public function testMemory() { $acl = new \Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); $roles = array('Admin' => new \Phalcon\Acl\Role('Admin'), 'Users' => new \Phalcon\Acl\Role('Users'), 'Guests' => new \Phalcon\Acl\Role('Guests')); $resources = array('welcome' => array('index', 'about'), 'account' => array('index')); foreach ($roles as $role => $object) { $acl->addRole($object); } foreach ($resources as $resource => $actions) { $acl->addResource(new \Phalcon\Acl\Resource($resource), $actions); } /* $this->assertFalse($acl->isAllowed('Admin', 'welcome', 'index')); $this->assertFalse($acl->isAllowed('Admin', 'welcome', 'about')); $acl->allow('Admin', 'welcome', '*'); $this->assertTrue($acl->isAllowed('Admin', 'welcome', 'index')); $this->assertTrue($acl->isAllowed('Admin', 'welcome', 'about')); $this->assertFalse($acl->isAllowed('Admin', 'account', 'index')); $this->assertFalse($acl->isAllowed('Admin', 'account', 'about')); $acl->allow('Admin', '*', '*'); $this->assertTrue($acl->isAllowed('Admin', 'welcome', 'index')); $this->assertTrue($acl->isAllowed('Admin', 'welcome', 'about')); $this->assertTrue($acl->isAllowed('Admin', 'account', 'index')); $this->assertTrue($acl->isAllowed('Admin', 'account', 'about')); $acl->deny('Admin', '*', '*'); foreach ($roles as $role => $object) { $this->assertFalse($acl->isAllowed($role, 'welcome', 'about')); } */ $acl->allow("*", "welcome", "index"); foreach ($roles as $role => $object) { $this->assertTrue($acl->isAllowed($role, 'welcome', 'index')); } $acl->deny("*", "welcome", "index"); foreach ($roles as $role => $object) { $this->assertFalse($acl->isAllowed($role, 'welcome', 'index')); } /* $acl->allow('Admin', '*', 'index'); foreach ($resources as $resource => $actions) { $this->assertTrue($acl->isAllowed('admin', $resource, 'index')); } $acl->allow('*', '*', 'index'); $acl->allow('*', '*', '*'); */ }
public function testOptionsWithAcl() { $I = $this->tester; $_SERVER['REQUEST_METHOD'] = 'OPTIONS'; $resource = new \Phalcon\Acl\Resource('/foo'); $role = new \Phalcon\Acl\Role('foo'); $acl = new Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(Phalcon\Acl::DENY); $acl->addResource($resource, []); $acl->addRole($role); $acl->addResourceAccess($resource->getName(), ['GET', 'POST', 'PUT', 'DELETE']); $acl->allow($role->getName(), $resource->getName(), 'GET'); $acl->allow($role->getName(), $resource->getName(), 'POST'); $acl->isAllowed($role->getName(), $resource->getName(), 'GET'); $app = Rest\App::instance(); $app->setService('acl', $acl, true); $controller = $this->getMockForAbstractClass(Rest\Controller::class, [], '', true, true, true, ['get', 'put']); $controller->setDI($app->getDI()); $resp = $controller->handle(); $actual = $resp->getHeaders()->get('Allow'); $I->assertEquals('GET', $actual); }
$roleName = $objRole->getName(); if ($roleName == 'Admin') { foreach ($arrResources['Admin'] as $resource => $method) { $acl->allow($roleName, $resource, $method); } } if ($roleName == 'User') { foreach ($arrResources['User'] as $resource => $method) { $acl->allow($roleName, $resource, $method); } } } $app->before(function () use($app, $acl) { $arrHandler = $app->getActiveHandler(); $controller = str_replace('Controller\\', '', get_class($arrHandler[0])); $baseController = new BaseController(); $cacheToken = $baseController->verifyToken(); if (false == $cacheToken) { $auth = 'User'; } else { $auth = $cacheToken->auth; } $allowed = $acl->isAllowed($auth, $controller, $arrHandler[1]); if (false == $allowed) { $app->response = $baseController->tokenError(); // 返回无权限,提示信息和token错误一致 $app->response->send(); return false; } return true; });
<?php $acl = new Phalcon\Acl\Adapter\Memory(); //Default action is deny access $acl->setDefaultAction(Phalcon\Acl::DENY); //Create some roles $roleAdmins = new Phalcon\Acl\Role('Administrators', 'Super-User role'); $roleGuests = new Phalcon\Acl\Role('Guests'); //Add "Guests" role to acl $acl->addRole($roleGuests); //Add "Designers" role to acl $acl->addRole('Designers'); //Define the "Customers" resource $customersResource = new Phalcon\Acl\Resource('Customers', 'Customers management'); //Add "customers" resource with a couple of operations $acl->addResource($customersResource, 'search'); $acl->addResource($customersResource, array('create', 'update')); //Set access level for roles into resources $acl->allow('Guests', 'Customers', 'search'); $acl->allow('Guests', 'Customers', 'create'); $acl->deny('Guests', 'Customers', 'update'); //Check whether role has access to the operations $acl->isAllowed('Guests', 'Customers', 'edit'); //Returns 0 $acl->isAllowed('Guests', 'Customers', 'search'); //Returns 1 $acl->isAllowed('Guests', 'Customers', 'create'); //Returns 1
public function testDeepInherit() { /** * Set deep inheritance rules and check them */ $acl = new \Phalcon\Acl\Adapter\Memory(); $acl->setDefaultAction(\Phalcon\Acl::DENY); $roleUser = new \Phalcon\Acl\Role("User", "Basic access"); $acl->addRole($roleUser); $roleManager = new \Phalcon\Acl\Role("Manager", "Extended access"); $acl->addRole($roleManager, $roleUser); $roleAdmin = new \Phalcon\Acl\Role("Administrator", "Super-User role"); $acl->addRole($roleAdmin, $roleManager); $acl->addResource(new \Phalcon\Acl\Resource('Resource'), ['index', 'edit', 'delete', 'add']); $acl->allow('User', 'Resource', 'index'); $acl->allow('Manager', 'Resource', 'edit'); $acl->allow('Manager', 'Resource', 'add'); $acl->allow('Administrator', 'Resource', 'delete'); /** * Administrator should have access to index inherited from User */ $this->assertTrue($acl->isAllowed('Administrator', 'Resource', 'index')); /** * And Administrator should inherit access from Manager */ $this->assertTrue($acl->isAllowed('Administrator', 'Resource', 'edit')); /** * Disallow parent role resource and check if child also not have access */ $acl->deny('User', 'Resource', 'index'); $this->assertFalse($acl->isAllowed('Administrator', 'Resource', 'index')); /** * Check wildcards */ $acl->addResource(new \Phalcon\Acl\Resource('Resource2'), ['index', 'edit', 'delete', 'add']); $acl->allow('User', 'Resource2', '*'); $this->assertTrue($acl->isAllowed('Administrator', 'Resource2', 'delete')); }
/** * Memory::dropResourceAccess test */ public function testMemoryDropResourceAccess() { $acl = new Phalcon\Acl\Adapter\Memory(); $acl->addResource('Resource'); $acl->addResourceAccess('Resource', array('index', 'show')); $acl->addResourceAccess('Resource', 'edit'); $acl->addRole('Role'); $acl->deny('Role', 'Resource', 'index'); $acl->deny('Role', 'Resource', 'edit'); $this->assertEquals($acl->isAllowed('Role', 'Resource', 'edit'), Phalcon\Acl::DENY); $exceptions = 0; try { $acl->dropResourceAccess('Resource', 'edit'); $acl->addRole('Role 2'); $acl->deny('Role 2', 'Resource', 'edit'); } catch (Phalcon\Acl\Exception $e) { $exceptions++; } $acl->addResourceAccess('Resource', 'edit'); try { $acl->dropResourceAccess('Resource', array('edit')); $acl->addRole('Role 3'); $acl->deny('Role 3', 'Resource', 'edit'); } catch (Phalcon\Acl\Exception $e) { $exceptions++; } $this->assertEquals($exceptions, 2); }