Exemplo n.º 1
0
 /**
  * Confirm that deleting a role after allowing access to all roles
  * raise undefined index error
  *
  * @group ZF-5700
  */
 public function testRemovingRoleAfterItWasAllowedAccessToAllResourcesGivesError()
 {
     $acl = new Acl\Acl();
     $acl->addRole(new Role\GenericRole('test0'));
     $acl->addRole(new Role\GenericRole('test1'));
     $acl->addRole(new Role\GenericRole('test2'));
     $acl->addResource(new Resource\GenericResource('Test'));
     $acl->allow(null, 'Test', 'xxx');
     // error test
     $acl->removeRole('test0');
     // Check after fix
     $this->assertFalse($acl->hasRole('test0'));
 }
Exemplo n.º 2
0
    /**
     * Check if the ACL allows accessing the function or method
     *
     * @param string|object $object Object or class being accessed
     * @param string $function Function or method being accessed
     * @return unknown_type
     * @throws Exception\RuntimeException
     */
    protected function _checkAcl($object, $function)
    {
        if(!$this->_acl) {
            return true;
        }
        if($object) {
            $isObject = is_object($object);
            $class    = ($isObject) ? get_class($object) : $object;
            if(!$this->_acl->hasResource($class)) {
                $this->_acl->addResource(new \Zend\Acl\Resource\GenericResource($class));
            }
            if (method_exists($object, 'initAcl')) {
                // if initAcl returns false, no ACL check
                if ($isObject && $object->initAcl($this->_acl)) {
                    return true;
                } elseif ($class::initAcl($this->_acl)) {
                    return true;
                }
            }
        } else {
            $class = null;
        }

        $auth = $this->getAuthService();
        if($auth->hasIdentity()) {
            $role = $auth->getIdentity()->role;
        } else {
            if($this->_acl->hasRole(Constants::GUEST_ROLE)) {
                $role = Constants::GUEST_ROLE;
            } else {
                throw new Exception\RuntimeException("Unauthenticated access not allowed");
            }
        }
        if($this->_acl->isAllowed($role, $class, $function)) {
            return true;
        } else {
            throw new Exception\RuntimeException("Access not allowed");
        }
    }