Пример #1
0
    /**
     * Create auth adapter
     *
     * @param string $rolefile File containing XML with users and roles
     */
    public function __construct($rolefile)
    {
        $this->acl = new Acl();
        $xml = simplexml_load_file($rolefile);
/*
Roles file format:
 <roles>
   <role id=”admin”>
        <user name=”user1” password=”pwd”/>
    </role>
   <role id=”hr”>
        <user name=”user2” password=”pwd2”/>
    </role>
</roles>
*/
        foreach($xml->role as $role) {
            $this->acl->addRole(new Role\GenericRole((string)$role["id"]));
            foreach($role->user as $user) {
                $this->users[(string)$user['name']] = array(
                    'password' => (string)$user['password'],
                    'role'     => (string)$role['id']
                );
            }
        }
    }
Пример #2
0
 protected function loadRule(ZendAcl $acl, array $rule, $type)
 {
     $privileges = null;
     if (count($rule) == 3) {
         //role/resource/privilege defined
         list($roles, $resources, $privileges) = $rule;
     } else {
         if (count($rule) == 2) {
             //role/resource defined
             list($roles, $resources) = $rule;
         } else {
             throw new InvalidArgumentException("What is this rule definition about? " . print_r($rule, true));
         }
     }
     if ($type == 'allow') {
         $acl->allow($roles, $resources, $privileges);
     } else {
         $acl->deny($roles, $resources, $privileges);
     }
 }
Пример #3
0
    public function testAclFiltersAwayPagesFromContainerSearch()
    {
        $acl = new Acl\Acl();
        $acl->addRole(new Role\GenericRole('member'));
        $acl->addRole(new Role\GenericRole('admin'));
        $acl->addResource(new Resource\GenericResource('protected'));
        $acl->allow('admin', 'protected');
        $this->_helper->setAcl($acl);
        $this->_helper->setRole($acl->getRole('member'));

        $oldContainer = $this->_helper->getContainer();
        $container = $this->_helper->getContainer();
        $iterator = new \RecursiveIteratorIterator(
            $container,
            \RecursiveIteratorIterator::SELF_FIRST);
        foreach ($iterator as $page) {
            $page->resource = 'protected';
        }
        $this->_helper->setContainer($container);

        $active = $this->_helper->findOneByLabel('Home');
        $search = array(
            'start'      => 'Page 1',
            'next'       => 'Page 1',
            'prev'       => 'Page 1.1',
            'chapter'    => 'Home',
            'section'    => 'Page 1',
            'subsection' => 'Page 2.2'
        );

        $expected = array();
        $actual = array();

        foreach ($search as $type => $active) {
            $expected[$type] = false;

            $active = $this->_helper->findOneByLabel($active);
            $found = $this->_helper->findRelation($active, 'rel', $type);

            if (null === $found) {
                $actual[$type] = false;
            } elseif (is_array($found)) {
                $actual[$type] = 'array(' . count($found) . ')';
            } else {
                $actual[$type] = $found->getLabel();
            }
        }

        $this->assertEquals($expected, $actual);
    }
Пример #4
0
 /**
  * @group ZF-7973
  */
 public function testAclPassesPrivilegeToAssertClass()
 {
     $assertion = new TestAsset\AssertionZF7973();
     $acl = new Acl\Acl();
     $acl->addRole('role');
     $acl->addResource('resource');
     $acl->allow('role', null, null, $assertion);
     $allowed = $acl->isAllowed('role', 'resource', 'privilege', $assertion);
     $this->assertTrue($allowed);
 }
Пример #5
0
    /**
     * Check if the ACL allows accessing the function or method
     *
     * @param string|object $object Object or class being accessed
     * @param string $function Function or method being accessed
     * @return unknown_type
     * @throws Exception\RuntimeException
     */
    protected function _checkAcl($object, $function)
    {
        if(!$this->_acl) {
            return true;
        }
        if($object) {
            $isObject = is_object($object);
            $class    = ($isObject) ? get_class($object) : $object;
            if(!$this->_acl->hasResource($class)) {
                $this->_acl->addResource(new \Zend\Acl\Resource\GenericResource($class));
            }
            if (method_exists($object, 'initAcl')) {
                // if initAcl returns false, no ACL check
                if ($isObject && $object->initAcl($this->_acl)) {
                    return true;
                } elseif ($class::initAcl($this->_acl)) {
                    return true;
                }
            }
        } else {
            $class = null;
        }

        $auth = $this->getAuthService();
        if($auth->hasIdentity()) {
            $role = $auth->getIdentity()->role;
        } else {
            if($this->_acl->hasRole(Constants::GUEST_ROLE)) {
                $role = Constants::GUEST_ROLE;
            } else {
                throw new Exception\RuntimeException("Unauthenticated access not allowed");
            }
        }
        if($this->_acl->isAllowed($role, $class, $function)) {
            return true;
        } else {
            throw new Exception\RuntimeException("Access not allowed");
        }
    }
Пример #6
0
    /**
     * Sets up ACL
     *
     * @return Acl
     */
    protected function _getAcl()
    {
        $acl = new Acl();

        $acl->addRole(new GenericRole('guest'));
        $acl->addRole(new GenericRole('member'), 'guest');
        $acl->addRole(new GenericRole('admin'), 'member');
        $acl->addRole(new GenericRole('special'), 'member');

        $acl->addResource(new GenericResource('guest_foo'));
        $acl->addResource(new GenericResource('member_foo'), 'guest_foo');
        $acl->addResource(new GenericResource('admin_foo', 'member_foo'));
        $acl->addResource(new GenericResource('special_foo'), 'member_foo');

        $acl->allow('guest', 'guest_foo');
        $acl->allow('member', 'member_foo');
        $acl->allow('admin', 'admin_foo');
        $acl->allow('special', 'special_foo');
        $acl->allow('special', 'admin_foo', 'read');

        return array('acl' => $acl, 'role' => 'special');
    }
Пример #7
0
 function initAcl(ZendAcl $acl)
 {
     $acl->allow("testrole", null, "hello");
     $acl->allow("testrole2", null, "hello2");
     return true;
 }