示例#1
0
 public function testGetRoles()
 {
     $acl = new AccessMap();
     $acl->setDefaultRole('role3');
     $acl->add('MyController', 'myAction1', array('role1', 'role2'));
     $acl->add('MyController', 'myAction2', array('role1'));
     $acl->add('MyAdminController', '*', array('role2'));
     $this->assertEquals(array('role1', 'role2'), $acl->getRoles('mycontroller', 'MyAction1'));
     $this->assertEquals(array('role1'), $acl->getRoles('mycontroller', 'MyAction2'));
     $this->assertEquals(array('role2'), $acl->getRoles('Myadmincontroller', 'MyAction'));
     $this->assertEquals(array('role3'), $acl->getRoles('AnotherController', 'ActionNotFound'));
 }
示例#2
0
 public function testIsAllowed()
 {
     $acl = new AccessMap();
     $acl->setDefaultRole(Role::APP_USER);
     $acl->add('MyController', 'myAction1', array(Role::APP_ADMIN, Role::APP_MANAGER));
     $acl->add('MyController', 'myAction2', array(Role::APP_ADMIN));
     $acl->add('MyAdminController', '*', array(Role::APP_MANAGER));
     $authorization = new Authorization($acl);
     $this->assertTrue($authorization->isAllowed('myController', 'myAction1', Role::APP_ADMIN));
     $this->assertTrue($authorization->isAllowed('myController', 'myAction1', Role::APP_MANAGER));
     $this->assertFalse($authorization->isAllowed('myController', 'myAction1', Role::APP_USER));
     $this->assertTrue($authorization->isAllowed('anotherController', 'anotherAction', Role::APP_USER));
     $this->assertTrue($authorization->isAllowed('MyAdminController', 'myAction', Role::APP_MANAGER));
     $this->assertFalse($authorization->isAllowed('MyAdminController', 'myAction', Role::APP_ADMIN));
     $this->assertFalse($authorization->isAllowed('MyAdminController', 'myAction', 'something else'));
 }
 /**
  * Get ACL for the application
  *
  * @access public
  * @return AccessMap
  */
 public function getApplicationAccessMap()
 {
     $acl = new AccessMap();
     $acl->setDefaultRole(Role::APP_USER);
     $acl->setRoleHierarchy(Role::APP_ADMIN, array(Role::APP_MANAGER, Role::APP_USER, Role::APP_PUBLIC));
     $acl->setRoleHierarchy(Role::APP_MANAGER, array(Role::APP_USER, Role::APP_PUBLIC));
     $acl->setRoleHierarchy(Role::APP_USER, array(Role::APP_PUBLIC));
     $acl->add('Auth', array('login', 'check'), Role::APP_PUBLIC);
     $acl->add('Captcha', '*', Role::APP_PUBLIC);
     $acl->add('PasswordReset', '*', Role::APP_PUBLIC);
     $acl->add('Webhook', '*', Role::APP_PUBLIC);
     $acl->add('Task', 'readonly', Role::APP_PUBLIC);
     $acl->add('Board', 'readonly', Role::APP_PUBLIC);
     $acl->add('Ical', '*', Role::APP_PUBLIC);
     $acl->add('Feed', '*', Role::APP_PUBLIC);
     $acl->add('Config', '*', Role::APP_ADMIN);
     $acl->add('Currency', '*', Role::APP_ADMIN);
     $acl->add('Gantt', array('projects', 'saveProjectDate'), Role::APP_MANAGER);
     $acl->add('Group', '*', Role::APP_ADMIN);
     $acl->add('Link', '*', Role::APP_ADMIN);
     $acl->add('ProjectCreation', 'create', Role::APP_MANAGER);
     $acl->add('Projectuser', '*', Role::APP_MANAGER);
     $acl->add('Twofactor', 'disable', Role::APP_ADMIN);
     $acl->add('UserImport', '*', Role::APP_ADMIN);
     $acl->add('User', array('index', 'create', 'save', 'authentication', 'remove'), Role::APP_ADMIN);
     return $acl;
 }
 /**
  * Get ACL for the application
  *
  * @access public
  * @return AccessMap
  */
 public function getApplicationAccessMap()
 {
     $acl = new AccessMap();
     $acl->setDefaultRole(Role::APP_USER);
     $acl->setRoleHierarchy(Role::APP_ADMIN, array(Role::APP_MANAGER, Role::APP_USER, Role::APP_PUBLIC));
     $acl->setRoleHierarchy(Role::APP_MANAGER, array(Role::APP_USER, Role::APP_PUBLIC));
     $acl->setRoleHierarchy(Role::APP_USER, array(Role::APP_PUBLIC));
     $acl->add('AuthController', array('login', 'check'), Role::APP_PUBLIC);
     $acl->add('CaptchaController', '*', Role::APP_PUBLIC);
     $acl->add('PasswordResetController', '*', Role::APP_PUBLIC);
     $acl->add('TaskViewController', 'readonly', Role::APP_PUBLIC);
     $acl->add('BoardViewController', 'readonly', Role::APP_PUBLIC);
     $acl->add('ICalendarController', '*', Role::APP_PUBLIC);
     $acl->add('FeedController', '*', Role::APP_PUBLIC);
     $acl->add('AvatarFileController', 'show', Role::APP_PUBLIC);
     $acl->add('ConfigController', '*', Role::APP_ADMIN);
     $acl->add('PluginController', '*', Role::APP_ADMIN);
     $acl->add('CurrencyController', '*', Role::APP_ADMIN);
     $acl->add('ProjectGanttController', '*', Role::APP_MANAGER);
     $acl->add('GroupListController', '*', Role::APP_ADMIN);
     $acl->add('GroupCreationController', '*', Role::APP_ADMIN);
     $acl->add('GroupModificationController', '*', Role::APP_ADMIN);
     $acl->add('LinkController', '*', Role::APP_ADMIN);
     $acl->add('ProjectCreationController', 'create', Role::APP_MANAGER);
     $acl->add('ProjectUserOverviewController', '*', Role::APP_MANAGER);
     $acl->add('TwoFactorController', 'disable', Role::APP_ADMIN);
     $acl->add('UserImportController', '*', Role::APP_ADMIN);
     $acl->add('UserCreationController', '*', Role::APP_ADMIN);
     $acl->add('UserListController', '*', Role::APP_ADMIN);
     $acl->add('UserStatusController', '*', Role::APP_ADMIN);
     $acl->add('UserCredentialController', array('changeAuthentication', 'saveAuthentication'), Role::APP_ADMIN);
     return $acl;
 }
 /**
  * Get ACL for the API
  *
  * @access public
  * @return AccessMap
  */
 public function getApiProjectAccessMap()
 {
     $acl = new AccessMap();
     $acl->setDefaultRole(Role::PROJECT_VIEWER);
     $acl->setRoleHierarchy(Role::PROJECT_MANAGER, array(Role::PROJECT_MEMBER, Role::PROJECT_VIEWER));
     $acl->setRoleHierarchy(Role::PROJECT_MEMBER, array(Role::PROJECT_VIEWER));
     $acl->add('ActionProcedure', array('removeAction', 'getActions', 'createAction'), Role::PROJECT_MANAGER);
     $acl->add('CategoryProcedure', '*', Role::PROJECT_MANAGER);
     $acl->add('ColumnProcedure', '*', Role::PROJECT_MANAGER);
     $acl->add('CommentProcedure', array('removeComment', 'createComment', 'updateComment'), Role::PROJECT_MEMBER);
     $acl->add('ProjectPermissionProcedure', '*', Role::PROJECT_MANAGER);
     $acl->add('ProjectProcedure', array('updateProject', 'removeProject', 'enableProject', 'disableProject', 'enableProjectPublicAccess', 'disableProjectPublicAccess'), Role::PROJECT_MANAGER);
     $acl->add('SubtaskProcedure', '*', Role::PROJECT_MEMBER);
     $acl->add('SubtaskTimeTrackingProcedure', '*', Role::PROJECT_MEMBER);
     $acl->add('SwimlaneProcedure', '*', Role::PROJECT_MANAGER);
     $acl->add('ProjectFileProcedure', '*', Role::PROJECT_MEMBER);
     $acl->add('TaskFileProcedure', '*', Role::PROJECT_MEMBER);
     $acl->add('TaskLinkProcedure', '*', Role::PROJECT_MEMBER);
     $acl->add('TaskExternalLinkProcedure', array('createExternalTaskLink', 'updateExternalTaskLink', 'removeExternalTaskLink'), Role::PROJECT_MEMBER);
     $acl->add('TaskProcedure', '*', Role::PROJECT_MEMBER);
     return $acl;
 }
 public function testAddRulesAndGetRoles()
 {
     $acl = new AccessMap();
     $acl->setDefaultRole('role3');
     $acl->setRoleHierarchy('role2', array('role1'));
     $acl->add('MyController', 'myAction1', 'role2');
     $acl->add('MyController', 'myAction2', 'role1');
     $acl->add('MyAdminController', '*', 'role2');
     $acl->add('SomethingElse', array('actionA', 'actionB'), 'role2');
     $this->assertEquals(array('role2'), $acl->getRoles('mycontroller', 'MyAction1'));
     $this->assertEquals(array('role1', 'role2'), $acl->getRoles('mycontroller', 'MyAction2'));
     $this->assertEquals(array('role2'), $acl->getRoles('Myadmincontroller', 'MyAction'));
     $this->assertEquals(array('role3'), $acl->getRoles('AnotherController', 'ActionNotFound'));
     $this->assertEquals(array('role2'), $acl->getRoles('somethingelse', 'actiona'));
     $this->assertEquals(array('role2'), $acl->getRoles('somethingelse', 'actionb'));
     $this->assertEquals(array('role3'), $acl->getRoles('somethingelse', 'actionc'));
 }
 /**
  * Get ACL for the application
  *
  * @access public
  * @return AccessMap
  */
 public function getApplicationAccessMap()
 {
     $acl = new AccessMap();
     $acl->setDefaultRole(Role::APP_USER);
     $acl->setRoleHierarchy(Role::APP_ADMIN, array(Role::APP_MANAGER, Role::APP_USER, Role::APP_PUBLIC));
     $acl->setRoleHierarchy(Role::APP_MANAGER, array(Role::APP_USER, Role::APP_PUBLIC));
     $acl->setRoleHierarchy(Role::APP_USER, array(Role::APP_PUBLIC));
     $acl->add('Auth', array('login', 'check'), Role::APP_PUBLIC);
     $acl->add('Captcha', '*', Role::APP_PUBLIC);
     $acl->add('PasswordReset', '*', Role::APP_PUBLIC);
     $acl->add('Webhook', '*', Role::APP_PUBLIC);
     $acl->add('Task', 'readonly', Role::APP_PUBLIC);
     $acl->add('Board', 'readonly', Role::APP_PUBLIC);
     $acl->add('Ical', '*', Role::APP_PUBLIC);
     $acl->add('Feed', '*', Role::APP_PUBLIC);
     $acl->add('AvatarFile', 'show', Role::APP_PUBLIC);
     $acl->add('Config', '*', Role::APP_ADMIN);
     $acl->add('PluginController', '*', Role::APP_ADMIN);
     $acl->add('Currency', '*', Role::APP_ADMIN);
     $acl->add('Gantt', array('projects', 'saveProjectDate'), Role::APP_MANAGER);
     $acl->add('GroupListController', '*', Role::APP_ADMIN);
     $acl->add('GroupCreationController', '*', Role::APP_ADMIN);
     $acl->add('GroupModificationController', '*', Role::APP_ADMIN);
     $acl->add('Link', '*', Role::APP_ADMIN);
     $acl->add('ProjectCreation', 'create', Role::APP_MANAGER);
     $acl->add('Projectuser', '*', Role::APP_MANAGER);
     $acl->add('Twofactor', 'disable', Role::APP_ADMIN);
     $acl->add('UserImportController', '*', Role::APP_ADMIN);
     $acl->add('UserCreationController', '*', Role::APP_ADMIN);
     $acl->add('UserListController', '*', Role::APP_ADMIN);
     $acl->add('UserStatusController', '*', Role::APP_ADMIN);
     $acl->add('UserCredentialController', array('changeAuthentication', 'saveAuthentication'), Role::APP_ADMIN);
     return $acl;
 }