public function testCanMatchIdentityRoles()
{
$adminRole = new Role('admin');
$adminRole->addPermission('delete');
$rbac = new Rbac();
$rbac->addRole($adminRole);
$authorizationService = new RbacService($rbac, array('admin'));
$this->assertTrue($authorizationService->matchIdentityRoles(array('admin')));
}
private function createAccountRole(AccountInterface $account)
{
$role = new Role('account-' . $account->getId()->toString());
/** @var Group $group */
foreach ($account->getGroups() as $group) {
foreach ($group->getPermissions() as $permission) {
$role->addPermission($permission);
}
}
return $role;
}
/**
* @throws \RuntimeException
*/
protected function initialize()
{
$this->rbac = new \Zend\Permissions\Rbac\Rbac();
$roles = array();
$this->getEventManager()->trigger(self::EVENT_GET_CONFIG, $this, array(), function ($config) use(&$roles) {
$config = $config instanceof Parameters ? $config->toArray() : is_array($config) ? $config : array();
$roles = array_merge($roles, $config);
});
/** creating roles with permissions */
foreach ($roles as $roleName => $roleOptions) {
$role = new Role($roleName);
if (isset($roleOptions['permissions']) && is_array($roleOptions['permissions'])) {
foreach ($roleOptions['permissions'] as $permission) {
$role->addPermission($permission);
}
}
$this->rbac->addRole($role);
unset($role);
unset($roleName);
unset($roleOptions);
}
/** setting parent roles */
foreach ($roles as $roleName => $roleOptions) {
$role = $this->rbac->getRole($roleName);
if (isset($roleOptions['parent'])) {
if (!$this->rbac->hasRole($roleOptions['parent'])) {
throw new \RuntimeException('Cannot find role "' . $roleOptions['parent'] . '" as parent for "' . $roleName . '"');
}
$parentRole = $this->rbac->getRole($roleOptions['parent']);
$role->setParent($parentRole);
}
unset($role);
unset($roleName);
unset($roleOptions);
}
/** setting child roles */
$roles = array_reverse($roles);
foreach ($roles as $roleName => $roleOptions) {
$role = $this->rbac->getRole($roleName);
if (!empty($roleOptions['children']) && is_array($roleOptions['children'])) {
foreach ($roleOptions['children'] as $childRoleName) {
if (!$this->rbac->hasRole($childRoleName)) {
throw new \RuntimeException('Cannot find role "' . $childRoleName . '" as child for "' . $roleName . '"');
}
$childRole = $this->rbac->getRole($childRoleName);
$role->addChild($childRole);
}
}
unset($role);
unset($roleName);
unset($roleOptions);
}
unset($roles);
}
/**
* Add a child.
*
* @param RoleInterface|string $child
* @return Role
*/
public function addChild($child)
{
if (is_string($child)) {
$child = new Role($child);
}
if (!$child instanceof RoleInterface) {
throw new Exception\InvalidArgumentException('Child must be a string or implement Zend\\Permissions\\Rbac\\RoleInterface');
}
$child->setParent($this);
$this->children[] = $child;
return $this;
}
public function __construct($lls)
{
$this->loginLogoutService = $lls;
$this->accDen403View = new ViewModel();
$this->accDen403View->setTemplate('error/403');
$this->rbac = new Rbac();
$authenticated = new Role(AccessController::ROLE_AUTHENTICATED);
$authenticated->addPermission(AccessController::PERM_USER_DATA);
$this->rbac->addRole($authenticated);
$admin = new Role(AccessController::ROLE_ADMINISTRATOR);
$this->rbac->addRole($admin);
}
public function testIsGrantedChildRoles()
{
$foo = new Rbac\Role('foo');
$bar = new Rbac\Role('bar');
$foo->addPermission('can.foo');
$bar->addPermission('can.bar');
$this->rbac->addRole($foo);
$this->rbac->addRole($bar, $foo);
$this->assertEquals(true, $this->rbac->isGranted('foo', 'can.bar'));
$this->assertEquals(true, $this->rbac->isGranted('foo', 'can.foo'));
$this->assertEquals(true, $this->rbac->isGranted('bar', 'can.bar'));
$this->assertEquals(false, $this->rbac->isGranted('foo', 'can.baz'));
$this->assertEquals(false, $this->rbac->isGranted('bar', 'can.baz'));
}
/**
* Recupera as permissoes do banco de dados e as distribui no objeto \Zend\Permissions\Rbac\Rbac.
*
* Role Based Access Controll
* Metodo de controle de acesso que permite heranca de permissoes.
*
* @param type $userRole
*/
public function setupPermissions($userRole, $module)
{
// Primeiro role, referente diretamente ao cargo do usuario.
$mainRole = new Role($userRole);
// Permissoes para o cargo principal
$permissionBoClass = Config::getZf2libConfig('permissionBusinessClass', $module);
$permissionBO = new $permissionBoClass();
$permissions = $permissionBO->getListByRole($userRole);
foreach ($permissions as $allow) {
$mainRole->addPermission($allow->module->getPkModule() . '.' . $allow->controller->getName() . '.' . $allow->permission->getFkAction());
}
$this->control = new Rbac();
$this->control->addRole($mainRole);
}
/**
*
* @param string $roleName
* @return Role
*/
private function createRole($roleName)
{
$role = new Role($roleName);
$roleConfig = isset($this->rolesConfig[$roleName]) ? $this->rolesConfig[$roleName] : array();
if (isset($roleConfig['children'])) {
$childRoles = (array) $roleConfig['children'];
$children = $this->getRoles($childRoles);
foreach ($children as $child) {
$role->addChild($child);
}
}
if (isset($roleConfig['permissions'])) {
$permissions = (array) $roleConfig['permissions'];
foreach ($permissions as $permission) {
$role->addPermission($permission);
}
}
return $role;
}
public function getRole()
{
// Build PermissionXML role
$xml = <<<XML
<policy id="update_content">/node</policy>
XML;
$doc = new DOMDocument();
$doc->loadXML($xml);
$roleA = new Role('PermissionXML');
$roleA->doc = $doc;
$roleA->addPermission('query');
// Build search filter Role
$roleSearchFilter = new Role('SearchPermissionFilter');
$roleSearchFilter->filter = '/@id';
// Group up Roles under the 'User' Role
$userRole = new Role('User');
$userRole->addChild($roleA);
$userRole->addChild($roleSearchFilter);
return $userRole;
}