/** * Create a new permission token, and save it to the permission tokens table * @param string $name The name of the permission * @param string $description The description of the permission * @param string $group The token group for organizational purposes * @param bool $crud Indicates if the token is a CRUD or boolean type token (default is boolean) * @return mixed the ID of the newly created permission, or boolean false */ public static function create_token($name, $description, $group, $crud = false) { $name = self::normalize_token($name); $crud = $crud ? 1 : 0; // first, make sure this isn't a duplicate if (ACL::token_exists($name)) { return false; } $allow = true; // Plugins have the opportunity to prevent adding this token $allow = Plugins::filter('token_create_allow', $allow, $name, $description, $group, $crud); if (!$allow) { return false; } Plugins::act('token_create_before', $name, $description, $group, $crud); $result = DB::query('INSERT INTO {tokens} (name, description, token_group, token_type) VALUES (?, ?, ?, ?)', array($name, $description, $group, $crud)); if (!$result) { // if it didn't work, don't bother trying to log it return false; } self::clear_caches(); // Add the token to the admin group $token = ACL::token_id($name); $admin = UserGroup::get('admin'); if ($admin) { ACL::grant_group($admin->id, $token, 'full'); } EventLog::log('New permission token created: ' . $name, 'info', 'default', 'habari'); Plugins::act('permission_create_after', $name, $description, $group, $crud); return $result; }
function test_creategroup() { $user = User::create( array( 'username' => 'testcaseuser', 'email' => '*****@*****.**', 'password' => 'test') ); $this->assert_true( $user instanceof User, 'Could not create test user.' ); $group = UserGroup::create( array( 'name' => 'new test group' ) ); $this->assert_true( $group instanceof UserGroup, 'Could not create a new group named "new test group".' ); ACL::create_token( 'test permission', 'A permission for test cases', 'Administration' ); ACL::create_token( 'test deny permission', 'A permission for test cases', 'Administration' ); $this->assert_true( ACL::token_exists('test permission'), 'The test permission was not created.' ); $this->assert_true( ACL::token_exists(' test PeRmission '), 'Permission names are not normalized.' ); $group->add( 'testcaseuser' ); $group->grant( 'test permission' ); $group->deny( 'test deny permisSion' ); $group->update(); $newgroup = UserGroup::get( 'new test group' ); $this->assert_true( in_array( $user->id, $newgroup->members ), 'The created user is not a member of the new group.' ); $this->assert_true( in_array( ACL::token_id( 'test permission' ), array_keys( $newgroup->permissions ) ), 'The group does not have the new permission.' ); $this->assert_true( ACL::group_can( 'new test group', 'test permission' ), 'The group does not have the new permission.' ); $this->assert_false( ACL::group_can( 'new test group', 'test deny permission' ), 'The group has a denied permission.' ); $this->assert_true( $user->can( 'test permission' ), 'The user does not have a permission his group has been granted.' ); }
public function test_group_permissions() { ACL::create_token( 'acltest', 'A test ACL permission', 'Administration' ); $this->assert_true( ACL::token_exists( 'acltest' ), 'Could not create acltest permission.' ); $this->assert_true( ACL::token_exists( 'acLtEst ' ), 'Permission names are not normalized.' ); $token_id = ACL::token_id( 'acltest' ); ACL::grant_group( $this->acl_group->id, $token_id, 'full' ); $this->assert_true( $this->acl_group->can( 'acltest', 'full' ), 'Could not grant acltest permission to acltest-group.' ); ACL::revoke_group_token( $this->acl_group->id, $token_id ); $this->assert_false( ACL::group_can( $this->acl_group->id, $token_id, 'full' ), 'Could not revoke acltest permission from acltest-group.' ); // check alternate means of granting a permission $this->acl_group->grant( 'acltest', 'full' ); $this->assert_true( $this->acl_group->can( 'acltest', 'full' ), 'Could not grant acltest permission to acltest-group through UserGroup call.' ); // full > read/edit $this->assert_true( $this->acl_group->can( 'acltest', 'read' ), "Group with 'full' acltest permission cannot 'read'." ); $this->assert_true( $this->acl_group->can( 'acltest', 'edit' ), "Group with 'full' acltest permission cannot 'edit'." ); $this->assert_true( $this->acl_group->can( 'acltest', 'full' ), "Group with 'full' acltest permission cannot 'full'." ); $this->assert_exception( 'InvalidArgumentException', "'write' is an invalid token flag." ); $this->acl_group->can( 'acltest', 'write' ); ACL::destroy_token( 'acltest' ); }
public function test_group_permissions() { $this->markTestSkipped('Test does not match class code; needs updating'); ACL::create_permission('acltest', 'A test ACL permission'); $this->assertTrue(ACL::token_exists('acltest'), 'Could not create acltest permission.'); $token_id = ACL::token_id('acltest'); ACL::grant_group($this->acl_group->id, $token_id, 'full'); $this->assertTrue($this->acl_group->can('acltest', 'full'), 'Could not grant acltest permission to acltest-group.'); ACL::revoke_group_permission($this->acl_group->id, $token_id); $this->assert_false(ACL::group_can($this->acl_group->id, $token_id, 'full'), 'Could not revoke acltest permission from acltest-group.'); // check alternate means of granting a permission $this->acl_group->grant('acltest', 'full'); $this->assertTrue($this->acl_group->can('acltest', 'full'), 'Could not grant acltest permission to acltest-group through UserGroup call.'); // full > read/write $this->assertTrue($this->acl_group->can('acltest', 'read'), "Group with 'full' acltest permission cannot 'read'."); $this->assertTrue($this->acl_group->can('acltest', 'write'), "Group with 'full' acltest permission cannot 'write'."); }
private function upgrade_db_post_5097() { /* Add the 'manage_dash_modules' token if it doesn't exist. This is effectively re-doing upgrade_db_post_3701() for those who didn't upgrade from a db_version before 3701 or those who have performed a clean install as this token wasn't set in the list of default tokens until r5142. */ if (!ACL::token_exists('manage_dash_modules')) { $this->upgrade_db_post_3701(); } }