262 lines
10 KiB
PHP
262 lines
10 KiB
PHP
<?php
|
|
|
|
/**
|
|
* This file is part of the PropelBundle package.
|
|
* For the full copyright and license information, please view the LICENSE
|
|
* file that was distributed with this source code.
|
|
*
|
|
* @license MIT License
|
|
*/
|
|
|
|
namespace Propel\PropelBundle\Tests\Security\Acl;
|
|
|
|
use Propel\Runtime\Map\TableMap;
|
|
|
|
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
|
|
use Propel\PropelBundle\Model\Acl\EntryQuery;
|
|
use Propel\PropelBundle\Model\Acl\Map\EntryTableMap;
|
|
|
|
use Propel\PropelBundle\Security\Acl\AclProvider;
|
|
|
|
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
|
|
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
|
|
|
|
use Propel\PropelBundle\Tests\AclTestCase;
|
|
use Propel\PropelBundle\Tests\Fixtures\Acl\ArrayCache as AclCache;
|
|
|
|
/**
|
|
* @author Toni Uebernickel <tuebernickel@gmail.com>
|
|
*/
|
|
class AclProviderTest extends AclTestCase
|
|
{
|
|
public function testFindAclNoneGiven()
|
|
{
|
|
$provider = $this->getAclProvider();
|
|
|
|
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\AclNotFoundException', 'There is no ACL available for this object identity. Please create one using the MutableAclProvider.');
|
|
$provider->findAcl($this->getAclObjectIdentity());
|
|
}
|
|
|
|
public function testFindAclNoneGivenFilterSecurityIdentity()
|
|
{
|
|
$provider = $this->getAclProvider();
|
|
|
|
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\AclNotFoundException', 'There is at least no ACL for this object identity and the given security identities. Try retrieving the ACL without security identity filter and add ACEs for the security identities.');
|
|
$provider->findAcl($this->getAclObjectIdentity(), array($this->getRoleSecurityIdentity()));
|
|
}
|
|
|
|
public function testFindAclWithEntries()
|
|
{
|
|
$obj = $this->createModelObjectIdentity(1);
|
|
$entry = $this->createEntry();
|
|
$entry
|
|
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
|
|
->setAclClass($obj->getAclClass())
|
|
->setMask(64)
|
|
;
|
|
$obj->addEntry($entry)->save($this->con);
|
|
|
|
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')));
|
|
|
|
$this->assertNotEmpty($acl);
|
|
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Acl', $acl);
|
|
|
|
$this->assertEmpty($acl->getFields());
|
|
$this->assertEmpty($acl->getClassAces());
|
|
$this->assertNotEmpty($acl->getObjectAces());
|
|
$this->assertCount(1, $acl->getObjectAces());
|
|
|
|
$this->assertNull($acl->getParentAcl());
|
|
$this->assertTrue($acl->isEntriesInheriting());
|
|
|
|
$this->assertFalse($acl->isSidLoaded($this->getRoleSecurityIdentity('ROLE_ADMIN')));
|
|
$this->assertTrue($acl->isSidLoaded($this->getRoleSecurityIdentity('ROLE_USER')));
|
|
|
|
$this->assertTrue($acl->isGranted(array(1, 2, 4, 8, 16, 32, 64), array($this->getRoleSecurityIdentity('ROLE_USER'))));
|
|
|
|
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\NoAceFoundException');
|
|
$acl->isGranted(array(128), array($this->getRoleSecurityIdentity('ROLE_USER')));
|
|
}
|
|
|
|
/**
|
|
* @depends testFindAclWithEntries
|
|
*/
|
|
public function testFindAclWithParent()
|
|
{
|
|
$parent = $this->createModelObjectIdentity(1);
|
|
$entry = $this->createEntry();
|
|
$entry
|
|
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
|
|
->setAclClass($parent->getAclClass())
|
|
->setMask(128)
|
|
;
|
|
$parent->addEntry($entry)->save($this->con);
|
|
|
|
$obj = $this->createModelObjectIdentity(2);
|
|
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parent);
|
|
|
|
$entry = $this->createEntry();
|
|
$entry
|
|
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
|
|
->setAclClass($obj->getAclClass())
|
|
->setMask(64)
|
|
;
|
|
$obj->addEntry($entry)->save($this->con);
|
|
|
|
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(2), array($this->getRoleSecurityIdentity('ROLE_USER')));
|
|
$parent = $acl->getParentAcl();
|
|
|
|
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Acl', $acl);
|
|
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Acl', $parent);
|
|
|
|
$aces = $acl->getObjectAces();
|
|
$parentAces = $parent->getObjectAces();
|
|
$this->assertEquals(64, $aces[0]->getMask());
|
|
$this->assertEquals(128, $parentAces[0]->getMask());
|
|
}
|
|
|
|
/**
|
|
* @depends testFindAclWithEntries
|
|
*/
|
|
public function testFindAcls()
|
|
{
|
|
$obj = $this->createModelObjectIdentity(1);
|
|
$entry = $this->createEntry();
|
|
$entry
|
|
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
|
|
->setAclClass($obj->getAclClass())
|
|
;
|
|
$obj->addEntry($entry)->save($this->con);
|
|
|
|
$aclObj = $this->getAclObjectIdentity(1);
|
|
|
|
$acls = $this->getAclProvider()->findAcls(array($aclObj), array($this->getRoleSecurityIdentity('ROLE_USER')));
|
|
$acl = $this->getAclProvider()->findAcl($aclObj, array($this->getRoleSecurityIdentity('ROLE_USER')));
|
|
|
|
$this->assertNotEmpty($acls);
|
|
$this->assertCount(1, $acls);
|
|
$this->assertTrue($acls->contains($aclObj));
|
|
$this->assertEquals($acl, $acls[$aclObj]);
|
|
}
|
|
|
|
public function testFindChildrenParentNotExists()
|
|
{
|
|
$this->assertEmpty($this->getAclProvider()->findChildren(new ObjectIdentity(5, 'Book')));
|
|
}
|
|
|
|
/**
|
|
* @depends testFindAclWithEntries
|
|
*/
|
|
public function testFindChildrenWithoutChildren()
|
|
{
|
|
$obj = $this->createModelObjectIdentity(1);
|
|
$entry = $this->createEntry();
|
|
$entry
|
|
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
|
|
->setAclClass($obj->getAclClass())
|
|
->setMask(64)
|
|
;
|
|
$obj->addEntry($entry)->save($this->con);
|
|
|
|
$childrenAcl = $this->getAclProvider()->findChildren($this->getAclObjectIdentity(1));
|
|
$this->assertEmpty($childrenAcl);
|
|
}
|
|
|
|
public function testFindChildrenDirectOnly()
|
|
{
|
|
list($parentObj, $obj, $childObj) = $this->createObjectIdentities();
|
|
|
|
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parentObj)->save($this->con);
|
|
$childObj->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con);
|
|
|
|
$children = $this->getAclProvider()->findChildren($this->getAclObjectIdentity(1), true);
|
|
|
|
$this->assertNotEmpty($children);
|
|
$this->assertCount(1, $children);
|
|
$this->assertEquals(2, $children[0]->getIdentifier());
|
|
}
|
|
|
|
public function testFindChildrenWithGrandChildren()
|
|
{
|
|
list($parentObj, $obj, $childObj) = $this->createObjectIdentities();
|
|
|
|
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parentObj)->save($this->con);
|
|
$childObj->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con);
|
|
|
|
$children = $this->getAclProvider()->findChildren($this->getAclObjectIdentity(1));
|
|
|
|
$this->assertNotEmpty($children);
|
|
$this->assertCount(2, $children);
|
|
$this->assertEquals(2, $children[0]->getIdentifier());
|
|
$this->assertEquals(3, $children[1]->getIdentifier());
|
|
}
|
|
|
|
protected function createObjectIdentities()
|
|
{
|
|
$parentObj = $this->createModelObjectIdentity(1);
|
|
$entry = $this->createEntry();
|
|
$entry
|
|
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
|
|
->setAclClass($parentObj->getAclClass())
|
|
->setMask(64)
|
|
;
|
|
$parentObj->addEntry($entry)->save($this->con);
|
|
|
|
$obj = $this->createModelObjectIdentity(2);
|
|
$entry = $this->createEntry();
|
|
$entry
|
|
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
|
|
->setAclClass($obj->getAclClass())
|
|
->setMask(64)
|
|
;
|
|
$obj->addEntry($entry)->save($this->con);
|
|
|
|
$childObj = $this->createModelObjectIdentity(3);
|
|
$entry = $this->createEntry();
|
|
$entry
|
|
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
|
|
->setAclClass($childObj->getAclClass())
|
|
->setMask(64)
|
|
;
|
|
$childObj->addEntry($entry)->save($this->con);
|
|
|
|
return array($parentObj, $obj, $childObj);
|
|
}
|
|
|
|
/**
|
|
* @depends testFindAclWithEntries
|
|
*/
|
|
public function testFindAclReadsFromCache()
|
|
{
|
|
$this->cache = new AclCache();
|
|
|
|
$obj = $this->createModelObjectIdentity(1);
|
|
$entry = $this->createEntry();
|
|
$entry
|
|
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
|
|
->setAclClass($obj->getAclClass())
|
|
->setMask(64)
|
|
;
|
|
$obj->addEntry($entry)->save($this->con);
|
|
|
|
// Read and put into cache
|
|
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')));
|
|
$this->cache->content[1] = $acl;
|
|
|
|
// Change database
|
|
EntryQuery::create()->update(array(EntryTableMap::translateFieldName(EntryTableMap::MASK, TableMap::TYPE_COLNAME, TableMap::TYPE_PHPNAME) => 128), $this->con);
|
|
$this->assertEquals(0, EntryQuery::create()->filterByMask(64)->count($this->con));
|
|
|
|
// Verify cache has been read
|
|
$cachedAcl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')));
|
|
$cachedObjectAces = $cachedAcl->getObjectAces();
|
|
$this->assertSame($acl, $cachedAcl);
|
|
$this->assertEquals(64, $cachedObjectAces[0]->getMask());
|
|
}
|
|
|
|
protected function getAclProvider()
|
|
{
|
|
return new AclProvider(new PermissionGrantingStrategy(), $this->con, $this->cache);
|
|
}
|
|
}
|