public function test_group_permissions()
{
ACL::create_token( 'acltest', 'A test ACL permission', 'Administration' );
$this->assert_true(
ACL::token_exists( 'acltest' ),
'Could not create acltest permission.'
);
$this->assert_true(
ACL::token_exists( 'acLtEst ' ),
'Permission names are not normalized.'
);
$token_id = ACL::token_id( 'acltest' );
ACL::grant_group( $this->acl_group->id, $token_id, 'full' );
$this->assert_true(
$this->acl_group->can( 'acltest', 'full' ),
'Could not grant acltest permission to acltest-group.'
);
ACL::revoke_group_token( $this->acl_group->id, $token_id );
$this->assert_false(
ACL::group_can( $this->acl_group->id, $token_id, 'full' ),
'Could not revoke acltest permission from acltest-group.'
);
// check alternate means of granting a permission
$this->acl_group->grant( 'acltest', 'full' );
$this->assert_true(
$this->acl_group->can( 'acltest', 'full' ),
'Could not grant acltest permission to acltest-group through UserGroup call.'
);
// full > read/edit
$this->assert_true(
$this->acl_group->can( 'acltest', 'read' ),
"Group with 'full' acltest permission cannot 'read'."
);
$this->assert_true(
$this->acl_group->can( 'acltest', 'edit' ),
"Group with 'full' acltest permission cannot 'edit'."
);
$this->assert_true(
$this->acl_group->can( 'acltest', 'full' ),
"Group with 'full' acltest permission cannot 'full'."
);
$this->assert_exception( 'InvalidArgumentException', "'write' is an invalid token flag." );
$this->acl_group->can( 'acltest', 'write' );
ACL::destroy_token( 'acltest' );
}
/**
* Remove one or more permissions from a group
* @param mixed a permission ID, name, or array of the same
*/
public function revoke( $tokens )
{
$tokens = Utils::single_array( $tokens );
$tokens = array_map( array( 'ACL', 'token_id' ), $tokens );
foreach ( $tokens as $token ) {
ACL::revoke_group_token( $this->id, $token );
}
}
