/**
* Test for Mage_Webapi_Model_Authorization_Loader_Resource::populateAcl with invalid Virtual resources DOM
*/
public function testPopulateAclWithInvalidDOM()
{
$this->_config->expects($this->once())->method('getAclVirtualResources')->will($this->returnValue(array(3)));
$this->_acl->expects($this->once())->method('getResources')->will($this->returnValue(array('customer/get', 'customer/list')));
$this->_acl->expects($this->exactly(2))->method('deny')->with(null, $this->logicalOr('customer/get', 'customer/list'));
$this->_model->populateAcl($this->_acl);
}
/**
* Test for Mage_Webapi_Model_Authorization_Loader_Rule::populateAcl without rules
*/
public function testPopulateAclWithoutRules()
{
$this->_ruleResource->expects($this->once())->method('getRuleList')->will($this->returnValue(array()));
$this->_acl->expects($this->never())->method('has');
$this->_acl->expects($this->never())->method('hasRole');
$this->_acl->expects($this->never())->method('allow');
$this->_model->populateAcl($this->_acl);
}
/**
* Test for Mage_Webapi_Model_Authorization_Loader_Role::populateAcl
*
* Test with No existing role Ids
*/
public function testPopulateAclWithNoRoles()
{
$this->_resourceModelMock->expects($this->once())->method('getRolesIds')->will($this->returnValue(array()));
$this->_roleFactory->expects($this->never())->method('createRole');
$this->_acl->expects($this->never())->method('addRole');
$this->_acl->expects($this->never())->method('deny');
$this->_model->populateAcl($this->_acl);
}
/**
* Populate ACL with roles from external storage.
*
* @param Magento_Acl $acl
*/
public function populateAcl(Magento_Acl $acl)
{
$roleList = $this->_roleResource->getRolesIds();
foreach ($roleList as $roleId) {
/** @var $aclRole Mage_Webapi_Model_Authorization_Role */
$aclRole = $this->_roleFactory->createRole(array($roleId));
$acl->addRole($aclRole);
//Deny all privileges to Role. Some of them could be allowed later by whitelist
$acl->deny($aclRole);
}
}
/**
* Populate ACL with rules from external storage.
*
* @param Magento_Acl $acl
*/
public function populateAcl(Magento_Acl $acl)
{
$ruleList = $this->_ruleResource->getRuleList();
foreach ($ruleList as $rule) {
$role = $rule['role_id'];
$resource = $rule['resource_id'];
if ($acl->hasRole($role) && $acl->has($resource)) {
$acl->allow($role, $resource);
}
}
}
/**
* Check whether given role has access to give id
*
* @param string $roleId
* @param string $resourceId
* @param mixed $privilege
* @return bool
*/
public function isAllowed($roleId, $resourceId, $privilege = null)
{
try {
return $this->_acl->isAllowed($roleId, $resourceId, $privilege);
} catch (Exception $e) {
try {
if (!$this->_acl->has($resourceId)) {
return $this->_acl->isAllowed($roleId, null, $privilege);
}
} catch (Exception $e) {
}
}
return false;
}
/**
* Add list of nodes and their children to acl
*
* @param Magento_Acl $acl
* @param DOMNodeList $resources
* @param Magento_Acl_Resource $parent
*/
protected function _addResourceTree(Magento_Acl $acl, DOMNodeList $resources, Magento_Acl_Resource $parent = null)
{
/** @var $resourceConfig DOMElement */
foreach ($resources as $resourceConfig) {
if (!$resourceConfig instanceof DOMElement) {
continue;
}
/** @var $resource Magento_Acl_Resource */
$resource = $this->_resourceFactory->createResource(array($resourceConfig->getAttribute('id')));
$acl->addResource($resource, $parent);
if ($resourceConfig->hasChildNodes()) {
$this->_addResourceTree($acl, $resourceConfig->childNodes, $resource);
}
}
}
/**
* Load virtual resources as sub-resources of existing one.
*
* @param Magento_Acl $acl
*/
protected function _loadVirtualResources(Magento_Acl $acl)
{
$virtualResources = $this->_config->getAclVirtualResources();
/** @var $resourceConfig DOMElement */
foreach ($virtualResources as $resourceConfig) {
if (!$resourceConfig instanceof DOMElement) {
continue;
}
$parent = $resourceConfig->getAttribute('parent');
$resourceId = $resourceConfig->getAttribute('id');
if ($acl->has($parent) && !$acl->has($resourceId)) {
/** @var $resource Magento_Acl_Resource */
$resource = $this->_resourceFactory->createResource(array($resourceId));
$acl->addResource($resource, $parent);
}
}
}
/**
* Populate ACL with rules from external storage
*
* @param Magento_Acl $acl
*/
public function populateAcl(Magento_Acl $acl)
{
$ruleTable = $this->_resource->getTableName("admin_rule");
$adapter = $this->_resource->getConnection('read');
$select = $adapter->select()->from(array('r' => $ruleTable));
$rulesArr = $adapter->fetchAll($select);
foreach ($rulesArr as $rule) {
$role = $rule['role_type'] . $rule['role_id'];
$resource = $rule['resource_id'];
$privileges = !empty($rule['privileges']) ? explode(',', $rule['privileges']) : null;
if ($rule['permission'] == 'allow') {
if ($resource === Mage_Backend_Model_Acl_Config::ACL_RESOURCE_ALL) {
$acl->allow($role, null, $privileges);
}
$acl->allow($role, $resource, $privileges);
} else {
if ($rule['permission'] == 'deny') {
$acl->deny($role, $resource, $privileges);
}
}
}
}
/**
* Populate ACL with roles from external storage
*
* @param Magento_Acl $acl
*/
public function populateAcl(Magento_Acl $acl)
{
$roleTableName = $this->_resource->getTableName('admin_role');
$adapter = $this->_resource->getConnection('read');
$select = $adapter->select()->from($roleTableName)->order('tree_level');
foreach ($adapter->fetchAll($select) as $role) {
$parent = $role['parent_id'] > 0 ? Mage_User_Model_Acl_Role_Group::ROLE_TYPE . $role['parent_id'] : null;
switch ($role['role_type']) {
case Mage_User_Model_Acl_Role_Group::ROLE_TYPE:
$roleId = $role['role_type'] . $role['role_id'];
$acl->addRole($this->_objectFactory->getModelInstance('Mage_User_Model_Acl_Role_Group', array('roleId' => $roleId)), $parent);
break;
case Mage_User_Model_Acl_Role_User::ROLE_TYPE:
$roleId = $role['role_type'] . $role['user_id'];
if (!$acl->hasRole($roleId)) {
$acl->addRole($this->_objectFactory->getModelInstance('Mage_User_Model_Acl_Role_User', array('roleId' => $roleId)), $parent);
} else {
$acl->addRoleParent($roleId, $parent);
}
break;
}
}
}
