From a55cbad8e95d214d251980461f9e07b5d4a8030c Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Fri, 27 Feb 2015 13:46:00 +0000 Subject: [PATCH 01/30] Fixes loading available roles from database --- src/Auth/TinyAuthorize.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 2330e032..89189bf4 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -214,18 +214,20 @@ protected function _getAcl($path = null) { $iniArray = parse_ini_string(file_get_contents($path . ACL_FILE), true); } + // fetch roles from the database for multi role authorization $availableRoles = Configure::read($this->_config['aclTable']); if (!is_array($availableRoles)) { - $Table = $this->getTable(); - if (!isset($Table->{$this->_config['aclTable']})) { + $table = $this->getTable(); + if (!$table->associations()->has($this->_config['aclTable'])) { throw new \Exception('Missing relationship between Users and Roles. TinyAuthorize needs either a Configure or DB setup.'); } - $availableRoles = $Table->{$this->_config['aclTable']}->find('all')->formatResults(function ($results) { + $availableRoles = $table->{$this->_config['aclTable']}->find('all')->formatResults(function ($results) { return $results->combine('alias', 'id'); })->toArray(); Configure::write($this->_config['aclTable'], $availableRoles); } + if (!is_array($availableRoles) || !is_array($iniArray)) { trigger_error('Invalid Role Setup for TinyAuthorize (no roles found)'); return []; From 90e9799b842f6cb62399f89d2babbe32ab378f53 Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Fri, 27 Feb 2015 13:49:37 +0000 Subject: [PATCH 02/30] Rephrase --- src/Auth/TinyAuthorize.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 89189bf4..f55e98fe 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -214,7 +214,7 @@ protected function _getAcl($path = null) { $iniArray = parse_ini_string(file_get_contents($path . ACL_FILE), true); } - // fetch roles from the database for multi role authorization + // fetch available roles from the database if a table is specified $availableRoles = Configure::read($this->_config['aclTable']); if (!is_array($availableRoles)) { $table = $this->getTable(); From 29875f1ddd14be4edd59839ae9c4cd6804235225 Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Fri, 27 Feb 2015 19:24:38 +0000 Subject: [PATCH 03/30] Fixes fetching associated (multi) roles --- src/Auth/TinyAuthorize.php | 34 ++++++++++++++++++---------------- 1 file changed, 18 insertions(+), 16 deletions(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index f55e98fe..531aea83 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -82,14 +82,15 @@ public function __construct(ComponentRegistry $registry, array $config = []) { * @return bool Success */ public function authorize($user, Request $request) { - if (isset($user[$this->_config['aclTable']])) { - if (isset($user[$this->_config['aclTable']][0]['id'])) { - $roles = Hash::extract($user[$this->_config['aclTable']], '{n}.id'); - } elseif (isset($user[$this->_config['aclTable']]['id'])) { - $roles = [$user[$this->_config['aclTable']]['id']]; - } else { - $roles = (array)$user[$this->_config['aclTable']]; - } + // fetch associated roles from database when multi role is enabled + if (isset($this->_config['aclTable'])) { + $usersTable = $this->getUserTable(); + $userData = $usersTable->get($user['id'], [ + 'contain' => [$this->_config['aclTable']] + ]); + // extract associated roles from user data + $roleTableName = Inflector::tableize($this->_config['aclTable']); + $roles = Hash::extract($userData->toArray(), "$roleTableName.{n}.id"); } elseif (isset($user[$this->_config['aclKey']])) { $roles = [$user[$this->_config['aclKey']]]; } else { @@ -178,8 +179,13 @@ public function validate($roles, Request $request) { /** * @return Cake\ORM\Table The User table */ - public function getTable() { - return TableRegistry::get(CLASS_USER); + public function getUserTable() { + $table = TableRegistry::get(CLASS_USER); + if (!$table->associations()->has($this->_config['aclTable'])) { + throw new \Exception('Missing relationship between Users and ' . + $this->_config['aclTable'] . '.'); + } + return $table; } /** @@ -217,12 +223,8 @@ protected function _getAcl($path = null) { // fetch available roles from the database if a table is specified $availableRoles = Configure::read($this->_config['aclTable']); if (!is_array($availableRoles)) { - $table = $this->getTable(); - if (!$table->associations()->has($this->_config['aclTable'])) { - throw new \Exception('Missing relationship between Users and Roles. TinyAuthorize needs either a Configure or DB setup.'); - } - - $availableRoles = $table->{$this->_config['aclTable']}->find('all')->formatResults(function ($results) { + $userTable = $this->getUserTable(); + $availableRoles = $userTable->{$this->_config['aclTable']}->find('all')->formatResults(function ($results) { return $results->combine('alias', 'id'); })->toArray(); Configure::write($this->_config['aclTable'], $availableRoles); From 72848f578c9ea5b549d02b332fea54d4c9790377 Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Fri, 27 Feb 2015 19:29:48 +0000 Subject: [PATCH 04/30] Moves comment --- src/Auth/TinyAuthorize.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 531aea83..36e344b7 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -82,8 +82,8 @@ public function __construct(ComponentRegistry $registry, array $config = []) { * @return bool Success */ public function authorize($user, Request $request) { - // fetch associated roles from database when multi role is enabled if (isset($this->_config['aclTable'])) { + // fetch associated roles from database when multi role is enabled $usersTable = $this->getUserTable(); $userData = $usersTable->get($user['id'], [ 'contain' => [$this->_config['aclTable']] From f8f2971492a0dd186cad8a3d05585fba2afa9664 Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Fri, 27 Feb 2015 19:31:12 +0000 Subject: [PATCH 05/30] Removes obsolete function declaration --- src/Auth/TinyAuthorize.php | 1 - 1 file changed, 1 deletion(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 36e344b7..f95f230d 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -111,7 +111,6 @@ public function authorize($user, Request $request) { * @param string $action * @return bool Success */ - //public function validate($roles, $plugin, $controller, $action) { public function validate($roles, Request $request) { // construct the iniKey and iniMap for easy lookups $iniKey = $this->_constructIniKey($request); From c061b48315b0ae91573e83a5d55a45dab9c0515f Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Fri, 27 Feb 2015 19:49:58 +0000 Subject: [PATCH 06/30] Fixes condition + removes obsolete variable --- src/Auth/TinyAuthorize.php | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index f95f230d..78275ac0 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -82,7 +82,7 @@ public function __construct(ComponentRegistry $registry, array $config = []) { * @return bool Success */ public function authorize($user, Request $request) { - if (isset($this->_config['aclTable'])) { + if (isset($user[$this->_config['aclTable']])) { // fetch associated roles from database when multi role is enabled $usersTable = $this->getUserTable(); $userData = $usersTable->get($user['id'], [ @@ -98,6 +98,7 @@ public function authorize($user, Request $request) { trigger_error(sprintf('Missing acl information (%s) in user session', $acl)); $roles = []; } + return $this->validate($roles, $request); } @@ -112,10 +113,6 @@ public function authorize($user, Request $request) { * @return bool Success */ public function validate($roles, Request $request) { - // construct the iniKey and iniMap for easy lookups - $iniKey = $this->_constructIniKey($request); - $availableRoles = Configure::read($this->_config['aclTable']); - // Give any logged in user access to ALL actions when `allowUser` is // enabled except when the `adminPrefix` is being used. if (!empty($this->_config['allowUser'])) { @@ -152,6 +149,7 @@ public function validate($roles, Request $request) { } // allow access if user has a role with wildcard access to the resource + $iniKey = $this->_constructIniKey($request); if (isset($this->_acl[$iniKey]['actions']['*'])) { $matchArray = $this->_acl[$iniKey]['actions']['*']; foreach ($roles as $role) { From 5fffd515442b5e24e2fa27074b09fe818b0b0535 Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Fri, 27 Feb 2015 21:44:42 +0000 Subject: [PATCH 07/30] Adds multiRole configuration option --- src/Auth/TinyAuthorize.php | 10 +++---- tests/Fixture/RolesUsersFixture.php | 45 +++++++++++++++++++++++++++++ 2 files changed, 50 insertions(+), 5 deletions(-) create mode 100644 tests/Fixture/RolesUsersFixture.php diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 78275ac0..6b34393c 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -50,8 +50,9 @@ class TinyAuthorize extends BaseAuthorize { 'cache' => AUTH_CACHE, 'cacheKey' => 'tiny_auth_acl', 'autoClearCache' => false, // usually done by Cache automatically in debug mode, - 'aclTable' => 'Roles', // only for multiple roles per user (HABTM) - 'aclKey' => 'role_id', // only for single roles per user (BT) + 'aclKey' => 'role_id', // name of column in user table holding single role per user (BT) + 'aclTable' => 'Roles', // name of table holding all available roles, only used if present + 'multiRole' => false // enables multirole (HABTM) authorization (requires valid aclTable and join table) ]; /** @@ -82,8 +83,8 @@ public function __construct(ComponentRegistry $registry, array $config = []) { * @return bool Success */ public function authorize($user, Request $request) { - if (isset($user[$this->_config['aclTable']])) { - // fetch associated roles from database when multi role is enabled + if ($this->_config['multiRole']) { + // fetch associated roles from database $usersTable = $this->getUserTable(); $userData = $usersTable->get($user['id'], [ 'contain' => [$this->_config['aclTable']] @@ -98,7 +99,6 @@ public function authorize($user, Request $request) { trigger_error(sprintf('Missing acl information (%s) in user session', $acl)); $roles = []; } - return $this->validate($roles, $request); } diff --git a/tests/Fixture/RolesUsersFixture.php b/tests/Fixture/RolesUsersFixture.php new file mode 100644 index 00000000..a6525186 --- /dev/null +++ b/tests/Fixture/RolesUsersFixture.php @@ -0,0 +1,45 @@ + ['type' => 'integer'], + 'user_id' => ['type' => 'integer'], + 'role_id' => ['type' => 'integer'], + '_constraints' => [ + 'primary' => ['type' => 'primary', 'columns' => ['id']] + ] + ]; + + /** + * Records + * + * @var array + */ + public $records = [ + [ + 'id' => 1, + 'user_id' => 1, + 'role_id' => 1 + ], + [ + 'id' => 2, + 'user_id' => 2, + 'role_id' => 2 + ], + [ + 'id' => 3, + 'user_id' => 2, + 'role_id' => 3 + ], + ]; + +} From cf47653d6100ce66ac1eb2bfacf2fe2041c9e0d2 Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Sat, 28 Feb 2015 09:19:44 +0000 Subject: [PATCH 08/30] Improves comments --- src/Auth/TinyAuthorize.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 6b34393c..d2b5036e 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -84,15 +84,17 @@ public function __construct(ComponentRegistry $registry, array $config = []) { */ public function authorize($user, Request $request) { if ($this->_config['multiRole']) { - // fetch associated roles from database + // multi-role: fetch user data and associated roles from database $usersTable = $this->getUserTable(); $userData = $usersTable->get($user['id'], [ 'contain' => [$this->_config['aclTable']] ]); + // extract associated roles from user data $roleTableName = Inflector::tableize($this->_config['aclTable']); $roles = Hash::extract($userData->toArray(), "$roleTableName.{n}.id"); } elseif (isset($user[$this->_config['aclKey']])) { + // single-role: simply use the single role id found in the aclKey $roles = [$user[$this->_config['aclKey']]]; } else { $acl = $this->_config['aclTable'] . '/' . $this->_config['aclKey']; From 1951bdce3d77587cbb7b85a8b8ef67ccd5c7887e Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Sat, 28 Feb 2015 09:28:00 +0000 Subject: [PATCH 09/30] Renames aclKey and aclTable to roleColumn and rolesTable --- src/Auth/TinyAuthorize.php | 31 +++++++++++------------ tests/TestCase/Auth/TinyAuthorizeTest.php | 23 ++++++++++------- 2 files changed, 29 insertions(+), 25 deletions(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index d2b5036e..554ed1c5 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -50,9 +50,9 @@ class TinyAuthorize extends BaseAuthorize { 'cache' => AUTH_CACHE, 'cacheKey' => 'tiny_auth_acl', 'autoClearCache' => false, // usually done by Cache automatically in debug mode, - 'aclKey' => 'role_id', // name of column in user table holding single role per user (BT) - 'aclTable' => 'Roles', // name of table holding all available roles, only used if present - 'multiRole' => false // enables multirole (HABTM) authorization (requires valid aclTable and join table) + 'roleColumn' => 'role_id', // name of column in user table holding role id (used for single role/BT only) + 'rolesTable' => 'Roles', // name of table holding all available roles, only used if present + 'multiRole' => false // enables multirole (HABTM) authorization (requires valid rolesTable and join table) ]; /** @@ -87,17 +87,16 @@ public function authorize($user, Request $request) { // multi-role: fetch user data and associated roles from database $usersTable = $this->getUserTable(); $userData = $usersTable->get($user['id'], [ - 'contain' => [$this->_config['aclTable']] + 'contain' => [$this->_config['rolesTable']] ]); // extract associated roles from user data - $roleTableName = Inflector::tableize($this->_config['aclTable']); - $roles = Hash::extract($userData->toArray(), "$roleTableName.{n}.id"); - } elseif (isset($user[$this->_config['aclKey']])) { - // single-role: simply use the single role id found in the aclKey - $roles = [$user[$this->_config['aclKey']]]; + $roles = Hash::extract($userData->toArray(), Inflector::tableize($this->_config['rolesTable']) . '.{n}.id'); + } elseif (isset($user[$this->_config['roleColumn']])) { + // single-role: simply use the single role id found in the roleColumn + $roles = [$user[$this->_config['roleColumn']]]; } else { - $acl = $this->_config['aclTable'] . '/' . $this->_config['aclKey']; + $acl = $this->_config['rolesTable'] . '/' . $this->_config['roleColumn']; trigger_error(sprintf('Missing acl information (%s) in user session', $acl)); $roles = []; } @@ -180,9 +179,9 @@ public function validate($roles, Request $request) { */ public function getUserTable() { $table = TableRegistry::get(CLASS_USER); - if (!$table->associations()->has($this->_config['aclTable'])) { + if (!$table->associations()->has($this->_config['rolesTable'])) { throw new \Exception('Missing relationship between Users and ' . - $this->_config['aclTable'] . '.'); + $this->_config['rolesTable'] . '.'); } return $table; } @@ -220,13 +219,13 @@ protected function _getAcl($path = null) { } // fetch available roles from the database if a table is specified - $availableRoles = Configure::read($this->_config['aclTable']); + $availableRoles = Configure::read($this->_config['rolesTable']); if (!is_array($availableRoles)) { $userTable = $this->getUserTable(); - $availableRoles = $userTable->{$this->_config['aclTable']}->find('all')->formatResults(function ($results) { + $availableRoles = $userTable->{$this->_config['rolesTable']}->find('all')->formatResults(function ($results) { return $results->combine('alias', 'id'); })->toArray(); - Configure::write($this->_config['aclTable'], $availableRoles); + Configure::write($this->_config['rolesTable'], $availableRoles); } if (!is_array($availableRoles) || !is_array($iniArray)) { @@ -267,7 +266,7 @@ protected function _getAcl($path = null) { if (!($role = trim($role)) || $role === '*') { continue; } - $newRole = Configure::read($this->_config['aclTable'] . '.' . strtolower($role)); + $newRole = Configure::read($this->_config['rolesTable'] . '.' . strtolower($role)); $res[$key]['actions'][$action][] = $newRole; } diff --git a/tests/TestCase/Auth/TinyAuthorizeTest.php b/tests/TestCase/Auth/TinyAuthorizeTest.php index f59f792f..e72bd761 100644 --- a/tests/TestCase/Auth/TinyAuthorizeTest.php +++ b/tests/TestCase/Auth/TinyAuthorizeTest.php @@ -15,7 +15,12 @@ */ class TinyAuthorizeTest extends TestCase { - public $fixtures = ['core.users', 'core.auth_users', 'plugin.tiny_auth.roles']; + public $fixtures = [ + 'core.users', + 'core.auth_users', + 'plugin.tiny_auth.roles', + //'plugin.tiny_auth.roles_users', + ]; public $Collection; @@ -130,12 +135,12 @@ public function tearDown() { */ public function testConstructor() { $object = new TestTinyAuthorize($this->Collection, [ - 'aclTable' => 'AuthRole', - 'aclKey' => 'auth_role_id', + 'rolesTable' => 'AuthRoles', + 'roleColumn' => 'auth_role_id', 'autoClearCache' => true, ]); - $this->assertEquals('AuthRole', $object->config('aclTable')); - $this->assertEquals('auth_role_id', $object->config('aclKey')); + $this->assertEquals('AuthRoles', $object->config('rolesTable')); + $this->assertEquals('auth_role_id', $object->config('roleColumn')); } /** @@ -292,8 +297,8 @@ public function testBasicUserMethodDisallowed() { $object = new TestTinyAuthorize($this->Collection, [ 'autoClearCache' => true ]); - $this->assertEquals('Roles', $object->config('aclTable')); - $this->assertEquals('role_id', $object->config('aclKey')); + $this->assertEquals('Roles', $object->config('rolesTable')); + $this->assertEquals('role_id', $object->config('roleColumn')); // All tests performed against this action $this->request->params['action'] = 'add'; @@ -968,11 +973,11 @@ public function testAdminMethodsAllowed() { } /** - * TinyAuthorizeTest::testWithRoleTable() + * TinyAuthorizeTest::testWithRolesTable() * * @return void */ - public function testWithRoleTable() { + public function testWithRolesTable() { $Users = TableRegistry::get('Users'); $Users->belongsTo('Roles'); From b16cbc5ae8e03a04984c18da7aa73aaf13297b90 Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Sat, 28 Feb 2015 10:17:51 +0000 Subject: [PATCH 10/30] Renames roles variable to userRoles --- src/Auth/TinyAuthorize.php | 27 ++++++++++++++------------- 1 file changed, 14 insertions(+), 13 deletions(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 554ed1c5..34a122a8 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -91,29 +91,30 @@ public function authorize($user, Request $request) { ]); // extract associated roles from user data - $roles = Hash::extract($userData->toArray(), Inflector::tableize($this->_config['rolesTable']) . '.{n}.id'); + $userRoles = Hash::extract($userData->toArray(), Inflector::tableize($this->_config['rolesTable']) . '.{n}.id'); } elseif (isset($user[$this->_config['roleColumn']])) { // single-role: simply use the single role id found in the roleColumn - $roles = [$user[$this->_config['roleColumn']]]; + $userRoles = [$user[$this->_config['roleColumn']]]; } else { $acl = $this->_config['rolesTable'] . '/' . $this->_config['roleColumn']; trigger_error(sprintf('Missing acl information (%s) in user session', $acl)); - $roles = []; + $userRoles = []; } - return $this->validate($roles, $request); + pr($userRoles); + return $this->validate($userRoles, $request); } /** * Validate the url to the role(s) * allows single or multi role based authorization * - * @param array $roles + * @param array $userRoles * @param string $plugin * @param string $controller * @param string $action * @return bool Success */ - public function validate($roles, Request $request) { + public function validate($userRoles, Request $request) { // Give any logged in user access to ALL actions when `allowUser` is // enabled except when the `adminPrefix` is being used. if (!empty($this->_config['allowUser'])) { @@ -129,7 +130,7 @@ public function validate($roles, Request $request) { // the specified adminRole id. if (!empty($this->_config['allowAdmin']) && !empty($this->_config['adminRole'])) { if (!empty($request->params['prefix']) && $request->params['prefix'] === $this->_config['adminPrefix']) { - if (in_array($this->_config['adminRole'], $roles)) { + if (in_array($this->_config['adminRole'], $userRoles)) { return true; } } @@ -137,8 +138,8 @@ public function validate($roles, Request $request) { // allow logged in super admins access to all resources if (!empty($this->_config['superAdminRole'])) { - foreach ($roles as $role) { - if ($role === $this->_config['superAdminRole']) { + foreach ($userRoles as $userRole) { + if ($userRole === $this->_config['superAdminRole']) { return true; } } @@ -153,8 +154,8 @@ public function validate($roles, Request $request) { $iniKey = $this->_constructIniKey($request); if (isset($this->_acl[$iniKey]['actions']['*'])) { $matchArray = $this->_acl[$iniKey]['actions']['*']; - foreach ($roles as $role) { - if (in_array((string)$role, $matchArray)) { + foreach ($userRoles as $userRole) { + if (in_array((string)$userRole, $matchArray)) { return true; } } @@ -164,8 +165,8 @@ public function validate($roles, Request $request) { if (isset($this->_acl[$iniKey]['actions'])) { if(array_key_exists($request->action, $this->_acl[$iniKey]['actions']) && !empty($this->_acl[$iniKey]['actions'][$request->action])) { $matchArray = $this->_acl[$iniKey]['actions'][$request->action]; - foreach ($roles as $role) { - if (in_array((string)$role, $matchArray)) { + foreach ($userRoles as $userRole) { + if (in_array((string)$userRole, $matchArray)) { return true; } } From fc5e8e446ae57a684eb5b8aace38a96578a4c52b Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Sat, 28 Feb 2015 10:37:29 +0000 Subject: [PATCH 11/30] Refactors getting user roles --- src/Auth/TinyAuthorize.php | 46 ++++++++++++++++++++++---------------- 1 file changed, 27 insertions(+), 19 deletions(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 34a122a8..385e64b8 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -83,25 +83,7 @@ public function __construct(ComponentRegistry $registry, array $config = []) { * @return bool Success */ public function authorize($user, Request $request) { - if ($this->_config['multiRole']) { - // multi-role: fetch user data and associated roles from database - $usersTable = $this->getUserTable(); - $userData = $usersTable->get($user['id'], [ - 'contain' => [$this->_config['rolesTable']] - ]); - - // extract associated roles from user data - $userRoles = Hash::extract($userData->toArray(), Inflector::tableize($this->_config['rolesTable']) . '.{n}.id'); - } elseif (isset($user[$this->_config['roleColumn']])) { - // single-role: simply use the single role id found in the roleColumn - $userRoles = [$user[$this->_config['roleColumn']]]; - } else { - $acl = $this->_config['rolesTable'] . '/' . $this->_config['roleColumn']; - trigger_error(sprintf('Missing acl information (%s) in user session', $acl)); - $userRoles = []; - } - pr($userRoles); - return $this->validate($userRoles, $request); + return $this->validate($this->_getUserRoles($user), $request); } /** @@ -278,6 +260,32 @@ protected function _getAcl($path = null) { return $res; } + + /** + * Get all roles for the authenticated user + * + * @todo discuss trigger_error + * + * @param array $user The user to get the roles for + * @return array List with all role ids belonging to the user + */ + protected function _getUserRoles($user) { + if (!$this->_config['multiRole']) { + if (isset($user[$this->_config['roleColumn']])) { + return [$user[$this->_config['roleColumn']]]; + } + trigger_error(sprintf('Missing role id (%s) in user session', $this->_config['roleColumn'])); + return []; + } + + // multi-role: fetch user data and associated roles from database + $usersTable = $this->getUserTable(); + $userData = $usersTable->get($user['id'], [ + 'contain' => [$this->_config['rolesTable']] + ]); + return Hash::extract($userData->toArray(), Inflector::tableize($this->_config['rolesTable']) . '.{n}.id'); + } + /** * Deconstructs an ACL ini section key into a named array with ACL parts * From bf02732943d3ca0e99bed465b3d4272698e7d09e Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Sat, 28 Feb 2015 11:11:27 +0000 Subject: [PATCH 12/30] Refactors getting available roles --- src/Auth/TinyAuthorize.php | 52 +++++++++++++++++++++++++++++--------- 1 file changed, 40 insertions(+), 12 deletions(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 385e64b8..ea1e8e55 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -51,7 +51,7 @@ class TinyAuthorize extends BaseAuthorize { 'cacheKey' => 'tiny_auth_acl', 'autoClearCache' => false, // usually done by Cache automatically in debug mode, 'roleColumn' => 'role_id', // name of column in user table holding role id (used for single role/BT only) - 'rolesTable' => 'Roles', // name of table holding all available roles, only used if present + 'rolesTable' => 'Roles', // name of table class holding all available roles 'multiRole' => false // enables multirole (HABTM) authorization (requires valid rolesTable and join table) ]; @@ -202,14 +202,19 @@ protected function _getAcl($path = null) { } // fetch available roles from the database if a table is specified - $availableRoles = Configure::read($this->_config['rolesTable']); - if (!is_array($availableRoles)) { - $userTable = $this->getUserTable(); - $availableRoles = $userTable->{$this->_config['rolesTable']}->find('all')->formatResults(function ($results) { - return $results->combine('alias', 'id'); - })->toArray(); - Configure::write($this->_config['rolesTable'], $availableRoles); - } + $availableRoles = $this->_getAvailableRoles(); + + + // $availableRoles = Configure::read($this->_config['rolesTable']); + // if (!is_array($availableRoles)) { + // $userTable = $this->getUserTable(); + // $availableRoles = $userTable->{$this->_config['rolesTable']}->find('all')->formatResults(function ($results) { + // return $results->combine('alias', 'id'); + // })->toArray(); + // Configure::write($this->_config['rolesTable'], $availableRoles); + // } + + pr($availableRoles); if (!is_array($availableRoles) || !is_array($iniArray)) { trigger_error('Invalid Role Setup for TinyAuthorize (no roles found)'); @@ -260,11 +265,10 @@ protected function _getAcl($path = null) { return $res; } - /** - * Get all roles for the authenticated user + * Returns a list of all roles belonging to the authenticated user * - * @todo discuss trigger_error + * @todo discuss trigger_error + caching (?) * * @param array $user The user to get the roles for * @return array List with all role ids belonging to the user @@ -286,6 +290,30 @@ protected function _getUserRoles($user) { return Hash::extract($userData->toArray(), Inflector::tableize($this->_config['rolesTable']) . '.{n}.id'); } + /** + * Returns a list of all available roles defined in either Configure or + * database. + * + * @todo discuss caching (?) + * @todo this only works if Configure and rolesTable use a different name, + * otherwise the configure always takes precedence. Maybe restructure + * configuration options. + * + * @param array $user The user to get the roles for + * @return array List with all role ids belonging to the user + */ + protected function _getAvailableRoles() { + $roles = Configure::read($this->_config['rolesTable']); + if (!is_array($roles)) { + $userTable = $this->getUserTable(); + $roles = $userTable->{$this->_config['rolesTable']}->find('all')->formatResults(function ($results) { + return $results->combine('alias', 'id'); + })->toArray(); + Configure::write($this->_config['rolesTable'], $roles); + } + return $roles; + } + /** * Deconstructs an ACL ini section key into a named array with ACL parts * From 2649db6f3491bbb0be6851cd8d6877a00f676bb8 Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Sat, 28 Feb 2015 11:13:42 +0000 Subject: [PATCH 13/30] Removes comments --- src/Auth/TinyAuthorize.php | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index ea1e8e55..e011f800 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -201,21 +201,8 @@ protected function _getAcl($path = null) { $iniArray = parse_ini_string(file_get_contents($path . ACL_FILE), true); } - // fetch available roles from the database if a table is specified $availableRoles = $this->_getAvailableRoles(); - - // $availableRoles = Configure::read($this->_config['rolesTable']); - // if (!is_array($availableRoles)) { - // $userTable = $this->getUserTable(); - // $availableRoles = $userTable->{$this->_config['rolesTable']}->find('all')->formatResults(function ($results) { - // return $results->combine('alias', 'id'); - // })->toArray(); - // Configure::write($this->_config['rolesTable'], $availableRoles); - // } - - pr($availableRoles); - if (!is_array($availableRoles) || !is_array($iniArray)) { trigger_error('Invalid Role Setup for TinyAuthorize (no roles found)'); return []; From d8fd24583b3d0b88c5b460e4d962b3e5dd3665e0 Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Sat, 28 Feb 2015 12:15:58 +0000 Subject: [PATCH 14/30] Fixes logic for fetching available roles --- src/Auth/TinyAuthorize.php | 35 ++++++++++++++++++----------------- 1 file changed, 18 insertions(+), 17 deletions(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index e011f800..4a584cfd 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -5,6 +5,8 @@ use Cake\Cache\Cache; use Cake\Controller\ComponentRegistry; use Cake\Core\Configure; +use Cake\Database\Schema\Collection; +use Cake\Datasource\ConnectionManager; use Cake\Network\Request; use Cake\ORM\TableRegistry; use Cake\Utility\Hash; @@ -51,7 +53,7 @@ class TinyAuthorize extends BaseAuthorize { 'cacheKey' => 'tiny_auth_acl', 'autoClearCache' => false, // usually done by Cache automatically in debug mode, 'roleColumn' => 'role_id', // name of column in user table holding role id (used for single role/BT only) - 'rolesTable' => 'Roles', // name of table class holding all available roles + 'rolesTable' => 'Roles', // name of table class OR Configure key holding all available roles 'multiRole' => false // enables multirole (HABTM) authorization (requires valid rolesTable and join table) ]; @@ -278,26 +280,25 @@ protected function _getUserRoles($user) { } /** - * Returns a list of all available roles defined in either Configure or - * database. + * Returns a list of all available roles from the database if the roles + * table exists, otherwise returns the roles array from Configure. * - * @todo discuss caching (?) - * @todo this only works if Configure and rolesTable use a different name, - * otherwise the configure always takes precedence. Maybe restructure - * configuration options. - * - * @param array $user The user to get the roles for - * @return array List with all role ids belonging to the user + * @return array List with all available roles */ protected function _getAvailableRoles() { - $roles = Configure::read($this->_config['rolesTable']); - if (!is_array($roles)) { - $userTable = $this->getUserTable(); - $roles = $userTable->{$this->_config['rolesTable']}->find('all')->formatResults(function ($results) { - return $results->combine('alias', 'id'); - })->toArray(); - Configure::write($this->_config['rolesTable'], $roles); + // return roles array from Configure if no database table is found + $db = ConnectionManager::get('default'); + $collection = $db->schemaCollection(); + if (!in_array(Inflector::tableize($this->_config['rolesTable']), $collection->listTables())) { + return Configure::read($this->_config['rolesTable']); } + + // return all roles found in the database + $userTable = $this->getUserTable(); + $roles = $userTable->{$this->_config['rolesTable']}->find('all')->formatResults(function ($results) { + return $results->combine('alias', 'id'); + })->toArray(); + Configure::write($this->_config['rolesTable'], $roles); return $roles; } From 2823477c26508e3509d9d39bfc21dec8a7ac3d35 Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Sat, 28 Feb 2015 12:21:15 +0000 Subject: [PATCH 15/30] Refactors condition --- src/Auth/TinyAuthorize.php | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 4a584cfd..01a6d7ff 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -286,10 +286,9 @@ protected function _getUserRoles($user) { * @return array List with all available roles */ protected function _getAvailableRoles() { - // return roles array from Configure if no database table is found - $db = ConnectionManager::get('default'); - $collection = $db->schemaCollection(); - if (!in_array(Inflector::tableize($this->_config['rolesTable']), $collection->listTables())) { + // if no roles table exists return the roles array from Configure + $tables = ConnectionManager::get('default')->schemaCollection()->listTables(); + if (!in_array(Inflector::tableize($this->_config['rolesTable']), $tables)) { return Configure::read($this->_config['rolesTable']); } From e372ea3725da3162947f0fe1a4d95e43a4f8f021 Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Sun, 1 Mar 2015 12:03:30 +0000 Subject: [PATCH 16/30] Renames super admin role to allowAll for consistency --- src/Auth/TinyAuthorize.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 01a6d7ff..58aa93b8 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -45,10 +45,10 @@ class TinyAuthorize extends BaseAuthorize { protected $_defaultConfig = [ 'adminRole' => null, // id of the admin role used by allowAdmin - 'superAdminRole' => null, // id of super admin role granted access to ALL resources + 'adminPrefix' => 'admin', // admin prefix used by allowAdmin 'allowUser' => false, // enable to allow ALL roles access to all actions except prefixed with 'adminPrefix' 'allowAdmin' => false, // enable to allow admin role access to all 'adminPrefix' prefixed urls - 'adminPrefix' => 'admin', // admin prefix used by allowAdmin + 'allowAll' => null, // id of super admin role granted access to ALL resources 'cache' => AUTH_CACHE, 'cacheKey' => 'tiny_auth_acl', 'autoClearCache' => false, // usually done by Cache automatically in debug mode, @@ -121,9 +121,9 @@ public function validate($userRoles, Request $request) { } // allow logged in super admins access to all resources - if (!empty($this->_config['superAdminRole'])) { + if (!empty($this->_config['allowAll'])) { foreach ($userRoles as $userRole) { - if ($userRole === $this->_config['superAdminRole']) { + if ($userRole === $this->_config['allowAll']) { return true; } } @@ -292,7 +292,7 @@ protected function _getAvailableRoles() { return Configure::read($this->_config['rolesTable']); } - // return all roles found in the database + // table exists so return all roles found in the database $userTable = $this->getUserTable(); $roles = $userTable->{$this->_config['rolesTable']}->find('all')->formatResults(function ($results) { return $results->combine('alias', 'id'); From 463246e68375be9048e02bc644dae4a0e1e8749f Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Sun, 1 Mar 2015 12:09:55 +0000 Subject: [PATCH 17/30] Reverts superAdminRole --- src/Auth/TinyAuthorize.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 58aa93b8..99f545eb 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -44,17 +44,17 @@ class TinyAuthorize extends BaseAuthorize { protected $_acl = null; protected $_defaultConfig = [ - 'adminRole' => null, // id of the admin role used by allowAdmin - 'adminPrefix' => 'admin', // admin prefix used by allowAdmin + 'adminRole' => null, // id of the admin role (used by allowAdmin) + 'superAdminRole' => null, // id of super admin role granted access to ALL resources + 'adminPrefix' => 'admin', // admin prefix (used by allowAdmin) 'allowUser' => false, // enable to allow ALL roles access to all actions except prefixed with 'adminPrefix' 'allowAdmin' => false, // enable to allow admin role access to all 'adminPrefix' prefixed urls - 'allowAll' => null, // id of super admin role granted access to ALL resources 'cache' => AUTH_CACHE, 'cacheKey' => 'tiny_auth_acl', 'autoClearCache' => false, // usually done by Cache automatically in debug mode, + 'multiRole' => false, // enables multirole (HABTM) authorization (requires valid rolesTable and join table) 'roleColumn' => 'role_id', // name of column in user table holding role id (used for single role/BT only) 'rolesTable' => 'Roles', // name of table class OR Configure key holding all available roles - 'multiRole' => false // enables multirole (HABTM) authorization (requires valid rolesTable and join table) ]; /** @@ -121,9 +121,9 @@ public function validate($userRoles, Request $request) { } // allow logged in super admins access to all resources - if (!empty($this->_config['allowAll'])) { + if (!empty($this->_config['superAdminRole'])) { foreach ($userRoles as $userRole) { - if ($userRole === $this->_config['allowAll']) { + if ($userRole === $this->_config['superAdminRole']) { return true; } } From 64981f4c21a28fa0c5f1fb228132596fdab5a6ba Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Sun, 1 Mar 2015 16:46:58 +0000 Subject: [PATCH 18/30] Adds useDatabaseRoles boolean + refactors available roles and ini parsing --- src/Auth/TinyAuthorize.php | 90 +++++++++++++++++++++++--------------- 1 file changed, 55 insertions(+), 35 deletions(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 99f545eb..c62f3684 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -5,6 +5,7 @@ use Cake\Cache\Cache; use Cake\Controller\ComponentRegistry; use Cake\Core\Configure; +use Cake\Core\Exception\Exception; use Cake\Database\Schema\Collection; use Cake\Datasource\ConnectionManager; use Cake\Network\Request; @@ -44,17 +45,21 @@ class TinyAuthorize extends BaseAuthorize { protected $_acl = null; protected $_defaultConfig = [ - 'adminRole' => null, // id of the admin role (used by allowAdmin) + 'roleColumn' => 'role_id', // name of column in user table holding role id (used for single role/BT only) + 'rolesTable' => 'Roles', // name of (database) table class OR Configure key holding all available roles + 'useDatabaseRoles' => false, // true to use a database roles table instead of a Configure roles array + 'multiRole' => false, // true to enables multirole/HABTM authorization (requires valid rolesTable and join table) + + 'adminRole' => null, // id of the admin role (used to give access to all /admin prefixed resources when allowAdmin is enabled) 'superAdminRole' => null, // id of super admin role granted access to ALL resources - 'adminPrefix' => 'admin', // admin prefix (used by allowAdmin) + 'adminPrefix' => 'admin', // name of the admin prefix route (only used when allowAdmin is enabled) + 'allowAdmin' => false, // boolean, true to allow admin role access to all 'adminPrefix' prefixed urls 'allowUser' => false, // enable to allow ALL roles access to all actions except prefixed with 'adminPrefix' - 'allowAdmin' => false, // enable to allow admin role access to all 'adminPrefix' prefixed urls + 'cache' => AUTH_CACHE, 'cacheKey' => 'tiny_auth_acl', + 'cacheRolesKey' => 'tiny_auth_roles', 'autoClearCache' => false, // usually done by Cache automatically in debug mode, - 'multiRole' => false, // enables multirole (HABTM) authorization (requires valid rolesTable and join table) - 'roleColumn' => 'role_id', // name of column in user table holding role id (used for single role/BT only) - 'rolesTable' => 'Roles', // name of table class OR Configure key holding all available roles ]; /** @@ -62,13 +67,14 @@ class TinyAuthorize extends BaseAuthorize { * * @param ComponentRegistry $registry * @param array $config + * @throws Cake\Core\Exception\Exception */ public function __construct(ComponentRegistry $registry, array $config = []) { $config += $this->_defaultConfig; parent::__construct($registry, $config); if (Cache::config($config['cache']) === false) { - throw new \Exception(sprintf('TinyAuth could not find `%s` cache - expects at least a `default` cache', $config['cache'])); + throw new Exception(sprintf('TinyAuth could not find `%s` cache - expects at least a `default` cache', $config['cache'])); } } @@ -161,11 +167,12 @@ public function validate($userRoles, Request $request) { /** * @return Cake\ORM\Table The User table + * @throws Cake\Core\Exception\Exception */ public function getUserTable() { $table = TableRegistry::get(CLASS_USER); if (!$table->associations()->has($this->_config['rolesTable'])) { - throw new \Exception('Missing relationship between Users and ' . + throw new Exception('Missing TinyAuthorize relationship between Users and ' . $this->_config['rolesTable'] . '.'); } return $table; @@ -193,23 +200,9 @@ protected function _getAcl($path = null) { return $roles; } - if (!file_exists($path . ACL_FILE)) { - touch($path . ACL_FILE); - } - - if (function_exists('parse_ini_file')) { - $iniArray = parse_ini_file($path . ACL_FILE, true); - } else { - $iniArray = parse_ini_string(file_get_contents($path . ACL_FILE), true); - } - + $iniArray = $this->_parseAclIni($path . ACL_FILE); $availableRoles = $this->_getAvailableRoles(); - if (!is_array($availableRoles) || !is_array($iniArray)) { - trigger_error('Invalid Role Setup for TinyAuthorize (no roles found)'); - return []; - } - $res = []; foreach ($iniArray as $key => $array) { $res[$key] = $this->_deconstructIniKey($key); @@ -243,9 +236,9 @@ protected function _getAcl($path = null) { if (!($role = trim($role)) || $role === '*') { continue; } - $newRole = Configure::read($this->_config['rolesTable'] . '.' . strtolower($role)); + // lookup role id by name in roles array + $newRole = $availableRoles[strtolower($role)]; $res[$key]['actions'][$action][] = $newRole; - } } } @@ -261,14 +254,14 @@ protected function _getAcl($path = null) { * * @param array $user The user to get the roles for * @return array List with all role ids belonging to the user + * @throws Cake\Core\Exception\Exception */ protected function _getUserRoles($user) { if (!$this->_config['multiRole']) { if (isset($user[$this->_config['roleColumn']])) { return [$user[$this->_config['roleColumn']]]; } - trigger_error(sprintf('Missing role id (%s) in user session', $this->_config['roleColumn'])); - return []; + throw new Exception (sprintf('Missing TinyAuthorize role id (%s) in user session', $this->_config['roleColumn'])); } // multi-role: fetch user data and associated roles from database @@ -280,24 +273,51 @@ protected function _getUserRoles($user) { } /** - * Returns a list of all available roles from the database if the roles - * table exists, otherwise returns the roles array from Configure. + * Returns the acl.ini file as an array. + * + * @return array List with all available roles + * @throws Cake\Core\Exception\Exception + */ + protected function _parseAclIni($ini) { + if (!file_exists($ini)) { + throw new Exception(sprintf('Missing TinyAuthorize ACL file (%s)', $ini)); + } + + if (function_exists('parse_ini_file')) { + $iniArray = parse_ini_file($ini, true); + } else { + $iniArray = parse_ini_string(file_get_contents($ini), true); + } + if (!count($iniArray)) { + throw new Exception('Invalid TinyAuthorize ACL file'); + } + return $iniArray; + } + + /** + * Returns a list of all available roles from either Configure or the database. * * @return array List with all available roles + * @throws Cake\Core\Exception\Exception */ protected function _getAvailableRoles() { - // if no roles table exists return the roles array from Configure - $tables = ConnectionManager::get('default')->schemaCollection()->listTables(); - if (!in_array(Inflector::tableize($this->_config['rolesTable']), $tables)) { - return Configure::read($this->_config['rolesTable']); + // get roles from Configure + if (!$this->_config['useDatabaseRoles']) { + $roles = Configure::read($this->_config['rolesTable']); + if (!$roles) { + throw new Exception('Invalid TinyAuthorize Role Setup (no Configure roles found)'); + } + return $roles; } - // table exists so return all roles found in the database + // get roles from database $userTable = $this->getUserTable(); $roles = $userTable->{$this->_config['rolesTable']}->find('all')->formatResults(function ($results) { return $results->combine('alias', 'id'); })->toArray(); - Configure::write($this->_config['rolesTable'], $roles); + if (!count($roles)) { + throw new Exception('Invalid TinyAuthorize Role Setup (no database roles found)'); + } return $roles; } From 929b680d05321e4ab033b3759569ddf5f13a6fea Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Sun, 1 Mar 2015 16:48:35 +0000 Subject: [PATCH 19/30] Removes unused var --- src/Auth/TinyAuthorize.php | 1 - 1 file changed, 1 deletion(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index c62f3684..3aee4f3f 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -58,7 +58,6 @@ class TinyAuthorize extends BaseAuthorize { 'cache' => AUTH_CACHE, 'cacheKey' => 'tiny_auth_acl', - 'cacheRolesKey' => 'tiny_auth_roles', 'autoClearCache' => false, // usually done by Cache automatically in debug mode, ]; From a4df046b3d4ead948b5b3e1eacd8543978dad64b Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Mon, 2 Mar 2015 14:48:58 +0000 Subject: [PATCH 20/30] Removes user dependency for available roles + hardening --- phpunit.log | 142 ++++++++++++++++++++++ src/Auth/TinyAuthorize.php | 26 ++-- tests/TestCase/Auth/TinyAuthorizeTest.php | 2 +- 3 files changed, 158 insertions(+), 12 deletions(-) create mode 100644 phpunit.log diff --git a/phpunit.log b/phpunit.log new file mode 100644 index 00000000..2f0e2658 --- /dev/null +++ b/phpunit.log @@ -0,0 +1,142 @@ +PHPUnit 4.4.4 by Sebastian Bergmann. + +Configuration read from /home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/phpunit.xml.dist + +S....EEEEEEEEEEEFE.. + +Time: 962 ms, Memory: 14.50Mb + +There were 12 errors: + +1) TinyAuth\Test\Auth\TinyAuthorizeTest::testGetAcl +Exception: Missing relationship between Users and Roles. + +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:172 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:301 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:210 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1234 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1230 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:151 + +2) TinyAuth\Test\Auth\TinyAuthorizeTest::testBasicUserMethodDisallowed +Exception: Missing relationship between Users and Roles. + +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:172 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:301 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:210 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1234 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:138 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:92 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:312 + +3) TinyAuth\Test\Auth\TinyAuthorizeTest::testBasicUserMethodAllowed +Exception: Missing relationship between Users and Roles. + +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:172 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:301 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:210 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1234 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:138 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:92 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:374 + +4) TinyAuth\Test\Auth\TinyAuthorizeTest::testCaseSensitivity +Exception: Missing relationship between Users and Roles. + +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:172 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:301 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:210 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1234 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:138 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:92 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:447 + +5) TinyAuth\Test\Auth\TinyAuthorizeTest::testBasicUserMethodAllowedWithLongActionNames +Exception: Missing relationship between Users and Roles. + +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:172 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:301 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:210 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1234 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:138 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:92 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:513 + +6) TinyAuth\Test\Auth\TinyAuthorizeTest::testBasicUserMethodAllowedWithLongActionNamesUnderscored +Exception: Missing relationship between Users and Roles. + +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:172 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:301 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:210 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1234 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:138 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:92 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:577 + +7) TinyAuth\Test\Auth\TinyAuthorizeTest::testBasicUserMethodAllowedMultiRole +Missing role id (role_id) in user session + +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:273 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:92 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:639 + +8) TinyAuth\Test\Auth\TinyAuthorizeTest::testBasicUserMethodAllowedWildcard +Exception: Missing relationship between Users and Roles. + +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:172 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:301 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:210 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1234 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:138 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:92 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:690 + +9) TinyAuth\Test\Auth\TinyAuthorizeTest::testBasicUserMethodAllowedWildcardSpecificGroup +Exception: Missing relationship between Users and Roles. + +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:172 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:301 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:210 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1234 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:138 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:92 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:757 + +10) TinyAuth\Test\Auth\TinyAuthorizeTest::testUserMethodsAllowed +Exception: Missing relationship between Users and Roles. + +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:172 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:301 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:210 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1234 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:138 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:92 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:846 + +11) TinyAuth\Test\Auth\TinyAuthorizeTest::testAdminMethodsAllowed +Exception: Missing relationship between Users and Roles. + +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:172 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:301 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:210 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1234 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:138 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:92 +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:954 + +12) TinyAuth\Test\Auth\TinyAuthorizeTest::testSuperAdminRole +Undefined index: actions + +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1061 + +-- + +There was 1 failure: + +1) TinyAuth\Test\Auth\TinyAuthorizeTest::testWithRolesTable +Failed asserting that false is true. + +/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1003 + +FAILURES! +Tests: 20, Assertions: 91, Failures: 1, Errors: 12, Skipped: 1. diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 3aee4f3f..b24e6d57 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -294,28 +294,32 @@ protected function _parseAclIni($ini) { } /** - * Returns a list of all available roles from either Configure or the database. + * Returns a list of all available roles. Will look for a roles array in + * Configure first, tries database roles table next. * * @return array List with all available roles * @throws Cake\Core\Exception\Exception */ protected function _getAvailableRoles() { - // get roles from Configure - if (!$this->_config['useDatabaseRoles']) { - $roles = Configure::read($this->_config['rolesTable']); - if (!$roles) { - throw new Exception('Invalid TinyAuthorize Role Setup (no Configure roles found)'); - } + $roles = Configure::read($this->_config['rolesTable']); + if (is_array($roles)) { return $roles; } - // get roles from database - $userTable = $this->getUserTable(); - $roles = $userTable->{$this->_config['rolesTable']}->find('all')->formatResults(function ($results) { + // no roles in Configure AND rolesTable does not exist + $tables = ConnectionManager::get('default')->schemaCollection()->listTables(); + if (!in_array(Inflector::tableize($this->_config['rolesTable']), $tables)) { + throw new Exception('Invalid TinyAuthorize Role Setup (no roles found)'); + } + + // fetch roles from database + $rolesTable = TableRegistry::get($this->_config['rolesTable']); + $roles = $rolesTable->find('all')->formatResults(function ($results) { return $results->combine('alias', 'id'); })->toArray(); + if (!count($roles)) { - throw new Exception('Invalid TinyAuthorize Role Setup (no database roles found)'); + throw new Exception('Invalid TinyAuthorize Role Setup (rolesTable has no roles)'); } return $roles; } diff --git a/tests/TestCase/Auth/TinyAuthorizeTest.php b/tests/TestCase/Auth/TinyAuthorizeTest.php index e72bd761..31a1f6b7 100644 --- a/tests/TestCase/Auth/TinyAuthorizeTest.php +++ b/tests/TestCase/Auth/TinyAuthorizeTest.php @@ -19,7 +19,7 @@ class TinyAuthorizeTest extends TestCase { 'core.users', 'core.auth_users', 'plugin.tiny_auth.roles', - //'plugin.tiny_auth.roles_users', +// 'plugin.tiny_auth.roles_users', ]; public $Collection; From 3b79adef59060e019e2c096e2cba328045ecfd8b Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Tue, 3 Mar 2015 05:26:19 +0000 Subject: [PATCH 21/30] Removing log --- phpunit.log | 142 ---------------------------------------------------- 1 file changed, 142 deletions(-) delete mode 100644 phpunit.log diff --git a/phpunit.log b/phpunit.log deleted file mode 100644 index 2f0e2658..00000000 --- a/phpunit.log +++ /dev/null @@ -1,142 +0,0 @@ -PHPUnit 4.4.4 by Sebastian Bergmann. - -Configuration read from /home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/phpunit.xml.dist - -S....EEEEEEEEEEEFE.. - -Time: 962 ms, Memory: 14.50Mb - -There were 12 errors: - -1) TinyAuth\Test\Auth\TinyAuthorizeTest::testGetAcl -Exception: Missing relationship between Users and Roles. - -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:172 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:301 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:210 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1234 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1230 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:151 - -2) TinyAuth\Test\Auth\TinyAuthorizeTest::testBasicUserMethodDisallowed -Exception: Missing relationship between Users and Roles. - -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:172 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:301 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:210 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1234 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:138 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:92 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:312 - -3) TinyAuth\Test\Auth\TinyAuthorizeTest::testBasicUserMethodAllowed -Exception: Missing relationship between Users and Roles. - -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:172 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:301 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:210 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1234 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:138 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:92 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:374 - -4) TinyAuth\Test\Auth\TinyAuthorizeTest::testCaseSensitivity -Exception: Missing relationship between Users and Roles. - -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:172 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:301 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:210 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1234 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:138 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:92 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:447 - -5) TinyAuth\Test\Auth\TinyAuthorizeTest::testBasicUserMethodAllowedWithLongActionNames -Exception: Missing relationship between Users and Roles. - -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:172 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:301 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:210 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1234 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:138 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:92 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:513 - -6) TinyAuth\Test\Auth\TinyAuthorizeTest::testBasicUserMethodAllowedWithLongActionNamesUnderscored -Exception: Missing relationship between Users and Roles. - -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:172 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:301 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:210 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1234 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:138 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:92 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:577 - -7) TinyAuth\Test\Auth\TinyAuthorizeTest::testBasicUserMethodAllowedMultiRole -Missing role id (role_id) in user session - -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:273 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:92 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:639 - -8) TinyAuth\Test\Auth\TinyAuthorizeTest::testBasicUserMethodAllowedWildcard -Exception: Missing relationship between Users and Roles. - -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:172 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:301 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:210 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1234 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:138 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:92 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:690 - -9) TinyAuth\Test\Auth\TinyAuthorizeTest::testBasicUserMethodAllowedWildcardSpecificGroup -Exception: Missing relationship between Users and Roles. - -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:172 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:301 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:210 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1234 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:138 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:92 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:757 - -10) TinyAuth\Test\Auth\TinyAuthorizeTest::testUserMethodsAllowed -Exception: Missing relationship between Users and Roles. - -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:172 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:301 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:210 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1234 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:138 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:92 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:846 - -11) TinyAuth\Test\Auth\TinyAuthorizeTest::testAdminMethodsAllowed -Exception: Missing relationship between Users and Roles. - -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:172 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:301 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:210 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1234 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:138 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/src/Auth/TinyAuthorize.php:92 -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:954 - -12) TinyAuth\Test\Auth\TinyAuthorizeTest::testSuperAdminRole -Undefined index: actions - -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1061 - --- - -There was 1 failure: - -1) TinyAuth\Test\Auth\TinyAuthorizeTest::testWithRolesTable -Failed asserting that false is true. - -/home/vagrant/Apps/app-plusplus/vendor/dereuromark/cakephp-tinyauth/tests/TestCase/Auth/TinyAuthorizeTest.php:1003 - -FAILURES! -Tests: 20, Assertions: 91, Failures: 1, Errors: 12, Skipped: 1. From 996552507a15abc784fb034703ec3bfb1a32a9ef Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Tue, 3 Mar 2015 06:22:33 +0000 Subject: [PATCH 22/30] Adds tests for available roles --- tests/Fixture/EmptyRolesFixture.php | 30 +++++++++ tests/TestCase/Auth/TinyAuthorizeTest.php | 78 ++++++++++++++++++++++- 2 files changed, 107 insertions(+), 1 deletion(-) create mode 100644 tests/Fixture/EmptyRolesFixture.php diff --git a/tests/Fixture/EmptyRolesFixture.php b/tests/Fixture/EmptyRolesFixture.php new file mode 100644 index 00000000..159b1a2d --- /dev/null +++ b/tests/Fixture/EmptyRolesFixture.php @@ -0,0 +1,30 @@ + ['type' => 'integer'], + 'alias' => ['type' => 'string', 'null' => false, 'default' => null, 'length' => 20, 'collate' => 'utf8_unicode_ci', 'comment' => '', 'charset' => 'utf8'], + '_constraints' => ['primary' => ['type' => 'primary', 'columns' => ['id']]] + ]; + + /** + * Records + * + * @var array + */ + public $records = []; + +} diff --git a/tests/TestCase/Auth/TinyAuthorizeTest.php b/tests/TestCase/Auth/TinyAuthorizeTest.php index 31a1f6b7..ce6903a4 100644 --- a/tests/TestCase/Auth/TinyAuthorizeTest.php +++ b/tests/TestCase/Auth/TinyAuthorizeTest.php @@ -19,7 +19,7 @@ class TinyAuthorizeTest extends TestCase { 'core.users', 'core.auth_users', 'plugin.tiny_auth.roles', -// 'plugin.tiny_auth.roles_users', + 'plugin.tiny_auth.empty_roles', ]; public $Collection; @@ -1068,6 +1068,82 @@ public function testSuperAdminRole() { } } + /** + * Tests getting available Roles from Configure and database + * + * @return void + */ + public function testAvailableRoles() { + $object = new TestTinyAuthorize($this->Collection, [ + 'autoClearCache' => true, + 'rolesTable' => 'Roles' + ]); + + // Make protected function available + $reflection = new \ReflectionClass(get_class($object)); + $method = $reflection->getMethod('_getAvailableRoles'); + $method->setAccessible(true); + + // Test against roles array in Configure + $expected = [ + 'user' => 1, + 'moderator' => 2, + 'admin' => 3, + 'public' => -1 + ]; + $res = $method->invoke($object); + $this->assertEquals($expected, $res); + + // Test against roles from database + Configure::delete('Roles'); + $expected = [ + 'superadmin' => 1, + 'admin' => 2, + 'user' => 4, + 'partner' => 6 + ]; + $res = $method->invoke($object); + $this->assertEquals($expected, $res); + } + + /** + * Test exception thrown when no roles are in Configure AND the roles + * database table does not exist. + * + * @expectedException Cake\Core\Exception\Exception + */ + public function testAvailableRolesMissingTableException() { + $object = new TestTinyAuthorize($this->Collection, [ + 'autoClearCache' => true, + 'rolesTable' => 'NonExistentTable' + ]); + + // Make protected function available + $reflection = new \ReflectionClass(get_class($object)); + $method = $reflection->getMethod('_getAvailableRoles'); + $method->setAccessible(true); + $res = $method->invoke($object); + } + + /** + * Test exception thrown when the roles database table exists but contains + * no roles/records. + * + * @expectedException Cake\Core\Exception\Exception + */ + public function testAvailableRolesEmptyTableException() { + $object = new TestTinyAuthorize($this->Collection, [ + 'autoClearCache' => true, + 'rolesTable' => 'EmptyRoles' + ]); + + // Make protected function available + $reflection = new \ReflectionClass(get_class($object)); + $method = $reflection->getMethod('_getAvailableRoles'); + $method->setAccessible(true); + $res = $method->invoke($object); + } + /** * Tests constructing an ACL ini section key using CakeRequest parameters * From 9762636d80f12dab6169e1eb998483a0fe86dc1b Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Tue, 3 Mar 2015 07:04:00 +0000 Subject: [PATCH 23/30] Adds tests for ini parsing --- tests/TestCase/Auth/TinyAuthorizeTest.php | 69 +++++++++++++++++++++-- 1 file changed, 65 insertions(+), 4 deletions(-) diff --git a/tests/TestCase/Auth/TinyAuthorizeTest.php b/tests/TestCase/Auth/TinyAuthorizeTest.php index ce6903a4..3e7f9c6d 100644 --- a/tests/TestCase/Auth/TinyAuthorizeTest.php +++ b/tests/TestCase/Auth/TinyAuthorizeTest.php @@ -124,6 +124,9 @@ public function setUp() { public function tearDown() { unlink(TMP . 'acl.ini'); + if (file_exists(TMP . 'acl.empty.ini')) { + unlink(TMP . 'acl.empty.ini'); + } parent::tearDown(); } @@ -1068,6 +1071,64 @@ public function testSuperAdminRole() { } } + + + /** + * Tests acl.ini parsing method. + * + * @return void + */ + public function testIniParsing() { + $object = new TestTinyAuthorize($this->Collection, [ + 'autoClearCache' => true + ]); + + // Make protected function available + $reflection = new \ReflectionClass(get_class($object)); + $method = $reflection->getMethod('_parseAclIni'); + $method->setAccessible(true); + $res = $method->invokeArgs($object, [TMP . 'acl.ini']); + assert(is_array($res)); + } + + /** + * Tests exception thrown when no acl.ini exists. + * + * @expectedException Cake\Core\Exception\Exception + */ + public function testIniParsingMissingFileException() { + $object = new TestTinyAuthorize($this->Collection, [ + 'autoClearCache' => true + ]); + + // Make protected function available + $reflection = new \ReflectionClass(get_class($object)); + $method = $reflection->getMethod('_parseAclIni'); + $method->setAccessible(true); + $method->invokeArgs($object, [DS . 'non' . DS . 'existent' . DS . 'acl.ini']); + } + + /** + * Tests exception thrown when acl.ini is empty. + * + * @expectedException Cake\Core\Exception\Exception + */ + public function testIniParsingEmptyFileException() { + $object = new TestTinyAuthorize($this->Collection, [ + 'autoClearCache' => true + ]); + + // Make protected function available + $reflection = new \ReflectionClass(get_class($object)); + $method = $reflection->getMethod('_parseAclIni'); + $method->setAccessible(true); + + // Create temporary empty acl.ini file + pr(TMP); + touch(TMP . 'acl.empty.ini'); + $method->invokeArgs($object, [TMP . 'acl.empty.ini']); + } + /** * Tests getting available Roles from Configure and database * @@ -1107,7 +1168,7 @@ public function testAvailableRoles() { } /** - * Test exception thrown when no roles are in Configure AND the roles + * Tests exception thrown when no roles are in Configure AND the roles * database table does not exist. * * @expectedException Cake\Core\Exception\Exception @@ -1122,11 +1183,11 @@ public function testAvailableRolesMissingTableException() { $reflection = new \ReflectionClass(get_class($object)); $method = $reflection->getMethod('_getAvailableRoles'); $method->setAccessible(true); - $res = $method->invoke($object); + $method->invoke($object); } /** - * Test exception thrown when the roles database table exists but contains + * Tests exception thrown when the roles database table exists but contains * no roles/records. * * @expectedException Cake\Core\Exception\Exception @@ -1141,7 +1202,7 @@ public function testAvailableRolesEmptyTableException() { $reflection = new \ReflectionClass(get_class($object)); $method = $reflection->getMethod('_getAvailableRoles'); $method->setAccessible(true); - $res = $method->invoke($object); + $method->invoke($object); } /** From 8cd81305b7c298d9f0577caada7b73276b6f93ce Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Tue, 3 Mar 2015 10:29:09 +0000 Subject: [PATCH 24/30] Renames RolesFixture and aligns role definitions with testcase --- ...esFixture.php => DatabaseRolesFixture.php} | 50 +++++-------------- 1 file changed, 13 insertions(+), 37 deletions(-) rename tests/Fixture/{RolesFixture.php => DatabaseRolesFixture.php} (51%) diff --git a/tests/Fixture/RolesFixture.php b/tests/Fixture/DatabaseRolesFixture.php similarity index 51% rename from tests/Fixture/RolesFixture.php rename to tests/Fixture/DatabaseRolesFixture.php index 1cea587a..424d479a 100644 --- a/tests/Fixture/RolesFixture.php +++ b/tests/Fixture/DatabaseRolesFixture.php @@ -4,10 +4,9 @@ use Cake\TestSuite\Fixture\TestFixture; /** - * RoleFixture - * + * DatabaseRolesFixture. */ -class RolesFixture extends TestFixture { +class DatabaseRolesFixture extends TestFixture { /** * Fields @@ -19,11 +18,8 @@ class RolesFixture extends TestFixture { 'name' => ['type' => 'string', 'null' => false, 'length' => 64, 'collate' => 'utf8_unicode_ci', 'comment' => '', 'charset' => 'utf8'], 'description' => ['type' => 'string', 'null' => false, 'default' => null, 'collate' => 'utf8_unicode_ci', 'comment' => '', 'charset' => 'utf8'], 'alias' => ['type' => 'string', 'null' => false, 'default' => null, 'length' => 20, 'collate' => 'utf8_unicode_ci', 'comment' => '', 'charset' => 'utf8'], - 'default_role' => ['type' => 'boolean', 'null' => false, 'default' => '0', 'collate' => null, 'comment' => 'set at register'], 'created' => ['type' => 'datetime', 'null' => true, 'default' => null, 'collate' => null, 'comment' => ''], 'modified' => ['type' => 'datetime', 'null' => true, 'default' => null, 'collate' => null, 'comment' => ''], - 'sort' => ['type' => 'integer', 'null' => false, 'default' => '0', 'length' => 10, 'collate' => null, 'comment' => ''], - 'active' => ['type' => 'boolean', 'null' => false, 'default' => '0', 'collate' => null, 'comment' => ''], '_constraints' => ['primary' => ['type' => 'primary', 'columns' => ['id']]] ]; @@ -34,49 +30,29 @@ class RolesFixture extends TestFixture { */ public $records = [ [ - 'id' => '2', - 'name' => 'Admin', - 'description' => 'Zuständig für die Verwaltung der Seite und Mitglieder, Ahndung von Missbrauch und CO', - 'alias' => 'admin', - 'default_role' => 0, - 'created' => '2010-01-07 03:36:33', - 'modified' => '2010-01-07 03:36:33', - 'sort' => '6', - 'active' => 1 - ], - [ - 'id' => '4', + 'id' => '11', 'name' => 'User', - 'description' => 'Standardrolle jedes Mitglieds (ausreichend für die meisten Aktionen)', + 'description' => 'Basic authenticated user', 'alias' => 'user', - 'default_role' => 1, 'created' => '2010-01-07 03:36:33', 'modified' => '2010-01-07 03:36:33', - 'sort' => '1', - 'active' => 1 ], [ - 'id' => '6', - 'name' => 'Partner', - 'description' => 'Partner', - 'alias' => 'partner', - 'default_role' => 0, + 'id' => '12', + 'name' => 'Moderator', + 'description' => 'Authenticated user with moderator role', + 'alias' => 'moderator', 'created' => '2010-01-07 03:36:33', 'modified' => '2010-01-07 03:36:33', - 'sort' => '0', - 'active' => 1 ], [ - 'id' => '1', - 'name' => 'Super-Admin', - 'description' => 'Zuständig für Programmierung, Sicherheit, Bugfixes, Hosting und CO', - 'alias' => 'superadmin', - 'default_role' => 0, + 'id' => '13', + 'name' => 'Admin', + 'description' => 'Authenticated user with admin role', + 'alias' => 'admin', 'created' => '2010-01-07 03:36:33', 'modified' => '2010-01-07 03:36:33', - 'sort' => '7', - 'active' => 1 - ], + ] ]; } From 60f252029db1cc6c487d016731cd07f7af7f42ee Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Tue, 3 Mar 2015 10:31:10 +0000 Subject: [PATCH 25/30] Adds configure/database multirole + tests --- src/Auth/TinyAuthorize.php | 130 ++++--- tests/Fixture/DatabaseRolesUsersFixture.php | 50 +++ tests/Fixture/RolesUsersFixture.php | 13 +- tests/Fixture/UsersFixture.php | 47 +++ tests/TestCase/Auth/TinyAuthorizeTest.php | 364 ++++++++++---------- 5 files changed, 370 insertions(+), 234 deletions(-) create mode 100644 tests/Fixture/DatabaseRolesUsersFixture.php create mode 100644 tests/Fixture/UsersFixture.php diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index b24e6d57..91ea3ba3 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -246,31 +246,6 @@ protected function _getAcl($path = null) { return $res; } - /** - * Returns a list of all roles belonging to the authenticated user - * - * @todo discuss trigger_error + caching (?) - * - * @param array $user The user to get the roles for - * @return array List with all role ids belonging to the user - * @throws Cake\Core\Exception\Exception - */ - protected function _getUserRoles($user) { - if (!$this->_config['multiRole']) { - if (isset($user[$this->_config['roleColumn']])) { - return [$user[$this->_config['roleColumn']]]; - } - throw new Exception (sprintf('Missing TinyAuthorize role id (%s) in user session', $this->_config['roleColumn'])); - } - - // multi-role: fetch user data and associated roles from database - $usersTable = $this->getUserTable(); - $userData = $usersTable->get($user['id'], [ - 'contain' => [$this->_config['rolesTable']] - ]); - return Hash::extract($userData->toArray(), Inflector::tableize($this->_config['rolesTable']) . '.{n}.id'); - } - /** * Returns the acl.ini file as an array. * @@ -293,37 +268,6 @@ protected function _parseAclIni($ini) { return $iniArray; } - /** - * Returns a list of all available roles. Will look for a roles array in - * Configure first, tries database roles table next. - * - * @return array List with all available roles - * @throws Cake\Core\Exception\Exception - */ - protected function _getAvailableRoles() { - $roles = Configure::read($this->_config['rolesTable']); - if (is_array($roles)) { - return $roles; - } - - // no roles in Configure AND rolesTable does not exist - $tables = ConnectionManager::get('default')->schemaCollection()->listTables(); - if (!in_array(Inflector::tableize($this->_config['rolesTable']), $tables)) { - throw new Exception('Invalid TinyAuthorize Role Setup (no roles found)'); - } - - // fetch roles from database - $rolesTable = TableRegistry::get($this->_config['rolesTable']); - $roles = $rolesTable->find('all')->formatResults(function ($results) { - return $results->combine('alias', 'id'); - })->toArray(); - - if (!count($roles)) { - throw new Exception('Invalid TinyAuthorize Role Setup (rolesTable has no roles)'); - } - return $roles; - } - /** * Deconstructs an ACL ini section key into a named array with ACL parts * @@ -363,4 +307,78 @@ protected function _constructIniKey(Request $request) { return $res; } + /** + * Returns a list of all available roles. Will look for a roles array in + * Configure first, tries database roles table next. + * + * @return array List with all available roles + * @throws Cake\Core\Exception\Exception + */ + protected function _getAvailableRoles() { + $roles = Configure::read($this->_config['rolesTable']); + if (is_array($roles)) { + return $roles; + } + + // no roles in Configure AND rolesTable does not exist + $tables = ConnectionManager::get('default')->schemaCollection()->listTables(); + if (!in_array(Inflector::tableize($this->_config['rolesTable']), $tables)) { + throw new Exception('Invalid TinyAuthorize Role Setup (no roles found in Configure or database)'); + } + + // fetch roles from database + $rolesTable = TableRegistry::get($this->_config['rolesTable']); + $roles = $rolesTable->find('all')->formatResults(function ($results) { + return $results->combine('alias', 'id'); + })->toArray(); + + if (!count($roles)) { + throw new Exception('Invalid TinyAuthorize Role Setup (rolesTable has no roles)'); + } + return $roles; + } + + /** + * Returns a list of all roles belonging to the authenticated user in the + * following order: + * - single role id using the roleColumn in single-role mode + * - direct lookup in the pivot table (to support both Configure and Model + * in multi-role mode) + * + * @param array $user The user to get the roles for + * @return array List with all role ids belonging to the user + * @throws Cake\Core\Exception\Exception + */ + protected function _getUserRoles($user) { + // single-role + if (!$this->_config['multiRole']) { + if (isset($user[$this->_config['roleColumn']])) { + return [$user[$this->_config['roleColumn']]]; + } + throw new Exception (sprintf('Missing TinyAuthorize role id (%s) in user session', $this->_config['roleColumn'])); + } + + // multi-role: reverse engineer name of the pivot table + $rolesTableName = Inflector::tableize($this->_config['rolesTable']); + $tables = [ + Inflector::tableize(CLASS_USER), + $rolesTableName + ]; + asort($tables); + $pivotTableName = implode('_', $tables); + + // fetch roles directly from the pivot table + $pivotTable = TableRegistry::get($pivotTableName); + $roleColumn = Inflector::singularize($rolesTableName) . '_id'; + $roles = $pivotTable->find('all', [ + 'conditions' => ['user_id =' => $user['id']], + 'fields' => $roleColumn + ])->extract($roleColumn)->toArray(); + + if (!count($roles)) { + throw new Exception ('Missing TinyAuthorize roles for user in pivot table'); + } + return $roles; + } + } diff --git a/tests/Fixture/DatabaseRolesUsersFixture.php b/tests/Fixture/DatabaseRolesUsersFixture.php new file mode 100644 index 00000000..6afafa68 --- /dev/null +++ b/tests/Fixture/DatabaseRolesUsersFixture.php @@ -0,0 +1,50 @@ + ['type' => 'integer'], + 'user_id' => ['type' => 'integer'], + 'database_role_id' => ['type' => 'integer'], + '_constraints' => [ + 'primary' => ['type' => 'primary', 'columns' => ['id']] + ] + ]; + + /** + * Records + * + * @var array + */ + public $records = [ + [ + 'id' => 1, + 'user_id' => 1, + 'database_role_id' => 11 // user + ], + [ + 'id' => 2, + 'user_id' => 1, + 'database_role_id' => 12 // moderator + ], + [ + 'id' => 3, + 'user_id' => 2, + 'database_role_id' => 11 // user + ], + [ + 'id' => 4, + 'user_id' => 2, + 'database_role_id' => 13 // admin + ], + ]; + +} diff --git a/tests/Fixture/RolesUsersFixture.php b/tests/Fixture/RolesUsersFixture.php index a6525186..eb1db648 100644 --- a/tests/Fixture/RolesUsersFixture.php +++ b/tests/Fixture/RolesUsersFixture.php @@ -28,18 +28,23 @@ class RolesUsersFixture extends TestFixture { [ 'id' => 1, 'user_id' => 1, - 'role_id' => 1 + 'role_id' => 1 // user ], [ 'id' => 2, - 'user_id' => 2, - 'role_id' => 2 + 'user_id' => 1, + 'role_id' => 2 // moderator ], [ 'id' => 3, 'user_id' => 2, - 'role_id' => 3 + 'role_id' => 1 // user ], + [ + 'id' => 4, + 'user_id' => 2, + 'role_id' => 3 // admin + ] ]; } diff --git a/tests/Fixture/UsersFixture.php b/tests/Fixture/UsersFixture.php new file mode 100644 index 00000000..9826531a --- /dev/null +++ b/tests/Fixture/UsersFixture.php @@ -0,0 +1,47 @@ + ['type' => 'integer'], + 'username' => ['type' => 'string', 'null' => false, 'length' => 64, 'collate' => 'utf8_unicode_ci', 'comment' => '', 'charset' => 'utf8'], + 'role_id' => ['type' => 'integer', 'null' => false, 'default' => '0', 'length' => 11, 'collate' => null, 'comment' => ''], + '_constraints' => ['primary' => ['type' => 'primary', 'columns' => ['id']]] + ]; + + /** + * Records + * + * @var array + */ + public $records = [ + [ + 'id' => '1', + 'username' => 'dereuromark', + 'role_id' => 1 + ], + [ + 'id' => '2', + 'username' => 'bravo-kernel', + 'role_id' => 3 + ], + [ + 'id' => '3', + 'username' => 'adriana', + 'role_id' => 2 + ] + ]; + +} diff --git a/tests/TestCase/Auth/TinyAuthorizeTest.php b/tests/TestCase/Auth/TinyAuthorizeTest.php index 3e7f9c6d..92343999 100644 --- a/tests/TestCase/Auth/TinyAuthorizeTest.php +++ b/tests/TestCase/Auth/TinyAuthorizeTest.php @@ -16,10 +16,11 @@ class TinyAuthorizeTest extends TestCase { public $fixtures = [ - 'core.users', - 'core.auth_users', - 'plugin.tiny_auth.roles', + 'plugin.tiny_auth.users', + 'plugin.tiny_auth.database_roles', 'plugin.tiny_auth.empty_roles', + 'plugin.tiny_auth.roles_users', // pivot table using Configure role ids + 'plugin.tiny_auth.database_roles_users' // pivot table using Database role ids ]; public $Collection; @@ -625,45 +626,48 @@ public function testBasicUserMethodAllowedWithLongActionNamesUnderscored() { } /** + * Tests multirole authorization. + * * @return void */ public function testBasicUserMethodAllowedMultiRole() { + // Test against roles array in Configure $object = new TestTinyAuthorize($this->Collection, [ - 'autoClearCache' => true + 'autoClearCache' => true, + 'multiRole' => true, + 'rolesTable' => 'Roles' ]); $this->request->params['controller'] = 'Tags'; $this->request->params['action'] = 'delete'; - // Flat list of roles - $user = [ - 'Roles' => [2, 4] - ]; + // User 1 has roles 1 (user) and 2 (moderator): admin required for the delete. + $user = ['id' => 1]; $res = $object->authorize($user, $this->request); $this->assertFalse($res); - $user = [ - 'Roles' => [1, 3] - ]; + // User 2 has roles 1 (user) and 3 (admin): admin required for the delete. + $user = ['id' => 2]; $res = $object->authorize($user, $this->request); $this->assertTrue($res); - // Verbose role definition using the new 2.x contain param for Auth - $user = [ - 'Roles' => [ - ['id' => 2, 'RoleUsers' => []], - ['id' => 4, 'RoleUsers' => []] - ], - ]; + // Test against roles array in Database + $object = new TestTinyAuthorize($this->Collection, [ + 'autoClearCache' => true, + 'multiRole' => true, + 'rolesTable' => 'DatabaseRoles' + ]); + + $this->request->params['controller'] = 'Tags'; + $this->request->params['action'] = 'delete'; + + // User 1 has roles 11 (user) and 12 (moderator): admin required for the delete. + $user = ['id' => 1]; $res = $object->authorize($user, $this->request); $this->assertFalse($res); - $user = [ - 'Roles' => [ - ['id' => 1, 'RoleUsers' => []], - ['id' => 3, 'RoleUsers' => []] - ] - ]; + // User 2 has roles 11 (user) and 13 (admin): admin required for the delete. + $user = ['id' => 2]; $res = $object->authorize($user, $this->request); $this->assertTrue($res); } @@ -975,76 +979,6 @@ public function testAdminMethodsAllowed() { $this->assertTrue($res); } - /** - * TinyAuthorizeTest::testWithRolesTable() - * - * @return void - */ - public function testWithRolesTable() { - $Users = TableRegistry::get('Users'); - $Users->belongsTo('Roles'); - - // We want the session to be used. - Configure::delete('Roles'); - $object = new TestTinyAuthorize($this->Collection, [ - 'autoClearCache' => true - ]); - - // test standard controller - $this->request->params['controller'] = 'Tags'; - $this->request->params['action'] = 'edit'; - - // User role is 4 here, though. Also contains left joined Role date here just to check that it works, too. - $user = [ - 'Roles' => [ - 'id' => '4', - 'alias' => 'user' - ], - 'role_id' => 4, - ]; - $res = $object->authorize($user, $this->request); - $this->assertTrue($res); - - Configure::delete('Roles'); - $object = new TestTinyAuthorize($this->Collection, ['autoClearCache' => true]); - - $user = [ - 'role_id' => 6 - ]; - $res = $object->authorize($user, $this->request); - $this->assertFalse($res); - - $this->assertTrue((bool)(Configure::read('Roles'))); - - // Multi-role test - failure - Configure::delete('Roles'); - $object = new TestTinyAuthorize($this->Collection, ['autoClearCache' => true]); - - $user = [ - 'Roles' => [ - ['id' => 7, 'alias' => 'user'], - ['id' => 8, 'alias' => 'partner'] - ] - ]; - $res = $object->authorize($user, $this->request); - $this->assertFalse($res); - - $this->assertTrue((bool)(Configure::read('Roles'))); - - Configure::delete('Roles'); - $object = new TestTinyAuthorize($this->Collection, ['autoClearCache' => true]); - - // Multi-role test - $user = [ - 'Roles' => [ - ['id' => 4, 'alias' => 'user'], - ['id' => 6, 'alias' => 'partner'], - ] - ]; - $res = $object->authorize($user, $this->request); - $this->assertTrue($res); - } - /** * Tests superAdmin role, allowed to all actions * @@ -1071,8 +1005,6 @@ public function testSuperAdminRole() { } } - - /** * Tests acl.ini parsing method. * @@ -1088,7 +1020,7 @@ public function testIniParsing() { $method = $reflection->getMethod('_parseAclIni'); $method->setAccessible(true); $res = $method->invokeArgs($object, [TMP . 'acl.ini']); - assert(is_array($res)); + $this->assertTrue(is_array($res)); } /** @@ -1124,87 +1056,10 @@ public function testIniParsingEmptyFileException() { $method->setAccessible(true); // Create temporary empty acl.ini file - pr(TMP); touch(TMP . 'acl.empty.ini'); $method->invokeArgs($object, [TMP . 'acl.empty.ini']); } - /** - * Tests getting available Roles from Configure and database - * - * @return void - */ - public function testAvailableRoles() { - $object = new TestTinyAuthorize($this->Collection, [ - 'autoClearCache' => true, - 'rolesTable' => 'Roles' - ]); - - // Make protected function available - $reflection = new \ReflectionClass(get_class($object)); - $method = $reflection->getMethod('_getAvailableRoles'); - $method->setAccessible(true); - - // Test against roles array in Configure - $expected = [ - 'user' => 1, - 'moderator' => 2, - 'admin' => 3, - 'public' => -1 - ]; - $res = $method->invoke($object); - $this->assertEquals($expected, $res); - - // Test against roles from database - Configure::delete('Roles'); - $expected = [ - 'superadmin' => 1, - 'admin' => 2, - 'user' => 4, - 'partner' => 6 - ]; - $res = $method->invoke($object); - $this->assertEquals($expected, $res); - } - - /** - * Tests exception thrown when no roles are in Configure AND the roles - * database table does not exist. - * - * @expectedException Cake\Core\Exception\Exception - */ - public function testAvailableRolesMissingTableException() { - $object = new TestTinyAuthorize($this->Collection, [ - 'autoClearCache' => true, - 'rolesTable' => 'NonExistentTable' - ]); - - // Make protected function available - $reflection = new \ReflectionClass(get_class($object)); - $method = $reflection->getMethod('_getAvailableRoles'); - $method->setAccessible(true); - $method->invoke($object); - } - - /** - * Tests exception thrown when the roles database table exists but contains - * no roles/records. - * - * @expectedException Cake\Core\Exception\Exception - */ - public function testAvailableRolesEmptyTableException() { - $object = new TestTinyAuthorize($this->Collection, [ - 'autoClearCache' => true, - 'rolesTable' => 'EmptyRoles' - ]); - - // Make protected function available - $reflection = new \ReflectionClass(get_class($object)); - $method = $reflection->getMethod('_getAvailableRoles'); - $method->setAccessible(true); - $method->invoke($object); - } - /** * Tests constructing an ACL ini section key using CakeRequest parameters * @@ -1355,6 +1210,167 @@ public function testIniDeconstruct() { $this->assertNotEquals($expected, $res); } + /** + * Tests fetching available Roles from Configure and database + * + * @return void + */ + public function testAvailableRoles() { + $object = new TestTinyAuthorize($this->Collection, [ + 'autoClearCache' => true, + 'rolesTable' => 'Roles' + ]); + + // Make protected function available + $reflection = new \ReflectionClass(get_class($object)); + $method = $reflection->getMethod('_getAvailableRoles'); + $method->setAccessible(true); + + // Test against roles array in Configure + $expected = [ + 'user' => 1, + 'moderator' => 2, + 'admin' => 3, + 'public' => -1 + ]; + $res = $method->invoke($object); + $this->assertEquals($expected, $res); + + // Test against roles from database + Configure::delete('Roles'); + $object = new TestTinyAuthorize($this->Collection, [ + 'autoClearCache' => true, + 'rolesTable' => 'DatabaseRoles' + ]); + $expected = [ + 'user' => 11, + 'moderator' => 12, + 'admin' => 13 + ]; + $res = $method->invoke($object); + $this->assertEquals($expected, $res); + } + + /** + * Tests exception thrown when no roles are in Configure AND the roles + * database table does not exist. + * + * @expectedException Cake\Core\Exception\Exception + */ + public function testAvailableRolesMissingTableException() { + $object = new TestTinyAuthorize($this->Collection, [ + 'autoClearCache' => true, + 'rolesTable' => 'NonExistentTable' + ]); + + // Make protected function available + $reflection = new \ReflectionClass(get_class($object)); + $method = $reflection->getMethod('_getAvailableRoles'); + $method->setAccessible(true); + $method->invoke($object); + } + + /** + * Tests exception thrown when the roles database table exists but contains + * no roles/records. + * + * @expectedException Cake\Core\Exception\Exception + */ + public function testAvailableRolesEmptyTableException() { + $object = new TestTinyAuthorize($this->Collection, [ + 'autoClearCache' => true, + 'rolesTable' => 'EmptyRoles' + ]); + + // Make protected function available + $reflection = new \ReflectionClass(get_class($object)); + $method = $reflection->getMethod('_getAvailableRoles'); + $method->setAccessible(true); + $method->invoke($object); + } + + /** + * Tests fetching user roles + * + * @return void + */ + public function testUserRoles() { + $object = new TestTinyAuthorize($this->Collection, [ + 'autoClearCache' => true, + 'multiRole' => false, + 'roleColumn' => 'role_id' + ]); + + // Make protected function available + $reflection = new \ReflectionClass(get_class($object)); + $method = $reflection->getMethod('_getUserRoles'); + $method->setAccessible(true); + + // Single-role: get role id from roleColumn in user table + $user = ['role_id' => 1]; + $res = $method->invokeArgs($object, [$user]); + $this->assertEquals([0 => 1], $res); + + // Multi-role: lookup roles directly in pivot table + $object = new TestTinyAuthorize($this->Collection, [ + 'autoClearCache' => true, + 'multiRole' => true, + 'rolesTable' => 'DatabaseRoles' + ]); + $user = ['id' => 2]; + $expected = [ + 0 => 11, // user + 1 => 13 // admin + ]; + $res = $method->invokeArgs($object, [$user]); + $this->assertEquals($expected, $res); + } + + /** + * Tests single-role exception thrown when the roleColumn field is missing + * from the user table. + * + * @expectedException Cake\Core\Exception\Exception + */ + public function testUserRolesMissingRoleColumn() { + $object = new TestTinyAuthorize($this->Collection, [ + 'autoClearCache' => true, + 'rolesTable' => 'NonExistentTable', + 'multiRole' => false + ]); + + // Make protected function available + $reflection = new \ReflectionClass(get_class($object)); + $method = $reflection->getMethod('_getUserRoles'); + $method->setAccessible(true); + + $user = ['id' => 1]; + $res = $method->invokeArgs($object, [$user]); + $method->invoke($object); + } + + /** + * Tests multi-role exception thrown when user has no roles in the pivot table. + * + * @expectedException Cake\Core\Exception\Exception + */ + public function testUserRolesUserWithoutPivotRoles() { + $object = new TestTinyAuthorize($this->Collection, [ + 'autoClearCache' => true, + 'rolesTable' => 'Roles', + 'multiRole' => true + ]); + + // Make protected function available + $reflection = new \ReflectionClass(get_class($object)); + $method = $reflection->getMethod('_getUserRoles'); + $method->setAccessible(true); + + $user = ['id' => 5]; + $res = $method->invokeArgs($object, [$user]); + $method->invoke($object); + } + } class TestTinyAuthorize extends TinyAuthorize { From 51c71aae2371699a6ba50e96cbf16a2ce915932d Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Tue, 3 Mar 2015 10:35:53 +0000 Subject: [PATCH 26/30] Removes obsolete magic -1 --- tests/TestCase/Auth/TinyAuthorizeTest.php | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/tests/TestCase/Auth/TinyAuthorizeTest.php b/tests/TestCase/Auth/TinyAuthorizeTest.php index 92343999..f846335c 100644 --- a/tests/TestCase/Auth/TinyAuthorizeTest.php +++ b/tests/TestCase/Auth/TinyAuthorizeTest.php @@ -118,8 +118,7 @@ public function setUp() { Configure::write('Roles', [ 'user' => 1, 'moderator' => 2, - 'admin' => 3, - 'public' => -1 + 'admin' => 3 ]); } @@ -163,7 +162,6 @@ public function testGetAcl() { 'index' => [1], 'edit' => [1], 'delete' => [3], - 'public_action' => [-1], 'very_long_underscored_action' => [1], 'veryLongActionNameAction' => [1] ] @@ -176,7 +174,6 @@ public function testGetAcl() { 'index' => [1], 'edit' => [1], 'delete' => [3], - 'public_action' => [-1], 'very_long_underscored_action' => [1], 'veryLongActionNameAction' => [1] ] @@ -190,7 +187,6 @@ public function testGetAcl() { 'edit' => [1], 'view' => [1], 'delete' => [3], - 'public_action' => [-1], 'very_long_underscored_action' => [1], 'veryLongActionNameAction' => [1] ] @@ -204,7 +200,6 @@ public function testGetAcl() { 'edit' => [1], 'view' => [1], 'delete' => [3], - 'public_action' => [-1], 'very_long_underscored_action' => [1], 'veryLongActionNameAction' => [1] ] @@ -230,7 +225,7 @@ public function testGetAcl() { 'prefix' => null, 'plugin' => null, 'actions' => [ - '*' => [1, 2, 3, -1] + '*' => [1, 2, 3] ] ], 'admin/Posts' => [ @@ -238,7 +233,7 @@ public function testGetAcl() { 'prefix' => 'admin', 'plugin' => null, 'actions' => [ - '*' => [1, 2, 3, -1] + '*' => [1, 2, 3] ] ], 'Posts.Posts' => [ @@ -246,7 +241,7 @@ public function testGetAcl() { 'prefix' => null, 'plugin' => 'Posts', 'actions' => [ - '*' => [1, 2, 3, -1] + '*' => [1, 2, 3] ] ], 'Posts.admin/Posts' => [ @@ -254,7 +249,7 @@ public function testGetAcl() { 'prefix' => 'admin', 'plugin' => 'Posts', 'actions' => [ - '*' => [1, 2, 3, -1] + '*' => [1, 2, 3] ] ], 'Blogs' => [ @@ -1230,8 +1225,7 @@ public function testAvailableRoles() { $expected = [ 'user' => 1, 'moderator' => 2, - 'admin' => 3, - 'public' => -1 + 'admin' => 3 ]; $res = $method->invoke($object); $this->assertEquals($expected, $res); From d1f2928a8aea8c338633f7719924f15d9979ed5d Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Tue, 3 Mar 2015 10:36:56 +0000 Subject: [PATCH 27/30] Removes obsolete var --- src/Auth/TinyAuthorize.php | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 91ea3ba3..6af61e41 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -46,9 +46,8 @@ class TinyAuthorize extends BaseAuthorize { protected $_defaultConfig = [ 'roleColumn' => 'role_id', // name of column in user table holding role id (used for single role/BT only) - 'rolesTable' => 'Roles', // name of (database) table class OR Configure key holding all available roles - 'useDatabaseRoles' => false, // true to use a database roles table instead of a Configure roles array - 'multiRole' => false, // true to enables multirole/HABTM authorization (requires valid rolesTable and join table) + 'rolesTable' => 'Roles', // name of Configure key holding available roles OR class name of roles table + 'multiRole' => false, // true to enables multirole/HABTM authorization (requires a valid join table) 'adminRole' => null, // id of the admin role (used to give access to all /admin prefixed resources when allowAdmin is enabled) 'superAdminRole' => null, // id of super admin role granted access to ALL resources From c831b509bce4a94059ddc418de7d294a00f0af25 Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Tue, 3 Mar 2015 12:25:42 +0000 Subject: [PATCH 28/30] Removes obsolete method --- src/Auth/TinyAuthorize.php | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 6af61e41..8f657d28 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -163,19 +163,6 @@ public function validate($userRoles, Request $request) { return false; } - /** - * @return Cake\ORM\Table The User table - * @throws Cake\Core\Exception\Exception - */ - public function getUserTable() { - $table = TableRegistry::get(CLASS_USER); - if (!$table->associations()->has($this->_config['rolesTable'])) { - throw new Exception('Missing TinyAuthorize relationship between Users and ' . - $this->_config['rolesTable'] . '.'); - } - return $table; - } - /** * Parse ini file and returns the allowed roles per action * - uses cache for maximum performance From ef54f8cd310c94d1ee6a1e038e49fe8fd911b7b3 Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Tue, 3 Mar 2015 15:47:50 +0000 Subject: [PATCH 29/30] Fixes incorrect cache condition --- src/Auth/TinyAuthorize.php | 4 ++-- tests/TestCase/Auth/TinyAuthorizeTest.php | 12 ++++++++++++ 2 files changed, 14 insertions(+), 2 deletions(-) diff --git a/src/Auth/TinyAuthorize.php b/src/Auth/TinyAuthorize.php index 8f657d28..fba1b6c7 100644 --- a/src/Auth/TinyAuthorize.php +++ b/src/Auth/TinyAuthorize.php @@ -71,8 +71,8 @@ public function __construct(ComponentRegistry $registry, array $config = []) { $config += $this->_defaultConfig; parent::__construct($registry, $config); - if (Cache::config($config['cache']) === false) { - throw new Exception(sprintf('TinyAuth could not find `%s` cache - expects at least a `default` cache', $config['cache'])); + if (!in_array($config['cache'], Cache::configured())) { + throw new Exception(sprintf('Invalid TinyAuthorization cache `%s`', $config['cache'])); } } diff --git a/tests/TestCase/Auth/TinyAuthorizeTest.php b/tests/TestCase/Auth/TinyAuthorizeTest.php index f846335c..2efb453d 100644 --- a/tests/TestCase/Auth/TinyAuthorizeTest.php +++ b/tests/TestCase/Auth/TinyAuthorizeTest.php @@ -1,6 +1,7 @@ assertEquals('auth_role_id', $object->config('roleColumn')); } + /** + * Tests exception thrown when Cache is unavailable. + * + * @expectedException Cake\Core\Exception\Exception + */ + public function testConstructorWithoutValidCache() { + $object = new TestTinyAuthorize($this->Collection, [ + 'cache' => 'invalid-cache-config' + ]); + } + /** * @return void */ From e1fc16231fb0a39537f30ff1fe537fb5d52d21ab Mon Sep 17 00:00:00 2001 From: bravo-kernel Date: Tue, 3 Mar 2015 15:58:50 +0000 Subject: [PATCH 30/30] Updates docs --- docs/README.md | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/docs/README.md b/docs/README.md index 35fecbfe..b3c61c7d 100644 --- a/docs/README.md +++ b/docs/README.md @@ -128,11 +128,12 @@ Authorize supports the following configuration options. Option | Type | Description :----- | :--- | :---------- -allowUser|boolean|True will give authenticated users access to all resources except those using the `adminPrefix` -allowAdmin|boolean|True will give users with a role id matching `adminRole` access to all resources using the `adminPrefix` +roleColumn|string|Name of column in user table holding role id (only used for single-role per user/BT) +rolesTable|string|Name of Configure key holding all available roles OR class name of roles database table +multiRole|boolean|True will enable multi-role/HABTM authorization (requires a valid join table) adminRole|int|Id of the role you will use as admins. Users with this role are granted access to all actions using `adminPrefix` but only when `allowAdmin` is enabled superAdminRole|int|Id of the super admin role. Users with this role will have access to ALL resources. adminPrefix|string|Name of the prefix used for admin pages. Defaults to admin. +allowAdmin|boolean|True will give users with a role id matching `adminRole` access to all resources using the `adminPrefix` +allowUser|boolean|True will give authenticated users access to all resources except those using the `adminPrefix` autoClearCache|Boolean|True will generate a new acl cache file every time. -aclKey|string|Name of the column holding your user role id (only for single role per user/BT) -aclTable|string|Name of the table holding your user roles (only for multiple roles per user/HABTM)