public function testPermitObject() { Permit::$routes = array(); Permit::$executed = null; $this->assertEqual(count(Permit::$routes), 0); Permit::access(array('controller' => array('permit_tests', 'tags'), 'action' => array('add', 'edit', 'delete')), array('auth' => array('group' => 'admin')), array('redirect' => array('controller' => 'users', 'action' => 'login'))); $this->assertEqual(count(Permit::$routes), 1); Permit::access(array('controller' => 'permit_tests', 'action' => array('add', 'edit', 'delete')), array('auth' => array('group' => 'admin')), array('redirect' => array('controller' => 'users', 'action' => 'login'))); $this->assertEqual(count(Permit::$routes), 2); Permit::access(array('controller' => 'users'), array('auth' => true), array('element' => 'auth_error', 'redirect' => array('controller' => 'users', 'action' => 'login'))); $this->assertEqual(count(Permit::$routes), 3); $expected = array('route' => array('controller' => array('permit_tests', 'tags'), 'action' => array('add', 'edit', 'delete')), 'rules' => array('auth' => array('group' => 'admin')), 'redirect' => array('controller' => 'users', 'action' => 'login'), 'message' => __('Access denied', true), 'element' => 'default', 'params' => array(), 'key' => 'flash'); $this->assertEqual(current(Permit::$routes), $expected); reset(Permit::$routes); $expected = array('route' => array('controller' => 'users'), 'rules' => array('auth' => true), 'redirect' => array('controller' => 'users', 'action' => 'login'), 'message' => __('Access denied', true), 'element' => 'auth_error', 'params' => array(), 'key' => 'flash'); $this->assertEqual(end(Permit::$routes), $expected); reset(Permit::$routes); }
/** * Determines whether the given user is authorized to perform an action. The result of * a failed request depends upon the options for the route * * @param array $route A Permit Route * @return boolean True if redirect should be executed, false otherwise */ protected function _execute($route) { Permit::$executed = $this->executed = $route; if (empty($route['rules'])) { return false; } if (isset($route['rules']['deny'])) { return $route['rules']['deny'] == true; } if (!isset($route['rules']['auth'])) { return false; } if (is_bool($route['rules']['auth'])) { $isAuthed = $this->Session->read("{$this->settings['path']}.{$this->settings['check']}"); if ($route['rules']['auth'] == true && !$isAuthed) { return true; } if ($route['rules']['auth'] == false && $isAuthed) { return true; } return false; } elseif (!is_array($route['rules']['auth'])) { return false; } if ($this->user == false) { return true; } $fieldsBehavior = 'and'; if (!empty($route['rules']['fields_behavior'])) { $fieldsBehavior = strtolower($route['rules']['fields_behavior']); } if (!in_array($fieldsBehavior, array('and', 'or'))) { $fieldsBehavior = 'and'; } $count = count(Set::flatten($route['rules']['auth'])); foreach ($route['rules']['auth'] as $path => $condition) { $path = '/' . str_replace('.', '/', $path); $path = preg_replace('/^([\\/]+)/', '/', $path); $check = $condition; $continue = false; $decrement = 1; $values = Set::extract($path, $this->user); // Support for OR Model-syntax foreach (array('or', 'OR') as $anOr) { if (is_array($condition) && array_key_exists($anOr, $condition)) { $check = $condition[$anOr]; $continue = true; $decrement = count($check); } } if ($fieldsBehavior == 'or') { $check = $condition; $continue = true; $decrement = count($check); } foreach ((array) $check as $cond) { if (in_array($cond, (array) $values)) { $count -= $decrement; if ($continue) { continue 2; } } } } return $count !== 0; }