/** * @param bool $isAllowed * @dataProvider dataProviderBoolValues */ public function testIsEverythingAllowed($isAllowed) { $id = 10; $this->coreRegistryMock->expects($this->once())->method('registry')->with(\Magento\User\Controller\Adminhtml\User\Role\SaveRole::RESOURCE_ALL_FORM_DATA_SESSION_KEY)->willReturn(true); if ($isAllowed) { $this->rootResourceMock->expects($this->exactly(2))->method('getId')->willReturnOnConsecutiveCalls($id, $id); } else { $this->rootResourceMock->expects($this->exactly(2))->method('getId')->willReturnOnConsecutiveCalls(11, $id); } $this->assertEquals($isAllowed, $this->model->isEverythingAllowed()); }
/** * @param string $rootResourceId * @param array $savedData * @param bool $expectedValue * @dataProvider isEverythingAllowedWithSavedFromDataProvider */ public function testIsEverythingAllowedWithSavedFromData($rootResourceId, $savedData, $expectedValue) { $this->registry->expects($this->once())->method('registry')->with(IntegrationController::REGISTRY_KEY_CURRENT_RESOURCE)->willReturn($savedData); $this->rootResource->expects($this->any())->method('getId')->will($this->returnValue($rootResourceId)); $this->webapiBlock = $this->getWebapiBlock(); $this->assertEquals($expectedValue, $this->webapiBlock->isEverythingAllowed()); }
public function testGrantAllPermissions() { $rootResource = 'Magento_All:all'; $this->rootAclResourceMock->expects($this->any())->method('getId')->will($this->returnValue($rootResource)); $this->roleMock->expects($this->any())->method('getId')->will($this->returnValue(self::ROLE_ID)); $this->rulesMock->expects($this->any())->method('setRoleId')->with(self::ROLE_ID)->will($this->returnSelf()); $this->rulesMock->expects($this->any())->method('setResources')->with([$rootResource])->will($this->returnSelf()); $this->rulesMock->expects($this->any())->method('saveRel')->will($this->returnSelf()); $this->integrationAuthorizationService->grantAllPermissions(self::INTEGRATION_ID); }
/** * Save ACL resources * * @param \Magento\Authorization\Model\Rules $rule * @return void * @throws \Magento\Framework\Exception\LocalizedException */ public function saveRel(\Magento\Authorization\Model\Rules $rule) { try { $connection = $this->getConnection(); $connection->beginTransaction(); $roleId = $rule->getRoleId(); $condition = ['role_id = ?' => (int) $roleId]; $connection->delete($this->getMainTable(), $condition); $postedResources = $rule->getResources(); if ($postedResources) { $row = ['resource_id' => $this->_rootResource->getId(), 'privileges' => '', 'role_id' => $roleId, 'permission' => 'allow']; // If all was selected save it only and nothing else. if ($postedResources === [$this->_rootResource->getId()]) { $insertData = $this->_prepareDataForTable(new \Magento\Framework\DataObject($row), $this->getMainTable()); $connection->insert($this->getMainTable(), $insertData); } else { /** Give basic admin permissions to any admin */ $postedResources[] = \Magento\Backend\App\AbstractAction::ADMIN_RESOURCE; $acl = $this->_aclBuilder->getAcl(); /** @var $resource \Magento\Framework\Acl\AclResource */ foreach ($acl->getResources() as $resourceId) { $row['permission'] = in_array($resourceId, $postedResources) ? 'allow' : 'deny'; $row['resource_id'] = $resourceId; $insertData = $this->_prepareDataForTable(new \Magento\Framework\DataObject($row), $this->getMainTable()); $connection->insert($this->getMainTable(), $insertData); } } } $connection->commit(); $this->_aclCache->clean(); } catch (\Magento\Framework\Exception\LocalizedException $e) { $connection->rollBack(); throw $e; } catch (\Exception $e) { $connection->rollBack(); $this->_logger->critical($e); } }
/** * Get selected resources * * @return array|mixed|\string[] */ public function getSelectedResources() { $selectedResources = $this->getData('selected_resources'); if (empty($selectedResources)) { $allResource = $this->getCoreRegistry()->registry(SaveRole::RESOURCE_ALL_FORM_DATA_SESSION_KEY); if ($allResource) { $selectedResources = [$this->_rootResource->getId()]; } else { $selectedResources = $this->getCoreRegistry()->registry(SaveRole::RESOURCE_FORM_DATA_SESSION_KEY); } if (null === $selectedResources) { $rid = $this->_request->getParam('rid', false); $selectedResources = $this->_aclRetriever->getAllowedResourcesByRole($rid); } $this->setData('selected_resources', $selectedResources); } return $selectedResources; }
/** * Save ACL resources * * @param \Magento\User\Model\Rules $rule * @return void * @throws \Magento\Framework\Model\Exception */ public function saveRel(\Magento\User\Model\Rules $rule) { try { $adapter = $this->_getWriteAdapter(); $adapter->beginTransaction(); $roleId = $rule->getRoleId(); $condition = array('role_id = ?' => (int) $roleId); $adapter->delete($this->getMainTable(), $condition); $postedResources = $rule->getResources(); if ($postedResources) { $row = array('resource_id' => $this->_rootResource->getId(), 'privileges' => '', 'role_id' => $roleId, 'permission' => 'allow'); // If all was selected save it only and nothing else. if ($postedResources === array($this->_rootResource->getId())) { $insertData = $this->_prepareDataForTable(new \Magento\Framework\Object($row), $this->getMainTable()); $adapter->insert($this->getMainTable(), $insertData); } else { $acl = $this->_aclBuilder->getAcl(); /** @var $resource \Magento\Framework\Acl\Resource */ foreach ($acl->getResources() as $resourceId) { $row['permission'] = in_array($resourceId, $postedResources) ? 'allow' : 'deny'; $row['resource_id'] = $resourceId; $insertData = $this->_prepareDataForTable(new \Magento\Framework\Object($row), $this->getMainTable()); $adapter->insert($this->getMainTable(), $insertData); } } } $adapter->commit(); $this->_aclCache->clean(); } catch (\Magento\Framework\Model\Exception $e) { $adapter->rollBack(); throw $e; } catch (\Exception $e) { $adapter->rollBack(); $this->_logger->logException($e); } }
/** * Check if everything is allowed * * @return bool */ public function isEverythingAllowed() { return in_array($this->rootResource->getId(), $this->getSelectedResources()); }
/** * {@inheritdoc} */ public function grantAllPermissions(UserIdentifier $userIdentifier) { $this->grantPermissions($userIdentifier, array($this->_rootAclResource->getId())); }
/** * @param string $rootResourceId * @param array $integrationData * @param array $selectedResources * @param bool $expectedValue * @dataProvider isEverythingAllowedProvider */ public function testIsEverythingAllowed($rootResourceId, $integrationData, $selectedResources, $expectedValue) { $this->webapiBlock = $this->getWebapiBlock($integrationData, $selectedResources); $this->rootResource->expects($this->once())->method('getId')->will($this->returnValue($rootResourceId)); $this->assertEquals($expectedValue, $this->webapiBlock->isEverythingAllowed()); }
/** * {@inheritdoc} */ public function grantAllPermissions($integrationId) { $this->grantPermissions($integrationId, array($this->_rootAclResource->getId())); }