/**
* Find articles which belong to a given $user
* @param App\Model\User $user
* @param array $query Optional query to find articles
*/
public function findArticlesManagedBy(User $user, $query = array())
{
// members can only view their own articles
if ($user->isMember()) {
$query = array_merge(array('author' => $user), $query);
}
// TODO editors can only view their members articles
return $this->find($query);
}
/**
* Performs an authentication attempt
*
* @return \Zend\Authentication\Result
* @throws \Zend\Authentication\Adapter\Exception\ExceptionInterface
* If authentication cannot be performed
*/
public function authenticate()
{
// look up $user from the database
$user = $this->model->findOne(array('email' => $this->username));
// if a user was found, return the appropriate Result
if ($user and password_verify($this->password, $user->password)) {
return new Result(Result::SUCCESS, $this->username, array());
} else {
return new Result(Result::FAILURE_IDENTITY_NOT_FOUND, null, array());
}
}
/**
* This is the identity (e.g. username) stored for this user
* @return string
*/
public function getCurrentUser()
{
if (!$this->currentUser) {
// get the identity (email) from the auth service
// return null if not set
$identity = $this->getIdentity();
if (!$identity) {
return null;
}
// lookup the user by identity
$this->currentUser = $this->userModel->findOne(array('email' => $identity));
}
return $this->currentUser;
}
public function post()
{
$params = $this->getPost();
$user = $this->get('model.user')->factory($params);
// for security reasons, role isn't on the whitelist for mass assignment
// but we can set it via property assignment. Default to ROLE_MEMBER
$user->role = User::ROLE_MEMBER;
// generate the password
$user->password = User::encryptPassword(@$params['password']);
if ($user->save()) {
$this->get('auth')->authenticate($params['email'], $params['password']);
return $this->redirect('/');
} else {
$this->get('flash')->addMessage('errors', $user->getErrors());
return $this->forward('create');
}
}
public function tearDown()
{
// clear fixtures
User::remove(array());
Article::remove(array());
}
public function testIsOwnerOfReturnsFalseWhenIdNotSet()
{
$user = new User();
$owner = new User();
$article = new Article();
$article->author = $owner;
$this->assertFalse($user->canView($article));
}