public function testFuncACL()
{
$baseRole = $this->testrole;
$srv = tao_models_classes_UserService::singleton();
$generisUser = new core_kernel_users_GenerisUser($this->user);
$this->assertTrue(LoginService::startSession($generisUser));
// -- Test uri creation
$emauri = FUNCACL_NS . '#a_tao_Users_add';
$emaurimod = FUNCACL_NS . '#m_tao_Users';
$makeemauri = funcAcl_models_classes_AccessService::singleton()->makeEMAUri('tao', 'Users', 'add');
$makeemaurimod = funcAcl_models_classes_AccessService::singleton()->makeEMAUri('tao', 'Users');
$this->assertEquals($emauri, $makeemauri);
$this->assertEquals($emaurimod, $makeemaurimod);
$funcAclImp = new funcAcl_models_classes_FuncAcl();
// -- Try to access a restricted action
$this->assertFalse($funcAclImp->hasAccess('add', 'Users', 'tao'));
// -- Try to access a unrestricted action
// (BACKOFFICE has access to the backend login action because it includes the TAO Role)
$this->assertTrue($funcAclImp->hasAccess('login', 'Main', 'tao'));
// -- Try to access an action that does not exist.
$this->assertFalse($funcAclImp->hasAccess('action', 'Unknown', 'tao'));
// -- Try to access a unrestricted action
// Add access for this action to the Manager role.
funcAcl_models_classes_ActionAccessService::singleton()->add($this->testRole->getUri(), $makeemauri);
// Add the Manager role the the currently tested user
tao_models_classes_UserService::singleton()->attachRole($this->user, $this->testRole);
// Logoff/login, to refresh roles cache
$this->assertTrue(LoginService::startSession($generisUser));
// Ask for access
$this->assertTrue($funcAclImp->hasAccess('add', 'Users', 'tao'));
// Remove the access to this action from the Manager role
funcAcl_models_classes_ActionAccessService::singleton()->remove($this->testRole->getUri(), $makeemauri);
// We should not have access anymore to this action with the Manager role
$this->assertFalse($funcAclImp->hasAccess('add', 'Users', 'tao'));
// -- Give access to the entire module and try to access the previously tested action
funcAcl_models_classes_ModuleAccessService::singleton()->add($this->testRole->getUri(), $makeemaurimod);
$this->assertTrue($funcAclImp->hasAccess('add', 'Users', 'tao'));
// -- Remove the entire module access and try again
funcAcl_models_classes_ModuleAccessService::singleton()->remove($this->testRole->getUri(), $makeemaurimod);
$this->assertFalse($funcAclImp->hasAccess('add', 'Users', 'tao'));
// reset
funcAcl_models_classes_ModuleAccessService::singleton()->add($this->testRole->getUri(), $makeemaurimod);
// Unattach role from user
tao_models_classes_UserService::singleton()->unnatachRole($this->user, $this->testRole);
}
public function revokeActionAccess(core_kernel_classes_Resource $role, $ext, $mod, $act)
{
$accessUri = $this->makeEMAUri($ext, $mod, $act);
funcAcl_models_classes_ActionAccessService::singleton()->remove($role->getUri(), $accessUri);
}
/**
* Short description of method remove
*
* @access public
* @author Jehan Bihin, <*****@*****.**>
* @param string $roleUri
* @param string $accessUri
* @return mixed
*/
public function remove($roleUri, $accessUri)
{
$module = new core_kernel_classes_Resource($accessUri);
$role = new core_kernel_classes_Class($roleUri);
$accessProperty = new core_kernel_classes_Property(funcAcl_models_classes_AccessService::PROPERTY_ACL_GRANTACCESS);
// Retrieve the module ID.
$uri = explode('#', $module->getUri());
list($type, $extId, $modId) = explode('_', $uri[1]);
// access via extension?
$extAccess = funcAcl_helpers_Cache::getExtensionAccess($extId);
if (in_array($roleUri, $extAccess)) {
// remove access to extension
$extUri = $this->makeEMAUri($extId);
funcAcl_models_classes_ExtensionAccessService::singleton()->remove($roleUri, $extUri);
// add access to all other controllers
foreach (funcAcl_helpers_Model::getModules($extId) as $eModule) {
if (!$module->equals($eModule)) {
$this->add($roleUri, $eModule->getUri());
$this->getEventManager()->trigger(new AccessRightRemovedEvent($roleUri, $eModule->getUri()));
//$role->setPropertyValue($accessProperty, $eModule->getUri());
}
}
//funcAcl_helpers_Cache::flushExtensionAccess($extId);
}
// Remove the access to the module for this role.
$role->removePropertyValue($accessProperty, $module->getUri());
$this->getEventManager()->trigger(new AccessRightRemovedEvent($roleUri, $accessUri));
funcAcl_helpers_Cache::cacheModule($module);
// Remove the access to the actions corresponding to the module for this role.
foreach (funcAcl_helpers_Model::getActions($module) as $actionResource) {
funcAcl_models_classes_ActionAccessService::singleton()->remove($role->getUri(), $actionResource->getUri());
}
funcAcl_helpers_Cache::cacheModule($module);
}
public function addActionAccess()
{
if (!tao_helpers_Request::isAjax()) {
throw new Exception("wrong request mode");
} else {
$role = $this->getRequestParameter('role');
$uri = $this->getRequestParameter('uri');
$actionService = funcAcl_models_classes_ActionAccessService::singleton();
$actionService->add($role, $uri);
echo json_encode(array('uri' => $uri));
}
}
