Author: Nick Sagona, III (nick@popphp.org)
Esempio n. 1
0
 /**
  * Get all roles, resources and permissions
  *
  * @param  int $typeId
  * @return array
  */
 public static function getAllRoles($typeId)
 {
     $results = array('roles' => array(), 'resources' => array());
     if (null !== $typeId) {
         $roles = self::findAll('id ASC', array('type_id' => $typeId));
         if (isset($roles->rows[0])) {
             foreach ($roles->rows as $role) {
                 $r = \Pop\Auth\Role::factory($role->name);
                 $results['resources'][$role->name] = array('allow' => array(), 'deny' => array());
                 $permissions = null !== $role->permissions ? unserialize($role->permissions) : array();
                 if (isset($permissions[0])) {
                     foreach ($permissions as $permission) {
                         if (!isset($results['resources'][$role->name]['allow'][$permission['resource']])) {
                             if ($permission['allow']) {
                                 $results['resources'][$role->name]['allow'][$permission['resource']] = array();
                             } else {
                                 if (!isset($results['resources'][$role->name]['deny'][$permission['resource']])) {
                                     $results['resources'][$role->name]['deny'][$permission['resource']] = array();
                                 }
                             }
                         }
                         if ($permission['permission'] != '') {
                             $r->addPermission($permission['permission']);
                             if ($permission['resource'] != '') {
                                 if ($permission['allow']) {
                                     $results['resources'][$role->name]['allow'][$permission['resource']][] = $permission['permission'];
                                 } else {
                                     $results['resources'][$role->name]['deny'][$permission['resource']][] = $permission['permission'];
                                 }
                             }
                         }
                     }
                 }
                 $results['roles'][] = $r;
             }
         }
     }
     return $results;
 }
Esempio n. 2
0
 public function testToString()
 {
     $e = Role::factory('editor');
     $this->assertEquals('editor', (string) $e);
 }
Esempio n. 3
0
<?php

require_once '../../bootstrap.php';
use Pop\Auth;
use Pop\Nav\Nav;
try {
    $page = new Auth\Resource('page');
    $user = new Auth\Resource('user');
    $basic = Auth\Role::factory('basic')->addPermission('add');
    $editor = Auth\Role::factory('editor')->addPermission('add')->addPermission('edit');
    $acl = new Auth\Acl();
    $acl->addRoles(array($basic, $editor));
    $acl->addResources(array($page, $user));
    $acl->allow('basic', 'page', array('add'))->allow('editor', 'page')->allow('editor', 'user');
    $tree = array(array('name' => 'Pages', 'href' => '/pages', 'children' => array(array('name' => 'Add Page', 'href' => 'add', 'acl' => array('resource' => 'page', 'permission' => 'add')), array('name' => 'Edit Page', 'href' => 'edit', 'acl' => array('resource' => 'page', 'permission' => 'edit')))), array('name' => 'Users', 'href' => '/users', 'acl' => array('resource' => 'user'), 'children' => array(array('name' => 'Add User', 'href' => 'add'), array('name' => 'Edit User', 'href' => 'edit'))));
    $config = array('top' => array('id' => 'main-nav'));
    $nav = new Nav($tree, $config);
    $nav->setAcl($acl)->setRole($editor);
    echo $nav;
} catch (\Exception $e) {
    echo $e->getMessage();
}
Esempio n. 4
0
 public function testBuildRoleException()
 {
     $_SERVER['REQUEST_URI'] = '/first';
     $this->setExpectedException('Pop\\Nav\\Exception');
     $page = new Auth\Resource('page');
     $user = new Auth\Resource('user');
     $basic = Auth\Role::factory('basic')->addPermission('add');
     $editor = Auth\Role::factory('editor')->addPermission('add')->addPermission('edit');
     $acl = new Auth\Acl();
     $acl->addRoles(array($basic, $editor));
     $acl->addResources(array($page, $user));
     $acl->allow('basic', 'page', array('add'))->allow('editor', 'page')->allow('editor', 'user');
     $tree = array(array('name' => 'Pages', 'href' => '/pages', 'children' => array(array('name' => 'Add Page', 'href' => 'add', 'acl' => array('resource' => 'page', 'permission' => 'add')), array('name' => 'Edit Page', 'href' => 'edit', 'acl' => array('resource' => 'page', 'permission' => 'edit')))), array('name' => 'Users', 'href' => '/users', 'acl' => array('resource' => 'user'), 'children' => array(array('name' => 'Add User', 'href' => 'add'), array('name' => 'Edit User', 'href' => 'edit'))));
     $n = new Nav($tree);
     $n->setAcl($acl);
     $r = $n->render(true);
 }
Esempio n. 5
0
 public function testIsDeniedNoResource()
 {
     $editor = Role::factory('editor');
     $a = Acl::factory($editor);
     $a->deny('editor');
     $this->assertTrue($a->isDenied($editor, 'page'));
     $this->assertTrue($a->hasResource('page'));
 }
Esempio n. 6
0
<?php

require_once '../../bootstrap.php';
use Pop\Auth\Acl;
use Pop\Auth\Role;
use Pop\Auth\Resource;
try {
    // Create some resources
    $page = new Resource('page');
    $template = new Resource('template');
    // Create some roles with permissions
    $reader = Role::factory('reader')->addPermission('read');
    $editor = Role::factory('editor')->addPermission('edit');
    $publisher = Role::factory('publisher')->addPermission('publish');
    $admin = Role::factory('admin')->addPermission('admin');
    // Add roles as child roles to demonstrate inheritance
    $reader->addChild($editor->addChild($publisher->addChild($admin)));
    $acl = new Acl();
    $acl->addRoles(array($reader, $editor, $publisher, $admin));
    $acl->addResources(array($page, $template));
    $acl->allow('reader', 'page', 'read')->allow('editor', 'page', array('read', 'edit'))->allow('publisher', 'page')->allow('publisher', 'template', 'read')->allow('admin');
    $acl->deny('editor', 'page', 'read');
    $user = $editor;
    if ($acl->isAllowed($user, 'page', 'edit')) {
        echo 'Yes.<br /><br />';
    } else {
        echo 'No.<br /><br />';
    }
} catch (\Exception $e) {
    echo $e->getMessage() . PHP_EOL . PHP_EOL;
}
Esempio n. 7
0
 /**
  * Method to determine if the user is denied
  *
  * @param  \Pop\Auth\Role $user
  * @param  string         $resource
  * @param  string         $permission
  * @throws \Pop\Auth\Exception
  * @return boolean
  */
 public function isDenied(\Pop\Auth\Role $user, $resource = null, $permission = null)
 {
     $result = false;
     if (!isset($this->roles[$user->getName()])) {
         throw new Exception('Error: That role has not been added.');
     }
     if (null !== $resource && !isset($this->resources[$resource])) {
         $this->addResource($resource);
     }
     // Check if the user, resource and/or permission is denied
     if (isset($this->denied[$user->getName()])) {
         if (count($this->denied[$user->getName()]) > 0) {
             if (null !== $resource && array_key_exists($resource, $this->denied[$user->getName()])) {
                 if (count($this->denied[$user->getName()][$resource]) > 0) {
                     if (null !== $permission && in_array($permission, $this->denied[$user->getName()][$resource])) {
                         $result = true;
                     }
                 } else {
                     $result = true;
                 }
             }
         } else {
             $result = true;
         }
     }
     return $result;
 }