public function testGetRoles()
{
$acl = new AccessMap();
$acl->setDefaultRole('role3');
$acl->add('MyController', 'myAction1', array('role1', 'role2'));
$acl->add('MyController', 'myAction2', array('role1'));
$acl->add('MyAdminController', '*', array('role2'));
$this->assertEquals(array('role1', 'role2'), $acl->getRoles('mycontroller', 'MyAction1'));
$this->assertEquals(array('role1'), $acl->getRoles('mycontroller', 'MyAction2'));
$this->assertEquals(array('role2'), $acl->getRoles('Myadmincontroller', 'MyAction'));
$this->assertEquals(array('role3'), $acl->getRoles('AnotherController', 'ActionNotFound'));
}
public function testIsAllowed()
{
$acl = new AccessMap();
$acl->setDefaultRole(Role::APP_USER);
$acl->add('MyController', 'myAction1', array(Role::APP_ADMIN, Role::APP_MANAGER));
$acl->add('MyController', 'myAction2', array(Role::APP_ADMIN));
$acl->add('MyAdminController', '*', array(Role::APP_MANAGER));
$authorization = new Authorization($acl);
$this->assertTrue($authorization->isAllowed('myController', 'myAction1', Role::APP_ADMIN));
$this->assertTrue($authorization->isAllowed('myController', 'myAction1', Role::APP_MANAGER));
$this->assertFalse($authorization->isAllowed('myController', 'myAction1', Role::APP_USER));
$this->assertTrue($authorization->isAllowed('anotherController', 'anotherAction', Role::APP_USER));
$this->assertTrue($authorization->isAllowed('MyAdminController', 'myAction', Role::APP_MANAGER));
$this->assertFalse($authorization->isAllowed('MyAdminController', 'myAction', Role::APP_ADMIN));
$this->assertFalse($authorization->isAllowed('MyAdminController', 'myAction', 'something else'));
}
public function testAddRulesAndGetRoles()
{
$acl = new AccessMap();
$acl->setDefaultRole('role3');
$acl->setRoleHierarchy('role2', array('role1'));
$acl->add('MyController', 'myAction1', 'role2');
$acl->add('MyController', 'myAction2', 'role1');
$acl->add('MyAdminController', '*', 'role2');
$acl->add('SomethingElse', array('actionA', 'actionB'), 'role2');
$this->assertEquals(array('role2'), $acl->getRoles('mycontroller', 'MyAction1'));
$this->assertEquals(array('role1', 'role2'), $acl->getRoles('mycontroller', 'MyAction2'));
$this->assertEquals(array('role2'), $acl->getRoles('Myadmincontroller', 'MyAction'));
$this->assertEquals(array('role3'), $acl->getRoles('AnotherController', 'ActionNotFound'));
$this->assertEquals(array('role2'), $acl->getRoles('somethingelse', 'actiona'));
$this->assertEquals(array('role2'), $acl->getRoles('somethingelse', 'actionb'));
$this->assertEquals(array('role3'), $acl->getRoles('somethingelse', 'actionc'));
}
/**
* Get ACL for the application
*
* @access public
* @return AccessMap
*/
public function getApplicationAccessMap()
{
$acl = new AccessMap();
$acl->setDefaultRole(Role::APP_USER);
$acl->setRoleHierarchy(Role::APP_ADMIN, array(Role::APP_MANAGER, Role::APP_USER, Role::APP_PUBLIC));
$acl->setRoleHierarchy(Role::APP_MANAGER, array(Role::APP_USER, Role::APP_PUBLIC));
$acl->setRoleHierarchy(Role::APP_USER, array(Role::APP_PUBLIC));
$acl->add('Auth', array('login', 'check'), Role::APP_PUBLIC);
$acl->add('Captcha', '*', Role::APP_PUBLIC);
$acl->add('PasswordReset', '*', Role::APP_PUBLIC);
$acl->add('Webhook', '*', Role::APP_PUBLIC);
$acl->add('Task', 'readonly', Role::APP_PUBLIC);
$acl->add('Board', 'readonly', Role::APP_PUBLIC);
$acl->add('Ical', '*', Role::APP_PUBLIC);
$acl->add('Feed', '*', Role::APP_PUBLIC);
$acl->add('Config', '*', Role::APP_ADMIN);
$acl->add('Currency', '*', Role::APP_ADMIN);
$acl->add('Gantt', array('projects', 'saveProjectDate'), Role::APP_MANAGER);
$acl->add('Group', '*', Role::APP_ADMIN);
$acl->add('Link', '*', Role::APP_ADMIN);
$acl->add('ProjectCreation', 'create', Role::APP_MANAGER);
$acl->add('Projectuser', '*', Role::APP_MANAGER);
$acl->add('Twofactor', 'disable', Role::APP_ADMIN);
$acl->add('UserImport', '*', Role::APP_ADMIN);
$acl->add('User', array('index', 'create', 'save', 'authentication', 'remove'), Role::APP_ADMIN);
return $acl;
}
/**
* Get ACL for the application
*
* @access public
* @return AccessMap
*/
public function getApplicationAccessMap()
{
$acl = new AccessMap();
$acl->setDefaultRole(Role::APP_USER);
$acl->setRoleHierarchy(Role::APP_ADMIN, array(Role::APP_MANAGER, Role::APP_USER, Role::APP_PUBLIC));
$acl->setRoleHierarchy(Role::APP_MANAGER, array(Role::APP_USER, Role::APP_PUBLIC));
$acl->setRoleHierarchy(Role::APP_USER, array(Role::APP_PUBLIC));
$acl->add('AuthController', array('login', 'check'), Role::APP_PUBLIC);
$acl->add('CaptchaController', '*', Role::APP_PUBLIC);
$acl->add('PasswordResetController', '*', Role::APP_PUBLIC);
$acl->add('TaskViewController', 'readonly', Role::APP_PUBLIC);
$acl->add('BoardViewController', 'readonly', Role::APP_PUBLIC);
$acl->add('ICalendarController', '*', Role::APP_PUBLIC);
$acl->add('FeedController', '*', Role::APP_PUBLIC);
$acl->add('AvatarFileController', 'show', Role::APP_PUBLIC);
$acl->add('ConfigController', '*', Role::APP_ADMIN);
$acl->add('PluginController', '*', Role::APP_ADMIN);
$acl->add('CurrencyController', '*', Role::APP_ADMIN);
$acl->add('ProjectGanttController', '*', Role::APP_MANAGER);
$acl->add('GroupListController', '*', Role::APP_ADMIN);
$acl->add('GroupCreationController', '*', Role::APP_ADMIN);
$acl->add('GroupModificationController', '*', Role::APP_ADMIN);
$acl->add('LinkController', '*', Role::APP_ADMIN);
$acl->add('ProjectCreationController', 'create', Role::APP_MANAGER);
$acl->add('ProjectUserOverviewController', '*', Role::APP_MANAGER);
$acl->add('TwoFactorController', 'disable', Role::APP_ADMIN);
$acl->add('UserImportController', '*', Role::APP_ADMIN);
$acl->add('UserCreationController', '*', Role::APP_ADMIN);
$acl->add('UserListController', '*', Role::APP_ADMIN);
$acl->add('UserStatusController', '*', Role::APP_ADMIN);
$acl->add('UserCredentialController', array('changeAuthentication', 'saveAuthentication'), Role::APP_ADMIN);
return $acl;
}
/**
* Get ACL for the API
*
* @access public
* @return AccessMap
*/
public function getApiProjectAccessMap()
{
$acl = new AccessMap();
$acl->setDefaultRole(Role::PROJECT_VIEWER);
$acl->setRoleHierarchy(Role::PROJECT_MANAGER, array(Role::PROJECT_MEMBER, Role::PROJECT_VIEWER));
$acl->setRoleHierarchy(Role::PROJECT_MEMBER, array(Role::PROJECT_VIEWER));
$acl->add('ActionProcedure', array('removeAction', 'getActions', 'createAction'), Role::PROJECT_MANAGER);
$acl->add('CategoryProcedure', '*', Role::PROJECT_MANAGER);
$acl->add('ColumnProcedure', '*', Role::PROJECT_MANAGER);
$acl->add('CommentProcedure', array('removeComment', 'createComment', 'updateComment'), Role::PROJECT_MEMBER);
$acl->add('ProjectPermissionProcedure', '*', Role::PROJECT_MANAGER);
$acl->add('ProjectProcedure', array('updateProject', 'removeProject', 'enableProject', 'disableProject', 'enableProjectPublicAccess', 'disableProjectPublicAccess'), Role::PROJECT_MANAGER);
$acl->add('SubtaskProcedure', '*', Role::PROJECT_MEMBER);
$acl->add('SubtaskTimeTrackingProcedure', '*', Role::PROJECT_MEMBER);
$acl->add('SwimlaneProcedure', '*', Role::PROJECT_MANAGER);
$acl->add('ProjectFileProcedure', '*', Role::PROJECT_MEMBER);
$acl->add('TaskFileProcedure', '*', Role::PROJECT_MEMBER);
$acl->add('TaskLinkProcedure', '*', Role::PROJECT_MEMBER);
$acl->add('TaskExternalLinkProcedure', array('createExternalTaskLink', 'updateExternalTaskLink', 'removeExternalTaskLink'), Role::PROJECT_MEMBER);
$acl->add('TaskProcedure', '*', Role::PROJECT_MEMBER);
return $acl;
}
/**
* Get ACL for the application
*
* @access public
* @return AccessMap
*/
public function getApplicationAccessMap()
{
$acl = new AccessMap();
$acl->setDefaultRole(Role::APP_USER);
$acl->setRoleHierarchy(Role::APP_ADMIN, array(Role::APP_MANAGER, Role::APP_USER, Role::APP_PUBLIC));
$acl->setRoleHierarchy(Role::APP_MANAGER, array(Role::APP_USER, Role::APP_PUBLIC));
$acl->setRoleHierarchy(Role::APP_USER, array(Role::APP_PUBLIC));
$acl->add('Auth', array('login', 'check'), Role::APP_PUBLIC);
$acl->add('Captcha', '*', Role::APP_PUBLIC);
$acl->add('PasswordReset', '*', Role::APP_PUBLIC);
$acl->add('Webhook', '*', Role::APP_PUBLIC);
$acl->add('Task', 'readonly', Role::APP_PUBLIC);
$acl->add('Board', 'readonly', Role::APP_PUBLIC);
$acl->add('Ical', '*', Role::APP_PUBLIC);
$acl->add('Feed', '*', Role::APP_PUBLIC);
$acl->add('AvatarFile', 'show', Role::APP_PUBLIC);
$acl->add('Config', '*', Role::APP_ADMIN);
$acl->add('PluginController', '*', Role::APP_ADMIN);
$acl->add('Currency', '*', Role::APP_ADMIN);
$acl->add('Gantt', array('projects', 'saveProjectDate'), Role::APP_MANAGER);
$acl->add('GroupListController', '*', Role::APP_ADMIN);
$acl->add('GroupCreationController', '*', Role::APP_ADMIN);
$acl->add('GroupModificationController', '*', Role::APP_ADMIN);
$acl->add('Link', '*', Role::APP_ADMIN);
$acl->add('ProjectCreation', 'create', Role::APP_MANAGER);
$acl->add('Projectuser', '*', Role::APP_MANAGER);
$acl->add('Twofactor', 'disable', Role::APP_ADMIN);
$acl->add('UserImportController', '*', Role::APP_ADMIN);
$acl->add('UserCreationController', '*', Role::APP_ADMIN);
$acl->add('UserListController', '*', Role::APP_ADMIN);
$acl->add('UserStatusController', '*', Role::APP_ADMIN);
$acl->add('UserCredentialController', array('changeAuthentication', 'saveAuthentication'), Role::APP_ADMIN);
return $acl;
}