From 5ddda55246a23ce4813b3f47e6ca5a0a1c8dad5e Mon Sep 17 00:00:00 2001 From: Rachman Chavik Date: Fri, 30 May 2014 08:24:40 +0700 Subject: [PATCH] Remove several classes since they are now in cakephp/acl --- src/Controller/Component/Acl/AclInterface.php | 74 --- src/Controller/Component/Acl/IniAcl.php | 202 ------- src/Controller/Component/Acl/PhpAcl.php | 568 ------------------ src/Controller/Component/AclComponent.php | 157 ----- .../Component/Auth/ActionsAuthorize.php | 42 -- .../Component/Auth/CrudAuthorize.php | 105 ---- .../Controller/Component/Acl/IniAclTest.php | 67 --- .../Controller/Component/Acl/PhpAclTest.php | 374 ------------ .../Controller/Component/AclComponentTest.php | 92 --- .../Component/Auth/ActionsAuthorizeTest.php | 194 ------ .../Component/Auth/CrudAuthorizeTest.php | 188 ------ 11 files changed, 2063 deletions(-) delete mode 100644 src/Controller/Component/Acl/AclInterface.php delete mode 100644 src/Controller/Component/Acl/IniAcl.php delete mode 100644 src/Controller/Component/Acl/PhpAcl.php delete mode 100644 src/Controller/Component/AclComponent.php delete mode 100644 src/Controller/Component/Auth/ActionsAuthorize.php delete mode 100644 src/Controller/Component/Auth/CrudAuthorize.php delete mode 100644 tests/TestCase/Controller/Component/Acl/IniAclTest.php delete mode 100644 tests/TestCase/Controller/Component/Acl/PhpAclTest.php delete mode 100644 tests/TestCase/Controller/Component/AclComponentTest.php delete mode 100644 tests/TestCase/Controller/Component/Auth/ActionsAuthorizeTest.php delete mode 100644 tests/TestCase/Controller/Component/Auth/CrudAuthorizeTest.php diff --git a/src/Controller/Component/Acl/AclInterface.php b/src/Controller/Component/Acl/AclInterface.php deleted file mode 100644 index 3135811fded..00000000000 --- a/src/Controller/Component/Acl/AclInterface.php +++ /dev/null @@ -1,74 +0,0 @@ -_configInitialized) { - $this->_defaultConfig = $this->readConfigFile(APP . 'Config/acl.ini.php'); - } - - if (is_array($key) || func_num_args() >= 2) { - return $this->_traitConfig($key, $value, $merge); - } - - return $this->_traitConfig($key); - } - -/** - * Initialize method - * - * @param Component $component Component instance. - * @return void - */ - public function initialize(Component $component) { - } - -/** - * No op method, allow cannot be done with IniAcl - * - * @param string $aro ARO The requesting object identifier. - * @param string $aco ACO The controlled object identifier. - * @param string $action Action (defaults to *) - * @return void - */ - public function allow($aro, $aco, $action = "*") { - } - -/** - * No op method, deny cannot be done with IniAcl - * - * @param string $aro ARO The requesting object identifier. - * @param string $aco ACO The controlled object identifier. - * @param string $action Action (defaults to *) - * @return void - */ - public function deny($aro, $aco, $action = "*") { - } - -/** - * No op method, inherit cannot be done with IniAcl - * - * @param string $aro ARO The requesting object identifier. - * @param string $aco ACO The controlled object identifier. - * @param string $action Action (defaults to *) - * @return void - */ - public function inherit($aro, $aco, $action = "*") { - } - -/** - * Main ACL check function. Checks to see if the ARO (access request object) has access to the - * ACO (access control object).Looks at the acl.ini.php file for permissions - * (see instructions in /config/acl.ini.php). - * - * @param string $aro ARO - * @param string $aco ACO - * @param string $action Action - * @return bool Success - */ - public function check($aro, $aco, $action = null) { - $aclConfig = $this->config(); - - if (is_array($aro)) { - $aro = Hash::get($aro, $this->userPath); - } - - if (isset($aclConfig[$aro]['deny'])) { - $userDenies = $this->arrayTrim(explode(",", $aclConfig[$aro]['deny'])); - - if (array_search($aco, $userDenies)) { - return false; - } - } - - if (isset($aclConfig[$aro]['allow'])) { - $userAllows = $this->arrayTrim(explode(",", $aclConfig[$aro]['allow'])); - - if (array_search($aco, $userAllows)) { - return true; - } - } - - if (isset($aclConfig[$aro]['groups'])) { - $userGroups = $this->arrayTrim(explode(",", $aclConfig[$aro]['groups'])); - - foreach ($userGroups as $group) { - if (array_key_exists($group, $aclConfig)) { - if (isset($aclConfig[$group]['deny'])) { - $groupDenies = $this->arrayTrim(explode(",", $aclConfig[$group]['deny'])); - - if (array_search($aco, $groupDenies)) { - return false; - } - } - - if (isset($aclConfig[$group]['allow'])) { - $groupAllows = $this->arrayTrim(explode(",", $aclConfig[$group]['allow'])); - - if (array_search($aco, $groupAllows)) { - return true; - } - } - } - } - } - return false; - } - -/** - * Parses an INI file and returns an array that reflects the - * INI file's section structure. Double-quote friendly. - * - * @param string $filename File - * @return array INI section structure - */ - public function readConfigFile($filename) { - $iniFile = new IniConfig(dirname($filename) . DS); - return $iniFile->read(basename($filename)); - } - -/** - * Removes trailing spaces on all array elements (to prepare for searching) - * - * @param array $array Array to trim - * @return array Trimmed array - */ - public function arrayTrim($array) { - foreach ($array as $key => $value) { - $array[$key] = trim($value); - } - array_unshift($array, ""); - return $array; - } - -} diff --git a/src/Controller/Component/Acl/PhpAcl.php b/src/Controller/Component/Acl/PhpAcl.php deleted file mode 100644 index 46bcc7e6808..00000000000 --- a/src/Controller/Component/Acl/PhpAcl.php +++ /dev/null @@ -1,568 +0,0 @@ -options = array( - 'policy' => static::DENY, - 'config' => APP . 'Config/acl.php', - ); - } - -/** - * Initialize method - * - * @param Component $Component Component instance - * @return void - */ - public function initialize(Component $Component) { - $adapter = $Component->config('adapter'); - if ($adapter) { - $this->options = $adapter + $this->options; - } - - $engine = new PhpConfig(dirname($this->options['config']) . DS); - $config = $engine->read(basename($this->options['config'])); - $this->build($config); - $Component->Aco = $this->Aco; - $Component->Aro = $this->Aro; - } - -/** - * build and setup internal ACL representation - * - * @param array $config configuration array, see docs - * @return void - * @throws \Cake\Error\Exception When required keys are missing. - */ - public function build(array $config) { - if (empty($config['roles'])) { - throw new Error\Exception('"roles" section not found in ACL configuration.'); - } - - if (empty($config['rules']['allow']) && empty($config['rules']['deny'])) { - throw new Error\Exception('Neither "allow" nor "deny" rules were provided in ACL configuration.'); - } - - $rules['allow'] = !empty($config['rules']['allow']) ? $config['rules']['allow'] : array(); - $rules['deny'] = !empty($config['rules']['deny']) ? $config['rules']['deny'] : array(); - $roles = !empty($config['roles']) ? $config['roles'] : array(); - $map = !empty($config['map']) ? $config['map'] : array(); - $alias = !empty($config['alias']) ? $config['alias'] : array(); - - $this->Aro = new PhpAro($roles, $map, $alias); - $this->Aco = new PhpAco($rules); - } - -/** - * No op method, allow cannot be done with PhpAcl - * - * @param string $aro ARO The requesting object identifier. - * @param string $aco ACO The controlled object identifier. - * @param string $action Action (defaults to *) - * @return bool Success - */ - public function allow($aro, $aco, $action = "*") { - return $this->Aco->access($this->Aro->resolve($aro), $aco, $action, 'allow'); - } - -/** - * deny ARO access to ACO - * - * @param string $aro ARO The requesting object identifier. - * @param string $aco ACO The controlled object identifier. - * @param string $action Action (defaults to *) - * @return bool Success - */ - public function deny($aro, $aco, $action = "*") { - return $this->Aco->access($this->Aro->resolve($aro), $aco, $action, 'deny'); - } - -/** - * No op method - * - * @param string $aro ARO The requesting object identifier. - * @param string $aco ACO The controlled object identifier. - * @param string $action Action (defaults to *) - * @return bool Success - */ - public function inherit($aro, $aco, $action = "*") { - return false; - } - -/** - * Main ACL check function. Checks to see if the ARO (access request object) has access to the - * ACO (access control object). - * - * @param string $aro ARO - * @param string $aco ACO - * @param string $action Action - * @return bool true if access is granted, false otherwise - */ - public function check($aro, $aco, $action = "*") { - $allow = $this->options['policy']; - $prioritizedAros = $this->Aro->roles($aro); - - if ($action && $action !== "*") { - $aco .= '/' . $action; - } - - $path = $this->Aco->path($aco); - - if (empty($path)) { - return $allow; - } - - foreach ($path as $node) { - foreach ($prioritizedAros as $aros) { - if (!empty($node['allow'])) { - $allow = $allow || count(array_intersect($node['allow'], $aros)); - } - - if (!empty($node['deny'])) { - $allow = $allow && !count(array_intersect($node['deny'], $aros)); - } - } - } - - return $allow; - } - -} - -/** - * Access Control Object - * - */ -class PhpAco { - -/** - * holds internal ACO representation - * - * @var array - */ - protected $_tree = array(); - -/** - * map modifiers for ACO paths to their respective PCRE pattern - * - * @var array - */ - public static $modifiers = array( - '*' => '.*', - ); - -/** - * Constructor - * - * @param array $rules Rules array - */ - public function __construct(array $rules = array()) { - foreach (array('allow', 'deny') as $type) { - if (empty($rules[$type])) { - $rules[$type] = array(); - } - } - - $this->build($rules['allow'], $rules['deny']); - } - -/** - * return path to the requested ACO with allow and deny rules attached on each level - * - * @param string $aco ACO string - * @return array - */ - public function path($aco) { - $aco = $this->resolve($aco); - $path = array(); - $level = 0; - $root = $this->_tree; - $stack = array(array($root, 0)); - - while (!empty($stack)) { - list($root, $level) = array_pop($stack); - - if (empty($path[$level])) { - $path[$level] = array(); - } - - foreach ($root as $node => $elements) { - $pattern = '/^' . str_replace(array_keys(static::$modifiers), array_values(static::$modifiers), $node) . '$/'; - - if ($node == $aco[$level] || preg_match($pattern, $aco[$level])) { - // merge allow/denies with $path of current level - foreach (array('allow', 'deny') as $policy) { - if (!empty($elements[$policy])) { - if (empty($path[$level][$policy])) { - $path[$level][$policy] = array(); - } - $path[$level][$policy] = array_merge($path[$level][$policy], $elements[$policy]); - } - } - - // traverse - if (!empty($elements['children']) && isset($aco[$level + 1])) { - array_push($stack, array($elements['children'], $level + 1)); - } - } - } - } - - return $path; - } - -/** - * allow/deny ARO access to ARO - * - * @param string $aro ARO string - * @param string $aco ACO string - * @param string $action Action string - * @param string $type access type - * @return void - */ - public function access($aro, $aco, $action, $type = 'deny') { - $aco = $this->resolve($aco); - $depth = count($aco); - $root = $this->_tree; - $tree = &$root; - - foreach ($aco as $i => $node) { - if (!isset($tree[$node])) { - $tree[$node] = array( - 'children' => array(), - ); - } - - if ($i < $depth - 1) { - $tree = &$tree[$node]['children']; - } else { - if (empty($tree[$node][$type])) { - $tree[$node][$type] = array(); - } - - $tree[$node][$type] = array_merge(is_array($aro) ? $aro : array($aro), $tree[$node][$type]); - } - } - - $this->_tree = &$root; - } - -/** - * resolve given ACO string to a path - * - * @param string $aco ACO string - * @return array path - */ - public function resolve($aco) { - if (is_array($aco)) { - return array_map('strtolower', $aco); - } - - // strip multiple occurrences of '/' - $aco = preg_replace('#/+#', '/', $aco); - // make case insensitive - $aco = ltrim(strtolower($aco), '/'); - return array_filter(array_map('trim', explode('/', $aco))); - } - -/** - * build a tree representation from the given allow/deny informations for ACO paths - * - * @param array $allow ACO allow rules - * @param array $deny ACO deny rules - * @return void - */ - public function build(array $allow, array $deny = array()) { - $this->_tree = array(); - - foreach ($allow as $dotPath => $aros) { - if (is_string($aros)) { - $aros = array_map('trim', explode(',', $aros)); - } - - $this->access($aros, $dotPath, null, 'allow'); - } - - foreach ($deny as $dotPath => $aros) { - if (is_string($aros)) { - $aros = array_map('trim', explode(',', $aros)); - } - - $this->access($aros, $dotPath, null, 'deny'); - } - } - -} - -/** - * Access Request Object - * - */ -class PhpAro { - -/** - * role to resolve to when a provided ARO is not listed in - * the internal tree - * - * @var string - */ - const DEFAULT_ROLE = 'Role/default'; - -/** - * map external identifiers. E.g. if - * - * array('User' => array('username' => 'jeff', 'role' => 'editor')) - * - * is passed as an ARO to one of the methods of AclComponent, PhpAcl - * will check if it can be resolved to an User or a Role defined in the - * configuration file. - * - * @var array - * @see app/Config/acl.php - */ - public $map = array( - 'User' => 'User/username', - 'Role' => 'User/role', - ); - -/** - * aliases to map - * - * @var array - */ - public $aliases = array(); - -/** - * internal ARO representation - * - * @var array - */ - protected $_tree = array(); - -/** - * Constructor - * - * @param array $aro - * @param array $map - * @param array $aliases - */ - public function __construct(array $aro = array(), array $map = array(), array $aliases = array()) { - if (!empty($map)) { - $this->map = $map; - } - - $this->aliases = $aliases; - $this->build($aro); - } - -/** - * From the perspective of the given ARO, walk down the tree and - * collect all inherited AROs levelwise such that AROs from different - * branches with equal distance to the requested ARO will be collected at the same - * index. The resulting array will contain a prioritized list of (list of) roles ordered from - * the most distant AROs to the requested one itself. - * - * @param string|array $aro An ARO identifier - * @return array prioritized AROs - */ - public function roles($aro) { - $aros = array(); - $aro = $this->resolve($aro); - $stack = array(array($aro, 0)); - - while (!empty($stack)) { - list($element, $depth) = array_pop($stack); - $aros[$depth][] = $element; - - foreach ($this->_tree as $node => $children) { - if (in_array($element, $children)) { - array_push($stack, array($node, $depth + 1)); - } - } - } - - return array_reverse($aros); - } - -/** - * resolve an ARO identifier to an internal ARO string using - * the internal mapping information. - * - * @param string|array $aro ARO identifier (User.jeff, array('User' => ...), etc) - * @return string internal aro string (e.g. User/jeff, Role/default) - */ - public function resolve($aro) { - foreach ($this->map as $aroGroup => $map) { - list ($model, $field) = explode('/', $map, 2); - $mapped = ''; - - if (is_array($aro)) { - if (isset($aro['model']) && isset($aro['foreign_key']) && $aro['model'] === $aroGroup) { - $mapped = $aroGroup . '/' . $aro['foreign_key']; - } elseif (isset($aro[$model][$field])) { - $mapped = $aroGroup . '/' . $aro[$model][$field]; - } elseif (isset($aro[$field])) { - $mapped = $aroGroup . '/' . $aro[$field]; - } - } elseif (is_string($aro)) { - $aro = ltrim($aro, '/'); - - if (strpos($aro, '/') === false) { - $mapped = $aroGroup . '/' . $aro; - } else { - list($aroModel, $aroValue) = explode('/', $aro, 2); - - $aroModel = Inflector::camelize($aroModel); - - if ($aroModel === $model || $aroModel === $aroGroup) { - $mapped = $aroGroup . '/' . $aroValue; - } - } - } - - if (isset($this->_tree[$mapped])) { - return $mapped; - } - - // is there a matching alias defined (e.g. Role/1 => Role/admin)? - if (!empty($this->aliases[$mapped])) { - return $this->aliases[$mapped]; - } - } - return static::DEFAULT_ROLE; - } - -/** - * adds a new ARO to the tree - * - * @param array $aro one or more ARO records - * @return void - */ - public function addRole(array $aro) { - foreach ($aro as $role => $inheritedRoles) { - if (!isset($this->_tree[$role])) { - $this->_tree[$role] = array(); - } - - if (!empty($inheritedRoles)) { - if (is_string($inheritedRoles)) { - $inheritedRoles = array_map('trim', explode(',', $inheritedRoles)); - } - - foreach ($inheritedRoles as $dependency) { - // detect cycles - $roles = $this->roles($dependency); - - if (in_array($role, Hash::flatten($roles))) { - $path = ''; - - foreach ($roles as $roleDependencies) { - $path .= implode('|', (array)$roleDependencies) . ' -> '; - } - - trigger_error(sprintf('cycle detected when inheriting %s from %s. Path: %s', $role, $dependency, $path . $role)); - continue; - } - - if (!isset($this->_tree[$dependency])) { - $this->_tree[$dependency] = array(); - } - - $this->_tree[$dependency][] = $role; - } - } - } - } - -/** - * adds one or more aliases to the internal map. Overwrites existing entries. - * - * @param array $alias alias from => to (e.g. Role/13 -> Role/editor) - * @return void - */ - public function addAlias(array $alias) { - $this->aliases = $alias + $this->aliases; - } - -/** - * build an ARO tree structure for internal processing - * - * @param array $aros array of AROs as key and their inherited AROs as values - * @return void - */ - public function build(array $aros) { - $this->_tree = array(); - $this->addRole($aros); - } - -} diff --git a/src/Controller/Component/AclComponent.php b/src/Controller/Component/AclComponent.php deleted file mode 100644 index 6020cb0f1a4..00000000000 --- a/src/Controller/Component/AclComponent.php +++ /dev/null @@ -1,157 +0,0 @@ -adapter($className); - } - -/** - * Sets or gets the Adapter object currently in the AclComponent. - * - * `$this->Acl->adapter();` will get the current adapter class while - * `$this->Acl->adapter($obj);` will set the adapter class - * - * Will call the initialize method on the adapter if setting a new one. - * - * @param AclInterface|string $adapter Instance of AclInterface or a string name of the class to use. (optional) - * @return AclInterface|void either null, or the adapter implementation. - * @throws \Cake\Error\Exception when the given class is not an instance of AclInterface - */ - public function adapter($adapter = null) { - if ($adapter) { - if (is_string($adapter)) { - $adapter = new $adapter(); - } - if (!$adapter instanceof AclInterface) { - throw new Error\Exception('AclComponent adapters must implement AclInterface'); - } - $this->_Instance = $adapter; - $this->_Instance->initialize($this); - return; - } - return $this->_Instance; - } - -/** - * Pass-thru function for ACL check instance. Check methods - * are used to check whether or not an ARO can access an ACO - * - * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats - * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats - * @param string $action Action (defaults to *) - * @return bool Success - */ - public function check($aro, $aco, $action = "*") { - return $this->_Instance->check($aro, $aco, $action); - } - -/** - * Pass-thru function for ACL allow instance. Allow methods - * are used to grant an ARO access to an ACO. - * - * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats - * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats - * @param string $action Action (defaults to *) - * @return bool Success - */ - public function allow($aro, $aco, $action = "*") { - return $this->_Instance->allow($aro, $aco, $action); - } - -/** - * Pass-thru function for ACL deny instance. Deny methods - * are used to remove permission from an ARO to access an ACO. - * - * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats - * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats - * @param string $action Action (defaults to *) - * @return bool Success - */ - public function deny($aro, $aco, $action = "*") { - return $this->_Instance->deny($aro, $aco, $action); - } - -/** - * Pass-thru function for ACL inherit instance. Inherit methods - * modify the permission for an ARO to be that of its parent object. - * - * @param array|string|Model $aro ARO The requesting object identifier. See `AclNode::node()` for possible formats - * @param array|string|Model $aco ACO The controlled object identifier. See `AclNode::node()` for possible formats - * @param string $action Action (defaults to *) - * @return bool Success - */ - public function inherit($aro, $aco, $action = "*") { - return $this->_Instance->inherit($aro, $aco, $action); - } - -} diff --git a/src/Controller/Component/Auth/ActionsAuthorize.php b/src/Controller/Component/Auth/ActionsAuthorize.php deleted file mode 100644 index 8d66ff046b8..00000000000 --- a/src/Controller/Component/Auth/ActionsAuthorize.php +++ /dev/null @@ -1,42 +0,0 @@ -_registry->load('Acl'); - $user = [$this->_config['userModel'] => $user]; - return $Acl->check($user, $this->action($request)); - } - -} diff --git a/src/Controller/Component/Auth/CrudAuthorize.php b/src/Controller/Component/Auth/CrudAuthorize.php deleted file mode 100644 index 1e4c2ae1aad..00000000000 --- a/src/Controller/Component/Auth/CrudAuthorize.php +++ /dev/null @@ -1,105 +0,0 @@ -_setPrefixMappings(); - } - -/** - * sets the crud mappings for prefix routes. - * - * @return void - */ - protected function _setPrefixMappings() { - $crud = array('create', 'read', 'update', 'delete'); - $map = array_combine($crud, $crud); - - $prefixes = Router::prefixes(); - if (!empty($prefixes)) { - foreach ($prefixes as $prefix) { - $map = array_merge($map, array( - $prefix . '_index' => 'read', - $prefix . '_add' => 'create', - $prefix . '_edit' => 'update', - $prefix . '_view' => 'read', - $prefix . '_remove' => 'delete', - $prefix . '_create' => 'create', - $prefix . '_read' => 'read', - $prefix . '_update' => 'update', - $prefix . '_delete' => 'delete' - )); - } - } - $this->mapActions($map); - } - -/** - * Authorize a user using the mapped actions and the AclComponent. - * - * @param array $user The user to authorize - * @param \Cake\Network\Request $request The request needing authorization. - * @return bool - */ - public function authorize($user, Request $request) { - $mapped = $this->config('actionMap.' . $request->params['action']); - - if (!$mapped) { - trigger_error(sprintf( - 'CrudAuthorize::authorize() - Attempted access of un-mapped action "%1$s" in controller "%2$s"', - $request->action, - $request->controller - ), - E_USER_WARNING - ); - return false; - } - $user = array($this->_config['userModel'] => $user); - $Acl = $this->_registry->load('Acl'); - return $Acl->check( - $user, - $this->action($request, ':controller'), - $mapped - ); - } - -} diff --git a/tests/TestCase/Controller/Component/Acl/IniAclTest.php b/tests/TestCase/Controller/Component/Acl/IniAclTest.php deleted file mode 100644 index a380cbb5ca4..00000000000 --- a/tests/TestCase/Controller/Component/Acl/IniAclTest.php +++ /dev/null @@ -1,67 +0,0 @@ -config = $Ini->readConfigFile($iniFile); - - $this->assertFalse($Ini->check('admin', 'ads')); - $this->assertTrue($Ini->check('admin', 'posts')); - - $this->assertTrue($Ini->check('jenny', 'posts')); - $this->assertTrue($Ini->check('jenny', 'ads')); - - $this->assertTrue($Ini->check('paul', 'posts')); - $this->assertFalse($Ini->check('paul', 'ads')); - - $this->assertFalse($Ini->check('nobody', 'comments')); - } - -/** - * check should accept a user array. - * - * @return void - */ - public function testCheckArray() { - $iniFile = TEST_APP . 'TestApp/Config/acl.ini.php'; - - $Ini = new IniAcl(); - $Ini->config = $Ini->readConfigFile($iniFile); - $Ini->userPath = 'User.username'; - - $user = array( - 'User' => array('username' => 'admin') - ); - $this->assertTrue($Ini->check($user, 'posts')); - } -} diff --git a/tests/TestCase/Controller/Component/Acl/PhpAclTest.php b/tests/TestCase/Controller/Component/Acl/PhpAclTest.php deleted file mode 100644 index f35062f3e50..00000000000 --- a/tests/TestCase/Controller/Component/Acl/PhpAclTest.php +++ /dev/null @@ -1,374 +0,0 @@ -PhpAcl = new PhpAcl(); - $this->Acl = new AclComponent($Collection, array( - 'adapter' => array( - 'config' => TEST_APP . 'TestApp/Config/acl.php', - ), - )); - } - -/** - * Test role inheritance - * - * @return void - */ - public function testRoleInheritance() { - $roles = $this->Acl->Aro->roles('User/peter'); - $this->assertEquals(array('Role/accounting'), $roles[0]); - $this->assertEquals(array('User/peter'), $roles[1]); - - $roles = $this->Acl->Aro->roles('hardy'); - $this->assertEquals(array('Role/database_manager', 'Role/data_acquirer'), $roles[0]); - $this->assertEquals(array('Role/accounting', 'Role/data_analyst'), $roles[1]); - $this->assertEquals(array('Role/accounting_manager', 'Role/reports'), $roles[2]); - $this->assertEquals(array('User/hardy'), $roles[3]); - } - -/** - * Test adding a role - * - * @return void - */ - public function testAddRole() { - $this->assertEquals(array(array(PhpAro::DEFAULT_ROLE)), $this->Acl->Aro->roles('foobar')); - $this->Acl->Aro->addRole(array('User/foobar' => 'Role/accounting')); - $this->assertEquals(array(array('Role/accounting'), array('User/foobar')), $this->Acl->Aro->roles('foobar')); - } - -/** - * Test resolving ARO - * - * @return void - */ - public function testAroResolve() { - $this->Acl->Aro->map = array( - 'User' => 'FooModel/nickname', - 'Role' => 'FooModel/role', - ); - - $this->assertEquals('Role/default', $this->Acl->Aro->resolve('Foo.bar')); - $this->assertEquals('User/hardy', $this->Acl->Aro->resolve('FooModel/hardy')); - $this->assertEquals('User/hardy', $this->Acl->Aro->resolve('hardy')); - $this->assertEquals('User/hardy', $this->Acl->Aro->resolve(array('FooModel' => array('nickname' => 'hardy')))); - $this->assertEquals('Role/admin', $this->Acl->Aro->resolve(array('FooModel' => array('role' => 'admin')))); - $this->assertEquals('Role/admin', $this->Acl->Aro->resolve('Role/admin')); - - $this->assertEquals('Role/admin', $this->Acl->Aro->resolve('admin')); - $this->assertEquals('Role/admin', $this->Acl->Aro->resolve('FooModel/admin')); - $this->assertEquals('Role/accounting', $this->Acl->Aro->resolve('accounting')); - - $this->assertEquals(PhpAro::DEFAULT_ROLE, $this->Acl->Aro->resolve('bla')); - $this->assertEquals(PhpAro::DEFAULT_ROLE, $this->Acl->Aro->resolve(array('FooModel' => array('role' => 'hardy')))); - } - -/** - * test correct resolution of defined aliases - * - * @return void - */ - public function testAroAliases() { - $this->Acl->Aro->map = array( - 'User' => 'User/username', - 'Role' => 'User/group_id', - ); - - $this->Acl->Aro->aliases = array( - 'Role/1' => 'Role/admin', - 'Role/24' => 'Role/accounting', - ); - - $user = array( - 'User' => array( - 'username' => 'unknown_user', - 'group_id' => '1', - ), - ); - // group/1 - $this->assertEquals('Role/admin', $this->Acl->Aro->resolve($user)); - // group/24 - $this->assertEquals('Role/accounting', $this->Acl->Aro->resolve('Role/24')); - $this->assertEquals('Role/accounting', $this->Acl->Aro->resolve('24')); - - // check department - $user = array( - 'User' => array( - 'username' => 'foo', - 'group_id' => '25', - ), - ); - - $this->Acl->Aro->addRole(array('Role/IT' => null)); - $this->Acl->Aro->addAlias(array('Role/25' => 'Role/IT')); - $this->Acl->allow('Role/IT', '/rules/debugging/*'); - - $this->assertEquals(array(array('Role/IT')), $this->Acl->Aro->roles($user)); - $this->assertTrue($this->Acl->check($user, '/rules/debugging/stats/pageload')); - $this->assertTrue($this->Acl->check($user, '/rules/debugging/sql/queries')); - // Role/default is allowed users dashboard, but not Role/IT - $this->assertFalse($this->Acl->check($user, '/controllers/users/dashboard')); - - $this->assertFalse($this->Acl->check($user, '/controllers/invoices/send')); - // wee add an more specific entry for user foo to also inherit from Role/accounting - $this->Acl->Aro->addRole(array('User/foo' => 'Role/IT, Role/accounting')); - $this->assertTrue($this->Acl->check($user, '/controllers/invoices/send')); - } - -/** - * test check method - * - * @return void - */ - public function testCheck() { - $this->assertTrue($this->Acl->check('jan', '/controllers/users/Dashboard')); - $this->assertTrue($this->Acl->check('some_unknown_role', '/controllers/users/Dashboard')); - $this->assertTrue($this->Acl->check('Role/admin', 'foo/bar')); - $this->assertTrue($this->Acl->check('role/admin', '/foo/bar')); - $this->assertTrue($this->Acl->check('jan', 'foo/bar')); - $this->assertTrue($this->Acl->check('user/jan', 'foo/bar')); - $this->assertTrue($this->Acl->check('Role/admin', 'controllers/bar')); - $this->assertTrue($this->Acl->check(array('User' => array('username' => 'jan')), '/controllers/bar/bll')); - $this->assertTrue($this->Acl->check('Role/database_manager', 'controllers/db/create')); - $this->assertTrue($this->Acl->check('User/db_manager_2', 'controllers/db/create')); - $this->assertFalse($this->Acl->check('db_manager_2', '/controllers/users/Dashboard')); - - // inheritance: hardy -> reports -> data_analyst -> database_manager - $this->assertTrue($this->Acl->check('User/hardy', 'controllers/db/create')); - $this->assertFalse($this->Acl->check('User/jeff', 'controllers/db/create')); - - $this->assertTrue($this->Acl->check('Role/database_manager', 'controllers/db/select')); - $this->assertTrue($this->Acl->check('User/db_manager_2', 'controllers/db/select')); - $this->assertFalse($this->Acl->check('User/jeff', 'controllers/db/select')); - - $this->assertTrue($this->Acl->check('Role/database_manager', 'controllers/db/drop')); - $this->assertTrue($this->Acl->check('User/db_manager_1', 'controllers/db/drop')); - $this->assertFalse($this->Acl->check('db_manager_2', 'controllers/db/drop')); - - $this->assertTrue($this->Acl->check('db_manager_2', 'controllers/invoices/edit')); - $this->assertFalse($this->Acl->check('database_manager', 'controllers/invoices/edit')); - $this->assertFalse($this->Acl->check('db_manager_1', 'controllers/invoices/edit')); - - // Role/manager is allowed /controllers/*/*_manager - $this->assertTrue($this->Acl->check('stan', 'controllers/invoices/manager_edit')); - $this->assertTrue($this->Acl->check('Role/manager', 'controllers/baz/manager_foo')); - $this->assertFalse($this->Acl->check('User/stan', 'custom/foo/manager_edit')); - $this->assertFalse($this->Acl->check('stan', 'bar/baz/manager_foo')); - $this->assertFalse($this->Acl->check('Role/accounting', 'bar/baz/manager_foo')); - $this->assertFalse($this->Acl->check('accounting', 'controllers/baz/manager_foo')); - - $this->assertTrue($this->Acl->check('User/stan', 'controllers/articles/edit')); - $this->assertTrue($this->Acl->check('stan', 'controllers/articles/add')); - $this->assertTrue($this->Acl->check('stan', 'controllers/articles/publish')); - $this->assertFalse($this->Acl->check('User/stan', 'controllers/articles/delete')); - $this->assertFalse($this->Acl->check('accounting', 'controllers/articles/edit')); - $this->assertFalse($this->Acl->check('accounting', 'controllers/articles/add')); - $this->assertFalse($this->Acl->check('role/accounting', 'controllers/articles/publish')); - } - -/** - * lhs of defined rules are case insensitive - * - * @return void - */ - public function testCheckIsCaseInsensitive() { - $this->assertTrue($this->Acl->check('hardy', 'controllers/forms/new')); - $this->assertTrue($this->Acl->check('Role/data_acquirer', 'controllers/forms/new')); - $this->assertTrue($this->Acl->check('hardy', 'controllers/FORMS/NEW')); - $this->assertTrue($this->Acl->check('Role/data_acquirer', 'controllers/FORMS/NEW')); - } - -/** - * allow should work in-memory - * - * @return void - */ - public function testAllow() { - $this->assertFalse($this->Acl->check('jeff', 'foo/bar')); - - $this->Acl->allow('jeff', 'foo/bar'); - - $this->assertTrue($this->Acl->check('jeff', 'foo/bar')); - $this->assertFalse($this->Acl->check('peter', 'foo/bar')); - $this->assertFalse($this->Acl->check('hardy', 'foo/bar')); - - $this->Acl->allow('Role/accounting', 'foo/bar'); - - $this->assertTrue($this->Acl->check('peter', 'foo/bar')); - $this->assertTrue($this->Acl->check('hardy', 'foo/bar')); - - $this->assertFalse($this->Acl->check('Role/reports', 'foo/bar')); - } - -/** - * deny should work in-memory - * - * @return void - */ - public function testDeny() { - $this->assertTrue($this->Acl->check('stan', 'controllers/baz/manager_foo')); - - $this->Acl->deny('stan', 'controllers/baz/manager_foo'); - - $this->assertFalse($this->Acl->check('stan', 'controllers/baz/manager_foo')); - $this->assertTrue($this->Acl->check('Role/manager', 'controllers/baz/manager_foo')); - $this->assertTrue($this->Acl->check('stan', 'controllers/baz/manager_bar')); - $this->assertTrue($this->Acl->check('stan', 'controllers/baz/manager_foooooo')); - } - -/** - * test that a deny rule wins over an equally specific allow rule - * - * @return void - */ - public function testDenyRuleIsStrongerThanAllowRule() { - $this->assertFalse($this->Acl->check('peter', 'baz/bam')); - $this->Acl->allow('peter', 'baz/bam'); - $this->assertTrue($this->Acl->check('peter', 'baz/bam')); - $this->Acl->deny('peter', 'baz/bam'); - $this->assertFalse($this->Acl->check('peter', 'baz/bam')); - - $this->assertTrue($this->Acl->check('stan', 'controllers/reports/foo')); - // stan is denied as he's sales and sales is denied /controllers/*/delete - $this->assertFalse($this->Acl->check('stan', 'controllers/reports/delete')); - $this->Acl->allow('stan', 'controllers/reports/delete'); - $this->assertFalse($this->Acl->check('Role/sales', 'controllers/reports/delete')); - $this->assertTrue($this->Acl->check('stan', 'controllers/reports/delete')); - $this->Acl->deny('stan', 'controllers/reports/delete'); - $this->assertFalse($this->Acl->check('stan', 'controllers/reports/delete')); - - // there is already an equally specific deny rule that will win - $this->Acl->allow('stan', 'controllers/reports/delete'); - $this->assertFalse($this->Acl->check('stan', 'controllers/reports/delete')); - } - -/** - * test that an invalid configuration throws exception - * - * @return void - */ - public function testInvalidConfigWithAroMissing() { - $this->setExpectedException( - 'Cake\Error\Exception', - '"roles" section not found in ACL configuration' - ); - $config = array('aco' => array('allow' => array('foo' => ''))); - $this->PhpAcl->build($config); - } - - public function testInvalidConfigWithAcosMissing() { - $this->setExpectedException( - 'Cake\Error\Exception', - 'Neither "allow" nor "deny" rules were provided in ACL configuration.' - ); - - $config = array( - 'roles' => array('Role/foo' => null), - ); - - $this->PhpAcl->build($config); - } - -/** - * test resolving of ACOs - * - * @return void - */ - public function testAcoResolve() { - $this->assertEquals(array('foo', 'bar'), $this->Acl->Aco->resolve('foo/bar')); - $this->assertEquals(array('foo', 'bar'), $this->Acl->Aco->resolve('foo/bar')); - $this->assertEquals(array('foo', 'bar', 'baz'), $this->Acl->Aco->resolve('foo/bar/baz')); - $this->assertEquals(array('foo', '*-bar', '?-baz'), $this->Acl->Aco->resolve('foo/*-bar/?-baz')); - - $this->assertEquals(array('foo', 'bar', '[a-f0-9]{24}', '*_bla', 'bla'), $this->Acl->Aco->resolve('foo/bar/[a-f0-9]{24}/*_bla/bla')); - - // multiple slashes will be squashed to a single, trimmed and then exploded - $this->assertEquals(array('foo', 'bar'), $this->Acl->Aco->resolve('foo//bar')); - $this->assertEquals(array('foo', 'bar'), $this->Acl->Aco->resolve('//foo///bar/')); - $this->assertEquals(array('foo', 'bar'), $this->Acl->Aco->resolve('/foo//bar//')); - $this->assertEquals(array('foo', 'bar'), $this->Acl->Aco->resolve('/foo // bar')); - $this->assertEquals(array(), $this->Acl->Aco->resolve('/////')); - } - -/** - * test that declaring cyclic dependencies should give an error when building the tree - * - * @return void - */ - public function testAroDeclarationContainsCycles() { - $config = array( - 'roles' => array( - 'Role/a' => null, - 'Role/b' => 'User/b', - 'User/a' => 'Role/a, Role/b', - 'User/b' => 'User/a', - - ), - 'rules' => array( - 'allow' => array( - '*' => 'Role/a', - ), - ), - ); - - $this->setExpectedException('PHPUnit_Framework_Error', 'cycle detected' /* ... */); - $this->PhpAcl->build($config); - } - -/** - * test that with policy allow, only denies count - * - * @return void - */ - public function testPolicy() { - // allow by default - $this->Acl->config('adapter.policy', PhpAcl::ALLOW); - $this->Acl->adapter($this->PhpAcl); - - $this->assertTrue($this->Acl->check('Role/sales', 'foo')); - $this->assertTrue($this->Acl->check('Role/sales', 'controllers/bla/create')); - $this->assertTrue($this->Acl->check('Role/default', 'foo')); - // undefined user, undefined aco - $this->assertTrue($this->Acl->check('foobar', 'foo/bar')); - - // deny rule: Role.sales -> controllers.*.delete - $this->assertFalse($this->Acl->check('Role/sales', 'controllers/bar/delete')); - $this->assertFalse($this->Acl->check('Role/sales', 'controllers/bar', 'delete')); - } - -} diff --git a/tests/TestCase/Controller/Component/AclComponentTest.php b/tests/TestCase/Controller/Component/AclComponentTest.php deleted file mode 100644 index 48966eb1c99..00000000000 --- a/tests/TestCase/Controller/Component/AclComponentTest.php +++ /dev/null @@ -1,92 +0,0 @@ - - * Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) - * - * Licensed under The MIT License - * For full copyright and license information, please see the LICENSE.txt - * Redistributions of files must retain the above copyright notice - * - * @copyright Copyright (c) Cake Software Foundation, Inc. (http://cakefoundation.org) - * @link http://book.cakephp.org/2.0/en/development/testing.html CakePHP(tm) Tests - * @since 1.2.0 - * @license http://www.opensource.org/licenses/mit-license.php MIT License - */ -namespace Cake\Test\TestCase\Controller\Component; - -use Cake\Controller\ComponentRegistry; -use Cake\Controller\Component\AclComponent; -use Cake\Core\Configure; -use Cake\TestSuite\TestCase; - -/** - * Test Case for AclComponent - * - */ -class AclComponentTest extends TestCase { - -/** - * setUp method - * - * @return void - */ - public function setUp() { - parent::setUp(); - if (!class_exists('MockAclImplementation', false)) { - $this->getMock('Cake\Controller\Component\Acl\AclInterface', array(), array(), 'MockAclImplementation'); - } - Configure::write('Acl.classname', '\MockAclImplementation'); - $Collection = new ComponentRegistry(); - $this->Acl = new AclComponent($Collection); - } - -/** - * tearDown method - * - * @return void - */ - public function tearDown() { - parent::tearDown(); - unset($this->Acl); - } - -/** - * test that constructor throws an exception when Acl.classname is a - * non-existent class - * - * @expectedException \Cake\Error\Exception - * @return void - */ - public function testConstrutorException() { - Configure::write('Acl.classname', 'AclClassNameThatDoesNotExist'); - $Collection = new ComponentRegistry(); - new AclComponent($Collection); - } - -/** - * test that adapter() allows control of the internal implementation AclComponent uses. - * - * @return void - */ - public function testAdapter() { - $Adapter = $this->getMock('Cake\Controller\Component\Acl\AclInterface'); - $Adapter->expects($this->once())->method('initialize')->with($this->Acl); - - $this->assertNull($this->Acl->adapter($Adapter)); - $this->assertEquals($this->Acl->adapter(), $Adapter, 'Returned object is different %s'); - } - -/** - * test that adapter() whines when the class does not implement AclInterface - * - * @expectedException \Cake\Error\Exception - * @return void - */ - public function testAdapterException() { - $thing = new \StdClass(); - $this->Acl->adapter($thing); - } - -} diff --git a/tests/TestCase/Controller/Component/Auth/ActionsAuthorizeTest.php b/tests/TestCase/Controller/Component/Auth/ActionsAuthorizeTest.php deleted file mode 100644 index 1e516186b78..00000000000 --- a/tests/TestCase/Controller/Component/Auth/ActionsAuthorizeTest.php +++ /dev/null @@ -1,194 +0,0 @@ -controller = $this->getMock('Cake\Controller\Controller', array(), array(), '', false); - $this->Acl = $this->getMock('Cake\Controller\Component\AclComponent', array(), array(), '', false); - $this->Collection = $this->getMock('Cake\Controller\ComponentRegistry'); - - $this->auth = new ActionsAuthorize($this->Collection); - $this->auth->config('actionPath', '/controllers'); - } - -/** - * setup the mock acl. - * - * @return void - */ - protected function _mockAcl() { - $this->Collection->expects($this->any()) - ->method('load') - ->with('Acl') - ->will($this->returnValue($this->Acl)); - } - -/** - * test failure - * - * @return void - */ - public function testAuthorizeFailure() { - $user = array( - 'Users' => array( - 'id' => 1, - 'user' => 'mariano' - ) - ); - $request = new Request('/posts/index'); - $request->addParams(array( - 'plugin' => null, - 'controller' => 'posts', - 'action' => 'index' - )); - - $this->_mockAcl(); - - $this->Acl->expects($this->once()) - ->method('check') - ->with($user, 'controllers/Posts/index') - ->will($this->returnValue(false)); - - $this->assertFalse($this->auth->authorize($user['Users'], $request)); - } - -/** - * test isAuthorized working. - * - * @return void - */ - public function testAuthorizeSuccess() { - $user = array( - 'Users' => array( - 'id' => 1, - 'user' => 'mariano' - ) - ); - $request = new Request('/posts/index'); - $request->addParams(array( - 'plugin' => null, - 'controller' => 'posts', - 'action' => 'index' - )); - - $this->_mockAcl(); - - $this->Acl->expects($this->once()) - ->method('check') - ->with($user, 'controllers/Posts/index') - ->will($this->returnValue(true)); - - $this->assertTrue($this->auth->authorize($user['Users'], $request)); - } - -/** - * testAuthorizeSettings - * - * @return void - */ - public function testAuthorizeSettings() { - $request = new Request('/posts/index'); - $request->addParams(array( - 'plugin' => null, - 'controller' => 'posts', - 'action' => 'index' - )); - - $this->_mockAcl(); - - $this->auth->config('userModel', 'TestPlugin.AuthUser'); - $user = array( - 'id' => 1, - 'username' => 'mariano' - ); - - $expected = array('TestPlugin.AuthUser' => array('id' => 1, 'username' => 'mariano')); - $this->Acl->expects($this->once()) - ->method('check') - ->with($expected, 'controllers/Posts/index') - ->will($this->returnValue(true)); - - $this->assertTrue($this->auth->authorize($user, $request)); - } - -/** - * test action() - * - * @return void - */ - public function testActionMethod() { - $request = new Request('/posts/index'); - $request->addParams(array( - 'plugin' => null, - 'controller' => 'posts', - 'action' => 'index' - )); - - $result = $this->auth->action($request); - $this->assertEquals('controllers/Posts/index', $result); - } - -/** - * Make sure that action() doesn't create double slashes anywhere. - * - * @return void - */ - public function testActionNoDoubleSlash() { - $this->auth->config('actionPath', '/controllers/'); - $request = new Request('/posts/index', false); - $request->addParams(array( - 'plugin' => null, - 'controller' => 'posts', - 'action' => 'index' - )); - $result = $this->auth->action($request); - $this->assertEquals('controllers/Posts/index', $result); - } - -/** - * test action() and plugins - * - * @return void - */ - public function testActionWithPlugin() { - $request = new Request('/debug_kit/posts/index'); - $request->addParams(array( - 'plugin' => 'debug_kit', - 'controller' => 'posts', - 'action' => 'index' - )); - - $result = $this->auth->action($request); - $this->assertEquals('controllers/DebugKit/Posts/index', $result); - } -} diff --git a/tests/TestCase/Controller/Component/Auth/CrudAuthorizeTest.php b/tests/TestCase/Controller/Component/Auth/CrudAuthorizeTest.php deleted file mode 100644 index b83215cb948..00000000000 --- a/tests/TestCase/Controller/Component/Auth/CrudAuthorizeTest.php +++ /dev/null @@ -1,188 +0,0 @@ -Acl = $this->getMock('Cake\Controller\Component\AclComponent', array(), array(), '', false); - $this->Components = $this->getMock('Cake\Controller\ComponentRegistry'); - - $this->auth = new CrudAuthorize($this->Components); - } - -/** - * setup the mock acl. - * - * @return void - */ - protected function _mockAcl() { - $this->Components->expects($this->any()) - ->method('load') - ->with('Acl') - ->will($this->returnValue($this->Acl)); - } - -/** - * test authorize() without a mapped action, ensure an error is generated. - * - * @expectedException PHPUnit_Framework_Error_Warning - * @return void - */ - public function testAuthorizeNoMappedAction() { - $request = new Request('/posts/foobar'); - $request->addParams(array( - 'controller' => 'posts', - 'action' => 'foobar' - )); - $user = array('User' => array('username' => 'mark')); - - $this->auth->authorize($user, $request); - } - -/** - * test check() passing - * - * @return void - */ - public function testAuthorizeCheckSuccess() { - $request = new Request('posts/index'); - $request->addParams(array( - 'controller' => 'posts', - 'action' => 'index' - )); - $user = array('Users' => array('username' => 'mark')); - - $this->_mockAcl(); - $this->Acl->expects($this->once()) - ->method('check') - ->with($user, 'Posts', 'read') - ->will($this->returnValue(true)); - - $this->assertTrue($this->auth->authorize($user['Users'], $request)); - } - -/** - * test check() failing - * - * @return void - */ - public function testAuthorizeCheckFailure() { - $request = new Request('posts/index'); - $request->addParams(array( - 'controller' => 'posts', - 'action' => 'index' - )); - $user = array('Users' => array('username' => 'mark')); - - $this->_mockAcl(); - $this->Acl->expects($this->once()) - ->method('check') - ->with($user, 'Posts', 'read') - ->will($this->returnValue(false)); - - $this->assertFalse($this->auth->authorize($user['Users'], $request)); - } - -/** - * test getting actionMap - * - * @return void - */ - public function testMapActionsGet() { - $result = $this->auth->mapActions(); - $expected = array( - 'create' => 'create', - 'read' => 'read', - 'update' => 'update', - 'delete' => 'delete', - 'index' => 'read', - 'add' => 'create', - 'edit' => 'update', - 'view' => 'read', - 'remove' => 'delete' - ); - $this->assertEquals($expected, $result); - } - -/** - * test adding into mapActions - * - * @return void - */ - public function testMapActionsSet() { - $map = array( - 'create' => array('generate'), - 'read' => array('listing', 'show'), - 'update' => array('update'), - 'random' => 'custom' - ); - $result = $this->auth->mapActions($map); - $this->assertNull($result); - - $result = $this->auth->mapActions(); - $expected = array( - 'add' => 'create', - 'create' => 'create', - 'read' => 'read', - 'index' => 'read', - 'edit' => 'update', - 'view' => 'read', - 'delete' => 'delete', - 'remove' => 'delete', - 'generate' => 'create', - 'listing' => 'read', - 'show' => 'read', - 'update' => 'update', - 'random' => 'custom', - ); - $this->assertEquals($expected, $result); - } - -/** - * test prefix routes getting auto mapped. - * - * @return void - */ - public function testAutoPrefixMapActions() { - Configure::write('Routing.prefixes', array('admin', 'manager')); - Router::reload(); - - $auth = new CrudAuthorize($this->Components); - $this->assertTrue((bool)$auth->config('actionMap.admin_index'), 'admin_index should now be a mapped action'); - } - -}