public function testCanMatchIdentityRoles()
 {
     $adminRole = new Role('admin');
     $adminRole->addPermission('delete');
     $rbac = new Rbac();
     $rbac->addRole($adminRole);
     $authorizationService = new RbacService($rbac, array('admin'));
     $this->assertTrue($authorizationService->matchIdentityRoles(array('admin')));
 }
示例#2
0
 private function createAccountRole(AccountInterface $account)
 {
     $role = new Role('account-' . $account->getId()->toString());
     /** @var Group $group */
     foreach ($account->getGroups() as $group) {
         foreach ($group->getPermissions() as $permission) {
             $role->addPermission($permission);
         }
     }
     return $role;
 }
示例#3
0
 /**
  * @throws \RuntimeException
  */
 protected function initialize()
 {
     $this->rbac = new \Zend\Permissions\Rbac\Rbac();
     $roles = array();
     $this->getEventManager()->trigger(self::EVENT_GET_CONFIG, $this, array(), function ($config) use(&$roles) {
         $config = $config instanceof Parameters ? $config->toArray() : is_array($config) ? $config : array();
         $roles = array_merge($roles, $config);
     });
     /** creating roles with permissions */
     foreach ($roles as $roleName => $roleOptions) {
         $role = new Role($roleName);
         if (isset($roleOptions['permissions']) && is_array($roleOptions['permissions'])) {
             foreach ($roleOptions['permissions'] as $permission) {
                 $role->addPermission($permission);
             }
         }
         $this->rbac->addRole($role);
         unset($role);
         unset($roleName);
         unset($roleOptions);
     }
     /** setting parent roles */
     foreach ($roles as $roleName => $roleOptions) {
         $role = $this->rbac->getRole($roleName);
         if (isset($roleOptions['parent'])) {
             if (!$this->rbac->hasRole($roleOptions['parent'])) {
                 throw new \RuntimeException('Cannot find role "' . $roleOptions['parent'] . '" as parent for "' . $roleName . '"');
             }
             $parentRole = $this->rbac->getRole($roleOptions['parent']);
             $role->setParent($parentRole);
         }
         unset($role);
         unset($roleName);
         unset($roleOptions);
     }
     /** setting child roles */
     $roles = array_reverse($roles);
     foreach ($roles as $roleName => $roleOptions) {
         $role = $this->rbac->getRole($roleName);
         if (!empty($roleOptions['children']) && is_array($roleOptions['children'])) {
             foreach ($roleOptions['children'] as $childRoleName) {
                 if (!$this->rbac->hasRole($childRoleName)) {
                     throw new \RuntimeException('Cannot find role "' . $childRoleName . '" as child for "' . $roleName . '"');
                 }
                 $childRole = $this->rbac->getRole($childRoleName);
                 $role->addChild($childRole);
             }
         }
         unset($role);
         unset($roleName);
         unset($roleOptions);
     }
     unset($roles);
 }
示例#4
0
 /**
  * Add a child.
  *
  * @param  RoleInterface|string $child
  * @return Role
  */
 public function addChild($child)
 {
     if (is_string($child)) {
         $child = new Role($child);
     }
     if (!$child instanceof RoleInterface) {
         throw new Exception\InvalidArgumentException('Child must be a string or implement Zend\\Permissions\\Rbac\\RoleInterface');
     }
     $child->setParent($this);
     $this->children[] = $child;
     return $this;
 }
 public function __construct($lls)
 {
     $this->loginLogoutService = $lls;
     $this->accDen403View = new ViewModel();
     $this->accDen403View->setTemplate('error/403');
     $this->rbac = new Rbac();
     $authenticated = new Role(AccessController::ROLE_AUTHENTICATED);
     $authenticated->addPermission(AccessController::PERM_USER_DATA);
     $this->rbac->addRole($authenticated);
     $admin = new Role(AccessController::ROLE_ADMINISTRATOR);
     $this->rbac->addRole($admin);
 }
示例#6
0
 public function testIsGrantedChildRoles()
 {
     $foo = new Rbac\Role('foo');
     $bar = new Rbac\Role('bar');
     $foo->addPermission('can.foo');
     $bar->addPermission('can.bar');
     $this->rbac->addRole($foo);
     $this->rbac->addRole($bar, $foo);
     $this->assertEquals(true, $this->rbac->isGranted('foo', 'can.bar'));
     $this->assertEquals(true, $this->rbac->isGranted('foo', 'can.foo'));
     $this->assertEquals(true, $this->rbac->isGranted('bar', 'can.bar'));
     $this->assertEquals(false, $this->rbac->isGranted('foo', 'can.baz'));
     $this->assertEquals(false, $this->rbac->isGranted('bar', 'can.baz'));
 }
示例#7
0
 /**
  * Recupera as permissoes do banco de dados e as distribui no objeto \Zend\Permissions\Rbac\Rbac.
  * 
  * Role Based Access Controll
  * Metodo de controle de acesso que permite heranca de permissoes.
  * 
  * @param type $userRole
  */
 public function setupPermissions($userRole, $module)
 {
     // Primeiro role, referente diretamente ao cargo do usuario.
     $mainRole = new Role($userRole);
     // Permissoes para o cargo principal
     $permissionBoClass = Config::getZf2libConfig('permissionBusinessClass', $module);
     $permissionBO = new $permissionBoClass();
     $permissions = $permissionBO->getListByRole($userRole);
     foreach ($permissions as $allow) {
         $mainRole->addPermission($allow->module->getPkModule() . '.' . $allow->controller->getName() . '.' . $allow->permission->getFkAction());
     }
     $this->control = new Rbac();
     $this->control->addRole($mainRole);
 }
 /**
  * 
  * @param string $roleName
  * @return Role
  */
 private function createRole($roleName)
 {
     $role = new Role($roleName);
     $roleConfig = isset($this->rolesConfig[$roleName]) ? $this->rolesConfig[$roleName] : array();
     if (isset($roleConfig['children'])) {
         $childRoles = (array) $roleConfig['children'];
         $children = $this->getRoles($childRoles);
         foreach ($children as $child) {
             $role->addChild($child);
         }
     }
     if (isset($roleConfig['permissions'])) {
         $permissions = (array) $roleConfig['permissions'];
         foreach ($permissions as $permission) {
             $role->addPermission($permission);
         }
     }
     return $role;
 }
示例#9
0
文件: User.php 项目: pkamps/basexms
    public function getRole()
    {
        // Build PermissionXML role
        $xml = <<<XML
<policy id="update_content">/node</policy>
XML;
        $doc = new DOMDocument();
        $doc->loadXML($xml);
        $roleA = new Role('PermissionXML');
        $roleA->doc = $doc;
        $roleA->addPermission('query');
        // Build search filter Role
        $roleSearchFilter = new Role('SearchPermissionFilter');
        $roleSearchFilter->filter = '/@id';
        // Group up Roles under the 'User' Role
        $userRole = new Role('User');
        $userRole->addChild($roleA);
        $userRole->addChild($roleSearchFilter);
        return $userRole;
    }