public function test_group_permissions() { ACL::create_token( 'acltest', 'A test ACL permission', 'Administration' ); $this->assert_true( ACL::token_exists( 'acltest' ), 'Could not create acltest permission.' ); $this->assert_true( ACL::token_exists( 'acLtEst ' ), 'Permission names are not normalized.' ); $token_id = ACL::token_id( 'acltest' ); ACL::grant_group( $this->acl_group->id, $token_id, 'full' ); $this->assert_true( $this->acl_group->can( 'acltest', 'full' ), 'Could not grant acltest permission to acltest-group.' ); ACL::revoke_group_token( $this->acl_group->id, $token_id ); $this->assert_false( ACL::group_can( $this->acl_group->id, $token_id, 'full' ), 'Could not revoke acltest permission from acltest-group.' ); // check alternate means of granting a permission $this->acl_group->grant( 'acltest', 'full' ); $this->assert_true( $this->acl_group->can( 'acltest', 'full' ), 'Could not grant acltest permission to acltest-group through UserGroup call.' ); // full > read/edit $this->assert_true( $this->acl_group->can( 'acltest', 'read' ), "Group with 'full' acltest permission cannot 'read'." ); $this->assert_true( $this->acl_group->can( 'acltest', 'edit' ), "Group with 'full' acltest permission cannot 'edit'." ); $this->assert_true( $this->acl_group->can( 'acltest', 'full' ), "Group with 'full' acltest permission cannot 'full'." ); $this->assert_exception( 'InvalidArgumentException', "'write' is an invalid token flag." ); $this->acl_group->can( 'acltest', 'write' ); ACL::destroy_token( 'acltest' ); }
public function test_group_permissions() { $this->markTestSkipped('Test does not match class code; needs updating'); ACL::create_permission('acltest', 'A test ACL permission'); $this->assertTrue(ACL::token_exists('acltest'), 'Could not create acltest permission.'); $token_id = ACL::token_id('acltest'); ACL::grant_group($this->acl_group->id, $token_id, 'full'); $this->assertTrue($this->acl_group->can('acltest', 'full'), 'Could not grant acltest permission to acltest-group.'); ACL::revoke_group_permission($this->acl_group->id, $token_id); $this->assert_false(ACL::group_can($this->acl_group->id, $token_id, 'full'), 'Could not revoke acltest permission from acltest-group.'); // check alternate means of granting a permission $this->acl_group->grant('acltest', 'full'); $this->assertTrue($this->acl_group->can('acltest', 'full'), 'Could not grant acltest permission to acltest-group through UserGroup call.'); // full > read/write $this->assertTrue($this->acl_group->can('acltest', 'read'), "Group with 'full' acltest permission cannot 'read'."); $this->assertTrue($this->acl_group->can('acltest', 'write'), "Group with 'full' acltest permission cannot 'write'."); }
/** * Assign one or more new permission tokens to this group * @param mixed A permission token ID, name, or array of the same */ public function grant( $tokens, $access = 'full' ) { $tokens = Utils::single_array( $tokens ); // Use ids internally for all tokens $tokens = array_map( array( 'ACL', 'token_id' ), $tokens ); // grant the new permissions foreach ( $tokens as $token ) { ACL::grant_group( $this->id, $token, $access ); } }
/** * Add user groups to the groups table, randomly assign them existing tokens. * @param integer $num number of groups to add, or configured value if null. */ private function populate_groups_add($num = null) { if (!isset($num)) { $num = Options::get('populate__groups'); } // Get all tokens that we have created. $tokens = $this->populate_tokens_get(); // Add all these groups. $count = 0; while ($count++ < $num) { // Create a new group. $group = Usergroup::create(array('name' => 'populate_' . $this->helper_random_name())); // assign tokens to this new group. $max_tokens = count($tokens) - 1; $num_tokens = rand(0, $max_tokens); while ($num_tokens-- > 0) { $token = rand(0, $max_tokens); ACL::grant_group($group->id, $tokens[$token]->id); } } return; }
/** * Create a new permission token, and save it to the permission tokens table * @param string $name The name of the permission * @param string $description The description of the permission * @param string $group The token group for organizational purposes * @param bool $crud Indicates if the token is a CRUD or boolean type token (default is boolean) * @return mixed the ID of the newly created permission, or boolean false */ public static function create_token($name, $description, $group, $crud = false) { $name = self::normalize_token($name); $crud = $crud ? 1 : 0; // first, make sure this isn't a duplicate if (ACL::token_exists($name)) { return false; } $allow = true; // Plugins have the opportunity to prevent adding this token $allow = Plugins::filter('token_create_allow', $allow, $name, $description, $group, $crud); if (!$allow) { return false; } Plugins::act('token_create_before', $name, $description, $group, $crud); $result = DB::query('INSERT INTO {tokens} (name, description, token_group, token_type) VALUES (?, ?, ?, ?)', array($name, $description, $group, $crud)); if (!$result) { // if it didn't work, don't bother trying to log it return false; } self::clear_caches(); // Add the token to the admin group $token = ACL::token_id($name); $admin = UserGroup::get('admin'); if ($admin) { ACL::grant_group($admin->id, $token, 'full'); } EventLog::log('New permission token created: ' . $name, 'info', 'default', 'habari'); Plugins::act('permission_create_after', $name, $description, $group, $crud); return $result; }