Пример #1
0
 /**
  * {@inheritdoc}
  */
 public function cascadeAuthorization(Authorization $authorization, ResourceInterface $resource)
 {
     $subResources = $this->resourceGraphTraverser->getAllSubResources($resource);
     // Cascade authorizations
     $authorizations = [];
     foreach ($subResources as $subResource) {
         $authorizations[] = $authorization->createChildAuthorization($subResource);
     }
     return $authorizations;
 }
Пример #2
0
Файл: ACL.php Проект: gbelmm/ACL
 /**
  * Give an authorization from a role to a resource.
  *
  * This method should only be called in roles.
  *
  * @param Role              $role
  * @param Actions           $actions
  * @param ResourceInterface $resource
  * @param bool              $cascade  Should the authorization cascade to sub-resources?
  */
 public function allow(Role $role, Actions $actions, ResourceInterface $resource, $cascade = true)
 {
     $authorization = Authorization::create($role, $actions, $resource, $cascade);
     if ($cascade) {
         $cascadedAuthorizations = $this->cascadeStrategy->cascadeAuthorization($authorization, $resource);
         $authorizations = array_merge([$authorization], $cascadedAuthorizations);
     } else {
         $authorizations = [$authorization];
     }
     /** @var AuthorizationRepository $repository */
     $repository = $this->entityManager->getRepository('MyCLabs\\ACL\\Model\\Authorization');
     $repository->insertBulk($authorizations);
 }
Пример #3
0
 public function testCreateChildAuthorization()
 {
     $user = $this->getMockForAbstractClass('MyCLabs\\ACL\\Model\\SecurityIdentityInterface');
     $role = $this->getMock('MyCLabs\\ACL\\Model\\Role', [], [], '', false);
     $role->expects($this->any())->method('getSecurityIdentity')->will($this->returnValue($user));
     $resource = new ClassResource(get_class());
     $subResource = new ClassResource(get_class());
     $authorization = Authorization::create($role, Actions::all(), $resource);
     $childAuthorization = $authorization->createChildAuthorization($subResource);
     $this->assertInstanceOf('MyCLabs\\ACL\\Model\\Authorization', $childAuthorization);
     $this->assertSame($authorization->getRole(), $childAuthorization->getRole());
     $this->assertSame($authorization->getSecurityIdentity(), $childAuthorization->getSecurityIdentity());
     $this->assertEquals($authorization->getActions(), $childAuthorization->getActions());
     $this->assertEquals(get_class(), $childAuthorization->getEntityClass());
     $this->assertNull($childAuthorization->getEntityId());
     $this->assertSame($authorization, $childAuthorization->getParentAuthorization());
     $this->assertTrue($childAuthorization->isCascadable());
     $this->assertFalse($childAuthorization->isRoot());
 }
Пример #4
0
 public function testFindRolesDirectlyLinkedToResource()
 {
     $user = new User();
     $this->em->persist($user);
     $resource = new File();
     $this->em->persist($resource);
     $directRole = new FileOwnerRole($user, $resource);
     $this->em->persist($directRole);
     $parentRole = new FileOwnerRole($user, $resource);
     $this->em->persist($parentRole);
     $this->em->flush();
     $classResource = new ClassResource('\\Tests\\MyCLabs\\ACL\\Unit\\Repository\\Model\\File');
     $parentView = Authorization::create($parentRole, new Actions([Actions::VIEW]), $classResource, true);
     $authorizations = [Authorization::create($directRole, new Actions([Actions::EDIT]), $resource, true), Authorization::create($directRole, new Actions([Actions::DELETE]), $resource, true), $parentView, $parentView->createChildAuthorization($resource)];
     /** @var AuthorizationRepository $authorizationRepository */
     $authorizationRepository = $this->em->getRepository('MyCLabs\\ACL\\Model\\Authorization');
     $authorizationRepository->insertBulk($authorizations);
     // Check user can VIEW and EDIT the Resource
     $this->assertTrue($authorizationRepository->isAllowedOnEntity($user, Actions::VIEW, $resource));
     $this->assertTrue($authorizationRepository->isAllowedOnEntity($user, Actions::EDIT, $resource));
     $this->assertTrue($authorizationRepository->isAllowedOnEntity($user, Actions::DELETE, $resource));
     // Check user can only VIEW the ClassResource
     $this->assertTrue($authorizationRepository->isAllowedOnEntityClass($user, Actions::VIEW, $classResource->getClass()));
     $this->assertFalse($authorizationRepository->isAllowedOnEntityClass($user, Actions::EDIT, $classResource->getClass()));
     $this->assertFalse($authorizationRepository->isAllowedOnEntityClass($user, Actions::DELETE, $classResource->getClass()));
     /** @var RoleRepository $roleRepository */
     $roleRepository = $this->em->getRepository('MyCLabs\\ACL\\Model\\Role');
     // Test for entity resource
     $result = $roleRepository->findRolesDirectlyLinkedToResource($resource);
     $this->assertCount(1, $result);
     $this->assertSame($directRole, $result[0]);
     // Test for class resource
     $result = $roleRepository->findRolesDirectlyLinkedToResource($classResource);
     $this->assertCount(1, $result);
     $this->assertSame($parentRole, $result[0]);
 }
Пример #5
0
 /**
  * @depends testInsertBulk
  */
 public function testRemoveForResource()
 {
     $user = new User();
     $this->em->persist($user);
     $resource1 = new File();
     $this->em->persist($resource1);
     $role1 = new FileOwnerRole($user, $resource1);
     $this->em->persist($role1);
     $this->em->flush();
     $resource2 = new File();
     $this->em->persist($resource2);
     $role2 = new FileOwnerRole($user, $resource2);
     $this->em->persist($role2);
     $this->em->flush();
     $authorizations = [Authorization::create($role1, new Actions([Actions::VIEW]), $resource1), Authorization::create($role2, new Actions([Actions::VIEW]), $resource2)];
     /** @var AuthorizationRepository $repository */
     $repository = $this->em->getRepository('MyCLabs\\ACL\\Model\\Authorization');
     $repository->insertBulk($authorizations);
     // We remove the authorizations for the resource 1
     $repository->removeAuthorizationsForResource($resource1);
     // We check that they were removed
     $this->assertFalse($repository->isAllowedOnEntity($user, Actions::VIEW, $resource1));
     // and that authorizations for the resource 2 weren't removed
     $this->assertTrue($repository->isAllowedOnEntity($user, Actions::VIEW, $resource2));
 }