public function testBooleanOperators() { $vo_acr = AccessRestrictions::load(true); // OR $va_access_restrictions = array("administrate/setup/list_editor/ListEditorController" => array("default" => array("operator" => "OR", "actions" => array("can_edit_ca_lists", "can_create_ca_lists", "can_delete_ca_lists")))); $vo_acr->opa_acr = $va_access_restrictions; // no role -> can't access controller $this->opt_role->setMode(ACCESS_WRITE); $this->opt_role->setRoleActions(array()); $this->opt_role->update(); ca_users::$s_user_action_access_cache = array(); $vb_access = $vo_acr->userCanAccess($this->opt_user->getPrimaryKey(), array("administrate", "setup", "list_editor"), "ListEditor", "Edit"); $this->assertFalse($vb_access); // has one of the OR-ed roles -> can access controller $this->opt_role->setMode(ACCESS_WRITE); $va_actions = $va_access_restrictions["administrate/setup/list_editor/ListEditorController"]["default"]["actions"]; $this->opt_role->setRoleActions(array($va_actions[array_rand($va_actions)])); $this->opt_role->update(); ca_users::$s_user_action_access_cache = array(); $vb_access = $vo_acr->userCanAccess($this->opt_user->getPrimaryKey(), array("administrate", "setup", "list_editor"), "ListEditor", "Edit"); $this->assertTrue($vb_access); // AND $va_access_restrictions = array("administrate/setup/list_editor/ListEditorController" => array("default" => array("operator" => "AND", "actions" => array("can_edit_ca_lists", "can_create_ca_lists", "can_delete_ca_lists")))); $vo_acr->opa_acr = $va_access_restrictions; // no role -> can't access controller $this->opt_role->setMode(ACCESS_WRITE); $this->opt_role->setRoleActions(array()); $this->opt_role->update(); ca_users::$s_user_action_access_cache = array(); $vb_access = $vo_acr->userCanAccess($this->opt_user->getPrimaryKey(), array("administrate", "setup", "list_editor"), "ListEditor", "Edit"); $this->assertFalse($vb_access); // has one of the AND-ed roles -> can't access controller $this->opt_role->setMode(ACCESS_WRITE); $va_actions = $va_access_restrictions["administrate/setup/list_editor/ListEditorController"]["default"]["actions"]; $this->opt_role->setRoleActions(array($va_actions[array_rand($va_actions)])); $this->opt_role->update(); ca_users::$s_user_action_access_cache = array(); $vb_access = $vo_acr->userCanAccess($this->opt_user->getPrimaryKey(), array("administrate", "setup", "list_editor"), "ListEditor", "Edit"); $this->assertFalse($vb_access); // has all AND-ed roles -> can access controller $this->opt_role->setMode(ACCESS_WRITE); $this->opt_role->setRoleActions($va_actions); $this->opt_role->update(); ca_users::$s_user_action_access_cache = array(); $vb_access = $vo_acr->userCanAccess($this->opt_user->getPrimaryKey(), array("administrate", "setup", "list_editor"), "ListEditor", "Edit"); $this->assertTrue($vb_access); }