add AuditableAcl(Provider)
* update provider class to AuditableAclProvider * change auditing default to be more reasonable, 90% use case: log failures only * add transformers to Model\Acl\Entry converting from/to Security\Acl\Domain\Entry * fix MutableAclProvider to use getAcl method instead of creating MutableAcl directly * re-factor MutableAcl::updateAce and MutableAclProvider::persistAcl to use Entry transformers
This commit is contained in:
parent
2231df621c
commit
af1053e149
|
@ -12,7 +12,69 @@ namespace Propel\PropelBundle\Model\Acl;
|
|||
|
||||
use Propel\PropelBundle\Model\Acl\om\BaseEntry;
|
||||
|
||||
use Propel\PropelBundle\Security\Acl\Domain\Entry as AclEntry;
|
||||
use Propel\PropelBundle\Security\Acl\Domain\FieldEntry as AclFieldEntry;
|
||||
|
||||
use Symfony\Component\Security\Acl\Model\AclInterface;
|
||||
use Symfony\Component\Security\Acl\Model\EntryInterface;
|
||||
use Symfony\Component\Security\Acl\Model\AuditableEntryInterface;
|
||||
use Symfony\Component\Security\Acl\Model\FieldEntryInterface;
|
||||
|
||||
class Entry extends BaseEntry
|
||||
{
|
||||
/**
|
||||
* Transform a given ACL entry into a Entry model.
|
||||
*
|
||||
* The entry will not be persisted!
|
||||
*
|
||||
* @param EntryInterface $aclEntry
|
||||
*
|
||||
* @return Entry
|
||||
*/
|
||||
public static function fromAclEntry(EntryInterface $aclEntry)
|
||||
{
|
||||
$entry = new self();
|
||||
|
||||
// Already persisted before?
|
||||
if ($aclEntry->getId()) {
|
||||
$entry->setId($aclEntry->getId());
|
||||
}
|
||||
|
||||
$entry
|
||||
->setMask($aclEntry->getMask())
|
||||
->setGranting($aclEntry->isGranting())
|
||||
->setGrantingStrategy($aclEntry->getStrategy())
|
||||
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($aclEntry->getSecurityIdentity()))
|
||||
;
|
||||
|
||||
if ($aclEntry instanceof FieldEntryInterface) {
|
||||
$entry->setFieldName($aclEntry->getField());
|
||||
}
|
||||
|
||||
if ($aclEntry instanceof AuditableEntryInterface) {
|
||||
$entry
|
||||
->setAuditFailure($aclEntry->isAuditFailure())
|
||||
->setAuditSuccess($aclEntry->isAuditSuccess())
|
||||
;
|
||||
}
|
||||
|
||||
return $entry;
|
||||
}
|
||||
|
||||
/**
|
||||
* Transform a given model entry into an ACL related Entry (ACE).
|
||||
*
|
||||
* @param Entry $modelEntry
|
||||
* @param AclInterface $acl
|
||||
*
|
||||
* @return EntryInterface
|
||||
*/
|
||||
public static function toAclEntry(Entry $modelEntry, AclInterface $acl)
|
||||
{
|
||||
if (null === $modelEntry->getFieldName()) {
|
||||
return new AclEntry($modelEntry, $acl);
|
||||
} else {
|
||||
return new AclFieldEntry($modelEntry, $acl);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -66,7 +66,7 @@
|
|||
<column name="mask" type="integer" required="true" />
|
||||
<column name="granting" type="boolean" required="true" />
|
||||
<column name="granting_strategy" type="varchar" size="30" required="true" />
|
||||
<column name="audit_success" type="boolean" required="true" defaultValue="true" />
|
||||
<column name="audit_success" type="boolean" required="true" defaultValue="false" />
|
||||
<column name="audit_failure" type="boolean" required="true" defaultValue="true" />
|
||||
|
||||
<unique>
|
||||
|
|
|
@ -13,7 +13,7 @@
|
|||
<parameter key="propel.form.type.model.class">Symfony\Bridge\Propel1\Form\Type\ModelType</parameter>
|
||||
<parameter key="propel.twig.extension.syntax.class">Propel\PropelBundle\Twig\Extension\SyntaxExtension</parameter>
|
||||
<parameter key="form.type_guesser.propel.class">Symfony\Bridge\Propel1\Form\PropelTypeGuesser</parameter>
|
||||
<parameter key="propel.security.acl.provider.model.class">Propel\PropelBundle\Security\Acl\MutableAclProvider</parameter>
|
||||
<parameter key="propel.security.acl.provider.model.class">Propel\PropelBundle\Security\Acl\AuditableAclProvider</parameter>
|
||||
</parameters>
|
||||
|
||||
<services>
|
||||
|
|
41
Security/Acl/AuditableAclProvider.php
Normal file
41
Security/Acl/AuditableAclProvider.php
Normal file
|
@ -0,0 +1,41 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* This file is part of the PropelBundle package.
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*
|
||||
* @license MIT License
|
||||
*/
|
||||
|
||||
namespace Propel\PropelBundle\Security\Acl;
|
||||
|
||||
use PropelPDO;
|
||||
use PropelCollection;
|
||||
|
||||
use Propel\PropelBundle\Security\Acl\Domain\AuditableAcl;
|
||||
|
||||
use Symfony\Component\Security\Acl\Model\AclInterface;
|
||||
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
|
||||
|
||||
/**
|
||||
* @author Toni Uebernickel <tuebernickel@gmail.com>
|
||||
*/
|
||||
class AuditableAclProvider extends MutableAclProvider
|
||||
{
|
||||
/**
|
||||
* Get an ACL for this provider.
|
||||
*
|
||||
* @param PropelCollection $collection
|
||||
* @param ObjectIdentityInterface $objectIdentity
|
||||
* @param array $loadedSecurityIdentities
|
||||
* @param AclInterface $parentAcl
|
||||
* @param bool $inherited
|
||||
*
|
||||
* @return AuditableAcl
|
||||
*/
|
||||
protected function getAcl(PropelCollection $collection, ObjectIdentityInterface $objectIdentity, array $loadedSecurityIdentities = array(), AclInterface $parentAcl = null, $inherited = true)
|
||||
{
|
||||
return new AuditableAcl($collection, $objectIdentity, $this->permissionGrantingStrategy, $loadedSecurityIdentities, $parentAcl, $inherited, $this->connection);
|
||||
}
|
||||
}
|
112
Security/Acl/Domain/AuditableAcl.php
Normal file
112
Security/Acl/Domain/AuditableAcl.php
Normal file
|
@ -0,0 +1,112 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* This file is part of the PropelBundle package.
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*
|
||||
* @license MIT License
|
||||
*/
|
||||
|
||||
namespace Propel\PropelBundle\Security\Acl\Domain;
|
||||
|
||||
use InvalidArgumentException;
|
||||
|
||||
use PropelPDO;
|
||||
use PropelCollection;
|
||||
|
||||
use Propel\PropelBundle\Model\Acl\Entry as ModelEntry;
|
||||
|
||||
use Symfony\Component\Security\Acl\Model\AclInterface;
|
||||
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
|
||||
use Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface;
|
||||
use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
|
||||
use Symfony\Component\Security\Acl\Model\AuditableAclInterface;
|
||||
|
||||
/**
|
||||
* @author Toni Uebernickel <tuebernickel@gmail.com>
|
||||
*/
|
||||
class AuditableAcl extends MutableAcl implements AuditableAclInterface
|
||||
{
|
||||
/**
|
||||
* Updates auditing for class-based ACE
|
||||
*
|
||||
* @param integer $index
|
||||
* @param bool $auditSuccess
|
||||
* @param bool $auditFailure
|
||||
*/
|
||||
public function updateClassAuditing($index, $auditSuccess, $auditFailure)
|
||||
{
|
||||
$this->updateAuditing($this->classAces, $index, $auditSuccess, $auditFailure);
|
||||
}
|
||||
|
||||
/**
|
||||
* Updates auditing for class-field-based ACE
|
||||
*
|
||||
* @param integer $index
|
||||
* @param string $field
|
||||
* @param bool $auditSuccess
|
||||
* @param bool $auditFailure
|
||||
*/
|
||||
public function updateClassFieldAuditing($index, $field, $auditSuccess, $auditFailure)
|
||||
{
|
||||
$this->validateField($this->classFieldAces, $field);
|
||||
$this->updateAuditing($this->classFieldAces[$field], $index, $auditSuccess, $auditFailure);
|
||||
}
|
||||
|
||||
/**
|
||||
* Updates auditing for object-based ACE
|
||||
*
|
||||
* @param integer $index
|
||||
* @param bool $auditSuccess
|
||||
* @param bool $auditFailure
|
||||
*/
|
||||
public function updateObjectAuditing($index, $auditSuccess, $auditFailure)
|
||||
{
|
||||
$this->updateAuditing($this->objectAces, $index, $auditSuccess, $auditFailure);
|
||||
}
|
||||
|
||||
/**
|
||||
* Updates auditing for object-field-based ACE
|
||||
*
|
||||
* @param integer $index
|
||||
* @param string $field
|
||||
* @param bool $auditSuccess
|
||||
* @param bool $auditFailure
|
||||
*/
|
||||
public function updateObjectFieldAuditing($index, $field, $auditSuccess, $auditFailure)
|
||||
{
|
||||
$this->validateField($this->objectFieldAces, $field);
|
||||
$this->updateAuditing($this->objectFieldAces[$field], $index, $auditSuccess, $auditFailure);
|
||||
}
|
||||
|
||||
/**
|
||||
* Update auditing on a single ACE.
|
||||
*
|
||||
* @throws InvalidArgumentException
|
||||
*
|
||||
* @param array $list
|
||||
* @param int $index
|
||||
* @param bool $auditSuccess
|
||||
* @param bool $auditFailure
|
||||
*
|
||||
* @return AuditableAcl $this
|
||||
*/
|
||||
protected function updateAuditing(array &$list, $index, $auditSuccess, $auditFailure)
|
||||
{
|
||||
if (!is_bool($auditSuccess) or !is_bool($auditFailure)) {
|
||||
throw new InvalidArgumentException('The given auditing flags are invalid. Please provide boolean only.');
|
||||
}
|
||||
|
||||
$this->validateIndex($list, $index);
|
||||
|
||||
$entry = ModelEntry::fromAclEntry($list[$index])
|
||||
->setAuditSuccess($auditSuccess)
|
||||
->setAuditFailure($auditFailure)
|
||||
;
|
||||
|
||||
$list[$index] = ModelEntry::toAclEntry($entry, $this);
|
||||
|
||||
return $this;
|
||||
}
|
||||
}
|
|
@ -265,7 +265,7 @@ class MutableAcl extends Acl implements MutableAclInterface
|
|||
{
|
||||
$this
|
||||
->validateField($this->classFieldAces, $field)
|
||||
->updateAce($this->classFieldAces[$field], $index, $mask, $strategy, $field)
|
||||
->updateAce($this->classFieldAces[$field], $index, $mask, $strategy)
|
||||
;
|
||||
}
|
||||
|
||||
|
@ -292,7 +292,7 @@ class MutableAcl extends Acl implements MutableAclInterface
|
|||
public function updateObjectFieldAce($index, $field, $mask, $strategy = null)
|
||||
{
|
||||
$this->validateField($this->objectFieldAces, $field);
|
||||
$this->updateAce($this->objectFieldAces[$field], $index, $mask, $strategy, $field);
|
||||
$this->updateAce($this->objectFieldAces[$field], $index, $mask, $strategy);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -388,40 +388,19 @@ class MutableAcl extends Acl implements MutableAclInterface
|
|||
*
|
||||
* @return MutableAcl $this
|
||||
*/
|
||||
protected function updateAce(array &$list, $index, $mask, $strategy = null, $field = null)
|
||||
protected function updateAce(array &$list, $index, $mask, $strategy = null)
|
||||
{
|
||||
$this->validateIndex($list, $index);
|
||||
|
||||
$beforeAce = $list[$index];
|
||||
/* @var $beforeAce Entry */
|
||||
$entry = new ModelEntry();
|
||||
$entry = ModelEntry::fromAclEntry($list[$index]);
|
||||
|
||||
// Already persisted before?
|
||||
if ($beforeAce->getId()) {
|
||||
$entry->setId($beforeAce->getId());
|
||||
// Apply updates
|
||||
$entry->setMask($mask);
|
||||
if (null !== $strategy) {
|
||||
$entry->setGrantingStrategy($strategy);
|
||||
}
|
||||
|
||||
if (null === $strategy) {
|
||||
$strategy = $beforeAce->getStrategy();
|
||||
}
|
||||
|
||||
$entry
|
||||
->setMask($mask)
|
||||
->setGranting($beforeAce->isGranting())
|
||||
->setGrantingStrategy($strategy)
|
||||
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($beforeAce->getSecurityIdentity()))
|
||||
;
|
||||
|
||||
if (null !== $field) {
|
||||
$this->updateFields($field);
|
||||
|
||||
$entry->setFieldName($field);
|
||||
$newAce = new FieldEntry($entry, $this);
|
||||
} else {
|
||||
$newAce = new Entry($entry, $this);
|
||||
}
|
||||
|
||||
$list[$index] = $newAce;
|
||||
$list[$index] = ModelEntry::toAclEntry($entry, $this);
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
|
|
@ -37,6 +37,7 @@ use Symfony\Component\Security\Acl\Domain\FieldEntry;
|
|||
use Symfony\Component\Security\Acl\Model\AclInterface;
|
||||
use Symfony\Component\Security\Acl\Model\EntryInterface;
|
||||
use Symfony\Component\Security\Acl\Model\FieldEntryInterface;
|
||||
use Symfony\Component\Security\Acl\Model\AuditableEntryInterface;
|
||||
use Symfony\Component\Security\Acl\Model\AclCacheInterface;
|
||||
use Symfony\Component\Security\Acl\Model\MutableAclInterface;
|
||||
use Symfony\Component\Security\Acl\Model\MutableAclProviderInterface;
|
||||
|
@ -96,7 +97,7 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf
|
|||
$objIdentity->save($this->connection);
|
||||
}
|
||||
|
||||
return new MutableAcl($entries, $objectIdentity, $this->permissionGrantingStrategy, array(), null, false, $this->connection);
|
||||
return $this->getAcl($entries, $objectIdentity, array(), null, false);
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -230,26 +231,30 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf
|
|||
foreach ($accessControlEntries as $order => $eachAce) {
|
||||
// If the given ACE has never been persisted, create a new one.
|
||||
if (null === $entry = $this->getPersistedAce($eachAce, $objectIdentity, $object)) {
|
||||
$entry = new ModelEntry();
|
||||
$entry = ModelEntry::fromAclEntry($eachAce);
|
||||
}
|
||||
|
||||
if (in_array($entry->getId(), $entries)) {
|
||||
$entry = new ModelEntry();
|
||||
}
|
||||
|
||||
if ($eachAce instanceof FieldEntryInterface) {
|
||||
$entry->setFieldName($eachAce->getField());
|
||||
$entry = ModelEntry::fromAclEntry($eachAce);
|
||||
}
|
||||
|
||||
// Apply possible changes from local ACE.
|
||||
$entry
|
||||
->setAceOrder($order)
|
||||
->setAclClass($objectIdentity->getAclClass())
|
||||
->setMask($eachAce->getMask())
|
||||
->setGranting($eachAce->isGranting())
|
||||
->setGrantingStrategy($eachAce->getStrategy())
|
||||
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($eachAce->getSecurityIdentity()))
|
||||
;
|
||||
|
||||
if ($eachAce instanceof AuditableEntryInterface) {
|
||||
if (is_bool($eachAce->isAuditSuccess())) {
|
||||
$entry->setAuditSuccess($eachAce->isAuditSuccess());
|
||||
}
|
||||
|
||||
if (is_bool($eachAce->isAuditFailure())) {
|
||||
$entry->setAuditFailure($eachAce->isAuditFailure());
|
||||
}
|
||||
}
|
||||
|
||||
if (true === $object) {
|
||||
$entry->setObjectIdentity($objectIdentity);
|
||||
}
|
||||
|
|
88
Tests/Model/Acl/EntryTest.php
Normal file
88
Tests/Model/Acl/EntryTest.php
Normal file
|
@ -0,0 +1,88 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* This file is part of the PropelBundle package.
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*
|
||||
* @license MIT License
|
||||
*/
|
||||
|
||||
namespace Propel\PropelBundle\Tests\Model\Acl;
|
||||
|
||||
use Propel\PropelBundle\Model\Acl\Entry as ModelEntry;
|
||||
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
|
||||
|
||||
use Propel\PropelBundle\Security\Acl\Domain\Entry as AclEntry;
|
||||
|
||||
use Propel\PropelBundle\Tests\AclTestCase;
|
||||
|
||||
/**
|
||||
* @author Toni Uebernickel <tuebernickel@gmail.com>
|
||||
*/
|
||||
class EntryTest extends AclTestCase
|
||||
{
|
||||
public function testToAclEntry()
|
||||
{
|
||||
$acl = $this->getMock('Propel\PropelBundle\Security\Acl\Domain\AuditableAcl', array(), array(), '', false, false);
|
||||
$entry = $this->createModelEntry();
|
||||
|
||||
$aclEntry = ModelEntry::toAclEntry($entry, $acl);
|
||||
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $aclEntry);
|
||||
$this->assertSame($acl, $aclEntry->getAcl());
|
||||
$this->assertEquals(42, $aclEntry->getId());
|
||||
$this->assertTrue($aclEntry->isAuditFailure());
|
||||
$this->assertFalse($aclEntry->isAuditSuccess());
|
||||
$this->assertEquals('all', $aclEntry->getStrategy());
|
||||
$this->assertTrue($aclEntry->isGranting());
|
||||
$this->assertEquals(64, $aclEntry->getMask());
|
||||
|
||||
return $aclEntry;
|
||||
}
|
||||
|
||||
/**
|
||||
* @depends testToAclEntry
|
||||
*/
|
||||
public function testToAclEntryFieldEntry()
|
||||
{
|
||||
$acl = $this->getMock('Propel\PropelBundle\Security\Acl\Domain\AuditableAcl', array(), array(), '', false, false);
|
||||
$entry = $this->createModelEntry();
|
||||
$entry->setFieldName('name');
|
||||
|
||||
$aclEntry = ModelEntry::toAclEntry($entry, $acl);
|
||||
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $aclEntry);
|
||||
}
|
||||
|
||||
/**
|
||||
* @depends testToAclEntry
|
||||
*/
|
||||
public function testFromAclEntry($aclEntry)
|
||||
{
|
||||
$modelEntry = ModelEntry::fromAclEntry($aclEntry);
|
||||
|
||||
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\Entry', $modelEntry);
|
||||
$this->assertEquals(42, $modelEntry->getId());
|
||||
$this->assertTrue($modelEntry->getAuditFailure());
|
||||
$this->assertFalse($modelEntry->getAuditSuccess());
|
||||
$this->assertEquals('all', $modelEntry->getGrantingStrategy());
|
||||
$this->assertTrue($modelEntry->getGranting());
|
||||
$this->assertEquals(64, $modelEntry->getMask());
|
||||
}
|
||||
|
||||
protected function createModelEntry()
|
||||
{
|
||||
$entry = new ModelEntry();
|
||||
$entry
|
||||
->setId(42)
|
||||
->setAclClass($this->getAclClass())
|
||||
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
|
||||
->setAuditFailure(true)
|
||||
->setAuditSuccess(false)
|
||||
->setGrantingStrategy('all')
|
||||
->setGranting(true)
|
||||
->setMask(64)
|
||||
;
|
||||
|
||||
return $entry;
|
||||
}
|
||||
}
|
87
Tests/Security/Acl/AuditableAclProviderTest.php
Normal file
87
Tests/Security/Acl/AuditableAclProviderTest.php
Normal file
|
@ -0,0 +1,87 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* This file is part of the PropelBundle package.
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*
|
||||
* @license MIT License
|
||||
*/
|
||||
|
||||
namespace Propel\PropelBundle\Tests\Security\Acl;
|
||||
|
||||
use Propel\PropelBundle\Model\Acl\EntryQuery;
|
||||
|
||||
use Propel\PropelBundle\Security\Acl\AuditableAclProvider;
|
||||
|
||||
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
|
||||
|
||||
use Propel\PropelBundle\Tests\AclTestCase;
|
||||
|
||||
/**
|
||||
* @author Toni Uebernickel <tuebernickel@gmail.com>
|
||||
*/
|
||||
class AuditableAclProviderTest extends AclTestCase
|
||||
{
|
||||
public function testCreateAcl()
|
||||
{
|
||||
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
|
||||
|
||||
$this->assertNotEmpty($acl);
|
||||
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\AuditableAcl', $acl);
|
||||
$this->assertEquals(1, $acl->getId());
|
||||
}
|
||||
|
||||
/**
|
||||
* @depends testCreateAcl
|
||||
*/
|
||||
public function testUpdatePersistsAuditing()
|
||||
{
|
||||
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
|
||||
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
|
||||
$this->getAclProvider()->updateAcl($acl);
|
||||
|
||||
$entries = EntryQuery::create()->find($this->con);
|
||||
$this->assertCount(1, $entries);
|
||||
// default values
|
||||
$this->assertFalse($entries[0]->getAuditSuccess());
|
||||
$this->assertTrue($entries[0]->getAuditFailure());
|
||||
|
||||
$acl->updateObjectAuditing(0, true, true);
|
||||
$this->getAclProvider()->updateAcl($acl);
|
||||
|
||||
$entries = EntryQuery::create()->find($this->con);
|
||||
$this->assertCount(1, $entries);
|
||||
$this->assertTrue($entries[0]->getAuditSuccess());
|
||||
$this->assertTrue($entries[0]->getAuditFailure());
|
||||
|
||||
$acl->updateObjectAuditing(0, false, true);
|
||||
$this->getAclProvider()->updateAcl($acl);
|
||||
|
||||
$entries = EntryQuery::create()->find($this->con);
|
||||
$this->assertCount(1, $entries);
|
||||
$this->assertFalse($entries[0]->getAuditSuccess());
|
||||
$this->assertTrue($entries[0]->getAuditFailure());
|
||||
|
||||
$acl->updateObjectAuditing(0, true, false);
|
||||
$this->getAclProvider()->updateAcl($acl);
|
||||
|
||||
$entries = EntryQuery::create()->find($this->con);
|
||||
$this->assertCount(1, $entries);
|
||||
$this->assertTrue($entries[0]->getAuditSuccess());
|
||||
$this->assertFalse($entries[0]->getAuditFailure());
|
||||
|
||||
$acl->updateObjectAuditing(0, false, false);
|
||||
$this->getAclProvider()->updateAcl($acl);
|
||||
|
||||
$entries = EntryQuery::create()->find($this->con);
|
||||
$this->assertCount(1, $entries);
|
||||
$this->assertFalse($entries[0]->getAuditSuccess());
|
||||
$this->assertFalse($entries[0]->getAuditFailure());
|
||||
}
|
||||
|
||||
protected function getAclProvider()
|
||||
{
|
||||
return new AuditableAclProvider(new PermissionGrantingStrategy(), $this->con);
|
||||
}
|
||||
}
|
214
Tests/Security/Acl/Domain/AuditableAclTest.php
Normal file
214
Tests/Security/Acl/Domain/AuditableAclTest.php
Normal file
|
@ -0,0 +1,214 @@
|
|||
<?php
|
||||
|
||||
/**
|
||||
* This file is part of the PropelBundle package.
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*
|
||||
* @license MIT License
|
||||
*/
|
||||
|
||||
namespace Propel\PropelBundle\Tests\Security\Acl\Domain;
|
||||
|
||||
use PropelCollection;
|
||||
|
||||
use Propel\PropelBundle\Model\Acl\Entry;
|
||||
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
|
||||
|
||||
use Propel\PropelBundle\Security\Acl\Domain\AuditableAcl;
|
||||
|
||||
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
|
||||
|
||||
use Propel\PropelBundle\Tests\AclTestCase;
|
||||
|
||||
/**
|
||||
* @author Toni Uebernickel <tuebernickel@gmail.com>
|
||||
*/
|
||||
class AuditableAclTest extends AclTestCase
|
||||
{
|
||||
public function testUpdateAuditingInvalidIndex()
|
||||
{
|
||||
$collection = new PropelCollection();
|
||||
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
|
||||
|
||||
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
|
||||
|
||||
$this->setExpectedException('OutOfBoundsException');
|
||||
$acl->updateObjectAuditing(0, false, false);
|
||||
}
|
||||
|
||||
public function testUpdateAuditingInvalidField()
|
||||
{
|
||||
$collection = new PropelCollection();
|
||||
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
|
||||
|
||||
$obj = $this->createModelObjectIdentity(1);
|
||||
$entry = $this->createEntry();
|
||||
$entry
|
||||
->setObjectIdentity($obj)
|
||||
->setFieldName('name')
|
||||
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
|
||||
->setAclClass($this->getAclClass())
|
||||
;
|
||||
$collection->append($entry);
|
||||
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
|
||||
|
||||
$this->setExpectedException('InvalidArgumentException');
|
||||
$acl->updateObjectFieldAuditing(0, 'foo', false, false);
|
||||
}
|
||||
|
||||
public function testUpdateAuditingInvalidFlag()
|
||||
{
|
||||
$collection = new PropelCollection();
|
||||
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
|
||||
|
||||
$obj = $this->createModelObjectIdentity(1);
|
||||
$entry = $this->createEntry();
|
||||
$entry
|
||||
->setObjectIdentity($obj)
|
||||
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
|
||||
->setAclClass($this->getAclClass())
|
||||
;
|
||||
$collection->append($entry);
|
||||
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
|
||||
|
||||
$this->setExpectedException('InvalidArgumentException');
|
||||
$acl->updateObjectAuditing(0, 'foo', 'bar');
|
||||
}
|
||||
|
||||
public function testUpdateObjectAuditing()
|
||||
{
|
||||
$collection = new PropelCollection();
|
||||
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
|
||||
|
||||
$obj = $this->createModelObjectIdentity(1);
|
||||
$entry = $this->createEntry();
|
||||
$entry
|
||||
->setObjectIdentity($obj)
|
||||
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
|
||||
->setAclClass($this->getAclClass())
|
||||
;
|
||||
$collection->append($entry);
|
||||
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
|
||||
|
||||
$aces = $acl->getObjectAces();
|
||||
$this->assertCount(1, $aces);
|
||||
|
||||
$acl->updateObjectAuditing(0, true, true);
|
||||
$aces = $acl->getObjectAces();
|
||||
$this->assertTrue($aces[0]->isAuditSuccess());
|
||||
$this->assertTrue($aces[0]->isAuditFailure());
|
||||
|
||||
$acl->updateObjectAuditing(0, false, true);
|
||||
$aces = $acl->getObjectAces();
|
||||
$this->assertFalse($aces[0]->isAuditSuccess());
|
||||
$this->assertTrue($aces[0]->isAuditFailure());
|
||||
|
||||
$acl->updateObjectAuditing(0, true, false);
|
||||
$aces = $acl->getObjectAces();
|
||||
$this->assertTrue($aces[0]->isAuditSuccess());
|
||||
$this->assertFalse($aces[0]->isAuditFailure());
|
||||
|
||||
$acl->updateObjectAuditing(0, false, false);
|
||||
$aces = $acl->getObjectAces();
|
||||
$this->assertFalse($aces[0]->isAuditSuccess());
|
||||
$this->assertFalse($aces[0]->isAuditFailure());
|
||||
}
|
||||
|
||||
/**
|
||||
* @depends testUpdateObjectAuditing
|
||||
*/
|
||||
public function testUpdateObjectFieldAuditing()
|
||||
{
|
||||
$collection = new PropelCollection();
|
||||
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
|
||||
|
||||
$obj = $this->createModelObjectIdentity(1);
|
||||
$entry = $this->createEntry();
|
||||
$entry
|
||||
->setFieldName('name')
|
||||
->setObjectIdentity($obj)
|
||||
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
|
||||
->setAclClass($this->getAclClass())
|
||||
;
|
||||
$collection->append($entry);
|
||||
|
||||
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
|
||||
|
||||
$aces = $acl->getObjectFieldAces('name');
|
||||
$this->assertCount(1, $aces);
|
||||
|
||||
$acl->updateObjectFieldAuditing(0, 'name', true, true);
|
||||
$aces = $acl->getObjectFieldAces('name');
|
||||
$this->assertTrue($aces[0]->isAuditSuccess());
|
||||
$this->assertTrue($aces[0]->isAuditFailure());
|
||||
|
||||
$acl->updateObjectFieldAuditing(0, 'name', false, false);
|
||||
$aces = $acl->getObjectFieldAces('name');
|
||||
$this->assertFalse($aces[0]->isAuditSuccess());
|
||||
$this->assertFalse($aces[0]->isAuditFailure());
|
||||
}
|
||||
|
||||
/**
|
||||
* @depends testUpdateObjectAuditing
|
||||
*/
|
||||
public function testUpdateClassAuditing()
|
||||
{
|
||||
$collection = new PropelCollection();
|
||||
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
|
||||
|
||||
$entry = $this->createEntry();
|
||||
$entry
|
||||
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
|
||||
->setAclClass($this->getAclClass())
|
||||
;
|
||||
$collection->append($entry);
|
||||
|
||||
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
|
||||
|
||||
$aces = $acl->getClassAces();
|
||||
$this->assertCount(1, $aces);
|
||||
|
||||
$acl->updateClassAuditing(0, true, true);
|
||||
$aces = $acl->getClassAces('name');
|
||||
$this->assertTrue($aces[0]->isAuditSuccess());
|
||||
$this->assertTrue($aces[0]->isAuditFailure());
|
||||
|
||||
$acl->updateClassAuditing(0, false, false);
|
||||
$aces = $acl->getClassAces();
|
||||
$this->assertFalse($aces[0]->isAuditSuccess());
|
||||
$this->assertFalse($aces[0]->isAuditFailure());
|
||||
}
|
||||
|
||||
/**
|
||||
* @depends testUpdateObjectAuditing
|
||||
*/
|
||||
public function testUpdateClassFieldAuditing()
|
||||
{
|
||||
$collection = new PropelCollection();
|
||||
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
|
||||
|
||||
$entry = $this->createEntry();
|
||||
$entry
|
||||
->setFieldName('name')
|
||||
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
|
||||
->setAclClass($this->getAclClass())
|
||||
;
|
||||
$collection->append($entry);
|
||||
|
||||
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
|
||||
|
||||
$aces = $acl->getClassFieldAces('name');
|
||||
$this->assertCount(1, $aces);
|
||||
|
||||
$acl->updateClassFieldAuditing(0, 'name', true, true);
|
||||
$aces = $acl->getClassFieldAces('name');
|
||||
$this->assertTrue($aces[0]->isAuditSuccess());
|
||||
$this->assertTrue($aces[0]->isAuditFailure());
|
||||
|
||||
$acl->updateClassFieldAuditing(0, 'name', false, false);
|
||||
$aces = $acl->getClassFieldAces('name');
|
||||
$this->assertFalse($aces[0]->isAuditSuccess());
|
||||
$this->assertFalse($aces[0]->isAuditFailure());
|
||||
}
|
||||
}
|
Loading…
Reference in a new issue