Ownership assertion

src/Assertion/OwnershipAssertion.php

@@ -0,0 +1,38 @@
+<?php
+/**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link      http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://framework.zend.com/license/new-bsd New BSD License
+ */
+
+namespace Zend\Permissions\Acl\Assertion;
+
+use Zend\Permissions\Acl\Acl;
+use Zend\Permissions\Acl\Role\RoleInterface;
+use Zend\Permissions\Acl\Resource\ResourceInterface;
+use Zend\Permissions\Acl\ProprietaryInterface;
+
+/**
+ * Makes sure that some Resource is owned by certain Role.
+ *
+ * @author Nikola Posa <posa.nikola@gmail.com>
+ */
+class OwnershipAssertion implements AssertionInterface
+{
+    public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null)
+    {
+        //Assert passes if role or resource is not proprietary
+        if (!$role instanceof ProprietaryInterface || !$resource instanceof ProprietaryInterface) {
+            return true;
+        }
+
+        //Assert passes if resources does not have an owner
+        if ($resource->getOwnerId() === null) {
+            return true;
+        }
+
+        return ($resource->getOwnerId() === $role->getOwnerId());
+    }
+}

src/ProprietaryInterface.php

@@ -0,0 +1,24 @@
+<?php
+/**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link      http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://framework.zend.com/license/new-bsd New BSD License
+ */
+
+namespace Zend\Permissions\Acl;
+
+/**
+ * Applicable to Resources and Roles. Provides information about the owner of
+ * some object. Used in conjunction with the Ownership assertion.
+ *
+ * @author Nikola Posa <posa.nikola@gmail.com>
+ */
+interface ProprietaryInterface
+{
+    /**
+     * @return mixed
+     */
+    public function getOwnerId();
+}

test/Assertion/OwnershipAssertionTest.php

@@ -0,0 +1,64 @@
+<?php
+/**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link      http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://framework.zend.com/license/new-bsd New BSD License
+ */
+
+namespace ZendTest\Permissions\Acl\Assertion;
+
+use ZendTest\Permissions\Acl\TestAsset\UseCase2;
+
+/**
+ * @group      Zend_Acl
+ * @group      Zend_Acl_Assert
+ */
+class OwnershipAssertionTest extends \PHPUnit_Framework_TestCase
+{
+    public function testAssertPassesIfRoleIsNotProprietary()
+    {
+        $acl = new UseCase2\Acl();
+
+        $this->assertTrue($acl->isAllowed('guest', 'blogPost', 'view'));
+        $this->assertFalse($acl->isAllowed('guest', 'blogPost', 'delete'));
+    }
+
+    public function testAssertPassesIfResourceIsNotProprietary()
+    {
+        $acl = new UseCase2\Acl();
+
+        $author = new UseCase2\Author1();
+
+        $this->assertTrue($acl->isAllowed($author, 'comment', 'view'));
+        $this->assertFalse($acl->isAllowed($author, 'comment', 'delete'));
+    }
+
+    public function testAssertPassesIfResourceDoesNotHaveOwner()
+    {
+        $acl = new UseCase2\Acl();
+
+        $author = new UseCase2\Author1();
+
+        $blogPost = new UseCase2\BlogPost();
+        $blogPost->author = null;
+
+        $this->assertTrue($acl->isAllowed($author, 'blogPost', 'write'));
+        $this->assertTrue($acl->isAllowed($author, $blogPost, 'edit'));
+    }
+
+    public function testAssertFailsIfResourceHasOwnerOtherThanRoleOwner()
+    {
+        $acl = new UseCase2\Acl();
+
+        $author1 = new UseCase2\Author1();
+        $author2 = new UseCase2\Author2();
+
+        $blogPost = new UseCase2\BlogPost();
+        $blogPost->author = $author1;
+
+        $this->assertTrue($acl->isAllowed($author2, 'blogPost', 'write'));
+        $this->assertFalse($acl->isAllowed($author2, $blogPost, 'edit'));
+    }
+}

test/TestAsset/UseCase2/Acl.php

@@ -0,0 +1,32 @@
+<?php
+/**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link      http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://framework.zend.com/license/new-bsd New BSD License
+ */
+
+namespace ZendTest\Permissions\Acl\TestAsset\UseCase2;
+
+use Zend\Permissions\Acl\Assertion\OwnershipAssertion;
+
+class Acl extends \Zend\Permissions\Acl\Acl
+{
+    public function __construct()
+    {
+        $this->addRole('guest');
+        $this->addRole('member', 'guest');
+        $this->addRole('author', 'member');
+        $this->addRole('admin');
+
+        $this->addResource(new BlogPost());
+        $this->addResource(new Comment());
+
+        $this->allow('guest', 'blogPost', 'view');
+        $this->allow('guest', 'comment', array('view', 'submit'));
+        $this->allow('author', 'blogPost', 'write');
+        $this->allow('author', 'blogPost', 'edit', new OwnershipAssertion());
+        $this->allow('admin');
+    }
+}

test/TestAsset/UseCase2/Author1.php

@@ -0,0 +1,17 @@
+<?php
+/**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link      http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://framework.zend.com/license/new-bsd New BSD License
+ */
+
+namespace ZendTest\Permissions\Acl\TestAsset\UseCase2;
+
+class Author1 extends User
+{
+    public $id = 1;
+
+    public $role = 'author';
+}

test/TestAsset/UseCase2/Author2.php

@@ -0,0 +1,17 @@
+<?php
+/**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link      http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://framework.zend.com/license/new-bsd New BSD License
+ */
+
+namespace ZendTest\Permissions\Acl\TestAsset\UseCase2;
+
+class Author2 extends User
+{
+    public $id = 2;
+
+    public $role = 'author';
+}

test/TestAsset/UseCase2/BlogPost.php

@@ -0,0 +1,32 @@
+<?php
+/**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link      http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://framework.zend.com/license/new-bsd New BSD License
+ */
+
+namespace ZendTest\Permissions\Acl\TestAsset\UseCase2;
+
+use Zend\Permissions\Acl\Resource;
+use Zend\Permissions\Acl\ProprietaryInterface;
+
+class BlogPost implements Resource\ResourceInterface, ProprietaryInterface
+{
+    public $author = null;
+
+    public function getResourceId()
+    {
+        return 'blogPost';
+    }
+
+    public function getOwnerId()
+    {
+        if ($this->author === null) {
+            return null;
+        }
+
+        return $this->author->getOwnerId();
+    }
+}

test/TestAsset/UseCase2/Comment.php

@@ -0,0 +1,23 @@
+<?php
+/**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link      http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://framework.zend.com/license/new-bsd New BSD License
+ */
+
+namespace ZendTest\Permissions\Acl\TestAsset\UseCase2;
+
+use Zend\Permissions\Acl\Resource;
+
+/**
+ * @author Nikola Posa <posa.nikola@gmail.com>
+ */
+class Comment implements Resource\ResourceInterface
+{
+    public function getResourceId()
+    {
+        return 'comment';
+    }
+}

test/TestAsset/UseCase2/User.php

@@ -0,0 +1,30 @@
+<?php
+/**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link      http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://framework.zend.com/license/new-bsd New BSD License
+ */
+
+namespace ZendTest\Permissions\Acl\TestAsset\UseCase2;
+
+use Zend\Permissions\Acl\Role;
+use Zend\Permissions\Acl\ProprietaryInterface;
+
+class User implements Role\RoleInterface, ProprietaryInterface
+{
+    public $id;
+
+    public $role = 'guest';
+
+    public function getRoleId()
+    {
+        return $this->role;
+    }
+
+    public function getOwnerId()
+    {
+        return $this->id;
+    }
+}