/**
* @covers Rbac\Role\Role::getPermissions
*/
public function testRoleCanGetPermissions()
{
$role = new Role('php');
$role->addPermission('foo');
$role->addPermission('bar');
$expectedPermissions = ['foo' => 'foo', 'bar' => 'bar'];
$this->assertEquals($expectedPermissions, $role->getPermissions());
}
/**
* @covers Rbac\Role\Role::addPermission
*/
public function testRoleCanAddPermission()
{
$role = new Role('php');
$role->addPermission('debug');
$this->assertTrue($role->hasPermission('debug'));
$permission = $this->getMock('Rbac\\Permission\\PermissionInterface');
$permission->expects($this->once())->method('__toString')->will($this->returnValue('interface'));
$role->addPermission($permission);
$this->assertTrue($role->hasPermission('interface'));
}
/**
* {@inheritDoc}
*/
public function getRoles(array $roleNames)
{
$roles = [];
foreach ($roleNames as $roleName) {
// If no config, we create a simple role with no permission
if (!isset($this->rolesConfig[$roleName])) {
$roles[] = new Role($roleName);
continue;
}
$roleConfig = $this->rolesConfig[$roleName];
if (isset($roleConfig['children'])) {
$role = new HierarchicalRole($roleName);
$childRoles = (array) $roleConfig['children'];
foreach ($this->getRoles($childRoles) as $childRole) {
$role->addChild($childRole);
}
} else {
$role = new Role($roleName);
}
$permissions = isset($roleConfig['permissions']) ? $roleConfig['permissions'] : [];
foreach ($permissions as $permission) {
$role->addPermission($permission);
}
$roles[] = $role;
}
return $roles;
}
function setup_role_manager_mocks(Permission $permission, Role $role, RoleSet $role_set, RoleManager $role_manager)
{
$permission->permission_id = 1;
$permission->name = 'Permission Name';
$permission->description = 'A dummy permission';
$role->role_id = 1;
$role->name = 'members';
$role->description = 'A dummy role';
$role->hasPermission(Argument::type('RBAC\\Permission'))->willReturn(true);
$role->getPermissions()->willReturn(array($permission));
$role->addPermission(Argument::any())->willReturn(true);
$role_set->addRole(Argument::type('RBAC\\Role\\Role'))->willReturn(true);
$role_set->has_permission('Permission Name')->willReturn(true);
$role_manager->roleFetchByName('members')->willReturn($role);
$role_manager->roleFetch()->willReturn(array($role));
$role_manager->roleSave(Argument::any())->willReturn(true);
$role_manager->permissionFetch()->willReturn(array($permission));
//assigns a role set object to the UserAccount object
$role_manager->loadSubjectRoles(Argument::type('PolyAuth\\UserAccount'))->will(function ($args) use($role_set) {
$user = $args[0];
$user->loadRoleSet($role_set);
return $user;
});
//adds a role to the role set of the role object
$role_manager->roleAddSubject(Argument::cetera())->will(function ($args) {
$role = $args[0];
$user = $args[1];
$role_set = $user->getRoleSet();
$role_set->addRole($role);
$user->loadRoleSet($role_set);
return $user;
});
return ['role_manager' => $role_manager];
}
/**
* @covers Rbac\Rbac::isGranted
*/
public function testCanCheckHierarchicalRole()
{
$childRole = new Role('Bar');
$childRole->addPermission('permission');
$parentRole = new HierarchicalRole('Foo');
$parentRole->addChild($childRole);
$rbac = new Rbac();
$this->assertTrue($rbac->isGranted($parentRole, 'permission'));
}
public function getRoles(array $roleNames)
{
$identity = $this->authenticationService->getIdentity();
$authenticatedIdentity = [];
$keypart = 'guest';
if ($identity instanceof AuthenticatedIdentity) {
$authenticatedIdentity = $identity->getAuthenticationIdentity();
$keypart = $authenticatedIdentity['client_id'] . $authenticatedIdentity['access_token'];
}
$key = implode('_', array(implode('', $roleNames), $keypart));
if (isset($this->roleCache[$key])) {
return $this->roleCache[$key];
}
$roles = [];
foreach ($roleNames as $roleName) {
$roleEntity = $this->roleMapper->fetchEntity($roleName);
if (!$roleEntity) {
$roles[] = new Role($roleName);
continue;
}
$role = new Role($roleName);
$permissions = $roleEntity->getScopes();
if (!empty($permissions)) {
$permissions = explode(' ', $permissions);
} else {
$permissions = [];
}
$client_permissions = $permissions;
if (isset($authenticatedIdentity['client_data'])) {
if (isset($authenticatedIdentity['client_data']['scope']) && !empty($authenticatedIdentity['client_data']['scope'])) {
$client_permissions = explode(' ', $authenticatedIdentity['client_data']['scope']);
}
}
$token_permissions = $permissions;
if (isset($authenticatedIdentity['scope']) && !empty($authenticatedIdentity['scope'])) {
$token_permissions = explode(' ', $authenticatedIdentity['scope']);
}
$permissions = array_intersect($permissions, $client_permissions, $token_permissions);
foreach ($permissions as $permission) {
$role->addPermission($permission);
}
$roles[] = $role;
}
$this->roleCache[$key] = $roles;
return $roles;
}
/**
* Get role by role name
*
* @param $roleName
* @return RoleInterface
*/
protected function getRole($roleName)
{
if (isset($this->roles[$roleName])) {
return $this->roles[$roleName];
}
// If no config, we create a simple role with no permission
if (!isset($this->rolesConfig[$roleName])) {
$role = new Role($roleName);
$this->roles[$roleName] = $role;
return $role;
}
$roleConfig = $this->rolesConfig[$roleName];
if (isset($roleConfig['children'])) {
$role = new HierarchicalRole($roleName);
$childRoles = (array) $roleConfig['children'];
foreach ($childRoles as $childRole) {
$childRole = $this->getRole($childRole);
$role->addChild($childRole);
}
} else {
$role = new Role($roleName);
}
$permissions = isset($roleConfig['permissions']) ? $roleConfig['permissions'] : [];
foreach ($permissions as $permission) {
$role->addPermission($permission);
}
$this->roles[$roleName] = $role;
return $role;
}