/** * @dataProvider roleProvider */ public function testMatchIdentityRoles(array $rolesConfig, array $identityRoles, array $rolesToCheck, $doesMatch) { $identity = $this->getMock('ZfjRbac\\Identity\\IdentityInterface'); $identity->expects($this->once())->method('getRoles')->will($this->returnValue($identityRoles)); $identityProvider = $this->getMock('ZfjRbac\\Identity\\IdentityProviderInterface'); $identityProvider->expects($this->any())->method('getIdentity')->will($this->returnValue($identity)); $roleService = new RoleService($identityProvider, new InMemoryRoleProvider($rolesConfig), new RecursiveRoleIteratorStrategy()); $this->assertEquals($doesMatch, $roleService->matchIdentityRoles($rolesToCheck)); }
/** * {@inheritDoc} */ public function isGranted(MvcEvent $event) { $matchedRouteName = $event->getRouteMatch()->getMatchedRouteName(); $allowedRoles = null; foreach (array_keys($this->rules) as $routeRule) { if (fnmatch($routeRule, $matchedRouteName, FNM_CASEFOLD)) { $allowedRoles = $this->rules[$routeRule]; break; } } // If no rules apply, it is considered as granted or not based on the protection policy if (null === $allowedRoles) { return $this->protectionPolicy === self::POLICY_ALLOW; } if (in_array('*', $allowedRoles)) { return true; } return $this->roleService->matchIdentityRoles($allowedRoles); }
/** * {@inheritDoc} */ public function isGranted(MvcEvent $event) { $routeMatch = $event->getRouteMatch(); $controller = strtolower($routeMatch->getParam('controller')); $action = strtolower($routeMatch->getParam('action')); // If no rules apply, it is considered as granted or not based on the protection policy if (!isset($this->rules[$controller])) { return $this->protectionPolicy === self::POLICY_ALLOW; } // Algorithm is as follow: we first check if there is an exact match (controller + action), if not // we check if there are rules set globally for the whole controllers (see the index "0"), and finally // if nothing is matched, we fallback to the protection policy logic if (isset($this->rules[$controller][$action])) { $allowedRoles = $this->rules[$controller][$action]; } elseif (isset($this->rules[$controller][0])) { $allowedRoles = $this->rules[$controller][0]; } else { return $this->protectionPolicy === self::POLICY_ALLOW; } if (in_array('*', $allowedRoles)) { return true; } return $this->roleService->matchIdentityRoles($allowedRoles); }
/** * @param string|string[] $roleOrRoles * @return bool */ public function __invoke($roleOrRoles) { return $this->roleService->matchIdentityRoles((array) $roleOrRoles); }