Exemplo n.º 1
0
 public function isValid()
 {
     $account = $this->authenticationService->getAccountEntity();
     if (!$account) {
         return false;
     }
     $permission = $this->resource . '.' . $this->permission;
     return $this->authorizationService->isGranted('account-' . $account->getId()->toString(), $permission);
 }
Exemplo n.º 2
0
 public function testCanMatchIdentityRoles()
 {
     $adminRole = new Role('admin');
     $adminRole->addPermission('delete');
     $rbac = new Rbac();
     $rbac->addRole($adminRole);
     $authorizationService = new RbacService($rbac, array('admin'));
     $this->assertTrue($authorizationService->matchIdentityRoles(array('admin')));
 }
Exemplo n.º 3
0
 public function __invoke($permission, $assert = null, AccountInterface $account = null)
 {
     if ($account === null) {
         $account = $this->authenticationService->getAccountEntity();
     }
     //$groups = $account->getGroups();
     //var_dump($groups->count());
     //exit;
     return $this->authorizationService->isGranted('account-' . $account->getId()->toString(), $permission, $assert);
 }
Exemplo n.º 4
0
 public function createService(ServiceLocatorInterface $serviceLocator)
 {
     /** @var AuthenticationService $authenticationService */
     $authenticationService = $serviceLocator->get('Zend\\Authentication\\AuthenticationService');
     /** @var AccountInterface $account */
     $account = $authenticationService->getAccountEntity();
     $rbac = new Rbac();
     if ($account) {
         $role = $this->createAccountRole($account);
         $rbac->addRole($role);
     }
     return $rbac;
 }
Exemplo n.º 5
0
 /**
  * Recupera as permissoes do banco de dados e as distribui no objeto \Zend\Permissions\Rbac\Rbac.
  * 
  * Role Based Access Controll
  * Metodo de controle de acesso que permite heranca de permissoes.
  * 
  * @param type $userRole
  */
 public function setupPermissions($userRole, $module)
 {
     // Primeiro role, referente diretamente ao cargo do usuario.
     $mainRole = new Role($userRole);
     // Permissoes para o cargo principal
     $permissionBoClass = Config::getZf2libConfig('permissionBusinessClass', $module);
     $permissionBO = new $permissionBoClass();
     $permissions = $permissionBO->getListByRole($userRole);
     foreach ($permissions as $allow) {
         $mainRole->addPermission($allow->module->getPkModule() . '.' . $allow->controller->getName() . '.' . $allow->permission->getFkAction());
     }
     $this->control = new Rbac();
     $this->control->addRole($mainRole);
 }
Exemplo n.º 6
0
 /**
  * 
  * @param mixed $permission
  * @return boolean
  */
 public function isGranted($permission)
 {
     if (!$this->identityRoles) {
         return false;
     }
     $isGranted = false;
     foreach ($this->identityRoles as $role) {
         if ($this->rbac->isGranted($role, $permission)) {
             $isGranted = true;
             break;
         }
     }
     return $isGranted;
 }
Exemplo n.º 7
0
 /**
  * Recursive function to add roles according to their parent role.
  *
  * @param Rbac $rbac
  * @param $roles
  * @param int $parentName
  * @return void
  */
 protected function recursiveRoles(Rbac $rbac, $roles, $parentName = 0)
 {
     if (!isset($roles[$parentName])) {
         return;
     }
     foreach ((array) $roles[$parentName] as $role) {
         if ($parentName) {
             $rbac->getRole($parentName)->addChild($role);
         } else {
             $rbac->addRole($role);
         }
         if (!empty($roles[$role])) {
             $this->recursiveroles($rbac, $roles, $role);
         }
     }
 }
Exemplo n.º 8
0
 public function assert(Rbac $rbac)
 {
     $return = false;
     $role = $rbac->getRole('PermissionXML');
     $accessResult = $role->doc->query($this->accessQuery);
     if ($accessResult->length > 0) {
         $limitationQuery = trim($accessResult->item(0)->nodeValue);
         if ($limitationQuery) {
             if ($this->contextDoc instanceof \BaseXMS\Stdlib\DOMDocument) {
                 $return = $this->contextDoc->query($limitationQuery)->length > 0;
             }
         } else {
             $return = true;
         }
     }
     return $return;
 }
Exemplo n.º 9
0
 /**
  * @tesdox Test adding custom child roles works
  */
 public function testAddCustomChildRole()
 {
     $role = $this->getMockForAbstractClass('Zend\\Permissions\\Rbac\\RoleInterface');
     $this->rbac->setCreateMissingRoles(true)->addRole($role, array('parent'));
     $role->expects($this->any())->method('getName')->will($this->returnValue('customchild'));
     $role->expects($this->once())->method('hasPermission')->with('test')->will($this->returnValue(true));
     $this->assertTrue($this->rbac->isGranted('parent', 'test'));
 }
Exemplo n.º 10
0
 public function testAddRoleWithAutomaticParentsUsingRbac()
 {
     $foo = new Rbac\Role('foo');
     $bar = new Rbac\Role('bar');
     $this->rbac->setCreateMissingRoles(true);
     $this->rbac->addRole($bar, $foo);
     $this->assertEquals($bar->getParent(), $foo);
     $this->assertEquals(1, count($foo->getChildren()));
 }
Exemplo n.º 11
0
 /**
  * 
  * @param ServiceLocatorInterface $serviceLocator
  * @return Rbac
  */
 public function createService(ServiceLocatorInterface $serviceLocator)
 {
     /* @var $moduleOptions ModuleOptions */
     $moduleOptions = $serviceLocator->get('UghAuthorization\\Options\\ModuleOptions');
     /* @var $pluginManager RoleProviderPluginManager */
     $pluginManager = $serviceLocator->get('UghAuthorization\\Permissions\\Rbac\\RoleProviderPluginManager');
     $roleProviderConfig = $moduleOptions->getRoleProvider();
     /* @var $roleProvider RoleProvider */
     $roleProvider = $pluginManager->get(key($roleProviderConfig), current($roleProviderConfig));
     /* @var $identityProvider IdentityProvider */
     $identityProvider = $serviceLocator->get($moduleOptions->getIdentityProvider());
     $identity = $identityProvider->getIdentity();
     $roles = $roleProvider->getRoles($identity->getRoles());
     $rbac = new Rbac();
     foreach ($roles as $role) {
         $rbac->addRole($role);
     }
     return $rbac;
 }
Exemplo n.º 12
0
 /**
  * Load the requested resources into RBAC.
  *
  * @param Rbac $rbac
  * @param string $role
  * @param string|null $permission
  * @return \Doctrine\DBAL\Query\QueryBuilder
  */
 protected function load($rbac, $role, $permission = null)
 {
     $options = $this->options;
     $builder = new QueryBuilder($this->connection);
     // Role always present
     $builder->select('node.name')->from($options->getRoleTable(), 'node')->from($options->getRoleTable(), 'parent')->where('node.lft BETWEEN parent.lft AND parent.rgt')->andWhere('parent.name = :role')->orderBy('node.lft');
     $builder->setParameter('role', $role);
     // Permission optional
     if ($permission) {
         $builder->addSelect('permission.name AS permission')->leftJoin('node', 'role_permission', 'rp', 'node.id = rp.role_id')->leftJoin('node', 'permission', 'permission', 'rp.permission_id = permission.id')->andWhere('(permission.name = :permission OR permission.name IS NULL)');
         $builder->setParameter('permission', $permission);
     }
     $parent = null;
     foreach ($builder->execute() as $row) {
         if ($parent) {
             if (!$rbac->hasRole($row['name'])) {
                 $rbac->getRole($parent)->addChild($row['name']);
             }
         } elseif (!$rbac->hasRole($row['name'])) {
             $rbac->addRole($row['name']);
         }
         if ($permission) {
             if ($row['permission']) {
                 $rbac->getRole($row['name'])->addPermission($row['permission']);
             }
         }
         $parent = $row['name'];
     }
     return $builder;
 }
<?php

require __DIR__ . '/../vendor/autoload.php';
use FUnit as fu;
use Zend\Permissions\Rbac\Rbac;
use Knlv\Zf2\Permissions\Rbac\Assertion\Callback as RbacCallback;
fu::setup(function () {
    $rbac = new Rbac();
    $rbac->addRole('member');
    $rbac->addRole('guest', 'member');
    $rbac->getRole('guest')->addPermission('read');
    $rbac->getRole('member')->addPermission('write');
    fu::fixture('rbac', $rbac);
});
fu::test('Test rbac callback assertion', function () {
    $rbac = fu::fixture('rbac');
    $test = $rbac->isGranted('guest', 'read') && $rbac->isGranted('member', 'read') && !$rbac->isGranted('guest', 'write') && $rbac->isGranted('member', 'write');
    fu::ok($test, 'Test rbac without assertions');
    $assertTrue = new RbacCallback(function () {
        return true;
    });
    $assertFalse = new RbacCallback(function () {
        return false;
    });
    fu::not_ok($rbac->isGranted('member', 'read', $assertFalse), 'Assert permission not granted when callback returns false');
    fu::ok($rbac->isGranted('member', 'write', $assertTrue), 'Assert permission granted when callback returns true');
});