This method describes all available resources
| public static getAll ( $raw = false ) : ArrayObject | ||
| return | ArrayObject | Returns array looks like [ resource_id => [name, description, resourceGroup, [[permission_id => description)][, ModeInterface]] ] Third value of array is optional and determines unique permissions for specified resource which can be allowed or forbidden separately. Forth value of the array is optional Resource Mode. |
/**
* Verifies that Full access role is defined properly.
*
* All existing resources must be defined and allowed for this role.
* All existing resource unique permissions must be defined and allowed for this role.
*
* @test
* @dataProvider providerPredefinedRoles
*/
public function testPredefinedRoles($roleId, $allowed)
{
if (\Scalr::config('scalr.phpunit.skip_functional_tests')) {
$this->markTestSkipped();
}
$acl = \Scalr::getContainer()->acl;
$role = $acl->getRole($roleId);
$this->assertInstanceOf('Scalr\\Acl\\Role\\RoleObject', $role);
$this->assertNotEmpty($role->getName(), 'Role name must be defined');
$this->assertEquals($roleId, $role->getRoleId());
$roleResources = $role->getResources();
$this->assertInstanceOf('ArrayObject', $roleResources);
/* @var $resourceDefinition Resource\ResourceObject */
foreach (Resource\Definition::getAll() as $resourceId => $resourceDefinition) {
// Absence of the record is considered as forbidden
if (!$allowed && !isset($roleResources[$resourceId])) {
continue;
}
$this->assertTrue(isset($roleResources[$resourceId]), sprintf('All resources must be defined for the %s role. ' . 'You should add records to the acl_role_resources table with role_id(%d)', $role->getName(), self::ROLE_FULL_ACCESS));
/* @var $resource Role\RoleResourceObject */
$resource = $roleResources[$resourceId];
$this->assertTrue($resource->isGranted() == $allowed, sprintf('%s resource must be %s for the %s role', $resourceDefinition->getName(), $allowed ? 'allowed' : 'forbidden', $role->getName()));
$permissions = $resource->getPermissions();
$this->assertInstanceOf('ArrayObject', $permissions);
foreach ($resourceDefinition->getPermissions() as $permissionId => $description) {
// Absence of the record is considered as forbidden
if (!$allowed && !isset($permissions[$permissionId])) {
continue;
}
$this->assertTrue(isset($permissions[$permissionId]), sprintf('Permission [%s - %s] must be defined for the %s role. ' . 'You should add record to the acl_role_resource_permission table with ' . 'key (role_id[%d], resource_id[0x%x], perm_id[%s]).', $resourceDefinition->getName(), $permissionId, $role->getName(), $role->getRoleId(), $resource->getResourceId(), $permissionId));
/* @var $permission Role\RoleResourcePermissionObject */
$permission = $permissions[$permissionId];
$this->assertInstanceOf('Scalr\\Acl\\Role\\RoleResourcePermissionObject', $permission);
$this->assertTrue($permission->isGranted() == $allowed, sprintf('Permission [%s - %s] must be %s for the %s role.', $resourceDefinition->getName(), $permissionId, $allowed ? 'allowed' : 'forbidden', $role->getName()));
}
}
}
/**
* Gets missing records for predefined global ACL roles: Full Access and Everything forbidden.
*
* @return string Returns sql script output that adds missing records
*/
public function getMissingRecords()
{
$output = array();
foreach (array(array(self::ROLE_ID_FULL_ACCESS, true), array(self::ROLE_ID_EVERYTHING_FORBIDDEN, false)) as $v) {
$roleId = $v[0];
$allowed = $v[1];
$role = $this->getRole($roleId);
$roleResources = $role->getResources();
foreach (Resource\Definition::getAll() as $resourceId => $resourceDefinition) {
// Absence of the record is considered as forbidden
if (!$allowed && !isset($roleResources[$resourceId])) {
continue;
}
if (!isset($roleResources[$resourceId])) {
$output .= sprintf("INSERT `acl_role_resources` " . "SET `role_id` = %d, `resource_id` = 0x%x, `granted` = %d;\n", $roleId, $resourceId, (int) $allowed);
$roleResources[$resourceId] = new Role\RoleResourceObject($roleId, $resourceId, $allowed);
}
$resource = $roleResources[$resourceId];
if ($resource->isGranted() != $allowed) {
$output .= sprintf("UPDATE `acl_role_resources` " . "SET `granted` = %d; WHERE `role_id` = %d AND `resource_id` = 0x%x;\n", (int) $allowed, $roleId, $resourceId);
}
$permissions = $resource->getPermissions();
foreach ($resourceDefinition->getPermissions() as $permissionId => $description) {
// Absence of the record is considered as forbidden
if (!$allowed && !isset($permissions[$permissionId])) {
continue;
}
if (!isset($permissions[$permissionId])) {
$output .= sprintf("INSERT `acl_role_resource_permissions` " . "SET `role_id` = %d, `resource_id` = 0x%x, `perm_id` = '%s', `granted` = %d;\n", $roleId, $resourceId, $permissionId, (int) $allowed);
$permissions[$permissionId] = new Role\RoleResourcePermissionObject($roleId, $resourceId, $permissionId, $allowed);
}
$permission = $permissions[$permissionId];
if ($permission->isGranted() != $allowed) {
$output .= sprintf("UPDATE `acl_role_resource_permissions` SET `granted` = %d; " . "WHERE `role_id` = %d AND `resource_id` = 0x%x AND `perm_id` = '%s';\n", (int) $allowed, $roleId, $resourceId, $permissionId);
}
}
unset($permissions);
}
unset($role);
unset($roleResources);
}
return $output;
}
/**
* Gets all resources
*
* Current exclude filters will be applied.
* This method will return all predefined resources with its names
*
* @return array Returns array looks like
* array(array(
* 'id' => resource_id,
* 'name' => resource_name,
* 'group' => associative_group,
* 'granted' => [1|0] is resource allowed,
* 'permissions' => array(
* permissionId => [1|0] is permission allowed
* ),
* ))
*/
public function getArray()
{
$groupOrder = Acl::getGroups();
$ret = array();
foreach (Resource\Definition::getAll() as $resource) {
/* @var $resource Resource\ResourceObject */
$rec = array('id' => $resource->getResourceId(), 'name' => $resource->getName(), 'group' => $resource->getGroup(), 'groupOrder' => isset($groupOrder[$resource->getGroup()]) ? $groupOrder[$resource->getGroup()] : 0, 'granted' => $this->isAllowed($resource->getResourceId()) ? 1 : 0);
$permissions = $resource->getPermissions();
if (!empty($permissions)) {
$rec['permissions'] = array();
foreach ($permissions as $permissionId => $description) {
$rec['permissions'][$permissionId] = $this->isAllowed($resource->getResourceId(), $permissionId) ? 1 : 0;
}
}
$ret[] = $rec;
}
return $ret;
}
/**
* Gets iterator of all predefined resources with unique permissions
*
* @return \ArrayIterator
*/
public function getIteratorResources()
{
return Resource\Definition::getAll()->getIterator();
}
/**
* @test
*/
public function testGetAll()
{
$definition = Definition::getAll();
$this->assertInstanceOf('ArrayObject', $definition);
$this->assertNotEmpty($definition);
}
