diff --git a/src/Judge.php b/src/Judge.php index 99085a7..c526192 100644 --- a/src/Judge.php +++ b/src/Judge.php @@ -5,117 +5,117 @@ class Judge { - private $_config; - private $_user; - - /** - * @param array|Config $config - * @param UserAccessInterface|null $user - */ - public function __construct($config, UserAccessInterface $user) - { - $this->_config = $config instanceof Config ? $config : new Config($config); - $this->_user = $user; - } - - /** - * @param string|string[] $rights - * @param ObjectInterface|null $object - * @param UserAccessInterface|null $user - * @return bool - */ - public function hasRight($rights, ObjectInterface $object = null, UserAccessInterface $user = null) - { - $rights = (array) $rights; - $user = $user ?: $this->_user; - $global_roles = $user->getGlobalRoles(); - - // check global rights - foreach ($global_roles as $role) { - if ($this->_config->has("global.$role.rights")) { - if ($this->checkRightsInConfig($rights, $this->_config, "global.$role.rights")) { - return true; - } - } + private $_config; + private $_user; + + /** + * @param array|Config $config + * @param UserAccessInterface|null $user + */ + public function __construct($config, UserAccessInterface $user) + { + $this->_config = $config instanceof Config ? $config : new Config($config); + $this->_user = $user; } - if ($object !== null) { - $object_config = $this->getObjectConfig($object); - $object_identifier = $object_config->get("identifier"); - - // check global rights - foreach ($global_roles as $role) { - if ($this->_config->has("global.$role.related_rights.$object_identifier")) { - if ($this->checkRightsInConfig($rights, $this->_config, "global.$role.related_rights.$object_identifier")) { - return true; - } + /** + * @param string|string[] $rights + * @param ObjectInterface|null $object + * @param UserAccessInterface|null $user + * @return bool + */ + public function hasRight($rights, ObjectInterface $object = null, UserAccessInterface $user = null) + { + $rights = (array)$rights; + $user = $user ?: $this->_user; + $global_roles = $user->getGlobalRoles(); + + // check global rights + foreach ($global_roles as $role) { + if ($this->_config->has("global.$role.rights")) { + if ($this->checkRightsInConfig($rights, $this->_config, "global.$role.rights")) { + return true; + } + } } - } - // check object rights - foreach ($object->getObjectRoles($user) as $role) { - if ($this->checkRightsInConfig($rights, $object_config, "roles.$role.rights")) { - return true; + if ($object !== null) { + $object_config = $this->getObjectConfig($object); + $object_identifier = $object_config->get("identifier"); + + // check global rights + foreach ($global_roles as $role) { + if ($this->_config->has("global.$role.related_rights.$object_identifier")) { + if ($this->checkRightsInConfig($rights, $this->_config, "global.$role.related_rights.$object_identifier")) { + return true; + } + } + } + + // check object rights + foreach ($object->getObjectRoles($user) as $role) { + if ($this->checkRightsInConfig($rights, $object_config, "roles.$role.rights")) { + return true; + } + } + + // check object related rights + foreach ($object->getRelatedObjects() as $related) { + $related_config = $this->getObjectConfig($related); + foreach ($related->getObjectRoles($user) as $role) { + if ($this->checkRightsInConfig($rights, $related_config, "roles.$role.related_rights.$object_identifier")) { + return true; + } + } + } } - } - - // check object related rights - foreach ($object->getRelatedObjects() as $related) { - $related_config = $this->getObjectConfig($related); - foreach ($related->getObjectRoles($user) as $role) { - if ($this->checkRightsInConfig($rights, $related_config, "roles.$role.related_rights.$object_identifier")) { - return true; - } + + return false; + } + + /** + * @param string $role + * @param ObjectInterface|null $object + * @param UserAccessInterface|null $user + * @return bool + */ + public function hasRole($role, ObjectInterface $object = null, UserAccessInterface $user = null) + { + $user = $user ?: $this->_user; + return in_array($role, $object == null ? $user->getGlobalRoles() : $object->getObjectRoles($user)); + } + + /** + * @param ObjectInterface $object + * @throws \RuntimeException + * @return Config + */ + private function getObjectConfig(ObjectInterface $object) + { + $object_class = get_class($object); + if ($this->_config->has("objects.$object_class")) { + return new Config($this->_config->get("objects.$object_class")); } - } + throw new \RuntimeException("Given object is not configured for judge."); + } + + /** + * @param array $rights + * @param Config $config + * @param $path + * @return bool + */ + private function checkRightsInConfig(array $rights, Config $config, $path) + { + return $config->has($path) && empty(array_diff($rights, $config->get($path))); } - return false; - } - - /** - * @param string $role - * @param ObjectInterface|null $object - * @param UserAccessInterface|null $user - * @return bool - */ - public function hasRole($role, ObjectInterface $object = null, UserAccessInterface $user = null) - { - $user = $user ?: $this->_user; - return in_array($role, $object == null ? $user->getGlobalRoles() : $object->getObjectRoles($user)); - } - - /** - * @param ObjectInterface $object - * @throws \RuntimeException - * @return Config - */ - private function getObjectConfig(ObjectInterface $object) - { - $object_class = get_class($object); - if ($this->_config->has("objects.$object_class")) { - return new Config($this->_config->get("objects.$object_class")); + /** + * @param UserAccessInterface $user + */ + public function setUser($user) + { + $this->_user = $user; } - throw new \RuntimeException("Given object is not configured for judge."); - } - - /** - * @param array $rights - * @param Config $config - * @param $path - * @return bool - */ - private function checkRightsInConfig(array $rights, Config $config, $path) - { - return $config->has($path) && empty(array_diff($rights, $config->get($path))); - } - - /** - * @param UserAccessInterface $user - */ - public function setUser($user) - { - $this->_user = $user; - } } \ No newline at end of file diff --git a/src/ObjectInterface.php b/src/ObjectInterface.php index 8bb62f4..fcbf6a2 100644 --- a/src/ObjectInterface.php +++ b/src/ObjectInterface.php @@ -3,20 +3,20 @@ interface ObjectInterface { - /** - * Returns an array of roles related through this object instance to given user instance. - * Keep in mind that there are no recursive checks by AccessControl. You have to do this on your own in this method. - * - * @param UserAccessInterface $user - * @return string[] - */ - public function getObjectRoles(UserAccessInterface $user); + /** + * Returns an array of roles related through this object instance to given user instance. + * Keep in mind that there are no recursive checks by AccessControl. You have to do this on your own in this method. + * + * @param UserAccessInterface $user + * @return string[] + */ + public function getObjectRoles(UserAccessInterface $user); - /** - * Returns an array of relevant objects related to this object instance. - * - * @return ObjectInterface[] - */ - public function getRelatedObjects(); + /** + * Returns an array of relevant objects related to this object instance. + * + * @return ObjectInterface[] + */ + public function getRelatedObjects(); } \ No newline at end of file diff --git a/src/UserAccessInterface.php b/src/UserAccessInterface.php index 4eb394e..36862c1 100644 --- a/src/UserAccessInterface.php +++ b/src/UserAccessInterface.php @@ -3,11 +3,11 @@ interface UserAccessInterface { - /** - * Returns an array of roles in connection with this user - * - * @return string[] - */ - public function getGlobalRoles(); + /** + * Returns an array of roles in connection with this user + * + * @return string[] + */ + public function getGlobalRoles(); } \ No newline at end of file diff --git a/tests/AccessControlTest.php b/tests/AccessControlTest.php index d24563d..615bc83 100644 --- a/tests/AccessControlTest.php +++ b/tests/AccessControlTest.php @@ -5,78 +5,78 @@ class AccessControlTest extends \PHPUnit_Framework_TestCase { - /** - * @var Judge - */ - private $judge; + /** + * @var Judge + */ + private $judge; - public function setUp() - { - $user = new TestUser(["member"]); + public function setUp() + { + $user = new TestUser(["member"]); - $config = [ - "objects" => [ - TestBlog::class => [ - "identifier" => "blog", - "roles" => [ - "author" => [ - "rights" => ["write"], - "related_rights" => [ - "comment" => ["write", "remove"] + $config = [ + "objects" => [ + TestBlog::class => [ + "identifier" => "blog", + "roles" => [ + "author" => [ + "rights" => ["write"], + "related_rights" => [ + "comment" => ["write", "remove"] + ] + ], + "subscriber" => [ + "rights" => [], + "related_rights" => [ + "comment" => ["write"] + ] ] - ], - "subscriber" => [ - "rights" => [], - "related_rights" => [ - "comment" => ["write"] + ] + ], + TestComment::class => [ + "identifier" => "comment", + "roles" => [ + "creator" => [ + "rights" => ["edit", "remove"], + "related_rights" => [] ] ] ] ], - TestComment::class => [ - "identifier" => "comment", - "roles" => [ - "creator" => [ - "rights" => ["edit", "remove"], - "related_rights" => [] + "global" => [ + "member" => [ + "rights" => ["access", "test"], + "related_rights" => [ + "blog" => ["view"] ] ] ] - ], - "global" => [ - "member" => [ - "rights" => ["access", "test"], - "related_rights" => [ - "blog" => ["view"] - ] - ] - ] - ]; + ]; - $this->judge = new Judge($config, $user); - } + $this->judge = new Judge($config, $user); + } - public function test() - { - $blog = new TestBlog(["author"], []); - $comment = new TestComment([], [$blog]); + public function test() + { + $blog = new TestBlog(["author"], []); + $comment = new TestComment([], [$blog]); - $this->assertTrue($this->judge->hasRight("access")); // positive global right - $this->assertTrue($this->judge->hasRight(["access", "test"])); // positive multiple rights - $this->assertTrue($this->judge->hasRight("write", $blog)); // positive object right - $this->assertTrue($this->judge->hasRight("view", $blog)); // positive object related right - $this->assertTrue($this->judge->hasRight("write", $comment)); // positive related object right - $this->assertTrue($this->judge->hasRight("remove", $comment)); // positive related object right - $this->assertFalse($this->judge->hasRight("destroy")); // negative global right - $this->assertFalse($this->judge->hasRight(["access", "destroy"])); // negative multiple rights - $this->assertFalse($this->judge->hasRight("destroy", $blog)); // negative object right - $this->assertFalse($this->judge->hasRight("destroy", $comment)); // negative related object right - $this->assertFalse($this->judge->hasRight("destroy", $comment)); // negative related object right + $this->assertTrue($this->judge->hasRight("access")); // positive global right + $this->assertTrue($this->judge->hasRight(["access", "test"])); // positive multiple rights + $this->assertTrue($this->judge->hasRight("write", $blog)); // positive object right + $this->assertTrue($this->judge->hasRight("view", $blog)); // positive object related right + $this->assertTrue($this->judge->hasRight("write", $comment)); // positive related object right + $this->assertTrue($this->judge->hasRight("remove", $comment)); // positive related object right + $this->assertFalse($this->judge->hasRight("destroy")); // negative global right + $this->assertFalse($this->judge->hasRight(["access", "destroy"])); // negative multiple rights + $this->assertFalse($this->judge->hasRight("destroy", $blog)); // negative object right + $this->assertFalse($this->judge->hasRight("destroy", $comment)); // negative related object right + $this->assertFalse($this->judge->hasRight("destroy", $comment)); // negative related object right - $this->assertTrue($this->judge->hasRole("member")); - $this->assertTrue($this->judge->hasRole("author", $blog)); - $this->assertFalse($this->judge->hasRole("admin")); - $this->assertFalse($this->judge->hasRole("creator", $comment)); - } + $this->assertTrue($this->judge->hasRole("member")); + $this->assertTrue($this->judge->hasRole("author", $blog)); + $this->assertFalse($this->judge->hasRole("admin")); + $this->assertFalse($this->judge->hasRole("creator", $comment)); + } } \ No newline at end of file diff --git a/tests/TestBlog.php b/tests/TestBlog.php index 1c0ed01..f0e795b 100644 --- a/tests/TestBlog.php +++ b/tests/TestBlog.php @@ -6,23 +6,23 @@ class TestBlog implements ObjectInterface { - private $object_roles = []; - private $related_object = []; + private $object_roles = []; + private $related_object = []; - public function __construct(array $object_roles, array $related_object) - { - $this->object_roles = $object_roles; - $this->related_object = $related_object; - } + public function __construct(array $object_roles, array $related_object) + { + $this->object_roles = $object_roles; + $this->related_object = $related_object; + } - public function getObjectRoles(UserAccessInterface $user) - { - return $this->object_roles; - } + public function getObjectRoles(UserAccessInterface $user) + { + return $this->object_roles; + } - public function getRelatedObjects() - { - return $this->related_object; - } + public function getRelatedObjects() + { + return $this->related_object; + } } \ No newline at end of file diff --git a/tests/TestComment.php b/tests/TestComment.php index d1b061d..eeaf941 100644 --- a/tests/TestComment.php +++ b/tests/TestComment.php @@ -6,23 +6,23 @@ class TestComment implements ObjectInterface { - private $object_roles = []; - private $related_object = []; + private $object_roles = []; + private $related_object = []; - public function __construct(array $object_roles, array $related_object) - { - $this->object_roles = $object_roles; - $this->related_object = $related_object; - } + public function __construct(array $object_roles, array $related_object) + { + $this->object_roles = $object_roles; + $this->related_object = $related_object; + } - public function getObjectRoles(UserAccessInterface $user) - { - return $this->object_roles; - } + public function getObjectRoles(UserAccessInterface $user) + { + return $this->object_roles; + } - public function getRelatedObjects() - { - return $this->related_object; - } + public function getRelatedObjects() + { + return $this->related_object; + } } \ No newline at end of file diff --git a/tests/TestUser.php b/tests/TestUser.php index 18b493d..a7c9d1a 100644 --- a/tests/TestUser.php +++ b/tests/TestUser.php @@ -6,16 +6,16 @@ class TestUser implements UserAccessInterface { - private $global_roles = []; + private $global_roles = []; - public function __construct(array $global_roles) - { - $this->global_roles = $global_roles; - } + public function __construct(array $global_roles) + { + $this->global_roles = $global_roles; + } - public function getGlobalRoles() - { - return $this->global_roles; - } + public function getGlobalRoles() + { + return $this->global_roles; + } } \ No newline at end of file