/** * Assert that the group of the currently logged in customer only has some accesses to some resources * (ACLs), and not any other. * @param array $expectedRessourceAccesses A map of [expected resource => [expected accesses...], ...]. */ protected function assertGroupOnlyHasTheseAccesses(array $expectedRessourceAccesses) { $unexpectedRessourceAccesses = []; foreach (self::$TEST_ACL_CODES as $aclCode) { foreach (CustomerGroupAclAccessManager::getAccessPows() as $accessCode => $accessCodeValue) { if (!isset($expectedRessourceAccesses[$aclCode]) || !in_array($accessCode, $expectedRessourceAccesses[$aclCode])) { $unexpectedRessourceAccesses[$aclCode][] = $accessCode; } } } $this->assertGroupAccesses($expectedRessourceAccesses, true); $this->assertGroupAccesses($unexpectedRessourceAccesses, false); }
public function testCreateCustomerGroupAcl() { /** @var Acl $testAcl */ $testAcl = $this->testAcls[0]; /** @var CustomerGroup $testGroup */ $testGroup = self::$testCustomerGroups[2]; $testAccessType = array_rand(CustomerGroupAclAccessManager::getAccessPows(), 1); $createEvent = new CustomerGroupAclEvent($testAcl->getId(), $testGroup->getId(), $testAccessType); $this->dispatcher->dispatch(CustomerGroupAclEvents::CUSTOMER_GROUP_ACL_UPDATE, $createEvent); $groupAcl = CustomerGroupAclQuery::create()->filterByAcl($testAcl)->filterByCustomerGroup($testGroup)->filterByType($testAccessType)->findOne(); $this->assertNotNull($groupAcl); $this->assertEquals(1, $groupAcl->getActivate()); }
/** * Load acl and customer group acl fixtures, in a new transaction level. * They will be rollback on tear-down. */ protected function loadAclFixtures() { Propel::getConnection()->beginTransaction(); $aclXmlFileLoader = new AclXmlFileloader(new Translator($this->container)); $aclXmlFileLoader->load($this->getStubModule("ModuleValidConfigFile")); foreach (static::$TEST_ACL_CODES as $aclCode) { $this->testAcls[] = AclQuery::create()->findOneByCode($aclCode); } foreach (static::$expectedAclFixturesAccesses as $customerGroupCode => $acls) { foreach ($acls as $aclCode => $accesses) { foreach ($accesses as $access) { /** @var CustomerGroupAclQuery $query */ $query = CustomerGroupAclQuery::create(); $query->useCustomerGroupQuery()->filterByCode($customerGroupCode)->endUse(); $query->useAclQuery()->filterByCode($aclCode)->endUse(); $query->filterByType(CustomerGroupAclAccessManager::getAccessPowsValue($access)); $this->testCustomerGroupAcls[] = $query->findOne(); } } } $this->aclFixturesLoaded = true; }
/** * Get pows (but I don't know what is call pows) * * @param array $params Parameters * @param \Smarty_Internal_Template $template Smarty template * * @return array */ public function getAccessPows($params, $template = null) { $template->assign($params['load_access_pows'], CustomerGroupAclAccessManager::getAccessPows()); }
public function __construct(Translator $translator) { $this->translator = $translator; $this->accessPows = CustomerGroupAclAccessManager::getAccessPows(); }
/** * @covers AclXmlFileloader::load() */ public function testLoadModuleWithValidConfigFile() { // get the acl and group acl state $initialAcls = AclQuery::create()->find(); $initialCustomerGroupAcls = CustomerGroupAclQuery::create()->find(); // load a test module with a valid ACL configuration $this->aclXmlFileloader->load($this->getStubModule("ModuleValidConfigFile")); // assert that the initial acl and group acl are still here $finalAcls = AclQuery::create()->find(); foreach ($initialAcls as $acl) { $this->assertTrue($finalAcls->contains($acl)); } $finalCustomerGroupAcls = CustomerGroupAclQuery::create()->find(); foreach ($initialCustomerGroupAcls as $customerGroupAcl) { $this->assertTrue($finalCustomerGroupAcls->contains($customerGroupAcl)); } // ensure that the new ACL were created $this->assertEquals($initialAcls->count() + 2, $finalAcls->count()); $aclA = AclQuery::create()->findOneByCode("-customer-group-acl-unit-test-acl-a-"); $this->assertNotNull($aclA); $aclA->setLocale("en_US"); $this->assertEquals("Test ACL A", $aclA->getTitle()); $this->assertEquals("Test ACL A description.", $aclA->getDescription()); $aclA->setLocale("fr_FR"); $this->assertEquals("ACL de test A", $aclA->getTitle()); $this->assertEquals("Description de l'ACL de test A.", $aclA->getDescription()); $aclB = AclQuery::create()->findOneByCode("-customer-group-acl-unit-test-acl-b-"); $this->assertNotNull($aclB); $aclB->setLocale("en_US"); $this->assertEquals("Test ACL B", $aclB->getTitle()); $this->assertEquals("Test ACL B description.", $aclB->getDescription()); $aclB->setLocale("fr_FR"); $this->assertEquals("ACL de test B", $aclB->getTitle()); $this->assertEquals("Description de l'ACL de test B.", $aclB->getDescription()); // ensure that the group ACL were created $this->assertEquals($initialCustomerGroupAcls->count() + 11, $finalCustomerGroupAcls->count()); // group a $this->assertCustomerGroupAclExistsAndUnique($aclA, self::$testCustomerGroups[0], CustomerGroupAclAccessManager::getAccessPowsValue("VIEW")); $this->assertCustomerGroupAclExistsAndUnique($aclA, self::$testCustomerGroups[0], CustomerGroupAclAccessManager::getAccessPowsValue("CREATE")); $this->assertCustomerGroupAclExistsAndUnique($aclB, self::$testCustomerGroups[0], CustomerGroupAclAccessManager::getAccessPowsValue("VIEW")); // group b $this->assertCustomerGroupAclExistsAndUnique($aclB, self::$testCustomerGroups[1], CustomerGroupAclAccessManager::getAccessPowsValue("VIEW")); $this->assertCustomerGroupAclExistsAndUnique($aclB, self::$testCustomerGroups[1], CustomerGroupAclAccessManager::getAccessPowsValue("CREATE")); $this->assertCustomerGroupAclExistsAndUnique($aclB, self::$testCustomerGroups[1], CustomerGroupAclAccessManager::getAccessPowsValue("UPDATE")); $this->assertCustomerGroupAclExistsAndUnique($aclB, self::$testCustomerGroups[1], CustomerGroupAclAccessManager::getAccessPowsValue("DELETE")); // group c, uses group a accesses $this->assertCustomerGroupAclExistsAndUnique($aclA, self::$testCustomerGroups[2], CustomerGroupAclAccessManager::getAccessPowsValue("VIEW")); $this->assertCustomerGroupAclExistsAndUnique($aclA, self::$testCustomerGroups[2], CustomerGroupAclAccessManager::getAccessPowsValue("CREATE")); $this->assertCustomerGroupAclExistsAndUnique($aclB, self::$testCustomerGroups[2], CustomerGroupAclAccessManager::getAccessPowsValue("VIEW")); // group d, uses group a accesses for acl b $this->assertCustomerGroupAclExistsAndUnique($aclB, self::$testCustomerGroups[3], CustomerGroupAclAccessManager::getAccessPowsValue("VIEW")); }
/** * Check if the current user is granted access to a ressource. * * @param string|array $resources Resource name or resources list. * @param string|array $accesses Access name or accesses list. * @param boolean $accessOr Whether to return true if at least one resource/access couple is granted. * * @return boolean Whether access is granted. */ protected function performCheck($resources, $accesses, $accessOr = false) { /** @var Session $session */ $session = $this->request->getSession(); if ($session->getCustomerUser() === null || $session->has(CustomerGroup::getModuleCode()) === false) { return false; } $accessIdsList = []; foreach ($accesses as $access) { $accessIdsList[] = CustomerGroupAclAccessManager::getAccessPowsValue(strtoupper(trim($access))); } $accessIdsList = array_unique($accessIdsList); $groupId = $this->request->getSession()->get(CustomerGroup::getModuleCode())['id']; // For each acl be sure that the current customer has the right access $query = CustomerGroupAclQuery::create()->filterByActivate(1)->filterByCustomerGroupId($groupId)->filterByType($accessIdsList, Criteria::IN)->useAclQuery()->filterByCode($resources, Criteria::IN)->endUse(); $rights = $query->count(); $askedRights = count($resources) * count($accessIdsList); return $accessOr === true && $rights > 0 || $rights === $askedRights; }