Returns a list of resources which should be accessible for read+write public keys
| final public static getReadWriteResources ( ) : array | ||
| return | array | |
/**
* Converts public => private key pairs into the array format accepted by ArrayAdapter
*
* @param array $accessList
*/
public function getExpandedAclList(array $accessList)
{
$entries = [];
foreach ($accessList as $publicKey => $privateKey) {
if (is_array($privateKey)) {
throw new InvalidArgumentException('A public key can only have a single private key (as of 2.0.0)');
}
$entries[] = ['publicKey' => $publicKey, 'privateKey' => $privateKey, 'acl' => [['resources' => Resource::getReadWriteResources(), 'users' => [$publicKey]]]];
}
return $entries;
}
/**
* Ask user which resources the public key should have access to
*
* @param InputInterface $input
* @param OutputInterface $output
* @return array
*/
private function askForResources(InputInterface $input, OutputInterface $output)
{
$question = new ChoiceQuestion('Which resources should the public key have access to? ', [self::RESOURCES_READ_ONLY, self::RESOURCES_READ_WRITE, self::RESOURCES_ALL, self::RESOURCES_SPECIFIC, self::RESOURCES_CUSTOM], self::RESOURCES_SPECIFIC);
$type = $this->getHelper('question')->ask($input, $output, $question);
switch ($type) {
case self::RESOURCES_READ_ONLY:
return Resource::getReadOnlyResources();
case self::RESOURCES_READ_WRITE:
return Resource::getReadWriteResources();
case self::RESOURCES_ALL:
return Resource::getAllResources();
case self::RESOURCES_CUSTOM:
return $this->askForCustomResources($input, $output);
}
return $this->askForSpecificResources($input, $output);
}
public function testMethodsReturnsArrays()
{
$this->assertInternalType('array', Resource::getReadOnlyResources());
$this->assertInternalType('array', Resource::getReadWriteResources());
$this->assertInternalType('array', Resource::getAllResources());
}
<?php
/**
* This file is part of the Imbo package
*
* (c) Christer Edvartsen <*****@*****.**>
*
* For the full copyright and license information, please view the LICENSE file that was
* distributed with this source code.
*/
use Imbo\Auth\AccessControl\Adapter\ArrayAdapter, Imbo\Resource;
/**
* Use individual read-only/read+write keys
*/
return ['accessControl' => function () {
return new ArrayAdapter([['publicKey' => 'ro-pubkey', 'privateKey' => 'read-only-key', 'acl' => [['resources' => Resource::getReadOnlyResources(), 'users' => ['someuser']]]], ['publicKey' => 'rw-pubkey', 'privateKey' => 'read+write-key', 'acl' => [['resources' => Resource::getReadWriteResources(), 'users' => ['someuser']]]], ['publicKey' => 'foo', 'privateKey' => 'bar', 'acl' => [['resources' => Resource::getReadOnlyResources(), 'users' => ['user']]]]]);
}];
/**
* @covers ImboCli\Command\AddPublicKey::execute
* @covers ImboCli\Command\AddPublicKey::askForAnotherAclRule
* @covers ImboCli\Command\AddPublicKey::askForResources
* @covers ImboCli\Command\AddPublicKey::askForUsers
*/
public function testContinuesAskingForAclRulesIfUserSaysThereAreMoreRulesToAdd()
{
$this->adapter->expects($this->exactly(3))->method('addAccessRule')->withConsecutive([$this->equalTo('foo'), $this->callback(function ($rule) {
$diff = array_diff($rule['resources'], Resource::getReadOnlyResources());
return count($rule['users']) === 2 && in_array('espenh', $rule['users']) && in_array('kribrabr', $rule['users']) && empty($diff);
})], [$this->equalTo('foo'), $this->callback(function ($rule) {
$diff = array_diff($rule['resources'], Resource::getReadWriteResources());
return count($rule['users']) === 2 && in_array('rexxars', $rule['users']) && in_array('kbrabrand', $rule['users']) && empty($diff);
})], [$this->equalTo('foo'), $this->callback(function ($rule) {
$diff = array_diff($rule['resources'], Resource::getAllResources());
return $rule['users'] === '*' && empty($diff);
})]);
$helper = $this->command->getHelper('question');
$helper->setInputStream($this->getInputStream(['0', 'espenh,kribrabr', 'y', '1', 'rexxars, kbrabrand', 'y', '2', '*', 'n']));
$commandTester = new CommandTester($this->command);
$commandTester->execute(['publicKey' => 'foo', 'privateKey' => 'bar']);
$this->assertSame(3, substr_count($commandTester->getDisplay(true), 'Create more ACL-rules for this public key?'));
}
<?php
/**
* This file is part of the Imbo package
*
* (c) Christer Edvartsen <*****@*****.**>
*
* For the full copyright and license information, please view the LICENSE file that was
* distributed with this source code.
*/
use Imbo\Auth\AccessControl\Adapter\ArrayAdapter, Imbo\Resource;
// Default config for testing
$testConfig = ['accessControl' => function () {
return new ArrayAdapter([['publicKey' => 'publickey', 'privateKey' => 'privatekey', 'acl' => [['resources' => Resource::getReadWriteResources(), 'users' => ['user', 'other-user']]]], ['publicKey' => 'unpriviledged', 'privateKey' => 'privatekey', 'acl' => [['resources' => Resource::getReadWriteResources(), 'users' => ['user']]]], ['publicKey' => 'wildcard', 'privateKey' => '*', 'acl' => [['resources' => Resource::getReadWriteResources(), 'users' => '*']]]]);
}, 'database' => function () {
return new Imbo\Database\MongoDB(['databaseName' => 'imbo_testing']);
}, 'storage' => function () {
return new Imbo\Storage\GridFS(['databaseName' => 'imbo_testing']);
}];
// Default Imbo config
$defaultConfig = (require __DIR__ . '/../../../config/config.default.php');
// Custom test config, if any, specified in the X-Imbo-Test-Config HTTP request header
if (isset($_SERVER['HTTP_X_IMBO_TEST_CONFIG'])) {
$customConfig = (require __DIR__ . '/' . basename($_SERVER['HTTP_X_IMBO_TEST_CONFIG']));
} else {
$customConfig = [];
}
// Return the merged configuration, having the custom config overwrite the default testing config,
// which in turn overwrites the default config
return array_replace_recursive($defaultConfig, $testConfig, $customConfig);
<?php
namespace Imbo\MetadataSearch;
use Elasticsearch\ClientBuilder;
use Imbo\Resource;
use Imbo\Auth\AccessControl\Adapter\ArrayAdapter;
$config = (require __DIR__ . '/../vendor/imbo/imbo/config/config.default.php');
$config = array_replace_recursive($config, ['accessControl' => function () {
return new ArrayAdapter([['publicKey' => 'publickey', 'privateKey' => 'privatekey', 'acl' => [['resources' => Resource::getReadWriteResources(), 'users' => ['user', 'user2']]]], ['publicKey' => 'user2', 'privateKey' => 'privatekey', 'acl' => [['resources' => Resource::getReadWriteResources(), 'users' => ['user2']]]]]);
}, 'database' => function () {
return new \Imbo\Database\MongoDB(['databaseName' => 'metadatasearch_integration_db']);
}, 'storage' => function () {
return new \Imbo\Storage\GridFS(['databaseName' => 'metadatasearch_integration_storage']);
}, 'eventListeners' => ['metadata' => ['listener' => new EventListener\MetadataOperations(['backend' => new Backend\ElasticSearch(ClientBuilder::create()->build(), ['index' => ['name' => 'metadatasearch_integration']])])]]]);
return $config;