public function testRolesParametersAdditivity() { $r1 = new \AJXP_Role("role1"); $r2 = new \AJXP_Role("role2"); $r1->setParameterValue("type.id", "param_name", "param_value1", "repository_id"); $this->assertEquals("param_value1", $r1->filterParameterValue("type.id", "param_name", "repository_id", "anyvalue1")); $r2->setParameterValue("type.id", "param_name", "param_value2", "repository_id"); $r3 = $r2->override($r1); $this->assertEquals("param_value2", $r3->filterParameterValue("type.id", "param_name", "repository_id", "anyvalue")); $r1->setParameterValue("type.id", "param_name", "param_value1", "repository_id"); $r2->setParameterValue("type.id", "param_name", AJXP_VALUE_CLEAR, "repository_id"); $r3 = $r2->override($r1); $this->assertEquals("anyvalue2", $r3->filterParameterValue("type.id", "param_name", "repository_id", "anyvalue2")); $r1->setParameterValue("type.id", "param_name", "param_value1", "repository_id"); $r2->setParameterValue("type.id", "param_name", "", "repository_id"); $r3 = $r2->override($r1); $this->assertEquals("param_value1", $r3->filterParameterValue("type.id", "param_name", "repository_id", "anyvalue2")); }
/** * @param AJXP_Role $role * @return AJXP_Role */ public function override(AJXP_Role $role) { $newRole = new AJXP_Role($role->getId()); $roleAcl = $role->listAcls(); $newAcls = $this->array_merge_recursive2($roleAcl, $this->listAcls()); foreach ($newAcls as $repoId => $rightString) { //if($rightString == AJXP_VALUE_CLEAR) continue; if (empty($rightString) && !empty($roleAcl[$repoId])) { $rightString = $roleAcl[$repoId]; } $newRole->setAcl($repoId, $rightString); } $roleParameters = $role->listParameters(true); $newParams = $this->array_merge_recursive2($roleParameters, $this->listParameters(true)); foreach ($newParams as $repoId => $data) { foreach ($data as $pluginId => $param) { foreach ($param as $parameterName => $parameterValue) { if ($parameterValue === true || $parameterValue === false) { $newRole->setParameterValue($pluginId, $parameterName, $parameterValue, $repoId); continue; } if ($parameterValue == AJXP_VALUE_CLEAR) { continue; } if ($parameterValue === "" && !empty($roleParameters[$repoId][$pluginId][$parameterName])) { $parameterValue = $newParams[$repoId][$pluginId][$parameterName]; } $newRole->setParameterValue($pluginId, $parameterName, $parameterValue, $repoId); } } } $newActions = $this->array_merge_recursive2($role->listActionsStates(), $this->listActionsStates()); foreach ($newActions as $repoId => $data) { foreach ($data as $pluginId => $action) { foreach ($action as $actionName => $actionState) { $newRole->setActionState($pluginId, $actionName, $repoId, $actionState); } } } $roleMasks = $role->listMasks(); $allKeys = array_merge(array_keys($this->masks), array_keys($roleMasks)); foreach ($allKeys as $repoId) { if (isset($roleMasks[$repoId]) && isset($this->masks[$repoId])) { $newRole->setMask($repoId, $roleMasks[$repoId]->override($this->masks[$repoId])); } else { if (isset($roleMasks[$repoId])) { $newRole->setMask($repoId, $roleMasks[$repoId]); } else { $newRole->setMask($repoId, $this->masks[$repoId]); } } } return $newRole; }
/** * @param AJXP_Role $parentRole * @return AJXP_Role */ public static function limitedRoleFromParent($parentUser) { $parentRole = self::getRole("AJXP_USR_/" . $parentUser); if ($parentRole === false) { return null; } // Inherit actions $inheritActions = array(); $cacheInherit = AJXP_PluginsService::getInstance()->loadFromPluginQueriesCache("//server_settings/param[@inherit='true']"); if ($cacheInherit !== null && is_array($cacheInherit)) { $inheritActions = $cacheInherit; } else { $paramNodes = AJXP_PluginsService::searchAllManifests("//server_settings/param[@inherit='true']", "node", false, false, true); if (is_array($paramNodes) && count($paramNodes)) { foreach ($paramNodes as $node) { $paramName = $node->getAttribute("name"); $pluginId = $node->parentNode->parentNode->getAttribute("id"); if (isset($inheritActions[$pluginId])) { $inheritActions[$pluginId] = array(); } $inheritActions[$pluginId][] = $paramName; } } AJXP_PluginsService::getInstance()->storeToPluginQueriesCache("//server_settings/param[@inherit='true']", $inheritActions); } // Clear ACL, Keep disabled actions, keep 'inherit' parameters. $childRole = new AJXP_Role("AJXP_PARENT_USR_/"); $childRole->bunchUpdate(array("ACL" => array(), "ACTIONS" => $parentRole->listAllActionsStates(), "APPLIES" => array(), "PARAMETERS" => array())); $params = $parentRole->listParameters(); foreach ($params as $scope => $plugData) { foreach ($plugData as $pId => $paramData) { if (!isset($inheritActions[$pId])) { continue; } foreach ($paramData as $pName => $pValue) { $childRole->setParameterValue($pId, $pName, $pValue, $scope); } } } return $childRole; }
/** * @param AJXP_Role $role * @return AJXP_Role */ public function override(AJXP_Role $role) { $newRole = new AJXP_Role($role->getId()); $newAcls = $this->array_merge_recursive2($role->listAcls(), $this->listAcls()); foreach ($newAcls as $repoId => $rightString) { if ($rightString == AJXP_VALUE_CLEAR) { continue; } $newRole->setAcl($repoId, $rightString); } $newParams = $this->array_merge_recursive2($role->listParameters(true), $this->listParameters(true)); foreach ($newParams as $repoId => $data) { foreach ($data as $pluginId => $param) { foreach ($param as $parameterName => $parameterValue) { if ($parameterValue === true || $parameterValue === false) { $newRole->setParameterValue($pluginId, $parameterName, $parameterValue, $repoId); continue; } if ($parameterValue == AJXP_VALUE_CLEAR) { continue; } $newRole->setParameterValue($pluginId, $parameterName, $parameterValue, $repoId); } } } $newActions = $this->array_merge_recursive2($role->listActionsStates(), $this->listActionsStates()); foreach ($newActions as $repoId => $data) { foreach ($data as $pluginId => $action) { foreach ($action as $actionName => $actionState) { $newRole->setActionState($pluginId, $actionName, $repoId, $actionState); } } } return $newRole; }