/** * Test for Mage_Webapi_Model_Authorization_Loader_Resource::populateAcl with invalid Virtual resources DOM */ public function testPopulateAclWithInvalidDOM() { $this->_config->expects($this->once())->method('getAclVirtualResources')->will($this->returnValue(array(3))); $this->_acl->expects($this->once())->method('getResources')->will($this->returnValue(array('customer/get', 'customer/list'))); $this->_acl->expects($this->exactly(2))->method('deny')->with(null, $this->logicalOr('customer/get', 'customer/list')); $this->_model->populateAcl($this->_acl); }
/** * Test for Mage_Webapi_Model_Authorization_Loader_Rule::populateAcl without rules */ public function testPopulateAclWithoutRules() { $this->_ruleResource->expects($this->once())->method('getRuleList')->will($this->returnValue(array())); $this->_acl->expects($this->never())->method('has'); $this->_acl->expects($this->never())->method('hasRole'); $this->_acl->expects($this->never())->method('allow'); $this->_model->populateAcl($this->_acl); }
/** * Test for Mage_Webapi_Model_Authorization_Loader_Role::populateAcl * * Test with No existing role Ids */ public function testPopulateAclWithNoRoles() { $this->_resourceModelMock->expects($this->once())->method('getRolesIds')->will($this->returnValue(array())); $this->_roleFactory->expects($this->never())->method('createRole'); $this->_acl->expects($this->never())->method('addRole'); $this->_acl->expects($this->never())->method('deny'); $this->_model->populateAcl($this->_acl); }
/** * Populate ACL with roles from external storage. * * @param Magento_Acl $acl */ public function populateAcl(Magento_Acl $acl) { $roleList = $this->_roleResource->getRolesIds(); foreach ($roleList as $roleId) { /** @var $aclRole Mage_Webapi_Model_Authorization_Role */ $aclRole = $this->_roleFactory->createRole(array($roleId)); $acl->addRole($aclRole); //Deny all privileges to Role. Some of them could be allowed later by whitelist $acl->deny($aclRole); } }
/** * Populate ACL with rules from external storage. * * @param Magento_Acl $acl */ public function populateAcl(Magento_Acl $acl) { $ruleList = $this->_ruleResource->getRuleList(); foreach ($ruleList as $rule) { $role = $rule['role_id']; $resource = $rule['resource_id']; if ($acl->hasRole($role) && $acl->has($resource)) { $acl->allow($role, $resource); } } }
/** * Check whether given role has access to give id * * @param string $roleId * @param string $resourceId * @param mixed $privilege * @return bool */ public function isAllowed($roleId, $resourceId, $privilege = null) { try { return $this->_acl->isAllowed($roleId, $resourceId, $privilege); } catch (Exception $e) { try { if (!$this->_acl->has($resourceId)) { return $this->_acl->isAllowed($roleId, null, $privilege); } } catch (Exception $e) { } } return false; }
/** * Add list of nodes and their children to acl * * @param Magento_Acl $acl * @param DOMNodeList $resources * @param Magento_Acl_Resource $parent */ protected function _addResourceTree(Magento_Acl $acl, DOMNodeList $resources, Magento_Acl_Resource $parent = null) { /** @var $resourceConfig DOMElement */ foreach ($resources as $resourceConfig) { if (!$resourceConfig instanceof DOMElement) { continue; } /** @var $resource Magento_Acl_Resource */ $resource = $this->_resourceFactory->createResource(array($resourceConfig->getAttribute('id'))); $acl->addResource($resource, $parent); if ($resourceConfig->hasChildNodes()) { $this->_addResourceTree($acl, $resourceConfig->childNodes, $resource); } } }
/** * Load virtual resources as sub-resources of existing one. * * @param Magento_Acl $acl */ protected function _loadVirtualResources(Magento_Acl $acl) { $virtualResources = $this->_config->getAclVirtualResources(); /** @var $resourceConfig DOMElement */ foreach ($virtualResources as $resourceConfig) { if (!$resourceConfig instanceof DOMElement) { continue; } $parent = $resourceConfig->getAttribute('parent'); $resourceId = $resourceConfig->getAttribute('id'); if ($acl->has($parent) && !$acl->has($resourceId)) { /** @var $resource Magento_Acl_Resource */ $resource = $this->_resourceFactory->createResource(array($resourceId)); $acl->addResource($resource, $parent); } } }
/** * Populate ACL with rules from external storage * * @param Magento_Acl $acl */ public function populateAcl(Magento_Acl $acl) { $ruleTable = $this->_resource->getTableName("admin_rule"); $adapter = $this->_resource->getConnection('read'); $select = $adapter->select()->from(array('r' => $ruleTable)); $rulesArr = $adapter->fetchAll($select); foreach ($rulesArr as $rule) { $role = $rule['role_type'] . $rule['role_id']; $resource = $rule['resource_id']; $privileges = !empty($rule['privileges']) ? explode(',', $rule['privileges']) : null; if ($rule['permission'] == 'allow') { if ($resource === Mage_Backend_Model_Acl_Config::ACL_RESOURCE_ALL) { $acl->allow($role, null, $privileges); } $acl->allow($role, $resource, $privileges); } else { if ($rule['permission'] == 'deny') { $acl->deny($role, $resource, $privileges); } } } }
/** * Populate ACL with roles from external storage * * @param Magento_Acl $acl */ public function populateAcl(Magento_Acl $acl) { $roleTableName = $this->_resource->getTableName('admin_role'); $adapter = $this->_resource->getConnection('read'); $select = $adapter->select()->from($roleTableName)->order('tree_level'); foreach ($adapter->fetchAll($select) as $role) { $parent = $role['parent_id'] > 0 ? Mage_User_Model_Acl_Role_Group::ROLE_TYPE . $role['parent_id'] : null; switch ($role['role_type']) { case Mage_User_Model_Acl_Role_Group::ROLE_TYPE: $roleId = $role['role_type'] . $role['role_id']; $acl->addRole($this->_objectFactory->getModelInstance('Mage_User_Model_Acl_Role_Group', array('roleId' => $roleId)), $parent); break; case Mage_User_Model_Acl_Role_User::ROLE_TYPE: $roleId = $role['role_type'] . $role['user_id']; if (!$acl->hasRole($roleId)) { $acl->addRole($this->_objectFactory->getModelInstance('Mage_User_Model_Acl_Role_User', array('roleId' => $roleId)), $parent); } else { $acl->addRoleParent($roleId, $parent); } break; } } }