/**
* Get all roles, resources and permissions
*
* @param int $typeId
* @return array
*/
public static function getAllRoles($typeId)
{
$results = array('roles' => array(), 'resources' => array());
if (null !== $typeId) {
$roles = self::findAll('id ASC', array('type_id' => $typeId));
if (isset($roles->rows[0])) {
foreach ($roles->rows as $role) {
$r = \Pop\Auth\Role::factory($role->name);
$results['resources'][$role->name] = array('allow' => array(), 'deny' => array());
$permissions = null !== $role->permissions ? unserialize($role->permissions) : array();
if (isset($permissions[0])) {
foreach ($permissions as $permission) {
if (!isset($results['resources'][$role->name]['allow'][$permission['resource']])) {
if ($permission['allow']) {
$results['resources'][$role->name]['allow'][$permission['resource']] = array();
} else {
if (!isset($results['resources'][$role->name]['deny'][$permission['resource']])) {
$results['resources'][$role->name]['deny'][$permission['resource']] = array();
}
}
}
if ($permission['permission'] != '') {
$r->addPermission($permission['permission']);
if ($permission['resource'] != '') {
if ($permission['allow']) {
$results['resources'][$role->name]['allow'][$permission['resource']][] = $permission['permission'];
} else {
$results['resources'][$role->name]['deny'][$permission['resource']][] = $permission['permission'];
}
}
}
}
}
$results['roles'][] = $r;
}
}
}
return $results;
}
public function testToString()
{
$e = Role::factory('editor');
$this->assertEquals('editor', (string) $e);
}
<?php
require_once '../../bootstrap.php';
use Pop\Auth;
use Pop\Nav\Nav;
try {
$page = new Auth\Resource('page');
$user = new Auth\Resource('user');
$basic = Auth\Role::factory('basic')->addPermission('add');
$editor = Auth\Role::factory('editor')->addPermission('add')->addPermission('edit');
$acl = new Auth\Acl();
$acl->addRoles(array($basic, $editor));
$acl->addResources(array($page, $user));
$acl->allow('basic', 'page', array('add'))->allow('editor', 'page')->allow('editor', 'user');
$tree = array(array('name' => 'Pages', 'href' => '/pages', 'children' => array(array('name' => 'Add Page', 'href' => 'add', 'acl' => array('resource' => 'page', 'permission' => 'add')), array('name' => 'Edit Page', 'href' => 'edit', 'acl' => array('resource' => 'page', 'permission' => 'edit')))), array('name' => 'Users', 'href' => '/users', 'acl' => array('resource' => 'user'), 'children' => array(array('name' => 'Add User', 'href' => 'add'), array('name' => 'Edit User', 'href' => 'edit'))));
$config = array('top' => array('id' => 'main-nav'));
$nav = new Nav($tree, $config);
$nav->setAcl($acl)->setRole($editor);
echo $nav;
} catch (\Exception $e) {
echo $e->getMessage();
}
public function testBuildRoleException()
{
$_SERVER['REQUEST_URI'] = '/first';
$this->setExpectedException('Pop\\Nav\\Exception');
$page = new Auth\Resource('page');
$user = new Auth\Resource('user');
$basic = Auth\Role::factory('basic')->addPermission('add');
$editor = Auth\Role::factory('editor')->addPermission('add')->addPermission('edit');
$acl = new Auth\Acl();
$acl->addRoles(array($basic, $editor));
$acl->addResources(array($page, $user));
$acl->allow('basic', 'page', array('add'))->allow('editor', 'page')->allow('editor', 'user');
$tree = array(array('name' => 'Pages', 'href' => '/pages', 'children' => array(array('name' => 'Add Page', 'href' => 'add', 'acl' => array('resource' => 'page', 'permission' => 'add')), array('name' => 'Edit Page', 'href' => 'edit', 'acl' => array('resource' => 'page', 'permission' => 'edit')))), array('name' => 'Users', 'href' => '/users', 'acl' => array('resource' => 'user'), 'children' => array(array('name' => 'Add User', 'href' => 'add'), array('name' => 'Edit User', 'href' => 'edit'))));
$n = new Nav($tree);
$n->setAcl($acl);
$r = $n->render(true);
}
public function testIsDeniedNoResource()
{
$editor = Role::factory('editor');
$a = Acl::factory($editor);
$a->deny('editor');
$this->assertTrue($a->isDenied($editor, 'page'));
$this->assertTrue($a->hasResource('page'));
}
<?php
require_once '../../bootstrap.php';
use Pop\Auth\Acl;
use Pop\Auth\Role;
use Pop\Auth\Resource;
try {
// Create some resources
$page = new Resource('page');
$template = new Resource('template');
// Create some roles with permissions
$reader = Role::factory('reader')->addPermission('read');
$editor = Role::factory('editor')->addPermission('edit');
$publisher = Role::factory('publisher')->addPermission('publish');
$admin = Role::factory('admin')->addPermission('admin');
// Add roles as child roles to demonstrate inheritance
$reader->addChild($editor->addChild($publisher->addChild($admin)));
$acl = new Acl();
$acl->addRoles(array($reader, $editor, $publisher, $admin));
$acl->addResources(array($page, $template));
$acl->allow('reader', 'page', 'read')->allow('editor', 'page', array('read', 'edit'))->allow('publisher', 'page')->allow('publisher', 'template', 'read')->allow('admin');
$acl->deny('editor', 'page', 'read');
$user = $editor;
if ($acl->isAllowed($user, 'page', 'edit')) {
echo 'Yes.<br /><br />';
} else {
echo 'No.<br /><br />';
}
} catch (\Exception $e) {
echo $e->getMessage() . PHP_EOL . PHP_EOL;
}
/**
* Method to determine if the user is denied
*
* @param \Pop\Auth\Role $user
* @param string $resource
* @param string $permission
* @throws \Pop\Auth\Exception
* @return boolean
*/
public function isDenied(\Pop\Auth\Role $user, $resource = null, $permission = null)
{
$result = false;
if (!isset($this->roles[$user->getName()])) {
throw new Exception('Error: That role has not been added.');
}
if (null !== $resource && !isset($this->resources[$resource])) {
$this->addResource($resource);
}
// Check if the user, resource and/or permission is denied
if (isset($this->denied[$user->getName()])) {
if (count($this->denied[$user->getName()]) > 0) {
if (null !== $resource && array_key_exists($resource, $this->denied[$user->getName()])) {
if (count($this->denied[$user->getName()][$resource]) > 0) {
if (null !== $permission && in_array($permission, $this->denied[$user->getName()][$resource])) {
$result = true;
}
} else {
$result = true;
}
}
} else {
$result = true;
}
}
return $result;
}