Merge pull request #12 from ripaclub/develop

Parent roles support

README.md

@@ -45,7 +45,7 @@ Add `ripaclub/aclman` to your `composer.json`.
 ```
 {
    "require": {
-       "ripaclub/aclman": "v0.1.0"
+       "ripaclub/aclman": "~0.2.0"
    }
 }
 ```

library/Acl/AclAwareTrait.php

@@ -3,7 +3,7 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Acl;

library/Assertion/AssertionAwareTrait.php

@@ -3,7 +3,7 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Assertion;

library/Assertion/AssertionManagerFactory.php

@@ -3,13 +3,12 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Assertion;
 
 use Zend\Permissions\Acl\Assertion\AssertionManager;
-use Zend\ServiceManager\AbstractPluginManager;
 use Zend\ServiceManager\Config;
 use Zend\ServiceManager\FactoryInterface;
 use Zend\ServiceManager\ServiceLocatorInterface;
@@ -35,7 +34,9 @@ class AssertionManagerFactory implements FactoryInterface
     public function createService(ServiceLocatorInterface $serviceLocator)
     {
         $config = $serviceLocator->get('Config');
-        $configManager = (isset($config['aclman-assertion-manager'])) ? new Config($config['aclman-assertion-manager']) : null;
+        $configManager = (isset($config['aclman-assertion-manager'])) ? new Config(
+            $config['aclman-assertion-manager']
+        ) : null;
         return new AssertionManager($configManager);
     }
 }

library/Exception/ExceptionInterface.php

@@ -3,7 +3,7 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Exception;

library/Exception/InvalidAssertException.php

@@ -3,7 +3,7 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Exception;

library/Exception/InvalidParameterException.php

@@ -3,7 +3,7 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Exception;

library/Exception/ResourceAlreadyExistException.php

@@ -3,7 +3,7 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Exception;

library/Exception/ResourceNotExistException.php

@@ -3,7 +3,7 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Exception;

library/Exception/RoleAlreadyExistException.php

@@ -3,7 +3,7 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Exception;

library/Exception/RoleNotExistException.php

@@ -3,7 +3,7 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Exception;

library/Exception/ServiceNotCreatedException.php

@@ -3,7 +3,7 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Exception;

library/Permission/GenericPermission.php

@@ -3,7 +3,7 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Permission;

library/Permission/PermissionCheckTrait.php

@@ -3,7 +3,7 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Permission;
@@ -16,7 +16,7 @@
 trait PermissionCheckTrait
 {
     /**
-     * @param $permission
+     * @param PermissionInterface|array $permission
      * @return GenericPermission
      * @throws InvalidParameterException
      */

library/Permission/PermissionInterface.php

@@ -3,7 +3,7 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Permission;

library/Resource/ResourceCheckTrait.php

@@ -3,7 +3,7 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Resource;

library/Role/RoleAwareTrait.php

@@ -3,7 +3,7 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Role;

library/Role/RoleCheckTrait.php

@@ -3,7 +3,7 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Role;

library/Service/Service.php

@@ -3,7 +3,7 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Service;

library/Service/ServiceAbstract.php

@@ -3,7 +3,7 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Service;
@@ -14,8 +14,10 @@
 use AclMan\Resource\ResourceCheckTrait;
 use AclMan\Role\RoleCheckTrait;
 use AclMan\Storage\StorageAwareTrait;
+use Zend\Permissions\Acl\Assertion\AssertionInterface;
 use Zend\Permissions\Acl\Resource;
-use Zend\Permissions\Acl\Role;
+use Zend\Permissions\Acl\Role\RoleInterface;
+use Zend\Stdlib\ArrayUtils;
 
 /**
  * Class ServiceAbstract
@@ -41,19 +43,20 @@ class ServiceAbstract implements ServiceInterface
     /**
      * Add roles from storage
      *
-     * @param string|Role  $role
-     * @return self
+     * @param string|RoleInterface $role
+     * @param string|array|RoleInterface $parents
+     * @return $this
      */
-    public function addRole($role)
+    public function addRole($role, $parents = null)
     {
-        $this->getAcl()->addRole($role);
+        $this->getAcl()->addRole($role, $parents);
         return $this;
     }
 
     /**
      * Check if exist role
      *
-     * @param string|Role $role
+     * @param string|RoleInterface $role
      * @return bool
      */
     public function hasRole($role)
@@ -70,8 +73,8 @@ public function getRoles()
     }
 
     /**
-     * @param string|Role $role
-     * @return Role\RoleInterface
+     * @param string|RoleInterface $role
+     * @return RoleInterface
      */
     public function getRole($role)
     {
@@ -83,66 +86,61 @@ public function getRole($role)
      */
     public function loadResource($role = null, $resource = null)
     {
-        $role = ($role instanceof Role\RoleInterface) ? $role->getRoleId() : $role;
+        $role = ($role instanceof RoleInterface) ? $role->getRoleId() : $role;
         $resource = ($resource instanceof Resource\ResourceInterface) ? $resource->getResourceId() : $resource;
-        // star recursion
+        // start recursion
         if (isset($this->loaded[(string)$role]) && isset($this->loaded[(string)$role][(string)$resource])) {
-            return;
+            return true;
         }
 
-
         if (!isset($this->loaded[(string)$role])) {
             $this->loaded[(string)$role] = [];
         }
         $this->loaded[(string)$role][(string)$resource] = true;
 
-        if ($role || $resource) {
-            $this->loadResource();
+        $parentRoles = [];
+        if ($role && ($parentRoles = $this->getStorage()->getParentRoles($role))) {
+            foreach ($parentRoles as $parentRole) {
+                $this->loadResource($parentRole, $resource);
+            }
         }
 
         if ($role && $resource) {
+            $this->loadResource(); // ensures loading for ALL_ROLES and ALL_RESOURCES
             $this->loadResource(null, $resource);
             $this->loadResource($role, null);
         }
         // end recursion
 
         if ($role && !$this->getAcl()->hasRole($role)) {
-            $this->getAcl()->addRole($role);
+            $this->getAcl()->addRole($role, $parentRoles);
         }
 
         if ($resource && !$this->getAcl()->hasResource($resource)) {
             $this->getAcl()->addResource($resource);
         }
 
         $permissions = $this->getStorage()->getPermissions($role, $resource);
-        //var_dump($permissions);
         if (count($permissions) > 0) {
             /* @var $permission GenericPermission */
             foreach ($permissions as $permission) {
                 $assert = null;
                 if ($permission->getAssertion()) {
+                    /** @var $assert AssertionInterface */
                     $assert = $this->getPluginManager()->get($permission->getAssertion());
                 }
                 // When load multiple resource
                 if ($permission->getResourceId() && !$this->getAcl()->hasResource($permission->getResourceId())) {
                     $this->getAcl()->addResource($permission->getResourceId());
                 }
 
-                if ($permission->isAllow()) {
-                    $this->getAcl()->allow(
-                        $permission->getRoleId(),
-                        $permission->getResourceId(),
-                        $permission->getPrivilege(),
-                        $assert
-                    );
-                } else {
-                    $this->getAcl()->deny(
-                        $permission->getRoleId(),
-                        $permission->getResourceId(),
-                        $permission->getPrivilege(),
-                        $assert
-                    );
-                }
+                $method = $permission->isAllow() ? 'allow' : 'deny';
+                $this->getAcl()->{$method}(
+                    $permission->getRoleId(),
+                    $permission->getResourceId(),
+                    $permission->getPrivilege(),
+                    $assert
+                );
             }
             return true;
         }
@@ -171,7 +169,7 @@ public function isAllowed($role = null, $resource = null, $privilege = null)
      */
     public function setAllowNotFoundResource($allowNotFoundResource)
     {
-        $this->allowNotFoundResource = (boolean) $allowNotFoundResource;
+        $this->allowNotFoundResource = (boolean)$allowNotFoundResource;
         if ($this->allowNotFoundResource) {
             $this->getAcl()->allow();
         } else {

library/Service/ServiceFactory.php

@@ -3,13 +3,13 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Service;
 
-use AclMan\Storage\StorageInterface;
 use AclMan\Exception\ServiceNotCreatedException;
+use AclMan\Storage\StorageInterface;
 use Zend\Permissions\Acl\Acl;
 use Zend\ServiceManager\AbstractFactoryInterface;
 use Zend\ServiceManager\ServiceLocatorInterface;

library/Service/ServiceInterface.php

@@ -3,7 +3,7 @@
  * ACL Manager
  *
  * @link        https://github.com/ripaclub/aclman
- * @copyright   Copyright (c) 2014, RipaClub
+ * @copyright   Copyright (c) 2015, RipaClub
  * @license     http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
  */
 namespace AclMan\Service;