Пример #1
0
 public function testMemory()
 {
     $acl = new \Phalcon\Acl\Adapter\Memory();
     $acl->setDefaultAction(Phalcon\Acl::DENY);
     $roles = array('Admin' => new \Phalcon\Acl\Role('Admin'), 'Users' => new \Phalcon\Acl\Role('Users'), 'Guests' => new \Phalcon\Acl\Role('Guests'));
     $resources = array('welcome' => array('index', 'about'), 'account' => array('index'));
     foreach ($roles as $role => $object) {
         $acl->addRole($object);
     }
     foreach ($resources as $resource => $actions) {
         $acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
     }
     /*		
     		$this->assertFalse($acl->isAllowed('Admin', 'welcome', 'index'));
     		$this->assertFalse($acl->isAllowed('Admin', 'welcome', 'about'));
     
     		$acl->allow('Admin', 'welcome', '*');
     
     		$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'index'));
     		$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'about'));
     
     		$this->assertFalse($acl->isAllowed('Admin', 'account', 'index'));
     		$this->assertFalse($acl->isAllowed('Admin', 'account', 'about'));
     
     		$acl->allow('Admin', '*', '*');	
     
     		$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'index'));
     		$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'about'));
     
     		$this->assertTrue($acl->isAllowed('Admin', 'account', 'index'));
     		$this->assertTrue($acl->isAllowed('Admin', 'account', 'about'));
     
     		$acl->deny('Admin', '*', '*');	
     
     		foreach ($roles as $role => $object) {
     			$this->assertFalse($acl->isAllowed($role, 'welcome', 'about'));
     		}
     */
     $acl->allow("*", "welcome", "index");
     foreach ($roles as $role => $object) {
         $this->assertTrue($acl->isAllowed($role, 'welcome', 'index'));
     }
     $acl->deny("*", "welcome", "index");
     foreach ($roles as $role => $object) {
         $this->assertFalse($acl->isAllowed($role, 'welcome', 'index'));
     }
     /*		
     		$acl->allow('Admin', '*', 'index');
     
     		foreach ($resources as $resource => $actions) {
     			$this->assertTrue($acl->isAllowed('admin', $resource, 'index'));
     		}
     
     		$acl->allow('*', '*', 'index');
     
     		$acl->allow('*', '*', '*');
     */
 }
Пример #2
0
 public function getAcl()
 {
     if (!isset($this->persistent->acl)) {
         /* update values here */
         $acl = new \Phalcon\Acl\Adapter\Memory();
         $acl->setDefaultAction(Acl::DENY);
         $roles = array("GUEST" => new Acl\Role("GUEST"), "USER" => new Acl\Role("USER"), "COORDINATOR" => new Acl\Role("COORDINATOR"), "ADMIN" => new Acl\Role("ADMIN"));
         foreach ($roles as $key => $role) {
             switch ($key) {
                 case "GUEST":
                     $acl->addRole($role);
                     break;
                 case "USER":
                     $acl->addRole($role, $roles['GUEST']);
                     break;
                 case "COORDINATOR":
                     $acl->addRole($role, $roles['USER']);
                     break;
                 case "ADMIN":
                     $acl->addRole($role, $roles['COORDINATOR']);
                     break;
             }
         }
         //Resources of admin (cms)
         $adminResources = array("config" => array('index', "saveorder"), "tags" => array("delete"), "user" => array("deleteuser", "newuser", "index", "saveuser", "edit", "inactive"), "sections" => array("index", "home", "feedpost", "updatesection", "orderpostsections"), "category" => array("index", "new", "edit", "delete", "validatecategory"));
         foreach ($adminResources as $resource => $actions) {
             $acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
         }
         $coordinatorResources = array("index" => array("index"), "course" => array("index", "new", "delete", "validateurl", "uploadimage", "save", "edit", "inactive", "update"), "instructor" => array("index", "new", "delete", "uploadfile", "save", "edit", "inactive", "update", "view"));
         foreach ($coordinatorResources as $resource => $actions) {
             $acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
         }
         $userResources = array("index" => array("index"), "user" => array('index', "profile", "updateuser", "updatepassword", "updateuserimage", "uploadimage", "socialmedia", "validateemail", "validateusername", "editnote"));
         foreach ($userResources as $resource => $actions) {
             $acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
         }
         $publicResources = array("login" => array('index', "logout", "session"));
         foreach ($publicResources as $resource => $actions) {
             $acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
         }
         foreach ($publicResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow("GUEST", $resource, $action);
             }
         }
         foreach ($userResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow("USER", $resource, $action);
                 $acl->allow("COORDINATOR", $resource, $action);
                 $acl->allow("ADMIN", $resource, $action);
                 $acl->deny("USER", "login", "index");
             }
         }
         foreach ($coordinatorResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow("COORDINATOR", $resource, $action);
                 $acl->allow("ADMIN", $resource, $action);
                 $acl->deny("COORDINATOR", "login", "index");
             }
         }
         //Grant acess to adminResources area to role ADMIN
         foreach ($adminResources as $resource => $actions) {
             foreach ($actions as $action) {
                 $acl->allow("ADMIN", $resource, $action);
             }
         }
         //The acl is stored in session, APC would be useful here too
         $this->persistent->acl = $acl;
     }
     return $this->persistent->acl;
 }
    return new FunctionPlugin();
});
$di->setShared('totp', function () {
    $totp = new Rych\OTP\TOTP(Rych\OTP\Seed::generate(32));
    return $totp;
});
$di['oauth'] = function () {
    $oauth = new Cucu\Phalcon\Oauth2\Plugin\OauthPlugin();
    $oauth->initAuthorizationServer();
    $oauth->initResourceServer();
    $oauth->enableAllGrants();
    return $oauth;
};
$di['acl'] = function () {
    $acl = new Phalcon\Acl\Adapter\Memory();
    $acl->setDefaultAction(Phalcon\Acl::DENY);
    // Create some roles
    //$roleAdmins = new Phalcon\Acl\Role("Administrators", "Super-User role");
    $roleGuests = new Phalcon\Acl\Role("Guests");
    // Add "Guests" role to ACL
    $acl->addRole($roleGuests);
    // Define the "NiuUsrInfo" resource
    $customersResource = new Phalcon\Acl\Resource("NiuUsrInfo");
    // Add "NiuUsrInfo" resource with a couple of operations
    $acl->addResource($customersResource, array("search", "update", "create"));
    // Set access level for roles into resources
    $acl->allow("Guests", "NiuUsrInfo", "search");
    $acl->deny("Guests", "NiuUsrInfo", "create");
    $acl->allow("Guests", "NiuUsrInfo", "update");
    return $acl;
};
Пример #4
0
<?php

$acl = new Phalcon\Acl\Adapter\Memory();
//Default action is deny access
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Create some roles
$roleAdmins = new Phalcon\Acl\Role('Administrators', 'Super-User role');
$roleGuests = new Phalcon\Acl\Role('Guests');
//Add "Guests" role to acl
$acl->addRole($roleGuests);
//Add "Designers" role to acl
$acl->addRole('Designers');
//Define the "Customers" resource
$customersResource = new Phalcon\Acl\Resource('Customers', 'Customers management');
//Add "customers" resource with a couple of operations
$acl->addResource($customersResource, 'search');
$acl->addResource($customersResource, array('create', 'update'));
//Set access level for roles into resources
$acl->allow('Guests', 'Customers', 'search');
$acl->allow('Guests', 'Customers', 'create');
$acl->deny('Guests', 'Customers', 'update');
//Check whether role has access to the operations
$acl->isAllowed('Guests', 'Customers', 'edit');
//Returns 0
$acl->isAllowed('Guests', 'Customers', 'search');
//Returns 1
$acl->isAllowed('Guests', 'Customers', 'create');
//Returns 1
Пример #5
0
 public function testDeepInherit()
 {
     /**
      * Set deep inheritance rules and check them
      */
     $acl = new \Phalcon\Acl\Adapter\Memory();
     $acl->setDefaultAction(\Phalcon\Acl::DENY);
     $roleUser = new \Phalcon\Acl\Role("User", "Basic access");
     $acl->addRole($roleUser);
     $roleManager = new \Phalcon\Acl\Role("Manager", "Extended access");
     $acl->addRole($roleManager, $roleUser);
     $roleAdmin = new \Phalcon\Acl\Role("Administrator", "Super-User role");
     $acl->addRole($roleAdmin, $roleManager);
     $acl->addResource(new \Phalcon\Acl\Resource('Resource'), ['index', 'edit', 'delete', 'add']);
     $acl->allow('User', 'Resource', 'index');
     $acl->allow('Manager', 'Resource', 'edit');
     $acl->allow('Manager', 'Resource', 'add');
     $acl->allow('Administrator', 'Resource', 'delete');
     /**
      * Administrator should have access to index inherited from User
      */
     $this->assertTrue($acl->isAllowed('Administrator', 'Resource', 'index'));
     /**
      * And Administrator should inherit access from Manager
      */
     $this->assertTrue($acl->isAllowed('Administrator', 'Resource', 'edit'));
     /**
      * Disallow parent role resource and check if child also not have access
      */
     $acl->deny('User', 'Resource', 'index');
     $this->assertFalse($acl->isAllowed('Administrator', 'Resource', 'index'));
     /**
      * Check wildcards
      */
     $acl->addResource(new \Phalcon\Acl\Resource('Resource2'), ['index', 'edit', 'delete', 'add']);
     $acl->allow('User', 'Resource2', '*');
     $this->assertTrue($acl->isAllowed('Administrator', 'Resource2', 'delete'));
 }
Пример #6
0
 /**
  * Memory::dropResourceAccess test
  */
 public function testMemoryDropResourceAccess()
 {
     $acl = new Phalcon\Acl\Adapter\Memory();
     $acl->addResource('Resource');
     $acl->addResourceAccess('Resource', array('index', 'show'));
     $acl->addResourceAccess('Resource', 'edit');
     $acl->addRole('Role');
     $acl->deny('Role', 'Resource', 'index');
     $acl->deny('Role', 'Resource', 'edit');
     $this->assertEquals($acl->isAllowed('Role', 'Resource', 'edit'), Phalcon\Acl::DENY);
     $exceptions = 0;
     try {
         $acl->dropResourceAccess('Resource', 'edit');
         $acl->addRole('Role 2');
         $acl->deny('Role 2', 'Resource', 'edit');
     } catch (Phalcon\Acl\Exception $e) {
         $exceptions++;
     }
     $acl->addResourceAccess('Resource', 'edit');
     try {
         $acl->dropResourceAccess('Resource', array('edit'));
         $acl->addRole('Role 3');
         $acl->deny('Role 3', 'Resource', 'edit');
     } catch (Phalcon\Acl\Exception $e) {
         $exceptions++;
     }
     $this->assertEquals($exceptions, 2);
 }