diff --git a/cake/libs/controller/components/acl.php b/cake/libs/controller/components/acl.php index b254e1134e4..de8529dde13 100644 --- a/cake/libs/controller/components/acl.php +++ b/cake/libs/controller/components/acl.php @@ -76,8 +76,8 @@ public function adapter($adapter = null) { if (is_string($adapter)) { $adapter = new $adapter(); } - if (!$adapter instanceof AclBase) { - throw new Exception(__('AclComponent adapters must extend AclBase')); + if (!$adapter instanceof AclInterface) { + throw new Exception(__('AclComponent adapters must implement AclInterface')); } $this->_Instance = $adapter; $this->_Instance->initialize($this); @@ -176,14 +176,13 @@ public function revoke($aro, $aco, $action = "*") { } /** - * Access Control List abstract class. Not to be instantiated. - * Subclasses of this class are used by AclComponent to perform ACL checks in Cake. + * Access Control List interface. + * Implementing classes are used by AclComponent to perform ACL checks in Cake. * * @package cake * @subpackage cake.cake.libs.controller.components - * @abstract */ -abstract class AclBase extends Object { +interface AclInterface { /** * Empty method to be overridden in subclasses @@ -192,14 +191,44 @@ abstract class AclBase extends Object { * @param string $aco ACO The controlled object identifier. * @param string $action Action (defaults to *) */ - public abstract function check($aro, $aco, $action = "*"); + public function check($aro, $aco, $action = "*"); /** - * Empty method to be overridden in subclasses + * Allow methods are used to grant an ARO access to an ACO. + * + * @param string $aro ARO The requesting object identifier. + * @param string $aco ACO The controlled object identifier. + * @param string $action Action (defaults to *) + * @return boolean Success + */ + public function allow($aro, $aco, $action = "*"); + +/** + * Deny methods are used to remove permission from an ARO to access an ACO. + * + * @param string $aro ARO The requesting object identifier. + * @param string $aco ACO The controlled object identifier. + * @param string $action Action (defaults to *) + * @return boolean Success + */ + public function deny($aro, $aco, $action = "*"); + +/** + * Inherit methods modify the permission for an ARO to be that of its parent object. * - * @param object $component Component + * @param string $aro ARO The requesting object identifier. + * @param string $aco ACO The controlled object identifier. + * @param string $action Action (defaults to *) + * @return boolean Success */ - public abstract function initialize($component); + public function inherit($aro, $aco, $action = "*"); + +/** + * Initialization method for the Acl implementation + * + * @param AclComponent $component + */ + public function initialize($component); } /** @@ -222,7 +251,7 @@ public abstract function initialize($component); * @package cake * @subpackage cake.cake.libs.model */ -class DbAcl extends AclBase { +class DbAcl extends Object implements AclInterface { /** * Constructor @@ -492,7 +521,7 @@ protected function _getAcoKeys($keys) { * @package cake * @subpackage cake.cake.libs.model.iniacl */ -class IniAcl extends AclBase { +class IniAcl extends Object implements AclInterface { /** * Array with configuration, parsed from ini file @@ -512,6 +541,42 @@ public function initialize($component) { } +/** + * No op method, allow cannot be done with IniAcl + * + * @param string $aro ARO The requesting object identifier. + * @param string $aco ACO The controlled object identifier. + * @param string $action Action (defaults to *) + * @return boolean Success + */ + public function allow($aro, $aco, $action = "*") { + + } + +/** + * No op method, deny cannot be done with IniAcl + * + * @param string $aro ARO The requesting object identifier. + * @param string $aco ACO The controlled object identifier. + * @param string $action Action (defaults to *) + * @return boolean Success + */ + public function deny($aro, $aco, $action = "*") { + + } + +/** + * No op method, inherit cannot be done with IniAcl + * + * @param string $aro ARO The requesting object identifier. + * @param string $aco ACO The controlled object identifier. + * @param string $action Action (defaults to *) + * @return boolean Success + */ + public function inherit($aro, $aco, $action = "*") { + + } + /** * Main ACL check function. Checks to see if the ARO (access request object) has access to the * ACO (access control object).Looks at the acl.ini.php file for permissions diff --git a/cake/tests/cases/libs/controller/components/acl.test.php b/cake/tests/cases/libs/controller/components/acl.test.php index 127d851fe3f..9e2b99c90a9 100644 --- a/cake/tests/cases/libs/controller/components/acl.test.php +++ b/cake/tests/cases/libs/controller/components/acl.test.php @@ -188,7 +188,6 @@ function __construct() { * @subpackage cake.tests.cases.libs.controller.components */ class AclComponentTest extends CakeTestCase { - /** * fixtures property * @@ -196,7 +195,6 @@ class AclComponentTest extends CakeTestCase { * @access public */ public $fixtures = array('core.aro_two', 'core.aco_two', 'core.aros_aco_two'); - /** * startTest method * @@ -265,6 +263,145 @@ function testAdapterException() { $this->Acl->adapter($thing); } +/** + * testStartup method + * + * @access public + * @return void + */ + function testStartup() { + $controller = new Controller(); + $this->assertTrue($this->Acl->startup($controller)); + } +} + +/** + * Test case for the IniAcl implementation + * + * @package cake.tests.cases.libs.controller.components + */ +class IniAclTestCase extends CakeTestCase { + +/** + * testIniReadConfigFile + * + * @access public + * @return void + */ + function testIniReadConfigFile() { + $Ini = new IniAcl(); + $iniFile = TEST_CAKE_CORE_INCLUDE_PATH . 'tests' . DS . 'test_app' . DS . 'config'. DS . 'acl.ini.php'; + $result = $Ini->readConfigFile($iniFile); + $expected = array( + 'admin' => array( + 'groups' => 'administrators', + 'allow' => '', + 'deny' => 'ads', + ), + 'paul' => array( + 'groups' => 'users', + 'allow' =>'', + 'deny' => '', + ), + 'jenny' => array( + 'groups' => 'users', + 'allow' => 'ads', + 'deny' => 'images, files', + ), + 'nobody' => array( + 'groups' => 'anonymous', + 'allow' => '', + 'deny' => '', + ), + 'administrators' => array( + 'deny' => '', + 'allow' => 'posts, comments, images, files, stats, ads', + ), + 'users' => array( + 'allow' => 'posts, comments, images, files', + 'deny' => 'stats, ads', + ), + 'anonymous' => array( + 'allow' => '', + 'deny' => 'posts, comments, images, files, stats, ads', + ), + ); + $this->assertEqual($result, $expected); + } + +/** + * testIniCheck method + * + * @access public + * @return void + */ + function testIniCheck() { + $iniFile = TEST_CAKE_CORE_INCLUDE_PATH . 'tests' . DS . 'test_app' . DS . 'config'. DS . 'acl.ini.php'; + + $Ini = new IniAcl(); + $Ini->config = $Ini->readConfigFile($iniFile); + + $this->assertFalse($Ini->check('admin', 'ads')); + $this->assertTrue($Ini->check('admin', 'posts')); + + $this->assertTrue($Ini->check('jenny', 'posts')); + $this->assertTrue($Ini->check('jenny', 'ads')); + + $this->assertTrue($Ini->check('paul', 'posts')); + $this->assertFalse($Ini->check('paul', 'ads')); + + $this->assertFalse($Ini->check('nobody', 'comments')); + } +} + + +/** + * Test case for AclComponent using the DbAcl implementation. + * + * @package cake.tests.cases.libs.controller.components + */ +class DbAclTestCase extends CakeTestCase { +/** + * fixtures property + * + * @var array + * @access public + */ + public $fixtures = array('core.aro_two', 'core.aco_two', 'core.aros_aco_two'); + +/** + * startTest method + * + * @access public + * @return void + */ + function startTest() { + $this->Acl =& new AclComponent(); + } + +/** + * before method + * + * @param mixed $method + * @access public + * @return void + */ + function before($method) { + Configure::write('Acl.classname', 'DbAclTwoTest'); + Configure::write('Acl.database', 'test_suite'); + parent::before($method); + } + +/** + * tearDown method + * + * @access public + * @return void + */ + function tearDown() { + unset($this->Acl); + } + /** * testAclCreate method * @@ -517,90 +654,6 @@ function testDbRevoke() { $this->expectError('DbAcl::allow() - Invalid node'); $this->assertFalse($this->Acl->deny('Bobs', 'ROOT/printers/DoesNotExist', 'create')); } - -/** - * testStartup method - * - * @access public - * @return void - */ - function testStartup() { - $controller = new Controller(); - $this->assertTrue($this->Acl->startup($controller)); - } - -/** - * testIniReadConfigFile - * - * @access public - * @return void - */ - function testIniReadConfigFile() { - $Ini = new IniAcl(); - $iniFile = TEST_CAKE_CORE_INCLUDE_PATH . 'tests' . DS . 'test_app' . DS . 'config'. DS . 'acl.ini.php'; - $result = $Ini->readConfigFile($iniFile); - $expected = array( - 'admin' => array( - 'groups' => 'administrators', - 'allow' => '', - 'deny' => 'ads', - ), - 'paul' => array( - 'groups' => 'users', - 'allow' =>'', - 'deny' => '', - ), - 'jenny' => array( - 'groups' => 'users', - 'allow' => 'ads', - 'deny' => 'images, files', - ), - 'nobody' => array( - 'groups' => 'anonymous', - 'allow' => '', - 'deny' => '', - ), - 'administrators' => array( - 'deny' => '', - 'allow' => 'posts, comments, images, files, stats, ads', - ), - 'users' => array( - 'allow' => 'posts, comments, images, files', - 'deny' => 'stats, ads', - ), - 'anonymous' => array( - 'allow' => '', - 'deny' => 'posts, comments, images, files, stats, ads', - ), - ); - $this->assertEqual($result, $expected); - } - -/** - * testIniCheck method - * - * @access public - * @return void - */ - function testIniCheck() { - $iniFile = TEST_CAKE_CORE_INCLUDE_PATH . 'tests' . DS . 'test_app' . DS . 'config'. DS . 'acl.ini.php'; - - $Ini = new IniAcl(); - $Ini->config = $Ini->readConfigFile($iniFile); - $this->Acl->adapter($Ini); - - $this->assertFalse($this->Acl->check('admin', 'ads')); - $this->assertTrue($this->Acl->check('admin', 'posts')); - - $this->assertTrue($this->Acl->check('jenny', 'posts')); - $this->assertTrue($this->Acl->check('jenny', 'ads')); - - $this->assertTrue($this->Acl->check('paul', 'posts')); - $this->assertFalse($this->Acl->check('paul', 'ads')); - - $this->assertFalse($this->Acl->check('nobody', 'comments')); - } - /** * debug function - to help editing/creating test cases for the ACL component * @@ -646,9 +699,9 @@ function __debug ($printTreesToo = false) { $permisssions = array_map(array(&$this, '__pad'), $permissions); array_unshift($permissions, 'Current Permissions :'); if ($printTreesToo) { - debug (array('aros' => $this->Acl->Aro->generateTreeList(), 'acos' => $this->Acl->Aco->generateTreeList())); + debug(array('aros' => $this->Acl->Aro->generateTreeList(), 'acos' => $this->Acl->Aco->generateTreeList())); } - debug (implode("\r\n", $permissions)); + debug(implode("\r\n", $permissions)); } /** @@ -664,4 +717,5 @@ function __pad($string = '', $len = 14) { return str_pad($string, $len); } } + ?> \ No newline at end of file