From 98085778d2ebf2a59ea369c30503fea3a8db1d0c Mon Sep 17 00:00:00 2001 From: Chris Date: Wed, 11 Sep 2013 10:43:55 +0100 Subject: [PATCH] add match any rule --- README.md | 28 +++++++++ library/SimpleAcl/Acl.php | 6 +- tests/SimpleAcl/Rule/MatchAnyTest.php | 89 ++++++++++++++++++++++++++- 3 files changed, 118 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index d241556..e8f9d14 100644 --- a/README.md +++ b/README.md @@ -184,4 +184,32 @@ $this->assertTrue($acl->isAllowed($all, 'SiteFrontend', 'View')); $this->assertFalse($acl->isAllowed($all, 'SiteBackend', 'View')); ``` +##### Using Match Any Rules +You can add a match any rule named '*'. + +```php +$acl = new Acl(); + +$user = new Role('User'); +$admin = new Role('Admin'); + +$strategy = new AggregateStrategyDenyWins(); + +$all = new RoleAggregate(); +$all->setStrategy($strategy); +$all->addRole($user); +$all->addRole($admin); + +$siteFrontend = new Resource('SiteFrontend'); +$siteBackend = new Resource('SiteBackend'); + +$acl->addRule($user, $siteFrontend, '*', true); +$acl->addRule($admin, $siteFrontend, '*', true); + +$acl->addRule($admin, $siteBackend, '*', true); +$acl->addRule($user, $siteBackend, '*', false); + +$this->assertTrue($acl->isAllowed($all, 'SiteFrontend', 'View')); +$this->assertFalse($acl->isAllowed($all, 'SiteBackend', 'View')); +``` __For more help check out wiki pages.__ diff --git a/library/SimpleAcl/Acl.php b/library/SimpleAcl/Acl.php index 9cea707..80a9cc3 100644 --- a/library/SimpleAcl/Acl.php +++ b/library/SimpleAcl/Acl.php @@ -246,12 +246,10 @@ public function isAllowedReturnResult($roleAggregate, $resourceAggregate, $ruleN $roles = $this->getNames($roleAggregate); $resources = $this->getNames($resourceAggregate); - var_dump($roles); - var_dump($resources); - foreach ($roles as $roleName) { foreach ($resources as $resourceName) { - $this->isRuleAllow($roleName, $resourceName, $ruleName, $ruleResultCollection, $roleAggregate, $resourceAggregate); + $this->isRuleAllow($roleName, $resourceName, $ruleName, + $ruleResultCollection, $roleAggregate, $resourceAggregate); if($ruleName != "*") { $ruleResultCollection = $this->addAnyRuleResultToResultSet( diff --git a/tests/SimpleAcl/Rule/MatchAnyTest.php b/tests/SimpleAcl/Rule/MatchAnyTest.php index ecd8721..cb9befc 100644 --- a/tests/SimpleAcl/Rule/MatchAnyTest.php +++ b/tests/SimpleAcl/Rule/MatchAnyTest.php @@ -20,6 +20,93 @@ public function testAny() $user = new Role('User'); $siteFrontend = new Resource('SiteFrontend'); $acl->addRule($user, $siteFrontend, '*', true); - $this->assertTrue($acl->isAllowed($user, 'SiteFrontend', 'Edit')); + $this->assertTrue($acl->isAllowed('User', 'SiteFrontend', 'Edit')); + } + + public function testDifferentResource() + { + $acl = new Acl(); + $user = new Role('User'); + $siteFrontend = new Resource('SiteFrontend'); + $siteBackend = new Resource('SiteBackend'); + $acl->addRule($user, $siteFrontend, '*', true); + $this->assertFalse($acl->isAllowed('User', 'SiteBackend', 'Edit')); + } + + public function testAggregate() + { + $acl = new Acl(); + + $user = new Role('User'); + $admin = new Role('Admin'); + + $all = new RoleAggregate(); + $all->addRole($user); + $all->addRole($admin); + + $siteFrontend = new Resource('SiteFrontend'); + $siteBackend = new Resource('SiteBackend'); + + $acl->addRule($user, $siteFrontend, '*', true); + $acl->addRule($admin, $siteFrontend, '*', true); + + $acl->addRule($admin, $siteBackend, '*', true); + $acl->addRule($user, $siteBackend, '*', false); + + $this->assertTrue($acl->isAllowed($all, 'SiteFrontend', 'View')); + $this->assertTrue($acl->isAllowed($all, 'SiteBackend', 'View')); + } + + public function testAggregateDenyWins() + { + $acl = new Acl(); + + $user = new Role('User'); + $admin = new Role('Admin'); + + $strategy = new AggregateStrategyDenyWins(); + + $all = new RoleAggregate(); + $all->setStrategy($strategy); + $all->addRole($user); + $all->addRole($admin); + + $siteFrontend = new Resource('SiteFrontend'); + $siteBackend = new Resource('SiteBackend'); + + $acl->addRule($user, $siteFrontend, '*', true); + $acl->addRule($admin, $siteFrontend, '*', true); + + $acl->addRule($admin, $siteBackend, '*', true); + $acl->addRule($user, $siteBackend, '*', false); + + $this->assertTrue($acl->isAllowed($all, 'SiteFrontend', 'View')); + $this->assertFalse($acl->isAllowed($all, 'SiteBackend', 'View')); + } + + public function testRuleNotDefinedAggregate() + { + $acl = new Acl(); + + $user = new Role('User'); + $admin = new Role('Admin'); + + $strategy = new AggregateStrategyDenyWins(); + + $all = new RoleAggregate(); + $all->setStrategy($strategy); + $all->addRole($user); + $all->addRole($admin); + + $siteFrontend = new Resource('SiteFrontend'); + $siteBackend = new Resource('SiteBackend'); + + $acl->addRule($user, $siteFrontend, '*', true); + + $acl->addRule($admin, $siteBackend, '*', true); + $acl->addRule($user, $siteBackend, '*', false); + + $this->assertTrue($acl->isAllowed($all, 'SiteFrontend', 'View')); + $this->assertFalse($acl->isAllowed($all, 'SiteBackend', 'View')); } }