public function testAddRoleFromClass()
{
$foo = new Rbac\Role('foo');
$this->rbac->addRole('foo');
$foo2 = $this->rbac->getRole('foo');
$this->assertEquals($foo, $foo2);
$this->assertInstanceOf('Zend\\Permissions\\Rbac\\Role', $foo2);
}
/**
* Recursive function to add roles according to their parent role.
*
* @param Rbac $rbac
* @param $roles
* @param int $parentName
* @return void
*/
protected function recursiveRoles(Rbac $rbac, $roles, $parentName = 0)
{
if (!isset($roles[$parentName])) {
return;
}
foreach ((array) $roles[$parentName] as $role) {
if ($parentName) {
$rbac->getRole($parentName)->addChild($role);
} else {
$rbac->addRole($role);
}
if (!empty($roles[$role])) {
$this->recursiveroles($rbac, $roles, $role);
}
}
}
public function assert(Rbac $rbac)
{
$return = false;
$role = $rbac->getRole('PermissionXML');
$accessResult = $role->doc->query($this->accessQuery);
if ($accessResult->length > 0) {
$limitationQuery = trim($accessResult->item(0)->nodeValue);
if ($limitationQuery) {
if ($this->contextDoc instanceof \BaseXMS\Stdlib\DOMDocument) {
$return = $this->contextDoc->query($limitationQuery)->length > 0;
}
} else {
$return = true;
}
}
return $return;
}
/**
* Load the requested resources into RBAC.
*
* @param Rbac $rbac
* @param string $role
* @param string|null $permission
* @return \Doctrine\DBAL\Query\QueryBuilder
*/
protected function load($rbac, $role, $permission = null)
{
$options = $this->options;
$builder = new QueryBuilder($this->connection);
// Role always present
$builder->select('node.name')->from($options->getRoleTable(), 'node')->from($options->getRoleTable(), 'parent')->where('node.lft BETWEEN parent.lft AND parent.rgt')->andWhere('parent.name = :role')->orderBy('node.lft');
$builder->setParameter('role', $role);
// Permission optional
if ($permission) {
$builder->addSelect('permission.name AS permission')->leftJoin('node', 'role_permission', 'rp', 'node.id = rp.role_id')->leftJoin('node', 'permission', 'permission', 'rp.permission_id = permission.id')->andWhere('(permission.name = :permission OR permission.name IS NULL)');
$builder->setParameter('permission', $permission);
}
$parent = null;
foreach ($builder->execute() as $row) {
if ($parent) {
if (!$rbac->hasRole($row['name'])) {
$rbac->getRole($parent)->addChild($row['name']);
}
} elseif (!$rbac->hasRole($row['name'])) {
$rbac->addRole($row['name']);
}
if ($permission) {
if ($row['permission']) {
$rbac->getRole($row['name'])->addPermission($row['permission']);
}
}
$parent = $row['name'];
}
return $builder;
}
<?php
require __DIR__ . '/../vendor/autoload.php';
use FUnit as fu;
use Zend\Permissions\Rbac\Rbac;
use Knlv\Zf2\Permissions\Rbac\Assertion\Callback as RbacCallback;
fu::setup(function () {
$rbac = new Rbac();
$rbac->addRole('member');
$rbac->addRole('guest', 'member');
$rbac->getRole('guest')->addPermission('read');
$rbac->getRole('member')->addPermission('write');
fu::fixture('rbac', $rbac);
});
fu::test('Test rbac callback assertion', function () {
$rbac = fu::fixture('rbac');
$test = $rbac->isGranted('guest', 'read') && $rbac->isGranted('member', 'read') && !$rbac->isGranted('guest', 'write') && $rbac->isGranted('member', 'write');
fu::ok($test, 'Test rbac without assertions');
$assertTrue = new RbacCallback(function () {
return true;
});
$assertFalse = new RbacCallback(function () {
return false;
});
fu::not_ok($rbac->isGranted('member', 'read', $assertFalse), 'Assert permission not granted when callback returns false');
fu::ok($rbac->isGranted('member', 'write', $assertTrue), 'Assert permission granted when callback returns true');
});
