private static function VerifyWhitelistInternal($fsConf, $mimeType, $forbiddenAction, $requiredAction, $requiredRepresentation, $site, $userName) { $supportedActions = null; $supportedRepresentations = null; if (!empty($fsConf) && array_key_exists("Actions", $fsConf)) { $supportedActions = $fsConf["Actions"]; } if (!empty($fsConf) && array_key_exists("Representations", $fsConf)) { $supportedRepresentations = $fsConf["Representations"]; } // If a required features array is passed in, verify against the given configuration, throw on any inconsistencies if ($requiredAction != null) { if (!empty($supportedActions) && !array_key_exists($requiredAction, $supportedActions)) { //But that same key is not present on the declared supported actions //print ("\nThis resource is not whitelisted for this API operation ($userName): $requiredAction"); if ($forbiddenAction != null && is_callable($forbiddenAction)) { call_user_func_array($forbiddenAction, array("This action is not whitelisted", $mimeType)); return; } } if (!empty($supportedActions) && array_key_exists($requiredAction, $supportedActions)) { $acl = $supportedActions[$requiredAction]; if (!MgUtils::ValidateAcl($userName, $site, $acl)) { if ($forbiddenAction != null && is_callable($forbiddenAction)) { call_user_func_array($forbiddenAction, array("This this action for this user is not whitelisted", $mimeType)); return; } } } } // Same for representations if ($requiredRepresentation != null) { if (!empty($supportedRepresentations) && !array_key_exists($requiredRepresentation, $supportedRepresentations)) { //But that same key is not present on the declared supported representations //print ("\nThis resource is not whitelisted for this requested representation ($userName): $requiredRepresentation"); if ($forbiddenAction != null && is_callable($forbiddenAction)) { call_user_func_array($forbiddenAction, array("This representation is not whitelisted", $mimeType)); return; } } if (!empty($supportedRepresentations) && array_key_exists($requiredRepresentation, $supportedRepresentations)) { $acl = $supportedRepresentations[$requiredRepresentation]; if (!MgUtils::ValidateAcl($userName, $site, $acl)) { if ($forbiddenAction != null && is_callable($forbiddenAction)) { call_user_func_array($forbiddenAction, array("This representation for this user is not whitelisted", $mimeType)); return; } } } } }
public function testRoleInAcl() { $groupXml = '<?xml version="1.0" encoding="UTF-8"?> <GroupList xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="GroupList-1.0.0.xsd"> <Group> <Name>Everyone</Name> <Description>Built-in group to include all users</Description> </Group> </GroupList>'; $br = TestUtils::mockByteReader($this, $groupXml); $this->assertEquals("text/xml", $br->GetMimeType()); $this->assertEquals($groupXml, $br->ToString()); $site = $this->getMockBuilder("MgSite")->getMock(); $site->method("EnumerateGroups")->will($this->returnValue($br)); $roleMethodMap = array(array("Author", new FakeStringCollection(array("Authors"))), array("Anonymous", new FakeStringCollection(array("Users")))); $site->method("EnumerateRoles")->will($this->returnValueMap($roleMethodMap)); $conf1 = array("AllowUsers" => array("Administrator"), "AllowGroups" => array("Foo"), "AllowRoles" => array("Users")); $this->assertFalse(MgUtils::ValidateAcl("Author", $site, $conf1)); $conf2 = array("AllowUsers" => array("Administrator"), "AllowGroups" => array("Foo"), "AllowRoles" => array("Users")); $this->assertTrue(MgUtils::ValidateAcl("Anonymous", $site, $conf2)); }
private function ValidateAcl($siteConn, $config) { $site = $siteConn->GetSite(); if ($this->userName == null && $this->sessionId != null) { $this->userName = $site->GetUserForSession(); } return MgUtils::ValidateAcl($this->userName, $site, $config); }