예제 #1
0
 function setup_role_manager_mocks(Permission $permission, Role $role, RoleSet $role_set, RoleManager $role_manager)
 {
     $permission->permission_id = 1;
     $permission->name = 'Permission Name';
     $permission->description = 'A dummy permission';
     $role->role_id = 1;
     $role->name = 'members';
     $role->description = 'A dummy role';
     $role->hasPermission(Argument::type('RBAC\\Permission'))->willReturn(true);
     $role->getPermissions()->willReturn(array($permission));
     $role->addPermission(Argument::any())->willReturn(true);
     $role_set->addRole(Argument::type('RBAC\\Role\\Role'))->willReturn(true);
     $role_set->has_permission('Permission Name')->willReturn(true);
     $role_manager->roleFetchByName('members')->willReturn($role);
     $role_manager->roleFetch()->willReturn(array($role));
     $role_manager->roleSave(Argument::any())->willReturn(true);
     $role_manager->permissionFetch()->willReturn(array($permission));
     //assigns a role set object to the UserAccount object
     $role_manager->loadSubjectRoles(Argument::type('PolyAuth\\UserAccount'))->will(function ($args) use($role_set) {
         $user = $args[0];
         $user->loadRoleSet($role_set);
         return $user;
     });
     //adds a role to the role set of the role object
     $role_manager->roleAddSubject(Argument::cetera())->will(function ($args) {
         $role = $args[0];
         $user = $args[1];
         $role_set = $user->getRoleSet();
         $role_set->addRole($role);
         $user->loadRoleSet($role_set);
         return $user;
     });
     return ['role_manager' => $role_manager];
 }
예제 #2
0
 /**
  * {@inheritDoc}
  */
 public function getRoles(array $roleNames)
 {
     $roles = [];
     foreach ($roleNames as $roleName) {
         // If no config, we create a simple role with no permission
         if (!isset($this->rolesConfig[$roleName])) {
             $roles[] = new Role($roleName);
             continue;
         }
         $roleConfig = $this->rolesConfig[$roleName];
         if (isset($roleConfig['children'])) {
             $role = new HierarchicalRole($roleName);
             $childRoles = (array) $roleConfig['children'];
             foreach ($this->getRoles($childRoles) as $childRole) {
                 $role->addChild($childRole);
             }
         } else {
             $role = new Role($roleName);
         }
         $permissions = isset($roleConfig['permissions']) ? $roleConfig['permissions'] : [];
         foreach ($permissions as $permission) {
             $role->addPermission($permission);
         }
         $roles[] = $role;
     }
     return $roles;
 }
예제 #3
0
파일: RoleTest.php 프로젝트: sylarbg/rbac
 /**
  * @covers Rbac\Role\Role::getPermissions
  */
 public function testRoleCanGetPermissions()
 {
     $role = new Role('php');
     $role->addPermission('foo');
     $role->addPermission('bar');
     $expectedPermissions = ['foo' => 'foo', 'bar' => 'bar'];
     $this->assertEquals($expectedPermissions, $role->getPermissions());
 }
예제 #4
0
파일: RbacTest.php 프로젝트: sylarbg/rbac
 /**
  * @covers Rbac\Rbac::isGranted
  */
 public function testCanCheckHierarchicalRole()
 {
     $childRole = new Role('Bar');
     $childRole->addPermission('permission');
     $parentRole = new HierarchicalRole('Foo');
     $parentRole->addChild($childRole);
     $rbac = new Rbac();
     $this->assertTrue($rbac->isGranted($parentRole, 'permission'));
 }
예제 #5
0
파일: RoleTest.php 프로젝트: tillk/vufind
 /**
  * @covers Rbac\Role\Role::addPermission
  */
 public function testRoleCanAddPermission()
 {
     $role = new Role('php');
     $role->addPermission('debug');
     $this->assertTrue($role->hasPermission('debug'));
     $permission = $this->getMock('Rbac\\Permission\\PermissionInterface');
     $permission->expects($this->once())->method('__toString')->will($this->returnValue('interface'));
     $role->addPermission($permission);
     $this->assertTrue($role->hasPermission('interface'));
 }
예제 #6
0
 public function getRoles(array $roleNames)
 {
     $identity = $this->authenticationService->getIdentity();
     $authenticatedIdentity = [];
     $keypart = 'guest';
     if ($identity instanceof AuthenticatedIdentity) {
         $authenticatedIdentity = $identity->getAuthenticationIdentity();
         $keypart = $authenticatedIdentity['client_id'] . $authenticatedIdentity['access_token'];
     }
     $key = implode('_', array(implode('', $roleNames), $keypart));
     if (isset($this->roleCache[$key])) {
         return $this->roleCache[$key];
     }
     $roles = [];
     foreach ($roleNames as $roleName) {
         $roleEntity = $this->roleMapper->fetchEntity($roleName);
         if (!$roleEntity) {
             $roles[] = new Role($roleName);
             continue;
         }
         $role = new Role($roleName);
         $permissions = $roleEntity->getScopes();
         if (!empty($permissions)) {
             $permissions = explode(' ', $permissions);
         } else {
             $permissions = [];
         }
         $client_permissions = $permissions;
         if (isset($authenticatedIdentity['client_data'])) {
             if (isset($authenticatedIdentity['client_data']['scope']) && !empty($authenticatedIdentity['client_data']['scope'])) {
                 $client_permissions = explode(' ', $authenticatedIdentity['client_data']['scope']);
             }
         }
         $token_permissions = $permissions;
         if (isset($authenticatedIdentity['scope']) && !empty($authenticatedIdentity['scope'])) {
             $token_permissions = explode(' ', $authenticatedIdentity['scope']);
         }
         $permissions = array_intersect($permissions, $client_permissions, $token_permissions);
         foreach ($permissions as $permission) {
             $role->addPermission($permission);
         }
         $roles[] = $role;
     }
     $this->roleCache[$key] = $roles;
     return $roles;
 }
예제 #7
0
 public function generateRole($name = false, $desc = "blah desc")
 {
     if (!$name) {
         $name = "role_{$this->current_role_num}";
     }
     $role = Role::create($name, $desc);
     $role->role_id = ++$this->current_role_num;
     return $role;
 }
예제 #8
0
 /**
  * @expectedException \RBAC\Exception\InsufficientPermission
  */
 public function testRequirePermission()
 {
     $p1 = Permission::create("test_1", "", 1);
     $p2 = Permission::create("test_2", "", 2);
     $r1 = Role::create("role_1", "", [$p1, $p2]);
     $subject = new Subject(1, new RoleSet([$r1]));
     $subject->requirePermission($p1);
     $subject->requirePermission($p2->name);
     $subject->requirePermission("bs_perm");
 }
예제 #9
0
 public function testPermissions()
 {
     $p1 = Permission::create("test_1", "", 1);
     $p2 = Permission::create("test_2", "", 2);
     $p3 = Permission::create("test_3", "", 3);
     $p4 = Permission::create("test_4", "", 4);
     $r1 = Role::create("role_1", "", [$p1, $p2]);
     $r2 = Role::create("role_2", "", [$p1, $p2, $p4]);
     $role_set = new RoleSet([$r1, $r2]);
     $permissions = $role_set->getPermissions();
     $this->assertEquals(3, sizeof($permissions));
 }
예제 #10
0
 /**
  * Creates or updates a single role given a role name and optionally a role description
  * Use this function if you just want to register a single role.
  *
  * @param $role_name string
  * @param $role_desc string
  * @return $roles array of objects
  */
 public function register_role($role_name, $role_desc = false)
 {
     //check if the role already exists
     if ($role_object = $this->role_manager->roleFetchByName($role_name)) {
         //update the existing role (if the role_desc actually exists)
         $role_object->description = $role_desc ? $role_desc : $role_object->description;
     } else {
         //create the new role (if the role_desc is false, pass an empty role desc string)
         $role_desc = $role_desc ? $role_desc : '';
         $role_object = Role::create($role_name, $role_desc);
     }
     if (!$this->role_manager->roleSave($role_object)) {
         throw new RoleSaveException($this->lang('role_save_unsuccessful'));
     }
     return $role_object;
 }
예제 #11
0
 protected function seed()
 {
     $default_users = array(array('id' => '1', 'ipAddress' => inet_pton('127.0.0.1'), 'username' => 'administrator', 'password' => '$2y$10$EiqipvSt3lnD//nchj4u9OgOTL9R3J4AbZ5bUVVrh.Tq/gmc5xIvS', 'passwordChange' => '0', 'email' => '*****@*****.**', 'createdOn' => date('Y-m-d H:i:s'), 'lastLogin' => date('Y-m-d H:i:s'), 'active' => '1', 'sharedKey' => '9tThG2rFhZv+LslrrPy0I6QcCn9E3kNcyv5rqb3qKLywvFCfwHiSZ2fH2qQAgQXAkfBIrd0zHP+1v/FJ4W/kMA=='));
     //default user to roles
     $default_users_to_roles = array(array('admin', 'member'));
     //roles to descriptions
     $default_roles = array('admin' => 'Site Administrators', 'member' => 'General Members');
     //roles to permissions to permission descriptions
     $default_role_permissions = array('admin' => array('admin_create' => 'Creating administration resources.', 'admin_read' => 'Viewing administration resources.', 'admin_update' => 'Editing administration resources.', 'admin_delete' => 'Deleting administration resources.'), 'member' => array('public_read' => 'Viewing public resources.'));
     //seeding user accounts
     foreach ($default_users as $user) {
         $this->db->insert('user_accounts', $user);
     }
     //seeding roles and permissions
     $role_manager = new RoleManager(new MySQLAdapter($this->db->conn_id, new Options()));
     foreach ($default_role_permissions as $role => $permissions_array) {
         //create the role
         $created_role = Role::create($role, $default_roles[$role]);
         foreach ($permissions_array as $permission => $reason) {
             //create the permission
             $created_permission = Permission::create($permission, $reason);
             //save the permission to the database
             $role_manager->permissionSave($created_permission);
             //add the permission to the role
             $created_role->addPermission($created_permission);
         }
         $role_manager->roleSave($created_role);
     }
     //assign the role to the users
     foreach ($default_users_to_roles as $key => $roles) {
         $user_id = $default_users[$key]['id'];
         foreach ($roles as $role) {
             $assignable_role = $role_manager->roleFetchByName($role);
             $role_manager->roleAddSubjectId($assignable_role, $user_id);
         }
     }
 }
예제 #12
0
 /**
  * Get role by role name
  *
  * @param $roleName
  * @return RoleInterface
  */
 protected function getRole($roleName)
 {
     if (isset($this->roles[$roleName])) {
         return $this->roles[$roleName];
     }
     // If no config, we create a simple role with no permission
     if (!isset($this->rolesConfig[$roleName])) {
         $role = new Role($roleName);
         $this->roles[$roleName] = $role;
         return $role;
     }
     $roleConfig = $this->rolesConfig[$roleName];
     if (isset($roleConfig['children'])) {
         $role = new HierarchicalRole($roleName);
         $childRoles = (array) $roleConfig['children'];
         foreach ($childRoles as $childRole) {
             $childRole = $this->getRole($childRole);
             $role->addChild($childRole);
         }
     } else {
         $role = new Role($roleName);
     }
     $permissions = isset($roleConfig['permissions']) ? $roleConfig['permissions'] : [];
     foreach ($permissions as $permission) {
         $role->addPermission($permission);
     }
     $this->roles[$roleName] = $role;
     return $role;
 }
예제 #13
0
 /**
  * @param Role $role
  *
  * @return bool
  */
 public function roleSave(Role $role)
 {
     if ($role->role_id) {
         $query = "\n                UPDATE\n                    auth_role\n                SET\n                    `name` = :name, description = :description, updated_on = " . $this->sql_time_func . "\n                WHERE\n                    role_id = :role_id\n            ";
     } else {
         $query = "\n                INSERT INTO auth_role\n                    (name, description, added_on, updated_on)\n                VALUES\n                    (:name, :description, " . $this->sql_time_func . ", " . $this->sql_time_func . ")\n            ";
     }
     $cur = $this->db->prepare($query);
     $cur->bindParam(":name", $role->name, PDO::PARAM_STR, 32);
     $cur->bindParam(":description", $role->description, PDO::PARAM_STR);
     if ($role->role_id) {
         $cur->bindParam(":role_id", $role->role_id, PDO::PARAM_INT);
     }
     $this->db->beginTransaction();
     try {
         $cur->execute();
         if (!$role->role_id) {
             $role->role_id = (int) $this->db->lastInsertId();
         }
         $this->db->commit();
     } catch (PDOException $db_err) {
         $this->db->rollBack();
         if ($this->logger) {
             $this->logger->error("Failed to save role to DB", ['exception' => $db_err]);
         }
         return false;
     }
     foreach ($role->getPermissions() as $permission) {
         // TODO: Something on fail
         $this->rolePermissionAdd($role, $permission);
     }
     return true;
 }
예제 #14
0
 /**
  * @expectedException \RBAC\Exception\ValidationError
  */
 public function testRolePermissionAddInvalidRole()
 {
     $this->rm->rolePermissionAdd(Role::create("blah"), $this->generatePerm());
 }
예제 #15
0
 public function testToString()
 {
     $this->assertEquals("test_role", (string) Role::create("test_role"));
 }