/**
* Add role override if exists
*
* @param RoleInterface|string $role Role name or object
* @param ResourceCollection|array $resources Role resources
*/
public static function addRole($role, array $resources = [])
{
if ($role instanceof RoleInterface) {
self::$roles[$role->getName()] = $role;
} else {
$role = new Role($role, $resources);
self::$roles[$role->getName()] = $role;
}
}
public function testIsGranted()
{
$collection = new ResourceCollection(['comments.add', 'comments.edit']);
$adminRole = new Rbac\Role('admin', ['list_user', Rbac\Resource::create('delete_user')]);
$this->rbac->addRole($adminRole);
$adminRole->setResources($collection);
$this->assertTrue($adminRole->hasResource('comments.add'));
$this->assertTrue($adminRole->hasResource('comments.edit'));
$this->assertFalse($adminRole->hasResource('posts.add'));
$this->assertFalse($this->rbac->isGranted('admin', 'list_user'));
$this->assertFalse($this->rbac->isGranted($adminRole, 'delete_user'));
$notExistsRole = new Rbac\Role('notExistsRole');
$this->setExpectedExceptionRegExp('RuntimeException', sprintf('/Role "%s" does not exists./', preg_quote($notExistsRole->getName(), '/')));
$this->assertTrue($this->rbac->isGranted($notExistsRole->getName(), 'delete_user'));
}
/**
* {@inheritdoc}
*/
public function loadService()
{
if (false === $this->getContainer()->has('auth')) {
$this->getContainer()->set('auth', function () {
$storage = new SessionStorage($this->getContainer()->get('session'));
$userDetails = new UserDetails(function ($userData) {
/** @var RolesTable $rolesTable */
$rolesTable = TableRegistry::get('Users.Roles');
$roles = $rolesTable->find('list', ['keyField' => 'id', 'valueField' => 'name'])->matching('Users', function ($q) use($userData) {
return $q->where(['Users.id' => $userData['id']]);
});
$userData['roles'] = $roles->toArray();
return $userData;
});
$authentication = new Auth($storage, $userDetails);
return $authentication;
});
}
if (false === $this->getContainer()->has('rbac')) {
$this->getContainer()->set('rbac', function () {
$rbac = new Rbac();
/** @var RolesTable $rolesTable */
$rolesTable = TableRegistry::get('Users.Roles');
$roles = $rolesTable->find()->contain('Resources');
/** @var Role $role */
foreach ($roles as $role) {
$resourceCollection = new Rbac\ResourceCollection();
/** @var Resource $resource */
foreach ($role->get('resources') as $resource) {
$resourceCollection->attach(Rbac\Resource::create($resource->get('name'))->setTitle($resource->get('title'))->setDescription($resource->get('description')));
}
$rbac->addRole(Rbac\Role::create($role->get('name'), $resourceCollection)->setTitle($role->get('title'))->setDescription($role->get('description')));
}
return $rbac;
});
}
}
/**
* Test resource
*/
public function testResource()
{
$role = new Role('admin');
$role->addResource('users.list');
$this->assertTrue($role->hasResource('users.list'));
$this->assertFalse($role->hasResource('users.does_not_have_resource'));
$role->setResources(['posts.add', new Resource('posts.edit')]);
$this->assertTrue($role->hasResource('posts.add'));
$this->assertTrue($role->hasResource('posts.edit'));
$this->assertFalse($role->hasResource('users.list'));
$collection = new ResourceCollection(['comments.add', 'comments.edit']);
$role->setResources($collection);
$this->assertTrue($role->hasResource('comments.add'));
$this->assertTrue($role->hasResource('comments.edit'));
$this->assertFalse($role->hasResource('posts.add'));
$this->assertTrue(spl_object_hash($collection) === spl_object_hash($role->getResources()));
}