/**
* @dataProvider grantedProvider
*/
public function testGranted($role, $permission, $context, $isGranted, $assertions = [])
{
$roleConfig = ['admin' => ['children' => ['member'], 'permissions' => ['delete']], 'member' => ['children' => ['guest'], 'permissions' => ['write']], 'guest' => ['permissions' => ['read']]];
$assertionPluginConfig = ['invokables' => ['ZfcRbacTest\\Asset\\SimpleAssertion' => 'ZfcRbacTest\\Asset\\SimpleAssertion']];
$identity = $this->getMock('ZfcRbac\\Identity\\IdentityInterface');
$identity->expects($this->once())->method('getRoles')->will($this->returnValue((array) $role));
$identityProvider = $this->getMock('ZfcRbac\\Identity\\IdentityProviderInterface');
$identityProvider->expects($this->any())->method('getIdentity')->will($this->returnValue($identity));
$rbac = new Rbac(new RecursiveRoleIteratorStrategy());
$roleService = new RoleService($identityProvider, new InMemoryRoleProvider($roleConfig), $rbac->getTraversalStrategy());
$assertionPluginManager = new AssertionPluginManager(new ServiceManager(), $assertionPluginConfig);
$authorizationService = new AuthorizationService($rbac, $roleService, $assertionPluginManager);
$authorizationService->setAssertions($assertions);
$this->assertEquals($isGranted, $authorizationService->isGranted($permission, $context));
}
/**
* Check if the permission is granted to the current identity
*
* @param string|PermissionInterface $permission
* @param mixed $context
* @return bool
*/
public function isGranted($permission, $context = null)
{
$roles = $this->roleService->getIdentityRoles();
if (empty($roles)) {
return false;
}
if (!$this->rbac->isGranted($roles, $permission)) {
return false;
}
if ($this->hasAssertion($permission)) {
return $this->assert($this->assertions[(string) $permission], $context);
}
return true;
}
/**
* Check if the permission is granted to the current identity
*
* @param string|PermissionInterface $permission
* @param mixed $context
* @return bool
*/
public function isGranted($permission, $context = null)
{
$roles = $this->roleService->getIdentityRoles();
if (empty($roles)) {
return false;
}
if (!$this->rbac->isGranted($roles, $permission)) {
return false;
}
if (!$this->hasAssertion($permission)) {
return true;
}
// multiple assertions
if (is_array($this->assertions[(string) $permission])) {
$map = $this->assertions[(string) $permission];
if (empty($map['assertions'])) {
return true;
}
if (!is_array($map['assertions'])) {
// convert single assertion to array
$map['assertions'] = [$map['assertions']];
}
$condition = isset($map['condition']) ? $map['condition'] : AssertionInterface::CONDITION_AND;
if (AssertionInterface::CONDITION_AND === $condition) {
foreach ($map['assertions'] as $assertion) {
if (!$this->assert($assertion, $context)) {
return false;
}
}
return true;
}
if (AssertionInterface::CONDITION_OR === $condition) {
foreach ($map['assertions'] as $assertion) {
if ($this->assert($assertion, $context)) {
return true;
}
}
return false;
}
throw new Exception\InvalidArgumentException(sprintf('Condition must be either "AND" or "OR", %s given', is_object($condition) ? get_class($condition) : gettype($condition)));
} else {
// single assertion
return $this->assert($this->assertions[(string) $permission], $context);
}
}
/**
* @covers Rbac\Rbac::isGranted
*/
public function testReturnFalseIfNoHierarchicalRoleHasPermission()
{
$childRole = new Role('Bar');
$parentRole = new HierarchicalRole('Foo');
$parentRole->addChild($childRole);
$rbac = new Rbac();
$this->assertFalse($rbac->isGranted($parentRole, 'permission'));
}
public function testGetTraversalStrategy()
{
$customStrategy = $this->getMock('Rbac\\Traversal\\Strategy\\TraversalStrategyInterface');
$rbac = new Rbac($customStrategy);
$this->assertSame($customStrategy, $rbac->getTraversalStrategy());
}
