/**
* @test
*/
public function hasRoleWorks()
{
$account = new Account();
$account->setRoles(array($this->administratorRole));
$this->assertTrue($account->hasRole($this->administratorRole));
$this->assertFalse($account->hasRole($this->customerRole));
}
/**
* @test
*/
public function hasRoleReturnsFalseForAssignedButNonExistentRole()
{
$this->inject($this->account, 'roleIdentifiers', array('Acme.Demo:NoLongerThere', $this->administratorRole->getIdentifier()));
$this->assertTrue($this->account->hasRole($this->administratorRole));
$this->assertFalse($this->account->hasRole(new Role('Acme.Demo:NoLongerThere')));
}
/**
* @param \Ag\Login\Domain\Model\Role $role
* @return bool
*/
public function hasRole($role)
{
return $this->login->hasRole($this->roleToFlowRole($role));
}
/**
* Removes the specified role from the given account and potentially carries out further actions which are needed to
* properly reflect these changes.
*
* @param Account $account The account to remove roles from
* @param string $roleIdentifier A fully qualified role identifier, or a role identifier relative to the TYPO3.Neos namespace
* @return integer How often this role has been removed from the given account (effectively can be 1 or 0)
* @api
*/
public function removeRoleFromAccount(Account $account, $roleIdentifier)
{
$roleIdentifier = $this->normalizeRoleIdentifier($roleIdentifier);
$role = $this->policyService->getRole($roleIdentifier);
/** @var Account $account */
if ($account->hasRole($role)) {
$account->removeRole($role);
$this->accountRepository->update($account);
$this->emitRolesRemoved($account, array($role));
return 1;
}
return 0;
}
/**
* renders <f:then> child if the role could be found in the security context,
* otherwise renders <f:else> child.
*
* @param string $role The role or role identifier
* @param string $packageKey PackageKey of the package defining the role
* @param Account $account If specified, this subject of this check is the given Account instead of the currently authenticated account
* @return string the rendered string
* @api
*/
public function render($role, $packageKey = null, Account $account = null)
{
if (is_string($role)) {
$roleIdentifier = $role;
if (in_array($roleIdentifier, array('Everybody', 'Anonymous', 'AuthenticatedUser'))) {
$roleIdentifier = 'TYPO3.Flow:' . $roleIdentifier;
}
if (strpos($roleIdentifier, '.') === false && strpos($roleIdentifier, ':') === false) {
if ($packageKey === null) {
$request = $this->controllerContext->getRequest();
$roleIdentifier = $request->getControllerPackageKey() . ':' . $roleIdentifier;
} else {
$roleIdentifier = $packageKey . ':' . $roleIdentifier;
}
}
$role = $this->policyService->getRole($roleIdentifier);
}
if ($account instanceof Account) {
$hasRole = $account->hasRole($role);
} else {
$hasRole = $this->securityContext->hasRole($role->getIdentifier());
}
if ($hasRole) {
return $this->renderThenChild();
} else {
return $this->renderElseChild();
}
}
/**
* {@inheritDoc}
*/
public function hasRole(\TYPO3\Flow\Security\Policy\Role $role)
{
$this->__initializer__ && $this->__initializer__->__invoke($this, 'hasRole', array($role));
return parent::hasRole($role);
}
/**
* Adds new roles from CAS server since last authentication if some was added in CAS-Server.
* Is used only if Account was persisted. See persistAccount() method.
*
* @param string $providerName Provider name. WARNING: not in settings set useStaticProviderNameByPersistingAccounts.
* @param Account $account
*
* @return void
*
* @todo : move persistAll() at shutdown
*/
private function updateRolesInAccount($providerName, Account &$account)
{
$casAttributes = $this->casManager->getCasAttributes($providerName);
$casServerRoles = $this->getRoles($providerName, $casAttributes);
$accountMustBeUpdated = false;
foreach ($casServerRoles as $casServerRole) {
$accountMustBeUpdated = $accountMustBeUpdated == true ? $accountMustBeUpdated : !$account->hasRole($casServerRole);
$account->addRole($casServerRole);
}
if ($accountMustBeUpdated) {
$this->accountRepository->update($account);
}
$this->persistenceManager->persistAll();
}
