Updates the ACL to make it possible for anonymous users to access the…

… Neatline-aliases item metadata views.
performant-software · Feb 13, 2014 · f6838a5 · f6838a5
1 parent 520b146
commit f6838a5
Show file tree

Hide file tree

Showing 5 changed files with 16 additions and 10 deletions.
diff --git a/controllers/ItemsController.php b/controllers/ItemsController.php
@@ -37,7 +37,7 @@ public function getAction()
         // If a record is specified, load it.
         if (!is_null($this->_request->record)) {
             $rTable = $this->_helper->db->getTable('NeatlineRecord');
-            $record = $rTable->find( $this->_request->record);
+            $record = $rTable->find($this->_request->record);
         }
 
         // Output the item metadata

diff --git a/helpers/Acl.php b/helpers/Acl.php
@@ -26,18 +26,23 @@ function nl_defineAcl($acl)
 {
 
 
-    // Register resources.
+    // Exhibits resource.
     if (!$acl->has('Neatline_Exhibits')) {
         $acl->addResource('Neatline_Exhibits');
     }
+
+    // Records resource.
     if (!$acl->has('Neatline_Records')) {
         $acl->addResource('Neatline_Records');
     }
 
 
-    // Public:
+    // Anonymous:
     // ------------------------------------------------------------------------
 
+    // Anyone can view items.
+    $acl->allow(null, 'Items', array('get'));
+
     // Anyone can view exhibits.
     $acl->allow(null, 'Neatline_Exhibits', array(
         'index',
@@ -102,4 +107,5 @@ function nl_defineAcl($acl)
     $acl->allow(array('super', 'admin'), 'Neatline_Exhibits');
     $acl->allow(array('super', 'admin'), 'Neatline_Records');
 
+
 }
diff --git a/tests/phpunit/tests/integration/Acl/anonymous/items/AllowTest.php b/tests/phpunit/tests/integration/Acl/anonymous/items/AllowTest.php
@@ -19,15 +19,15 @@ class AclTest_AnonymousItemsAllow extends Neatline_Case_Default
     public function setUp()
     {
         parent::setUp();
-        $this->item = insert_item();
+        $this->item = insert_item(array('public' => true));
         $this->_logout();
     }
 
 
     /**
-     * Anonymous users should be able to GET items.
+     * Anonymous users should be able to GET public items.
      */
-    public function testCanGetItems()
+    public function testCanGetPublicItems()
     {
         $this->dispatch('neatline/items/'.$this->item->id);
         $this->assertNotAction('login');

diff --git a/tests/phpunit/tests/integration/Acl/anonymous/records/AllowTest.php b/tests/phpunit/tests/integration/Acl/anonymous/records/AllowTest.php
@@ -19,8 +19,8 @@ class AclTest_AnonymousRecordsAllow extends Neatline_Case_Default
     public function setUp()
     {
         parent::setUp();
-        $this->exhibit  = $this->_exhibit('slug');
-        $this->record   = $this->_record($this->exhibit);
+        $this->exhibit = $this->_exhibit('slug');
+        $this->record  = $this->_record($this->exhibit);
         $this->_logout();
     }
 

diff --git a/tests/phpunit/tests/integration/Acl/anonymous/records/DenyTest.php b/tests/phpunit/tests/integration/Acl/anonymous/records/DenyTest.php
@@ -19,8 +19,8 @@ class AclTest_AnonymousRecordsDeny extends Neatline_Case_Default
     public function setUp()
     {
         parent::setUp();
-        $this->exhibit  = $this->_exhibit();
-        $this->record   = $this->_record($this->exhibit);
+        $this->exhibit = $this->_exhibit();
+        $this->record  = $this->_record($this->exhibit);
         $this->_logout();
     }