public function testBuildCanAcceptXMLAsString()
 {
     $content = file_get_contents(__DIR__ . '/fixtures/test.xml');
     $this->object = new AclBuilder(new StringType($content), $this->acl);
     $this->assertTrue($this->object->build());
     $this->assertTrue($this->acl->hasRole('guest'));
     $this->assertTrue($this->acl->hasResource('logout'));
     $this->assertTrue($this->acl->isAllowed('guest', 'login'));
     $this->assertTrue($this->acl->isAllowed('user', null, 'GET'));
 }
Exemplo n.º 2
0
 /**
  *
  * @param string $name            
  * @param string $routename            
  * @return boolean
  */
 public function checkAutorisation($name, $routename)
 {
     $this->initAcl();
     $config = $this->getServiceLocator()->get('Config');
     $filePath = $config['auth']['filePath'];
     $reader = new Ini();
     try {
         $usersData = $reader->fromFile($filePath);
     } catch (\Exception $e) {
         error_log($e->getMessage());
         return false;
     }
     return is_array($usersData) && array_key_exists($name, $usersData) && $this->acl->hasResource($routename) && $this->acl->hasRole($usersData[$name]) && $this->acl->isAllowed($usersData[$name], $routename);
 }
Exemplo n.º 3
0
 /**
  * Create the service using the configuration from the modules config-file
  *
  * @param ServiceLocator $services The ServiceLocator
  *
  * @see \Zend\ServiceManager\FactoryInterface::createService()
  * @return Hybrid_Auth
  */
 public function createService(ServiceLocatorInterface $serviceLocator)
 {
     $config = $serviceLocator->get('config');
     $config = $config['acl'];
     if (!isset($config['roles']) || !isset($config['resources'])) {
         throw new \Exception('Invalid ACL Config found');
     }
     $roles = $config['roles'];
     if (!isset($roles[self::DEFAULT_ROLE])) {
         $roles[self::DEFAULT_ROLE] = '';
     }
     $this->admins = $config['admins'];
     if (!isset($this->admins)) {
         throw new \UnexpectedValueException('No admin-user set');
     }
     $acl = new Acl();
     foreach ($roles as $name => $parent) {
         if (!$acl->hasRole($name)) {
             if (empty($parent)) {
                 $parent = array();
             } else {
                 $parent = explode(',', $parent);
             }
             $acl->addRole(new Role($name), $parent);
         }
     }
     foreach ($config['resources'] as $permission => $controllers) {
         foreach ($controllers as $controller => $actions) {
             if ($controller == 'all') {
                 $controller = null;
             } else {
                 if (!$acl->hasResource($controller)) {
                     $acl->addResource(new Resource($controller));
                 }
             }
             foreach ($actions as $action => $role) {
                 if ($action == 'all') {
                     $action = null;
                 }
                 $assert = null;
                 if (is_array($role)) {
                     $assert = $serviceLocator->get($role['assert']);
                     $role = $role['role'];
                 }
                 $role = explode(',', $role);
                 foreach ($role as $roleItem) {
                     if ($permission == 'allow') {
                         $acl->allow($roleItem, $controller, $action, $assert);
                     } elseif ($permission == 'deny') {
                         $acl->deny($roleItem, $controller, $action, $assert);
                     } else {
                         continue;
                     }
                 }
             }
         }
     }
     return $acl;
 }
Exemplo n.º 4
0
 /**
  * buildAcl
  *
  * @return void
  */
 public function buildAcl()
 {
     $this->acl = new Acl();
     // roles
     $roles = $this->getRoles();
     foreach ($roles as $role) {
         if ($this->acl->hasRole($role)) {
             // @todo throw error?
             continue;
         }
         $this->acl->addRole($role, $role->getParent());
     }
 }
Exemplo n.º 5
0
 /**
  * @deprecated this method will be removed in BjyAuthorize 2.0.x
  *
  * @param \Zend\Permissions\Acl\Role\RoleInterface[] $roles
  */
 protected function addRoles($roles)
 {
     if (!is_array($roles) && !$roles instanceof \Traversable) {
         $roles = array($roles);
     }
     /* @var $role Role */
     foreach ($roles as $role) {
         if ($this->acl->hasRole($role)) {
             continue;
         }
         if ($role->getParent() !== null) {
             $this->addRoles(array($role->getParent()));
             $this->acl->addRole($role, $role->getParent());
         } elseif (!$this->acl->hasRole($role)) {
             $this->acl->addRole($role);
         }
     }
 }
Exemplo n.º 6
0
 protected function addRoleToAcl($role, array $roles, Acl $acl)
 {
     if (!$acl->hasRole($role)) {
         if (array_key_exists($role, $this->addedRoles)) {
             //cyclic parents fault handling
             $acl->addRole($role);
             //add role without its parents to escape cycle
         } else {
             $this->addedRoles[$role] = true;
             foreach ($roles[$role] as $parent) {
                 //add parent roles first
                 $this->addRoleToAcl($parent, $roles, $acl);
             }
             if (!$acl->hasRole($role)) {
                 //extra check because role could be added in previous cycle
                 $acl->addRole($role, $roles[$role]);
             }
         }
     }
 }
Exemplo n.º 7
0
 /**
  * @param  RoleInterface|string|number            $role
  * @param  ResourceInterface|string               $resource
  * @param  string                                 $privilege
  * @return bool
  */
 public function isAllowed($role = null, $resource = null, $privilege = null)
 {
     if (is_null($this->acl)) {
         $this->init();
     }
     if (!is_null($role) && !$role instanceof RoleInterface) {
         $roleEntity = $this->findRole($role);
     } else {
         $roleEntity = $role;
     }
     if (!$this->hasResource($resource)) {
         if ($this->moduleOptions->isPermissive()) {
             $resource = null;
         } else {
             return false;
         }
     }
     if ($this->acl->hasRole($roleEntity) || is_null($roleEntity)) {
         return $this->acl->isAllowed($roleEntity, $resource, $privilege);
     } else {
         return false;
     }
 }
Exemplo n.º 8
0
 /**
  * Confirm that deleting a role after allowing access to all roles
  * raise undefined index error
  *
  * @group ZF-5700
  */
 public function testRemovingRoleAfterItWasAllowedAccessToAllResourcesGivesError()
 {
     $acl = new Acl\Acl();
     $acl->addRole(new Role\GenericRole('test0'));
     $acl->addRole(new Role\GenericRole('test1'));
     $acl->addRole(new Role\GenericRole('test2'));
     $acl->addResource(new Resource\GenericResource('Test'));
     $acl->allow(null, 'Test', 'xxx');
     // error test
     $acl->removeRole('test0');
     // Check after fix
     $this->assertFalse($acl->hasRole('test0'));
 }
 public function testBuildItemWillAddRolesToAcl()
 {
     $this->assertFalse($this->acl->hasRole('guest'));
     $this->assertTrue($this->object->buildItem());
     $this->assertTrue($this->acl->hasRole('guest'));
 }
Exemplo n.º 10
0
 public function index06Action()
 {
     $aclObj = new Acl();
     $aclObj->addRole("member")->addRole("manager", "member")->addRole("admin", "manager");
     //add controller
     //module abc
     $aclObj->addResource("abc:news")->addResource("def:books");
     //it's mean Role member có thể truy cập vào action "info,index" trong controller news
     $aclObj->allow("member", "abc:news", array("info", "index"));
     $aclObj->allow("member", "def:books", array("info", "index", "edit", "add"));
     $role = "member";
     $resource = "def:books";
     $privileges = array("info", "index", "add", "edit", "delete");
     if ($aclObj->hasRole($role)) {
         foreach ($privileges as $privilege) {
             if ($aclObj->isAllowed($role, $resource, $privilege)) {
                 echo sprintf("<h3 style='color:red;font-weight:bold'>%s : Được quyền truy cập %s - %s</h3>", $role, $resource, $privilege);
             } else {
                 echo sprintf("<h3 style='color:red;font-weight:bold'>%s : Không được quyền truy cập %s - %s</h3>", $role, $resource, $privilege);
             }
         }
     }
     return false;
 }
Exemplo n.º 11
0
 public function initAcl(MvcEvent $e)
 {
     $application = $e->getApplication();
     $sm = $application->getServiceManager();
     $acl = new Acl();
     $roles = $sm->get("Application\\Model\\RolesBO");
     $recursos = $sm->get("Application\\Model\\RecursosBO");
     $rolesRecursos = $sm->get("Application\\Model\\RolesRecursosBO");
     $usuarios = $sm->get("Application\\Model\\UsuariosBO");
     // Se listan todos los recursos y se los agrega a la ACL
     foreach ($recursos->obtenerTodos() as $recurso) {
         if (!$acl->hasResource($recurso->getRecursosID())) {
             $genericResource = new GenericResource($recurso->getRecursosID());
             $acl->addResource($genericResource);
         }
     }
     // Se registra el rol en la ACL
     $sesion = new Container("CoreAppSesion");
     if (!$acl->hasRole($sesion->user_rol_id)) {
         $genericRole = new GenericRole($sesion->user_rol_id);
         $acl->addRole($genericRole);
     }
     $services = $application->getServiceManager();
     // obtenemos todos los recuersosque tiene la ACL
     foreach ($acl->getResources() as $resource) {
         // Obtenemos los recursos disponibles para el rol
         foreach ($rolesRecursos->obtenerRecursosPorRol($sesion->user_rol_id) as $recursoAsignado) {
             // Si el recurso asignado es el mismo recurso de la ACL lo permitimos
             if ($resource == $recursoAsignado->getAppRecursosID()) {
                 $acl->allow($genericRole, $acl->getResource($resource));
             }
         }
     }
     // Si el recurso no esta permitido lo denegamos
     foreach ($acl->getResources() as $resource) {
         if (!$acl->isAllowed($genericRole, $acl->getResource($resource))) {
             $acl->deny($genericRole, $acl->getResource($resource));
         }
     }
     $this->acl = $acl;
 }
Exemplo n.º 12
0
 /**
  * Check if the ACL allows accessing the function or method
  *
  * @param string|object $object Object or class being accessed
  * @param string $function Function or method being accessed
  * @return unknown_type
  * @throws Exception\RuntimeException
  */
 protected function _checkAcl($object, $function)
 {
     if (!$this->_acl) {
         return true;
     }
     if ($object) {
         $isObject = is_object($object);
         $class = $isObject ? get_class($object) : $object;
         if (!$this->_acl->hasResource($class)) {
             $this->_acl->addResource(new Acl\Resource\GenericResource($class));
         }
         if (method_exists($object, 'initAcl')) {
             // if initAcl returns false, no ACL check
             if ($isObject) {
                 if (!$object->initAcl($this->_acl)) {
                     return true;
                 }
             } elseif (!$class::initAcl($this->_acl)) {
                 return true;
             }
         }
     } else {
         $class = null;
     }
     $auth = $this->getAuthService();
     if ($auth->hasIdentity()) {
         $role = $auth->getIdentity()->role;
     } else {
         if ($this->_acl->hasRole(Constants::GUEST_ROLE)) {
             $role = Constants::GUEST_ROLE;
         } else {
             throw new Exception\RuntimeException("Unauthenticated access not allowed");
         }
     }
     if ($this->_acl->isAllowed($role, $class, $function)) {
         return true;
     } else {
         throw new Exception\RuntimeException("Access not allowed");
     }
 }