public function testBuildCanAcceptXMLAsString() { $content = file_get_contents(__DIR__ . '/fixtures/test.xml'); $this->object = new AclBuilder(new StringType($content), $this->acl); $this->assertTrue($this->object->build()); $this->assertTrue($this->acl->hasRole('guest')); $this->assertTrue($this->acl->hasResource('logout')); $this->assertTrue($this->acl->isAllowed('guest', 'login')); $this->assertTrue($this->acl->isAllowed('user', null, 'GET')); }
/** * * @param string $name * @param string $routename * @return boolean */ public function checkAutorisation($name, $routename) { $this->initAcl(); $config = $this->getServiceLocator()->get('Config'); $filePath = $config['auth']['filePath']; $reader = new Ini(); try { $usersData = $reader->fromFile($filePath); } catch (\Exception $e) { error_log($e->getMessage()); return false; } return is_array($usersData) && array_key_exists($name, $usersData) && $this->acl->hasResource($routename) && $this->acl->hasRole($usersData[$name]) && $this->acl->isAllowed($usersData[$name], $routename); }
/** * Create the service using the configuration from the modules config-file * * @param ServiceLocator $services The ServiceLocator * * @see \Zend\ServiceManager\FactoryInterface::createService() * @return Hybrid_Auth */ public function createService(ServiceLocatorInterface $serviceLocator) { $config = $serviceLocator->get('config'); $config = $config['acl']; if (!isset($config['roles']) || !isset($config['resources'])) { throw new \Exception('Invalid ACL Config found'); } $roles = $config['roles']; if (!isset($roles[self::DEFAULT_ROLE])) { $roles[self::DEFAULT_ROLE] = ''; } $this->admins = $config['admins']; if (!isset($this->admins)) { throw new \UnexpectedValueException('No admin-user set'); } $acl = new Acl(); foreach ($roles as $name => $parent) { if (!$acl->hasRole($name)) { if (empty($parent)) { $parent = array(); } else { $parent = explode(',', $parent); } $acl->addRole(new Role($name), $parent); } } foreach ($config['resources'] as $permission => $controllers) { foreach ($controllers as $controller => $actions) { if ($controller == 'all') { $controller = null; } else { if (!$acl->hasResource($controller)) { $acl->addResource(new Resource($controller)); } } foreach ($actions as $action => $role) { if ($action == 'all') { $action = null; } $assert = null; if (is_array($role)) { $assert = $serviceLocator->get($role['assert']); $role = $role['role']; } $role = explode(',', $role); foreach ($role as $roleItem) { if ($permission == 'allow') { $acl->allow($roleItem, $controller, $action, $assert); } elseif ($permission == 'deny') { $acl->deny($roleItem, $controller, $action, $assert); } else { continue; } } } } } return $acl; }
/** * buildAcl * * @return void */ public function buildAcl() { $this->acl = new Acl(); // roles $roles = $this->getRoles(); foreach ($roles as $role) { if ($this->acl->hasRole($role)) { // @todo throw error? continue; } $this->acl->addRole($role, $role->getParent()); } }
/** * @deprecated this method will be removed in BjyAuthorize 2.0.x * * @param \Zend\Permissions\Acl\Role\RoleInterface[] $roles */ protected function addRoles($roles) { if (!is_array($roles) && !$roles instanceof \Traversable) { $roles = array($roles); } /* @var $role Role */ foreach ($roles as $role) { if ($this->acl->hasRole($role)) { continue; } if ($role->getParent() !== null) { $this->addRoles(array($role->getParent())); $this->acl->addRole($role, $role->getParent()); } elseif (!$this->acl->hasRole($role)) { $this->acl->addRole($role); } } }
protected function addRoleToAcl($role, array $roles, Acl $acl) { if (!$acl->hasRole($role)) { if (array_key_exists($role, $this->addedRoles)) { //cyclic parents fault handling $acl->addRole($role); //add role without its parents to escape cycle } else { $this->addedRoles[$role] = true; foreach ($roles[$role] as $parent) { //add parent roles first $this->addRoleToAcl($parent, $roles, $acl); } if (!$acl->hasRole($role)) { //extra check because role could be added in previous cycle $acl->addRole($role, $roles[$role]); } } } }
/** * @param RoleInterface|string|number $role * @param ResourceInterface|string $resource * @param string $privilege * @return bool */ public function isAllowed($role = null, $resource = null, $privilege = null) { if (is_null($this->acl)) { $this->init(); } if (!is_null($role) && !$role instanceof RoleInterface) { $roleEntity = $this->findRole($role); } else { $roleEntity = $role; } if (!$this->hasResource($resource)) { if ($this->moduleOptions->isPermissive()) { $resource = null; } else { return false; } } if ($this->acl->hasRole($roleEntity) || is_null($roleEntity)) { return $this->acl->isAllowed($roleEntity, $resource, $privilege); } else { return false; } }
/** * Confirm that deleting a role after allowing access to all roles * raise undefined index error * * @group ZF-5700 */ public function testRemovingRoleAfterItWasAllowedAccessToAllResourcesGivesError() { $acl = new Acl\Acl(); $acl->addRole(new Role\GenericRole('test0')); $acl->addRole(new Role\GenericRole('test1')); $acl->addRole(new Role\GenericRole('test2')); $acl->addResource(new Resource\GenericResource('Test')); $acl->allow(null, 'Test', 'xxx'); // error test $acl->removeRole('test0'); // Check after fix $this->assertFalse($acl->hasRole('test0')); }
public function testBuildItemWillAddRolesToAcl() { $this->assertFalse($this->acl->hasRole('guest')); $this->assertTrue($this->object->buildItem()); $this->assertTrue($this->acl->hasRole('guest')); }
public function index06Action() { $aclObj = new Acl(); $aclObj->addRole("member")->addRole("manager", "member")->addRole("admin", "manager"); //add controller //module abc $aclObj->addResource("abc:news")->addResource("def:books"); //it's mean Role member có thể truy cập vào action "info,index" trong controller news $aclObj->allow("member", "abc:news", array("info", "index")); $aclObj->allow("member", "def:books", array("info", "index", "edit", "add")); $role = "member"; $resource = "def:books"; $privileges = array("info", "index", "add", "edit", "delete"); if ($aclObj->hasRole($role)) { foreach ($privileges as $privilege) { if ($aclObj->isAllowed($role, $resource, $privilege)) { echo sprintf("<h3 style='color:red;font-weight:bold'>%s : Được quyền truy cập %s - %s</h3>", $role, $resource, $privilege); } else { echo sprintf("<h3 style='color:red;font-weight:bold'>%s : Không được quyền truy cập %s - %s</h3>", $role, $resource, $privilege); } } } return false; }
public function initAcl(MvcEvent $e) { $application = $e->getApplication(); $sm = $application->getServiceManager(); $acl = new Acl(); $roles = $sm->get("Application\\Model\\RolesBO"); $recursos = $sm->get("Application\\Model\\RecursosBO"); $rolesRecursos = $sm->get("Application\\Model\\RolesRecursosBO"); $usuarios = $sm->get("Application\\Model\\UsuariosBO"); // Se listan todos los recursos y se los agrega a la ACL foreach ($recursos->obtenerTodos() as $recurso) { if (!$acl->hasResource($recurso->getRecursosID())) { $genericResource = new GenericResource($recurso->getRecursosID()); $acl->addResource($genericResource); } } // Se registra el rol en la ACL $sesion = new Container("CoreAppSesion"); if (!$acl->hasRole($sesion->user_rol_id)) { $genericRole = new GenericRole($sesion->user_rol_id); $acl->addRole($genericRole); } $services = $application->getServiceManager(); // obtenemos todos los recuersosque tiene la ACL foreach ($acl->getResources() as $resource) { // Obtenemos los recursos disponibles para el rol foreach ($rolesRecursos->obtenerRecursosPorRol($sesion->user_rol_id) as $recursoAsignado) { // Si el recurso asignado es el mismo recurso de la ACL lo permitimos if ($resource == $recursoAsignado->getAppRecursosID()) { $acl->allow($genericRole, $acl->getResource($resource)); } } } // Si el recurso no esta permitido lo denegamos foreach ($acl->getResources() as $resource) { if (!$acl->isAllowed($genericRole, $acl->getResource($resource))) { $acl->deny($genericRole, $acl->getResource($resource)); } } $this->acl = $acl; }
/** * Check if the ACL allows accessing the function or method * * @param string|object $object Object or class being accessed * @param string $function Function or method being accessed * @return unknown_type * @throws Exception\RuntimeException */ protected function _checkAcl($object, $function) { if (!$this->_acl) { return true; } if ($object) { $isObject = is_object($object); $class = $isObject ? get_class($object) : $object; if (!$this->_acl->hasResource($class)) { $this->_acl->addResource(new Acl\Resource\GenericResource($class)); } if (method_exists($object, 'initAcl')) { // if initAcl returns false, no ACL check if ($isObject) { if (!$object->initAcl($this->_acl)) { return true; } } elseif (!$class::initAcl($this->_acl)) { return true; } } } else { $class = null; } $auth = $this->getAuthService(); if ($auth->hasIdentity()) { $role = $auth->getIdentity()->role; } else { if ($this->_acl->hasRole(Constants::GUEST_ROLE)) { $role = Constants::GUEST_ROLE; } else { throw new Exception\RuntimeException("Unauthenticated access not allowed"); } } if ($this->_acl->isAllowed($role, $class, $function)) { return true; } else { throw new Exception\RuntimeException("Access not allowed"); } }