->registry(SaveRole::RESOURCE_ALL_FORM_DATA_SESSION_KEY);
if ($allResource) {
$selectedResources = [$this->_rootResource->getId()];
} else {
$selectedResources = $this->getCoreRegistry()->registry(SaveRole::RESOURCE_FORM_DATA_SESSION_KEY);
}
if (null === $selectedResources) {
$rid = $this->_request->getParam('rid', false);
$selectedResources = $this->_aclRetriever->getAllowedResourcesByRole($rid);
}
$this->setData('selected_resources', $selectedResources);
}
return $selectedResources;
}
/**
* Save ACL resources
*
* @param \Magento\User\Model\Rules $rule
* @return void
* @throws \Magento\Framework\Model\Exception
*/
public function saveRel(\Magento\User\Model\Rules $rule)
{
try {
$adapter = $this->_getWriteAdapter();
$adapter->beginTransaction();
$roleId = $rule->getRoleId();
$condition = array('role_id = ?' => (int) $roleId);
$adapter->delete($this->getMainTable(), $condition);
$postedResources = $rule->getResources();
if ($postedResources) {
$row = array('resource_id' => $this->_rootResource->getId(), 'privileges' => '', 'role_id' => $roleId, 'permission' => 'allow');
// If all was selected save it only and nothing else.
if ($postedResources === array($this->_rootResource->getId())) {
$insertData = $this->_prepareDataForTable(new \Magento\Framework\Object($row), $this->getMainTable());
$adapter->insert($this->getMainTable(), $insertData);
} else {
$acl = $this->_aclBuilder->getAcl();
/** @var $resource \Magento\Framework\Acl\Resource */
foreach ($acl->getResources() as $resourceId) {
$row['permission'] = in_array($resourceId, $postedResources) ? 'allow' : 'deny';
$row['resource_id'] = $resourceId;
$insertData = $this->_prepareDataForTable(new \Magento\Framework\Object($row), $this->getMainTable());
$adapter->insert($this->getMainTable(), $insertData);
}
}
}
$adapter->commit();
$this->_aclCache->clean();
} catch (\Magento\Framework\Model\Exception $e) {
$adapter->rollBack();
throw $e;
} catch (\Exception $e) {
$adapter->rollBack();
$this->_logger->logException($e);
}
}
/**
* Check if everything is allowed
*
* @return bool
*/
public function isEverythingAllowed()
{
return in_array($this->rootResource->getId(), $this->getSelectedResources());
}
/**
* {@inheritdoc}
*/
public function grantAllPermissions(UserIdentifier $userIdentifier)
{
$this->grantPermissions($userIdentifier, array($this->_rootAclResource->getId()));
}
/**
* @param string $rootResourceId
* @param array $integrationData
* @param array $selectedResources
* @param bool $expectedValue
* @dataProvider isEverythingAllowedProvider
*/
public function testIsEverythingAllowed($rootResourceId, $integrationData, $selectedResources, $expectedValue)
{
$this->webapiBlock = $this->getWebapiBlock($integrationData, $selectedResources);
$this->rootResource->expects($this->once())->method('getId')->will($this->returnValue($rootResourceId));
$this->assertEquals($expectedValue, $this->webapiBlock->isEverythingAllowed());
}
/**
* {@inheritdoc}
*/
public function grantAllPermissions($integrationId)
{
$this->grantPermissions($integrationId, array($this->_rootAclResource->getId()));
}
