/** * @dataProvider grantedProvider */ public function testGranted($role, $permission, $context, $isGranted, $assertions = []) { $roleConfig = ['admin' => ['children' => ['member'], 'permissions' => ['delete']], 'member' => ['children' => ['guest'], 'permissions' => ['write']], 'guest' => ['permissions' => ['read']]]; $assertionPluginConfig = ['invokables' => ['ZfcRbacTest\\Asset\\SimpleAssertion' => 'ZfcRbacTest\\Asset\\SimpleAssertion']]; $identity = $this->getMock('ZfcRbac\\Identity\\IdentityInterface'); $identity->expects($this->once())->method('getRoles')->will($this->returnValue((array) $role)); $identityProvider = $this->getMock('ZfcRbac\\Identity\\IdentityProviderInterface'); $identityProvider->expects($this->any())->method('getIdentity')->will($this->returnValue($identity)); $rbac = new Rbac(new RecursiveRoleIteratorStrategy()); $roleService = new RoleService($identityProvider, new InMemoryRoleProvider($roleConfig), $rbac->getTraversalStrategy()); $assertionPluginManager = new AssertionPluginManager(new ServiceManager(), $assertionPluginConfig); $authorizationService = new AuthorizationService($rbac, $roleService, $assertionPluginManager); $authorizationService->setAssertions($assertions); $this->assertEquals($isGranted, $authorizationService->isGranted($permission, $context)); }
/** * Check if the permission is granted to the current identity * * @param string|PermissionInterface $permission * @param mixed $context * @return bool */ public function isGranted($permission, $context = null) { $roles = $this->roleService->getIdentityRoles(); if (empty($roles)) { return false; } if (!$this->rbac->isGranted($roles, $permission)) { return false; } if ($this->hasAssertion($permission)) { return $this->assert($this->assertions[(string) $permission], $context); } return true; }
/** * Check if the permission is granted to the current identity * * @param string|PermissionInterface $permission * @param mixed $context * @return bool */ public function isGranted($permission, $context = null) { $roles = $this->roleService->getIdentityRoles(); if (empty($roles)) { return false; } if (!$this->rbac->isGranted($roles, $permission)) { return false; } if (!$this->hasAssertion($permission)) { return true; } // multiple assertions if (is_array($this->assertions[(string) $permission])) { $map = $this->assertions[(string) $permission]; if (empty($map['assertions'])) { return true; } if (!is_array($map['assertions'])) { // convert single assertion to array $map['assertions'] = [$map['assertions']]; } $condition = isset($map['condition']) ? $map['condition'] : AssertionInterface::CONDITION_AND; if (AssertionInterface::CONDITION_AND === $condition) { foreach ($map['assertions'] as $assertion) { if (!$this->assert($assertion, $context)) { return false; } } return true; } if (AssertionInterface::CONDITION_OR === $condition) { foreach ($map['assertions'] as $assertion) { if ($this->assert($assertion, $context)) { return true; } } return false; } throw new Exception\InvalidArgumentException(sprintf('Condition must be either "AND" or "OR", %s given', is_object($condition) ? get_class($condition) : gettype($condition))); } else { // single assertion return $this->assert($this->assertions[(string) $permission], $context); } }
/** * @covers Rbac\Rbac::isGranted */ public function testReturnFalseIfNoHierarchicalRoleHasPermission() { $childRole = new Role('Bar'); $parentRole = new HierarchicalRole('Foo'); $parentRole->addChild($childRole); $rbac = new Rbac(); $this->assertFalse($rbac->isGranted($parentRole, 'permission')); }
public function testGetTraversalStrategy() { $customStrategy = $this->getMock('Rbac\\Traversal\\Strategy\\TraversalStrategyInterface'); $rbac = new Rbac($customStrategy); $this->assertSame($customStrategy, $rbac->getTraversalStrategy()); }