/**
* Assert that the group of the currently logged in customer only has some accesses to some resources
* (ACLs), and not any other.
* @param array $expectedRessourceAccesses A map of [expected resource => [expected accesses...], ...].
*/
protected function assertGroupOnlyHasTheseAccesses(array $expectedRessourceAccesses)
{
$unexpectedRessourceAccesses = [];
foreach (self::$TEST_ACL_CODES as $aclCode) {
foreach (CustomerGroupAclAccessManager::getAccessPows() as $accessCode => $accessCodeValue) {
if (!isset($expectedRessourceAccesses[$aclCode]) || !in_array($accessCode, $expectedRessourceAccesses[$aclCode])) {
$unexpectedRessourceAccesses[$aclCode][] = $accessCode;
}
}
}
$this->assertGroupAccesses($expectedRessourceAccesses, true);
$this->assertGroupAccesses($unexpectedRessourceAccesses, false);
}
public function testCreateCustomerGroupAcl()
{
/** @var Acl $testAcl */
$testAcl = $this->testAcls[0];
/** @var CustomerGroup $testGroup */
$testGroup = self::$testCustomerGroups[2];
$testAccessType = array_rand(CustomerGroupAclAccessManager::getAccessPows(), 1);
$createEvent = new CustomerGroupAclEvent($testAcl->getId(), $testGroup->getId(), $testAccessType);
$this->dispatcher->dispatch(CustomerGroupAclEvents::CUSTOMER_GROUP_ACL_UPDATE, $createEvent);
$groupAcl = CustomerGroupAclQuery::create()->filterByAcl($testAcl)->filterByCustomerGroup($testGroup)->filterByType($testAccessType)->findOne();
$this->assertNotNull($groupAcl);
$this->assertEquals(1, $groupAcl->getActivate());
}
/**
* Load acl and customer group acl fixtures, in a new transaction level.
* They will be rollback on tear-down.
*/
protected function loadAclFixtures()
{
Propel::getConnection()->beginTransaction();
$aclXmlFileLoader = new AclXmlFileloader(new Translator($this->container));
$aclXmlFileLoader->load($this->getStubModule("ModuleValidConfigFile"));
foreach (static::$TEST_ACL_CODES as $aclCode) {
$this->testAcls[] = AclQuery::create()->findOneByCode($aclCode);
}
foreach (static::$expectedAclFixturesAccesses as $customerGroupCode => $acls) {
foreach ($acls as $aclCode => $accesses) {
foreach ($accesses as $access) {
/** @var CustomerGroupAclQuery $query */
$query = CustomerGroupAclQuery::create();
$query->useCustomerGroupQuery()->filterByCode($customerGroupCode)->endUse();
$query->useAclQuery()->filterByCode($aclCode)->endUse();
$query->filterByType(CustomerGroupAclAccessManager::getAccessPowsValue($access));
$this->testCustomerGroupAcls[] = $query->findOne();
}
}
}
$this->aclFixturesLoaded = true;
}
/**
* Get pows (but I don't know what is call pows)
*
* @param array $params Parameters
* @param \Smarty_Internal_Template $template Smarty template
*
* @return array
*/
public function getAccessPows($params, $template = null)
{
$template->assign($params['load_access_pows'], CustomerGroupAclAccessManager::getAccessPows());
}
public function __construct(Translator $translator)
{
$this->translator = $translator;
$this->accessPows = CustomerGroupAclAccessManager::getAccessPows();
}
/**
* @covers AclXmlFileloader::load()
*/
public function testLoadModuleWithValidConfigFile()
{
// get the acl and group acl state
$initialAcls = AclQuery::create()->find();
$initialCustomerGroupAcls = CustomerGroupAclQuery::create()->find();
// load a test module with a valid ACL configuration
$this->aclXmlFileloader->load($this->getStubModule("ModuleValidConfigFile"));
// assert that the initial acl and group acl are still here
$finalAcls = AclQuery::create()->find();
foreach ($initialAcls as $acl) {
$this->assertTrue($finalAcls->contains($acl));
}
$finalCustomerGroupAcls = CustomerGroupAclQuery::create()->find();
foreach ($initialCustomerGroupAcls as $customerGroupAcl) {
$this->assertTrue($finalCustomerGroupAcls->contains($customerGroupAcl));
}
// ensure that the new ACL were created
$this->assertEquals($initialAcls->count() + 2, $finalAcls->count());
$aclA = AclQuery::create()->findOneByCode("-customer-group-acl-unit-test-acl-a-");
$this->assertNotNull($aclA);
$aclA->setLocale("en_US");
$this->assertEquals("Test ACL A", $aclA->getTitle());
$this->assertEquals("Test ACL A description.", $aclA->getDescription());
$aclA->setLocale("fr_FR");
$this->assertEquals("ACL de test A", $aclA->getTitle());
$this->assertEquals("Description de l'ACL de test A.", $aclA->getDescription());
$aclB = AclQuery::create()->findOneByCode("-customer-group-acl-unit-test-acl-b-");
$this->assertNotNull($aclB);
$aclB->setLocale("en_US");
$this->assertEquals("Test ACL B", $aclB->getTitle());
$this->assertEquals("Test ACL B description.", $aclB->getDescription());
$aclB->setLocale("fr_FR");
$this->assertEquals("ACL de test B", $aclB->getTitle());
$this->assertEquals("Description de l'ACL de test B.", $aclB->getDescription());
// ensure that the group ACL were created
$this->assertEquals($initialCustomerGroupAcls->count() + 11, $finalCustomerGroupAcls->count());
// group a
$this->assertCustomerGroupAclExistsAndUnique($aclA, self::$testCustomerGroups[0], CustomerGroupAclAccessManager::getAccessPowsValue("VIEW"));
$this->assertCustomerGroupAclExistsAndUnique($aclA, self::$testCustomerGroups[0], CustomerGroupAclAccessManager::getAccessPowsValue("CREATE"));
$this->assertCustomerGroupAclExistsAndUnique($aclB, self::$testCustomerGroups[0], CustomerGroupAclAccessManager::getAccessPowsValue("VIEW"));
// group b
$this->assertCustomerGroupAclExistsAndUnique($aclB, self::$testCustomerGroups[1], CustomerGroupAclAccessManager::getAccessPowsValue("VIEW"));
$this->assertCustomerGroupAclExistsAndUnique($aclB, self::$testCustomerGroups[1], CustomerGroupAclAccessManager::getAccessPowsValue("CREATE"));
$this->assertCustomerGroupAclExistsAndUnique($aclB, self::$testCustomerGroups[1], CustomerGroupAclAccessManager::getAccessPowsValue("UPDATE"));
$this->assertCustomerGroupAclExistsAndUnique($aclB, self::$testCustomerGroups[1], CustomerGroupAclAccessManager::getAccessPowsValue("DELETE"));
// group c, uses group a accesses
$this->assertCustomerGroupAclExistsAndUnique($aclA, self::$testCustomerGroups[2], CustomerGroupAclAccessManager::getAccessPowsValue("VIEW"));
$this->assertCustomerGroupAclExistsAndUnique($aclA, self::$testCustomerGroups[2], CustomerGroupAclAccessManager::getAccessPowsValue("CREATE"));
$this->assertCustomerGroupAclExistsAndUnique($aclB, self::$testCustomerGroups[2], CustomerGroupAclAccessManager::getAccessPowsValue("VIEW"));
// group d, uses group a accesses for acl b
$this->assertCustomerGroupAclExistsAndUnique($aclB, self::$testCustomerGroups[3], CustomerGroupAclAccessManager::getAccessPowsValue("VIEW"));
}
/**
* Check if the current user is granted access to a ressource.
*
* @param string|array $resources Resource name or resources list.
* @param string|array $accesses Access name or accesses list.
* @param boolean $accessOr Whether to return true if at least one resource/access couple is granted.
*
* @return boolean Whether access is granted.
*/
protected function performCheck($resources, $accesses, $accessOr = false)
{
/** @var Session $session */
$session = $this->request->getSession();
if ($session->getCustomerUser() === null || $session->has(CustomerGroup::getModuleCode()) === false) {
return false;
}
$accessIdsList = [];
foreach ($accesses as $access) {
$accessIdsList[] = CustomerGroupAclAccessManager::getAccessPowsValue(strtoupper(trim($access)));
}
$accessIdsList = array_unique($accessIdsList);
$groupId = $this->request->getSession()->get(CustomerGroup::getModuleCode())['id'];
// For each acl be sure that the current customer has the right access
$query = CustomerGroupAclQuery::create()->filterByActivate(1)->filterByCustomerGroupId($groupId)->filterByType($accessIdsList, Criteria::IN)->useAclQuery()->filterByCode($resources, Criteria::IN)->endUse();
$rights = $query->count();
$askedRights = count($resources) * count($accessIdsList);
return $accessOr === true && $rights > 0 || $rights === $askedRights;
}
