public function testMemory()
{
$acl = new \Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
$roles = array('Admin' => new \Phalcon\Acl\Role('Admin'), 'Users' => new \Phalcon\Acl\Role('Users'), 'Guests' => new \Phalcon\Acl\Role('Guests'));
$resources = array('welcome' => array('index', 'about'), 'account' => array('index'));
foreach ($roles as $role => $object) {
$acl->addRole($object);
}
foreach ($resources as $resource => $actions) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
/*
$this->assertFalse($acl->isAllowed('Admin', 'welcome', 'index'));
$this->assertFalse($acl->isAllowed('Admin', 'welcome', 'about'));
$acl->allow('Admin', 'welcome', '*');
$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'index'));
$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'about'));
$this->assertFalse($acl->isAllowed('Admin', 'account', 'index'));
$this->assertFalse($acl->isAllowed('Admin', 'account', 'about'));
$acl->allow('Admin', '*', '*');
$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'index'));
$this->assertTrue($acl->isAllowed('Admin', 'welcome', 'about'));
$this->assertTrue($acl->isAllowed('Admin', 'account', 'index'));
$this->assertTrue($acl->isAllowed('Admin', 'account', 'about'));
$acl->deny('Admin', '*', '*');
foreach ($roles as $role => $object) {
$this->assertFalse($acl->isAllowed($role, 'welcome', 'about'));
}
*/
$acl->allow("*", "welcome", "index");
foreach ($roles as $role => $object) {
$this->assertTrue($acl->isAllowed($role, 'welcome', 'index'));
}
$acl->deny("*", "welcome", "index");
foreach ($roles as $role => $object) {
$this->assertFalse($acl->isAllowed($role, 'welcome', 'index'));
}
/*
$acl->allow('Admin', '*', 'index');
foreach ($resources as $resource => $actions) {
$this->assertTrue($acl->isAllowed('admin', $resource, 'index'));
}
$acl->allow('*', '*', 'index');
$acl->allow('*', '*', '*');
*/
}
public function getAcl()
{
if (!isset($this->persistent->acl)) {
/* update values here */
$acl = new \Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Acl::DENY);
$roles = array("GUEST" => new Acl\Role("GUEST"), "USER" => new Acl\Role("USER"), "COORDINATOR" => new Acl\Role("COORDINATOR"), "ADMIN" => new Acl\Role("ADMIN"));
foreach ($roles as $key => $role) {
switch ($key) {
case "GUEST":
$acl->addRole($role);
break;
case "USER":
$acl->addRole($role, $roles['GUEST']);
break;
case "COORDINATOR":
$acl->addRole($role, $roles['USER']);
break;
case "ADMIN":
$acl->addRole($role, $roles['COORDINATOR']);
break;
}
}
//Resources of admin (cms)
$adminResources = array("config" => array('index', "saveorder"), "tags" => array("delete"), "user" => array("deleteuser", "newuser", "index", "saveuser", "edit", "inactive"), "sections" => array("index", "home", "feedpost", "updatesection", "orderpostsections"), "category" => array("index", "new", "edit", "delete", "validatecategory"));
foreach ($adminResources as $resource => $actions) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
$coordinatorResources = array("index" => array("index"), "course" => array("index", "new", "delete", "validateurl", "uploadimage", "save", "edit", "inactive", "update"), "instructor" => array("index", "new", "delete", "uploadfile", "save", "edit", "inactive", "update", "view"));
foreach ($coordinatorResources as $resource => $actions) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
$userResources = array("index" => array("index"), "user" => array('index', "profile", "updateuser", "updatepassword", "updateuserimage", "uploadimage", "socialmedia", "validateemail", "validateusername", "editnote"));
foreach ($userResources as $resource => $actions) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
$publicResources = array("login" => array('index', "logout", "session"));
foreach ($publicResources as $resource => $actions) {
$acl->addResource(new \Phalcon\Acl\Resource($resource), $actions);
}
foreach ($publicResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow("GUEST", $resource, $action);
}
}
foreach ($userResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow("USER", $resource, $action);
$acl->allow("COORDINATOR", $resource, $action);
$acl->allow("ADMIN", $resource, $action);
$acl->deny("USER", "login", "index");
}
}
foreach ($coordinatorResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow("COORDINATOR", $resource, $action);
$acl->allow("ADMIN", $resource, $action);
$acl->deny("COORDINATOR", "login", "index");
}
}
//Grant acess to adminResources area to role ADMIN
foreach ($adminResources as $resource => $actions) {
foreach ($actions as $action) {
$acl->allow("ADMIN", $resource, $action);
}
}
//The acl is stored in session, APC would be useful here too
$this->persistent->acl = $acl;
}
return $this->persistent->acl;
}
return new FunctionPlugin();
});
$di->setShared('totp', function () {
$totp = new Rych\OTP\TOTP(Rych\OTP\Seed::generate(32));
return $totp;
});
$di['oauth'] = function () {
$oauth = new Cucu\Phalcon\Oauth2\Plugin\OauthPlugin();
$oauth->initAuthorizationServer();
$oauth->initResourceServer();
$oauth->enableAllGrants();
return $oauth;
};
$di['acl'] = function () {
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(Phalcon\Acl::DENY);
// Create some roles
//$roleAdmins = new Phalcon\Acl\Role("Administrators", "Super-User role");
$roleGuests = new Phalcon\Acl\Role("Guests");
// Add "Guests" role to ACL
$acl->addRole($roleGuests);
// Define the "NiuUsrInfo" resource
$customersResource = new Phalcon\Acl\Resource("NiuUsrInfo");
// Add "NiuUsrInfo" resource with a couple of operations
$acl->addResource($customersResource, array("search", "update", "create"));
// Set access level for roles into resources
$acl->allow("Guests", "NiuUsrInfo", "search");
$acl->deny("Guests", "NiuUsrInfo", "create");
$acl->allow("Guests", "NiuUsrInfo", "update");
return $acl;
};
<?php
$acl = new Phalcon\Acl\Adapter\Memory();
//Default action is deny access
$acl->setDefaultAction(Phalcon\Acl::DENY);
//Create some roles
$roleAdmins = new Phalcon\Acl\Role('Administrators', 'Super-User role');
$roleGuests = new Phalcon\Acl\Role('Guests');
//Add "Guests" role to acl
$acl->addRole($roleGuests);
//Add "Designers" role to acl
$acl->addRole('Designers');
//Define the "Customers" resource
$customersResource = new Phalcon\Acl\Resource('Customers', 'Customers management');
//Add "customers" resource with a couple of operations
$acl->addResource($customersResource, 'search');
$acl->addResource($customersResource, array('create', 'update'));
//Set access level for roles into resources
$acl->allow('Guests', 'Customers', 'search');
$acl->allow('Guests', 'Customers', 'create');
$acl->deny('Guests', 'Customers', 'update');
//Check whether role has access to the operations
$acl->isAllowed('Guests', 'Customers', 'edit');
//Returns 0
$acl->isAllowed('Guests', 'Customers', 'search');
//Returns 1
$acl->isAllowed('Guests', 'Customers', 'create');
//Returns 1
public function testDeepInherit()
{
/**
* Set deep inheritance rules and check them
*/
$acl = new \Phalcon\Acl\Adapter\Memory();
$acl->setDefaultAction(\Phalcon\Acl::DENY);
$roleUser = new \Phalcon\Acl\Role("User", "Basic access");
$acl->addRole($roleUser);
$roleManager = new \Phalcon\Acl\Role("Manager", "Extended access");
$acl->addRole($roleManager, $roleUser);
$roleAdmin = new \Phalcon\Acl\Role("Administrator", "Super-User role");
$acl->addRole($roleAdmin, $roleManager);
$acl->addResource(new \Phalcon\Acl\Resource('Resource'), ['index', 'edit', 'delete', 'add']);
$acl->allow('User', 'Resource', 'index');
$acl->allow('Manager', 'Resource', 'edit');
$acl->allow('Manager', 'Resource', 'add');
$acl->allow('Administrator', 'Resource', 'delete');
/**
* Administrator should have access to index inherited from User
*/
$this->assertTrue($acl->isAllowed('Administrator', 'Resource', 'index'));
/**
* And Administrator should inherit access from Manager
*/
$this->assertTrue($acl->isAllowed('Administrator', 'Resource', 'edit'));
/**
* Disallow parent role resource and check if child also not have access
*/
$acl->deny('User', 'Resource', 'index');
$this->assertFalse($acl->isAllowed('Administrator', 'Resource', 'index'));
/**
* Check wildcards
*/
$acl->addResource(new \Phalcon\Acl\Resource('Resource2'), ['index', 'edit', 'delete', 'add']);
$acl->allow('User', 'Resource2', '*');
$this->assertTrue($acl->isAllowed('Administrator', 'Resource2', 'delete'));
}
/**
* Memory::dropResourceAccess test
*/
public function testMemoryDropResourceAccess()
{
$acl = new Phalcon\Acl\Adapter\Memory();
$acl->addResource('Resource');
$acl->addResourceAccess('Resource', array('index', 'show'));
$acl->addResourceAccess('Resource', 'edit');
$acl->addRole('Role');
$acl->deny('Role', 'Resource', 'index');
$acl->deny('Role', 'Resource', 'edit');
$this->assertEquals($acl->isAllowed('Role', 'Resource', 'edit'), Phalcon\Acl::DENY);
$exceptions = 0;
try {
$acl->dropResourceAccess('Resource', 'edit');
$acl->addRole('Role 2');
$acl->deny('Role 2', 'Resource', 'edit');
} catch (Phalcon\Acl\Exception $e) {
$exceptions++;
}
$acl->addResourceAccess('Resource', 'edit');
try {
$acl->dropResourceAccess('Resource', array('edit'));
$acl->addRole('Role 3');
$acl->deny('Role 3', 'Resource', 'edit');
} catch (Phalcon\Acl\Exception $e) {
$exceptions++;
}
$this->assertEquals($exceptions, 2);
}