protected function loadResources(ZendAcl $acl, array $resources, $parent = null)
{
foreach ($resources as $key => $value) {
if (is_array($value)) {
$acl->addResource($key, $parent);
$this->loadResources($acl, $value, $key);
} else {
$acl->addResource($key, $parent);
}
}
}
public function testAclFiltersAwayPagesFromContainerSearch()
{
$acl = new Acl\Acl();
$acl->addRole(new Role\GenericRole('member'));
$acl->addRole(new Role\GenericRole('admin'));
$acl->addResource(new Resource\GenericResource('protected'));
$acl->allow('admin', 'protected');
$this->_helper->setAcl($acl);
$this->_helper->setRole($acl->getRole('member'));
$oldContainer = $this->_helper->getContainer();
$container = $this->_helper->getContainer();
$iterator = new \RecursiveIteratorIterator(
$container,
\RecursiveIteratorIterator::SELF_FIRST);
foreach ($iterator as $page) {
$page->resource = 'protected';
}
$this->_helper->setContainer($container);
$active = $this->_helper->findOneByLabel('Home');
$search = array(
'start' => 'Page 1',
'next' => 'Page 1',
'prev' => 'Page 1.1',
'chapter' => 'Home',
'section' => 'Page 1',
'subsection' => 'Page 2.2'
);
$expected = array();
$actual = array();
foreach ($search as $type => $active) {
$expected[$type] = false;
$active = $this->_helper->findOneByLabel($active);
$found = $this->_helper->findRelation($active, 'rel', $type);
if (null === $found) {
$actual[$type] = false;
} elseif (is_array($found)) {
$actual[$type] = 'array(' . count($found) . ')';
} else {
$actual[$type] = $found->getLabel();
}
}
$this->assertEquals($expected, $actual);
}
/**
* @group ZF-7973
*/
public function testAclPassesPrivilegeToAssertClass()
{
$assertion = new TestAsset\AssertionZF7973();
$acl = new Acl\Acl();
$acl->addRole('role');
$acl->addResource('resource');
$acl->allow('role', null, null, $assertion);
$allowed = $acl->isAllowed('role', 'resource', 'privilege', $assertion);
$this->assertTrue($allowed);
}
/**
* Check if the ACL allows accessing the function or method
*
* @param string|object $object Object or class being accessed
* @param string $function Function or method being accessed
* @return unknown_type
* @throws Exception\RuntimeException
*/
protected function _checkAcl($object, $function)
{
if(!$this->_acl) {
return true;
}
if($object) {
$isObject = is_object($object);
$class = ($isObject) ? get_class($object) : $object;
if(!$this->_acl->hasResource($class)) {
$this->_acl->addResource(new \Zend\Acl\Resource\GenericResource($class));
}
if (method_exists($object, 'initAcl')) {
// if initAcl returns false, no ACL check
if ($isObject && $object->initAcl($this->_acl)) {
return true;
} elseif ($class::initAcl($this->_acl)) {
return true;
}
}
} else {
$class = null;
}
$auth = $this->getAuthService();
if($auth->hasIdentity()) {
$role = $auth->getIdentity()->role;
} else {
if($this->_acl->hasRole(Constants::GUEST_ROLE)) {
$role = Constants::GUEST_ROLE;
} else {
throw new Exception\RuntimeException("Unauthenticated access not allowed");
}
}
if($this->_acl->isAllowed($role, $class, $function)) {
return true;
} else {
throw new Exception\RuntimeException("Access not allowed");
}
}
/**
* Sets up ACL
*
* @return Acl
*/
protected function _getAcl()
{
$acl = new Acl();
$acl->addRole(new GenericRole('guest'));
$acl->addRole(new GenericRole('member'), 'guest');
$acl->addRole(new GenericRole('admin'), 'member');
$acl->addRole(new GenericRole('special'), 'member');
$acl->addResource(new GenericResource('guest_foo'));
$acl->addResource(new GenericResource('member_foo'), 'guest_foo');
$acl->addResource(new GenericResource('admin_foo', 'member_foo'));
$acl->addResource(new GenericResource('special_foo'), 'member_foo');
$acl->allow('guest', 'guest_foo');
$acl->allow('member', 'member_foo');
$acl->allow('admin', 'admin_foo');
$acl->allow('special', 'special_foo');
$acl->allow('special', 'admin_foo', 'read');
return array('acl' => $acl, 'role' => 'special');
}