/**
* Confirm that deleting a role after allowing access to all roles
* raise undefined index error
*
* @group ZF-5700
*/
public function testRemovingRoleAfterItWasAllowedAccessToAllResourcesGivesError()
{
$acl = new Acl\Acl();
$acl->addRole(new Role\GenericRole('test0'));
$acl->addRole(new Role\GenericRole('test1'));
$acl->addRole(new Role\GenericRole('test2'));
$acl->addResource(new Resource\GenericResource('Test'));
$acl->allow(null, 'Test', 'xxx');
// error test
$acl->removeRole('test0');
// Check after fix
$this->assertFalse($acl->hasRole('test0'));
}
/**
* Check if the ACL allows accessing the function or method
*
* @param string|object $object Object or class being accessed
* @param string $function Function or method being accessed
* @return unknown_type
* @throws Exception\RuntimeException
*/
protected function _checkAcl($object, $function)
{
if(!$this->_acl) {
return true;
}
if($object) {
$isObject = is_object($object);
$class = ($isObject) ? get_class($object) : $object;
if(!$this->_acl->hasResource($class)) {
$this->_acl->addResource(new \Zend\Acl\Resource\GenericResource($class));
}
if (method_exists($object, 'initAcl')) {
// if initAcl returns false, no ACL check
if ($isObject && $object->initAcl($this->_acl)) {
return true;
} elseif ($class::initAcl($this->_acl)) {
return true;
}
}
} else {
$class = null;
}
$auth = $this->getAuthService();
if($auth->hasIdentity()) {
$role = $auth->getIdentity()->role;
} else {
if($this->_acl->hasRole(Constants::GUEST_ROLE)) {
$role = Constants::GUEST_ROLE;
} else {
throw new Exception\RuntimeException("Unauthenticated access not allowed");
}
}
if($this->_acl->isAllowed($role, $class, $function)) {
return true;
} else {
throw new Exception\RuntimeException("Access not allowed");
}
}
