function let(RoleSet $role_set, Role $role, Permission $permission)
{
//fixtures
$subject_id = 1;
$permission->permission_id = 1;
$permission->name = 'admin_view';
$permission->description = 'Admin View Permission';
//collaborator stubbing/mocking
$permission->__toString()->willReturn($permission->name);
$role_set->getRoles()->willReturn(array($role));
$role_set->getPermissions()->willReturn(array($permission));
$role_set->has_permission($permission)->willReturn(true);
$this->beConstructedWith($subject_id, $role_set);
}
public function testCreate()
{
$name = "test_name";
$desc = "test_description";
$perm = Permission::create($name, $desc);
$this->assertEquals($name, $perm->name);
$this->assertEquals($desc, $perm->description);
}
protected function generatePerm($name = false)
{
if (!$name) {
$name = "perm_{$this->current_perm_num}";
}
$perm = Permission::create($name);
$perm->permission_id = ++$this->current_perm_num;
return $perm;
}
public function testPermissionSave()
{
$perm_coll = new \MongoCollection($this->db, "auth_permission");
$p1 = Permission::create("test_1", "desc");
$this->adapter->permissionSave($p1);
$this->assertNotEmpty($p1->permission_id);
$fetched_perm = $perm_coll->findOne(array('_id' => $p1->permission_id));
$this->assertEquals($fetched_perm['_id']->{'$id'}, $p1->permission_id);
}
/**
* @expectedException \RBAC\Exception\InsufficientPermission
*/
public function testRequirePermission()
{
$p1 = Permission::create("test_1", "", 1);
$p2 = Permission::create("test_2", "", 2);
$r1 = Role::create("role_1", "", [$p1, $p2]);
$subject = new Subject(1, new RoleSet([$r1]));
$subject->requirePermission($p1);
$subject->requirePermission($p2->name);
$subject->requirePermission("bs_perm");
}
public function testPermissions()
{
$p1 = Permission::create("test_1", "", 1);
$p2 = Permission::create("test_2", "", 2);
$p3 = Permission::create("test_3", "", 3);
$p4 = Permission::create("test_4", "", 4);
$r1 = Role::create("role_1", "", [$p1, $p2]);
$r2 = Role::create("role_2", "", [$p1, $p2, $p4]);
$role_set = new RoleSet([$r1, $r2]);
$permissions = $role_set->getPermissions();
$this->assertEquals(3, sizeof($permissions));
}
/**
* Creates permissions, and assigns them to roles that may be created if they don't already exist
* If they already do exist, the permissions will be replaced and updated
* Also capable of updating the role descriptions
* Use this function when you're constructing an RBAC interface for administrators to create new roles/permissions
*
* $roles_permissions is accepted in this manner:
* array(
* 'role_name' => array(
* 'desc' => 'Description of Role',
* 'perms' => array( //<- these are optional (empty array still updates; non-existent key is ignored)
* 'perm_name' => 'perm_desc'
* )
* ),
* 'role_name' => array(
* 'desc' => '', //<- this is also optional (empty string still updates; non-existent key is ignored)
* ),
* 'role_name' => array(
* 'perms' => array(
* 'perm_name' => '', //<- perm_desc is not optional but can be left as an empty string
* ),
* ),
* 'role_name' => array(
* 'perms' => array(), //<- this would just clear all the old the permissions
* ),
* );
*
* @param $roles_permissions array
* @return $roles array of objects
*/
public function register_roles_permissions(array $roles_permissions)
{
$role_names = array();
//cycle through the role names
foreach ($roles_permissions as $role_name => $role_data) {
//we send role name and description to register role
if (isset($role_data['desc']) and is_string($role_data['desc'])) {
$role_object = $this->register_role($role_name, $role_data['desc']);
} else {
$role_object = $this->register_role($role_name);
}
//if any one of the roles failed to be registered (created/updated), fail it
if (!$role_object) {
throw new RoleSaveException($this->lang('role_register_unsuccessful'));
}
//at this point role object has already been created or updated
//if the perms have not been set, there's no need to update it
if (isset($role_data['perms']) and is_array($role_data['perms'])) {
//first delete all the old permissions (if they exist!)
$old_permissions = $role_object->getPermissions();
foreach ($old_permissions as $permission_object) {
$this->role_manager->permissionDelete($permission_object);
}
//if the perms is not empty, we add/update the new roles
//if it were empty, we would leave it with no permissions
if (!empty($role_data['perms'])) {
//all permissions will be recreated
foreach ($role_data['perms'] as $permission_name => $permission_desc) {
$permission_object = Permission::create($permission_name, $permission_desc);
if (!$this->role_manager->permissionSave($permission_object)) {
throw new PermissionSaveException($this->lang('permission_save_unsuccessful'));
}
if (!$role_object->addPermission($permission_object)) {
throw new PermissionSaveException($this->lang('permission_assignment_unsuccessful'));
}
}
}
if (!$this->role_manager->roleSave($role_object)) {
throw new RoleSaveException($this->lang('role_save_unsuccessful'));
}
}
$role_names[] = $role_name;
}
return $this->get_roles($role_names);
}
protected function seed()
{
$default_users = array(array('id' => '1', 'ipAddress' => inet_pton('127.0.0.1'), 'username' => 'administrator', 'password' => '$2y$10$EiqipvSt3lnD//nchj4u9OgOTL9R3J4AbZ5bUVVrh.Tq/gmc5xIvS', 'passwordChange' => '0', 'email' => '*****@*****.**', 'createdOn' => date('Y-m-d H:i:s'), 'lastLogin' => date('Y-m-d H:i:s'), 'active' => '1', 'sharedKey' => '9tThG2rFhZv+LslrrPy0I6QcCn9E3kNcyv5rqb3qKLywvFCfwHiSZ2fH2qQAgQXAkfBIrd0zHP+1v/FJ4W/kMA=='));
//default user to roles
$default_users_to_roles = array(array('admin', 'member'));
//roles to descriptions
$default_roles = array('admin' => 'Site Administrators', 'member' => 'General Members');
//roles to permissions to permission descriptions
$default_role_permissions = array('admin' => array('admin_create' => 'Creating administration resources.', 'admin_read' => 'Viewing administration resources.', 'admin_update' => 'Editing administration resources.', 'admin_delete' => 'Deleting administration resources.'), 'member' => array('public_read' => 'Viewing public resources.'));
//seeding user accounts
foreach ($default_users as $user) {
$this->db->insert('user_accounts', $user);
}
//seeding roles and permissions
$role_manager = new RoleManager(new MySQLAdapter($this->db->conn_id, new Options()));
foreach ($default_role_permissions as $role => $permissions_array) {
//create the role
$created_role = Role::create($role, $default_roles[$role]);
foreach ($permissions_array as $permission => $reason) {
//create the permission
$created_permission = Permission::create($permission, $reason);
//save the permission to the database
$role_manager->permissionSave($created_permission);
//add the permission to the role
$created_role->addPermission($created_permission);
}
$role_manager->roleSave($created_role);
}
//assign the role to the users
foreach ($default_users_to_roles as $key => $roles) {
$user_id = $default_users[$key]['id'];
foreach ($roles as $role) {
$assignable_role = $role_manager->roleFetchByName($role);
$role_manager->roleAddSubjectId($assignable_role, $user_id);
}
}
}
/**
* @expectedException \RBAC\Exception\ValidationError
*/
public function testRolePermissionAddInvalidPerm()
{
$this->rm->rolePermissionAdd($this->generateRole(), Permission::create("blah"));
}
/**
* @expectedException \RBAC\Exception\ValidationError
*/
public function testAddInvalidPermission()
{
$role = Role::create("role_a");
$role->addPermission(Permission::create("invalid"));
}
