public function setUp() {
Access::config(array(
'test_rulebased' => array(
'adapter' => 'Rules'
)
));
}
public function testNoConfigurations()
{
Access::reset();
$this->assertIdentical(array(), Access::config());
$this->expectException("Configuration `test_no_config` has not been defined.");
Access::check('test_no_config', false, new Request());
}
public function setUp() {
Access::config(array(
'test_access' => array(
'adapter' => 'Simple'
)
));
}
public function testNoRolesConfigured() {
$request = new Request();
$config = Access::config('test_no_roles_configured');
$request->params = array('controller' => 'Tests', 'action' => 'granted');
$this->assertTrue(empty($config['roles']));
$this->expectException('No roles defined for adapter configuration.');
Access::check('test_no_roles_configured', array('guest' => null), $request);
}
<?php
/**
* li3_access configuration file
*/
use lithium\security\Auth;
use li3_access\security\Access;
/**
* Auth configurations
* Users authorized trough 'inactive' configuration gets message about inactive account!
*/
Auth::config(array('default' => array('adapter' => 'Form', 'scope' => array('active' => true), 'query' => 'firstWithGroup'), 'inactive' => array('adapter' => 'Form', 'scope' => array('active' => false))));
/**
* Access adapters configurations
* For details se `li3_access` documentation
*/
Access::config(array('acl' => array('adapter' => 'DbAcl'), 'rules' => array('adapter' => 'Rules')));
FlashMessage::write($action_access['message'], 'default');
if ($user) {
header('Location: ' . Router::match($action_access['redirect']));
} else {
header('Location: ' . Router::match(array('library' => 'li3b_users', 'controller' => 'users', 'action' => 'login')));
}
// None shall pass.
exit;
}
}
// Sets the current user in each request for convenience.
$params['request']->user = $user;
return $next;
// return $chain->next($self, $params, $chain);
});
Access::config(array('default' => array('adapter' => 'Rules', 'filters' => array())));
// Set some basic rules to be used from anywhere
// Allow access for users with a role of "administrator" or "content_editor"
Access::adapter('default')->add('allowManagers', function ($user, $request, $options) {
if ($user && ($user['role'] == 'administrator' || $user['role'] == 'content_editor')) {
return true;
}
return false;
});
// Restrict access to documents that have a published field marked as true
// (except for users with a role of "administrator" or "content_editor")
Access::adapter('default')->add('allowIfPublished', function ($user, $request, $options) {
if (isset($options['document']['published']) && $options['document']['published'] === true) {
return true;
}
if ($user && ($user['role'] == 'administrator' || $user['role'] == 'content_editor')) {
*
* Of course, alternatively, a 3rd party library could use Access in any way it
* needs and/or use a completely different system for access control.
*/
use \lithium\action\Dispatcher;
use \lithium\action\Response;
use li3_access\security\Access;
use \lithium\security\Auth;
Access::config(array(
'minerva_access' => array(
'adapter' => 'Rules',
// optional filters applied for each configuration
'filters' => array(
/*function($self, $params, $chain) {
// Any config can have filters that get applied
var_dump('filter on check, applied from Access::confg() in minerva_boostrap.php');
exit();
return $chain->next($self, $params, $chain);
}*/
)
)
));
// Set some rules to be used from anywhere
// Allow access for users with a role of "administrator" or "content_editor"
Access::adapter('minerva_access')->add('allowManagers', function($user, $request, $options) {
if(($user) && ($user['role'] == 'administrator' || $user['role'] == 'content_editor')) {
return true;
}
return false;
public function setUp() {
Auth::clear('user');
$this->_request = new Request(array(
'params' => array(
'library' => 'test_library',
'controller' => 'test_controllers',
'action' => 'test_action'
)
));
Auth::config(array(
'user' => array(
'adapter' => 'li3_access\tests\mocks\extensions\adapter\auth\MockAuthAdapter'
)
));
Access::config(array(
'no_roles' => array(
'adapter' => 'AuthRbac'
),
'test_check' => array(
'adapter' => 'AuthRbac',
'roles' => array(
array(
'resources' => 'user',
'match' => '*::*'
),
array(
'resources' => 'user',
'match' => 'Pages::index'
)
)
),
'test_closures' => array(
'adapter' => 'AuthRbac',
'roles' => array(
array(
'resources' => '*',
'allow' => array(function($request, &$roleOptions) {
$roleOptions['message'] = 'Test allow options set.';
return $request->params['allow'];
}),
'match' => array(
function($request) {
return $request->params['match'];
},
'controller' => 'TestControllers',
'action' => 'test_action'
)
)
)
),
'test_option_override' => array(
'adapter' => 'AuthRbac',
'roles' => array(
array(
'allow' => false,
'resources' => '*',
'match' => '*::*'
),
array(
'message' => 'Rule access denied message.',
'redirect' => '/',
'options' => array(
'class' => 'notice'
),
'resources' => 'user',
'match' => 'TestControllers::test_action'
),
array(
'message' => 'Test no overwrite.',
'redirect' => 'Test::no_overwrite',
'match' => null
)
)
)
));
}
