private static function VerifyWhitelistInternal($fsConf, $mimeType, $forbiddenAction, $requiredAction, $requiredRepresentation, $site, $userName)
{
$supportedActions = null;
$supportedRepresentations = null;
if (!empty($fsConf) && array_key_exists("Actions", $fsConf)) {
$supportedActions = $fsConf["Actions"];
}
if (!empty($fsConf) && array_key_exists("Representations", $fsConf)) {
$supportedRepresentations = $fsConf["Representations"];
}
// If a required features array is passed in, verify against the given configuration, throw on any inconsistencies
if ($requiredAction != null) {
if (!empty($supportedActions) && !array_key_exists($requiredAction, $supportedActions)) {
//But that same key is not present on the declared supported actions
//print ("\nThis resource is not whitelisted for this API operation ($userName): $requiredAction");
if ($forbiddenAction != null && is_callable($forbiddenAction)) {
call_user_func_array($forbiddenAction, array("This action is not whitelisted", $mimeType));
return;
}
}
if (!empty($supportedActions) && array_key_exists($requiredAction, $supportedActions)) {
$acl = $supportedActions[$requiredAction];
if (!MgUtils::ValidateAcl($userName, $site, $acl)) {
if ($forbiddenAction != null && is_callable($forbiddenAction)) {
call_user_func_array($forbiddenAction, array("This this action for this user is not whitelisted", $mimeType));
return;
}
}
}
}
// Same for representations
if ($requiredRepresentation != null) {
if (!empty($supportedRepresentations) && !array_key_exists($requiredRepresentation, $supportedRepresentations)) {
//But that same key is not present on the declared supported representations
//print ("\nThis resource is not whitelisted for this requested representation ($userName): $requiredRepresentation");
if ($forbiddenAction != null && is_callable($forbiddenAction)) {
call_user_func_array($forbiddenAction, array("This representation is not whitelisted", $mimeType));
return;
}
}
if (!empty($supportedRepresentations) && array_key_exists($requiredRepresentation, $supportedRepresentations)) {
$acl = $supportedRepresentations[$requiredRepresentation];
if (!MgUtils::ValidateAcl($userName, $site, $acl)) {
if ($forbiddenAction != null && is_callable($forbiddenAction)) {
call_user_func_array($forbiddenAction, array("This representation for this user is not whitelisted", $mimeType));
return;
}
}
}
}
}
public function testRoleInAcl()
{
$groupXml = '<?xml version="1.0" encoding="UTF-8"?>
<GroupList xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="GroupList-1.0.0.xsd">
<Group>
<Name>Everyone</Name>
<Description>Built-in group to include all users</Description>
</Group>
</GroupList>';
$br = TestUtils::mockByteReader($this, $groupXml);
$this->assertEquals("text/xml", $br->GetMimeType());
$this->assertEquals($groupXml, $br->ToString());
$site = $this->getMockBuilder("MgSite")->getMock();
$site->method("EnumerateGroups")->will($this->returnValue($br));
$roleMethodMap = array(array("Author", new FakeStringCollection(array("Authors"))), array("Anonymous", new FakeStringCollection(array("Users"))));
$site->method("EnumerateRoles")->will($this->returnValueMap($roleMethodMap));
$conf1 = array("AllowUsers" => array("Administrator"), "AllowGroups" => array("Foo"), "AllowRoles" => array("Users"));
$this->assertFalse(MgUtils::ValidateAcl("Author", $site, $conf1));
$conf2 = array("AllowUsers" => array("Administrator"), "AllowGroups" => array("Foo"), "AllowRoles" => array("Users"));
$this->assertTrue(MgUtils::ValidateAcl("Anonymous", $site, $conf2));
}
private function ValidateAcl($siteConn, $config)
{
$site = $siteConn->GetSite();
if ($this->userName == null && $this->sessionId != null) {
$this->userName = $site->GetUserForSession();
}
return MgUtils::ValidateAcl($this->userName, $site, $config);
}
