/** * Confirm that deleting a role after allowing access to all roles * raise undefined index error * * @group ZF-5700 */ public function testRemovingRoleAfterItWasAllowedAccessToAllResourcesGivesError() { $acl = new Acl\Acl(); $acl->addRole(new Role\GenericRole('test0')); $acl->addRole(new Role\GenericRole('test1')); $acl->addRole(new Role\GenericRole('test2')); $acl->addResource(new Resource\GenericResource('Test')); $acl->allow(null, 'Test', 'xxx'); // error test $acl->removeRole('test0'); // Check after fix $this->assertFalse($acl->hasRole('test0')); }
/** * Check if the ACL allows accessing the function or method * * @param string|object $object Object or class being accessed * @param string $function Function or method being accessed * @return unknown_type * @throws Exception\RuntimeException */ protected function _checkAcl($object, $function) { if(!$this->_acl) { return true; } if($object) { $isObject = is_object($object); $class = ($isObject) ? get_class($object) : $object; if(!$this->_acl->hasResource($class)) { $this->_acl->addResource(new \Zend\Acl\Resource\GenericResource($class)); } if (method_exists($object, 'initAcl')) { // if initAcl returns false, no ACL check if ($isObject && $object->initAcl($this->_acl)) { return true; } elseif ($class::initAcl($this->_acl)) { return true; } } } else { $class = null; } $auth = $this->getAuthService(); if($auth->hasIdentity()) { $role = $auth->getIdentity()->role; } else { if($this->_acl->hasRole(Constants::GUEST_ROLE)) { $role = Constants::GUEST_ROLE; } else { throw new Exception\RuntimeException("Unauthenticated access not allowed"); } } if($this->_acl->isAllowed($role, $class, $function)) { return true; } else { throw new Exception\RuntimeException("Access not allowed"); } }