/**
* Create auth adapter
*
* @param string $rolefile File containing XML with users and roles
*/
public function __construct($rolefile)
{
$this->acl = new Acl();
$xml = simplexml_load_file($rolefile);
/*
Roles file format:
<roles>
<role id=”admin”>
<user name=”user1” password=”pwd”/>
</role>
<role id=”hr”>
<user name=”user2” password=”pwd2”/>
</role>
</roles>
*/
foreach($xml->role as $role) {
$this->acl->addRole(new Role\GenericRole((string)$role["id"]));
foreach($role->user as $user) {
$this->users[(string)$user['name']] = array(
'password' => (string)$user['password'],
'role' => (string)$role['id']
);
}
}
}
protected function loadRule(ZendAcl $acl, array $rule, $type)
{
$privileges = null;
if (count($rule) == 3) {
//role/resource/privilege defined
list($roles, $resources, $privileges) = $rule;
} else {
if (count($rule) == 2) {
//role/resource defined
list($roles, $resources) = $rule;
} else {
throw new InvalidArgumentException("What is this rule definition about? " . print_r($rule, true));
}
}
if ($type == 'allow') {
$acl->allow($roles, $resources, $privileges);
} else {
$acl->deny($roles, $resources, $privileges);
}
}
public function testAclFiltersAwayPagesFromContainerSearch()
{
$acl = new Acl\Acl();
$acl->addRole(new Role\GenericRole('member'));
$acl->addRole(new Role\GenericRole('admin'));
$acl->addResource(new Resource\GenericResource('protected'));
$acl->allow('admin', 'protected');
$this->_helper->setAcl($acl);
$this->_helper->setRole($acl->getRole('member'));
$oldContainer = $this->_helper->getContainer();
$container = $this->_helper->getContainer();
$iterator = new \RecursiveIteratorIterator(
$container,
\RecursiveIteratorIterator::SELF_FIRST);
foreach ($iterator as $page) {
$page->resource = 'protected';
}
$this->_helper->setContainer($container);
$active = $this->_helper->findOneByLabel('Home');
$search = array(
'start' => 'Page 1',
'next' => 'Page 1',
'prev' => 'Page 1.1',
'chapter' => 'Home',
'section' => 'Page 1',
'subsection' => 'Page 2.2'
);
$expected = array();
$actual = array();
foreach ($search as $type => $active) {
$expected[$type] = false;
$active = $this->_helper->findOneByLabel($active);
$found = $this->_helper->findRelation($active, 'rel', $type);
if (null === $found) {
$actual[$type] = false;
} elseif (is_array($found)) {
$actual[$type] = 'array(' . count($found) . ')';
} else {
$actual[$type] = $found->getLabel();
}
}
$this->assertEquals($expected, $actual);
}
/**
* @group ZF-7973
*/
public function testAclPassesPrivilegeToAssertClass()
{
$assertion = new TestAsset\AssertionZF7973();
$acl = new Acl\Acl();
$acl->addRole('role');
$acl->addResource('resource');
$acl->allow('role', null, null, $assertion);
$allowed = $acl->isAllowed('role', 'resource', 'privilege', $assertion);
$this->assertTrue($allowed);
}
/**
* Check if the ACL allows accessing the function or method
*
* @param string|object $object Object or class being accessed
* @param string $function Function or method being accessed
* @return unknown_type
* @throws Exception\RuntimeException
*/
protected function _checkAcl($object, $function)
{
if(!$this->_acl) {
return true;
}
if($object) {
$isObject = is_object($object);
$class = ($isObject) ? get_class($object) : $object;
if(!$this->_acl->hasResource($class)) {
$this->_acl->addResource(new \Zend\Acl\Resource\GenericResource($class));
}
if (method_exists($object, 'initAcl')) {
// if initAcl returns false, no ACL check
if ($isObject && $object->initAcl($this->_acl)) {
return true;
} elseif ($class::initAcl($this->_acl)) {
return true;
}
}
} else {
$class = null;
}
$auth = $this->getAuthService();
if($auth->hasIdentity()) {
$role = $auth->getIdentity()->role;
} else {
if($this->_acl->hasRole(Constants::GUEST_ROLE)) {
$role = Constants::GUEST_ROLE;
} else {
throw new Exception\RuntimeException("Unauthenticated access not allowed");
}
}
if($this->_acl->isAllowed($role, $class, $function)) {
return true;
} else {
throw new Exception\RuntimeException("Access not allowed");
}
}
/**
* Sets up ACL
*
* @return Acl
*/
protected function _getAcl()
{
$acl = new Acl();
$acl->addRole(new GenericRole('guest'));
$acl->addRole(new GenericRole('member'), 'guest');
$acl->addRole(new GenericRole('admin'), 'member');
$acl->addRole(new GenericRole('special'), 'member');
$acl->addResource(new GenericResource('guest_foo'));
$acl->addResource(new GenericResource('member_foo'), 'guest_foo');
$acl->addResource(new GenericResource('admin_foo', 'member_foo'));
$acl->addResource(new GenericResource('special_foo'), 'member_foo');
$acl->allow('guest', 'guest_foo');
$acl->allow('member', 'member_foo');
$acl->allow('admin', 'admin_foo');
$acl->allow('special', 'special_foo');
$acl->allow('special', 'admin_foo', 'read');
return array('acl' => $acl, 'role' => 'special');
}
function initAcl(ZendAcl $acl)
{
$acl->allow("testrole", null, "hello");
$acl->allow("testrole2", null, "hello2");
return true;
}
