public function testAddRoleFromClass() { $foo = new Rbac\Role('foo'); $this->rbac->addRole('foo'); $foo2 = $this->rbac->getRole('foo'); $this->assertEquals($foo, $foo2); $this->assertInstanceOf('Zend\\Permissions\\Rbac\\Role', $foo2); }
/** * Recursive function to add roles according to their parent role. * * @param Rbac $rbac * @param $roles * @param int $parentName * @return void */ protected function recursiveRoles(Rbac $rbac, $roles, $parentName = 0) { if (!isset($roles[$parentName])) { return; } foreach ((array) $roles[$parentName] as $role) { if ($parentName) { $rbac->getRole($parentName)->addChild($role); } else { $rbac->addRole($role); } if (!empty($roles[$role])) { $this->recursiveroles($rbac, $roles, $role); } } }
public function assert(Rbac $rbac) { $return = false; $role = $rbac->getRole('PermissionXML'); $accessResult = $role->doc->query($this->accessQuery); if ($accessResult->length > 0) { $limitationQuery = trim($accessResult->item(0)->nodeValue); if ($limitationQuery) { if ($this->contextDoc instanceof \BaseXMS\Stdlib\DOMDocument) { $return = $this->contextDoc->query($limitationQuery)->length > 0; } } else { $return = true; } } return $return; }
/** * Load the requested resources into RBAC. * * @param Rbac $rbac * @param string $role * @param string|null $permission * @return \Doctrine\DBAL\Query\QueryBuilder */ protected function load($rbac, $role, $permission = null) { $options = $this->options; $builder = new QueryBuilder($this->connection); // Role always present $builder->select('node.name')->from($options->getRoleTable(), 'node')->from($options->getRoleTable(), 'parent')->where('node.lft BETWEEN parent.lft AND parent.rgt')->andWhere('parent.name = :role')->orderBy('node.lft'); $builder->setParameter('role', $role); // Permission optional if ($permission) { $builder->addSelect('permission.name AS permission')->leftJoin('node', 'role_permission', 'rp', 'node.id = rp.role_id')->leftJoin('node', 'permission', 'permission', 'rp.permission_id = permission.id')->andWhere('(permission.name = :permission OR permission.name IS NULL)'); $builder->setParameter('permission', $permission); } $parent = null; foreach ($builder->execute() as $row) { if ($parent) { if (!$rbac->hasRole($row['name'])) { $rbac->getRole($parent)->addChild($row['name']); } } elseif (!$rbac->hasRole($row['name'])) { $rbac->addRole($row['name']); } if ($permission) { if ($row['permission']) { $rbac->getRole($row['name'])->addPermission($row['permission']); } } $parent = $row['name']; } return $builder; }
<?php require __DIR__ . '/../vendor/autoload.php'; use FUnit as fu; use Zend\Permissions\Rbac\Rbac; use Knlv\Zf2\Permissions\Rbac\Assertion\Callback as RbacCallback; fu::setup(function () { $rbac = new Rbac(); $rbac->addRole('member'); $rbac->addRole('guest', 'member'); $rbac->getRole('guest')->addPermission('read'); $rbac->getRole('member')->addPermission('write'); fu::fixture('rbac', $rbac); }); fu::test('Test rbac callback assertion', function () { $rbac = fu::fixture('rbac'); $test = $rbac->isGranted('guest', 'read') && $rbac->isGranted('member', 'read') && !$rbac->isGranted('guest', 'write') && $rbac->isGranted('member', 'write'); fu::ok($test, 'Test rbac without assertions'); $assertTrue = new RbacCallback(function () { return true; }); $assertFalse = new RbacCallback(function () { return false; }); fu::not_ok($rbac->isGranted('member', 'read', $assertFalse), 'Assert permission not granted when callback returns false'); fu::ok($rbac->isGranted('member', 'write', $assertTrue), 'Assert permission granted when callback returns true'); });