public function recomputeMergedRole() { if (!count($this->roles)) { throw new Exception("Empty role, this is not normal"); } uksort($this->roles, array($this, "orderRoles")); $this->mergedRole = $this->roles[array_shift(array_keys($this->roles))]; if (count($this->roles) > 1) { $this->parentRole = $this->mergedRole; } $index = 0; foreach ($this->roles as $role) { if ($index > 0) { $this->mergedRole = $role->override($this->mergedRole); if ($index < count($this->roles) - 1) { $this->parentRole = $role->override($this->parentRole); } } $index++; } if ($this->hasParent() && isset($this->parentRole)) { // It's a shared user, we don't want it to inherit the rights... $this->parentRole->clearAcls(); //... but we want the parent user's role, filtered with inheritable properties only. $stretchedParentUserRole = AuthService::limitedRoleFromParent($this->parentUser); if ($stretchedParentUserRole !== null) { $this->parentRole = $this->parentRole->override($stretchedParentUserRole); } $this->mergedRole = $this->parentRole->override($this->personalRole); } }
public function testRolesActionsAdditivity() { $r1 = new \AJXP_Role("role1"); $r2 = new \AJXP_Role("role2"); $r1->setActionState("type.id", "action_name", "repository_id", "disabled"); $this->assertFalse($r1->actionEnabled("type.id", "action_name", "repository_id", true)); $r1->setActionState("type.id", "action_name", "repository_id", "enabled"); $this->assertTrue($r1->actionEnabled("type.id", "action_name", "repository_id", true)); $r2->setActionState("type.id", "action_name", "repository_id", "enabled"); $r3 = $r2->override($r1); $this->assertTrue($r3->actionEnabled("type.id", "action_name", "repository_id", true)); }