Skip to content

Y
yii2
Commit 69786b01 by Alexander Makarov
Options

Merge pull request #2974 from yiisoft/decouple-bizrules-from-auth-items

RBAC: decoupled rules from assignments and items, implemented php manager
parents c5ad45c7 57498582
Showing with 474 additions and 80 deletions
docs/guide/authorization.md
...@@ -121,24 +121,47 @@ class PhpManager extends \yii\rbac\PhpManager ...@@ -121,24 +121,47 @@ class PhpManager extends \yii\rbac\PhpManager
} }
``` ```
Now create custom rule class:
```php
namespace app\rbac;
use yii\rbac\Rule;
class NotGuestRule extends Rule
{
public function execute($params, $data)
{
return !Yii::$app->user->isGuest;
}
}
```
Then create permissions hierarchy in `@app/data/rbac.php`: Then create permissions hierarchy in `@app/data/rbac.php`:
```php ```php
<?php <?php
use yii\rbac\Item; use yii\rbac\Item;
use app\rbac\NotGuestRule;
$notGuest = new NotGuestRule();
return [ return [
'rules' => [
$rule->name => serialize($notGuest),
],
'items' => [
// HERE ARE YOUR MANAGEMENT TASKS // HERE ARE YOUR MANAGEMENT TASKS
'manageThing0' => ['type' => Item::TYPE_OPERATION, 'description' => '...', 'bizRule' => NULL, 'data' => NULL], 'manageThing0' => ['type' => Item::TYPE_OPERATION, 'description' => '...', 'ruleName' => NULL, 'data' => NULL],
'manageThing1' => ['type' => Item::TYPE_OPERATION, 'description' => '...', 'bizRule' => NULL, 'data' => NULL], 'manageThing1' => ['type' => Item::TYPE_OPERATION, 'description' => '...', 'ruleName' => NULL, 'data' => NULL],
'manageThing2' => ['type' => Item::TYPE_OPERATION, 'description' => '...', 'bizRule' => NULL, 'data' => NULL], 'manageThing2' => ['type' => Item::TYPE_OPERATION, 'description' => '...', 'ruleName' => NULL, 'data' => NULL],
'manageThing3' => ['type' => Item::TYPE_OPERATION, 'description' => '...', 'bizRule' => NULL, 'data' => NULL], 'manageThing3' => ['type' => Item::TYPE_OPERATION, 'description' => '...', 'ruleName' => NULL, 'data' => NULL],
// AND THE ROLES // AND THE ROLES
'guest' => [ 'guest' => [
'type' => Item::TYPE_ROLE, 'type' => Item::TYPE_ROLE,
'description' => 'Guest', 'description' => 'Guest',
'bizRule' => NULL, 'ruleName' => NULL,
'data' => NULL 'data' => NULL
], ],
...@@ -149,7 +172,7 @@ return [ ...@@ -149,7 +172,7 @@ return [
'guest', 'guest',
'manageThing0', // User can edit thing0 'manageThing0', // User can edit thing0
], ],
'bizRule' => 'return !Yii::$app->user->isGuest;', 'ruleName' => $notGuest->name,
'data' => NULL 'data' => NULL
], ],
...@@ -160,7 +183,7 @@ return [ ...@@ -160,7 +183,7 @@ return [
'user', // Can manage all that user can 'user', // Can manage all that user can
'manageThing1', // and also thing1 'manageThing1', // and also thing1
], ],
'bizRule' => NULL, 'ruleName' => NULL,
'data' => NULL 'data' => NULL
], ],
...@@ -171,7 +194,7 @@ return [ ...@@ -171,7 +194,7 @@ return [
'moderator', // can do all the stuff that moderator can 'moderator', // can do all the stuff that moderator can
'manageThing2', // and also manage thing2 'manageThing2', // and also manage thing2
], ],
'bizRule' => NULL, 'ruleName' => NULL,
'data' => NULL 'data' => NULL
], ],
...@@ -182,10 +205,10 @@ return [ ...@@ -182,10 +205,10 @@ return [
'admin', // can do all that admin can 'admin', // can do all that admin can
'manageThing3', // and also thing3 'manageThing3', // and also thing3
], ],
'bizRule' => NULL, 'ruleName' => NULL,
'data' => NULL 'data' => NULL
], ],
],
]; ];
``` ```
......
framework/CHANGELOG.md
...@@ -79,6 +79,7 @@ Yii Framework 2 Change Log ...@@ -79,6 +79,7 @@ Yii Framework 2 Change Log
- Enh #46: Added Image extension based on [Imagine library](http://imagine.readthedocs.org) (tonydspaniard) - Enh #46: Added Image extension based on [Imagine library](http://imagine.readthedocs.org) (tonydspaniard)
- Enh #364: Improve Inflector::slug with `intl` transliteration. Improved transliteration char map. (tonydspaniard) - Enh #364: Improve Inflector::slug with `intl` transliteration. Improved transliteration char map. (tonydspaniard)
- Enh #497: Removed `\yii\log\Target::logUser` and added `\yii\log\Target::prefix` to support customizing message prefix (qiangxue) - Enh #497: Removed `\yii\log\Target::logUser` and added `\yii\log\Target::prefix` to support customizing message prefix (qiangxue)
- Enh #499: Decoupled `Rule` from RBAC `Item` (samdark, qiangxue)
- Enh #797: Added support for validating multiple columns by `UniqueValidator` and `ExistValidator` (qiangxue) - Enh #797: Added support for validating multiple columns by `UniqueValidator` and `ExistValidator` (qiangxue)
- Enh #802: Added support for retrieving sub-array element or child object property through `ArrayHelper::getValue()` (qiangxue, cebe) - Enh #802: Added support for retrieving sub-array element or child object property through `ArrayHelper::getValue()` (qiangxue, cebe)
- Enh #938: Added `yii\web\View::renderAjax()` and `yii\web\Controller::renderAjax()` (qiangxue) - Enh #938: Added `yii\web\View::renderAjax()` and `yii\web\Controller::renderAjax()` (qiangxue)
......
framework/rbac/Assignment.php
...@@ -27,9 +27,9 @@ class Assignment extends Object ...@@ -27,9 +27,9 @@ class Assignment extends Object
*/ */
public $manager; public $manager;
/** /**
* @var string the business rule associated with this assignment * @var string name of the rule associated with this assignment
*/ */
public $bizRule; public $ruleName;
/** /**
* @var mixed additional data for this assignment * @var mixed additional data for this assignment
*/ */
......
framework/rbac/Item.php
...@@ -40,9 +40,9 @@ class Item extends Object ...@@ -40,9 +40,9 @@ class Item extends Object
*/ */
public $description; public $description;
/** /**
* @var string the business rule associated with this item * @var string name of the rule associated with this item
*/ */
public $bizRule; public $ruleName;
/** /**
* @var mixed the additional data associated with this item * @var mixed the additional data associated with this item
*/ */
...@@ -66,7 +66,7 @@ class Item extends Object ...@@ -66,7 +66,7 @@ class Item extends Object
public function checkAccess($itemName, $params = []) public function checkAccess($itemName, $params = [])
{ {
Yii::trace('Checking permission: ' . $this->_name, __METHOD__); Yii::trace('Checking permission: ' . $this->_name, __METHOD__);
if ($this->manager->executeBizRule($this->bizRule, $params, $this->data)) { if ($this->manager->executeRule($this->ruleName, $params, $this->data)) {
if ($this->_name == $itemName) { if ($this->_name == $itemName) {
return true; return true;
} }
...@@ -146,17 +146,18 @@ class Item extends Object ...@@ -146,17 +146,18 @@ class Item extends Object
/** /**
* Assigns this item to a user. * Assigns this item to a user.
*
* @param mixed $userId the user ID (see [[\yii\web\User::id]]) * @param mixed $userId the user ID (see [[\yii\web\User::id]])
* @param string $bizRule the business rule to be executed when [[checkAccess()]] is called * @param Rule $rule the rule to be executed when [[checkAccess()]] is called
* for this particular authorization item. * for this particular authorization item.
* @param mixed $data additional data associated with this assignment * @param mixed $data additional data associated with this assignment
* @return Assignment the authorization assignment information. * @return Assignment the authorization assignment information.
* @throws \yii\base\Exception if the item has already been assigned to the user * @throws \yii\base\Exception if the item has already been assigned to the user
* @see Manager::assign * @see Manager::assign
*/ */
public function assign($userId, $bizRule = null, $data = null) public function assign($userId, Rule $rule = null, $data = null)
{ {
return $this->manager->assign($userId, $this->_name, $bizRule, $data); return $this->manager->assign($userId, $this->_name, $rule, $data);
} }
/** /**
......
framework/rbac/Rule.php 0 → 100644
<?php
/**
* @link http://www.yiiframework.com/
* @copyright Copyright (c) 2008 Yii Software LLC
* @license http://www.yiiframework.com/license/
*/
namespace yii\rbac;
use yii\base\Object;
/**
* Rule represents a business constraint that may be assigned and the applied to
* an authorization item or assignment.
*
* @author Alexander Makarov <sam@rmcreative.ru>
* @since 2.0
*/
abstract class Rule extends Object
{
/**
* @var string name of the rule
*/
public $name;
/**
* Executes the rule.
*
* @param array $params parameters passed to [[Manager::checkAccess()]].
* @param mixed $data additional data associated with the authorization item or assignment.
* @return boolean whether the rule execution returns true.
*/
abstract public function execute($params, $data);
}
framework/rbac/schema-mssql.sql
...@@ -12,15 +12,24 @@ ...@@ -12,15 +12,24 @@
drop table if exists [auth_assignment]; drop table if exists [auth_assignment];
drop table if exists [auth_item_child]; drop table if exists [auth_item_child];
drop table if exists [auth_item]; drop table if exists [auth_item];
drop table if exists [auth_rule];
create table [auth_rule]
(
[name] varchar(64) not null,
[data] text,
primary key ([name])
);
create table [auth_item] create table [auth_item]
( (
[name] varchar(64) not null, [name] varchar(64) not null,
[type] integer not null, [type] integer not null,
[description] text, [description] text,
[biz_rule] text, [rule_name] varchar(64),
[data] text, [data] text,
primary key ([name]), primary key ([name]),
foreign key ([rule_name]) references [auth_rule] ([name]) on delete set null on update cascade,
key [type] ([type]) key [type] ([type])
); );
...@@ -37,8 +46,9 @@ create table [auth_assignment] ...@@ -37,8 +46,9 @@ create table [auth_assignment]
( (
[item_name] varchar(64) not null, [item_name] varchar(64) not null,
[user_id] varchar(64) not null, [user_id] varchar(64) not null,
[biz_rule] text, [rule_name] varchar(64),
[data] text, [data] text,
primary key ([item_name],[user_id]), primary key ([item_name], [user_id]),
foreign key ([item_name]) references [auth_item] ([name]) on delete cascade on update cascade foreign key ([item_name]) references [auth_item] ([name]) on delete cascade on update cascade,
foreign key ([rule_name]) references [auth_rule] ([name]) on delete set null on update cascade
); );
framework/rbac/schema-mysql.sql
...@@ -12,15 +12,24 @@ ...@@ -12,15 +12,24 @@
drop table if exists `auth_assignment`; drop table if exists `auth_assignment`;
drop table if exists `auth_item_child`; drop table if exists `auth_item_child`;
drop table if exists `auth_item`; drop table if exists `auth_item`;
drop table if exists `auth_rule`;
create table `auth_rule`
(
`name` varchar(64) not null,
`data` text,
primary key (`name`)
) engine InnoDB;
create table `auth_item` create table `auth_item`
( (
`name` varchar(64) not null, `name` varchar(64) not null,
`type` integer not null, `type` integer not null,
`description` text, `description` text,
`biz_rule` text, `rule_name` varchar(64),
`data` text, `data` text,
primary key (`name`), primary key (`name`),
foreign key (`rule_name`) references `auth_rule` (`name`) on delete set null on update cascade,
key `type` (`type`) key `type` (`type`)
) engine InnoDB; ) engine InnoDB;
...@@ -28,7 +37,7 @@ create table `auth_item_child` ...@@ -28,7 +37,7 @@ create table `auth_item_child`
( (
`parent` varchar(64) not null, `parent` varchar(64) not null,
`child` varchar(64) not null, `child` varchar(64) not null,
primary key (`parent`,`child`), primary key (`parent`, `child`),
foreign key (`parent`) references `auth_item` (`name`) on delete cascade on update cascade, foreign key (`parent`) references `auth_item` (`name`) on delete cascade on update cascade,
foreign key (`child`) references `auth_item` (`name`) on delete cascade on update cascade foreign key (`child`) references `auth_item` (`name`) on delete cascade on update cascade
) engine InnoDB; ) engine InnoDB;
...@@ -37,8 +46,9 @@ create table `auth_assignment` ...@@ -37,8 +46,9 @@ create table `auth_assignment`
( (
`item_name` varchar(64) not null, `item_name` varchar(64) not null,
`user_id` varchar(64) not null, `user_id` varchar(64) not null,
`biz_rule` text, `rule_name` varchar(64),
`data` text, `data` text,
primary key (`item_name`,`user_id`), primary key (`item_name`, `user_id`),
foreign key (`item_name`) references `auth_item` (`name`) on delete cascade on update cascade foreign key (`item_name`) references `auth_item` (`name`) on delete cascade on update cascade,
foreign key (`rule_name`) references `auth_rule` (`name`) on delete set null on update cascade
) engine InnoDB; ) engine InnoDB;
\ No newline at end of file
framework/rbac/schema-oci.sql
...@@ -12,15 +12,24 @@ ...@@ -12,15 +12,24 @@
drop table if exists "auth_assignment"; drop table if exists "auth_assignment";
drop table if exists "auth_item_child"; drop table if exists "auth_item_child";
drop table if exists "auth_item"; drop table if exists "auth_item";
drop table if exists "auth_rule";
create table "auth_rule"
(
"name" varchar(64) not null,
"data" text,
primary key ("name")
);
create table "auth_item" create table "auth_item"
( (
"name" varchar(64) not null, "name" varchar(64) not null,
"type" integer not null, "type" integer not null,
"description" text, "description" text,
"biz_rule" text, "rule_name" varchar(64),
"data" text, "data" text,
primary key ("name"), primary key ("name"),
foreign key ("rule_name") references "auth_rule" ("name") on delete set null on update cascade,
key "type" ("type") key "type" ("type")
); );
...@@ -37,8 +46,9 @@ create table "auth_assignment" ...@@ -37,8 +46,9 @@ create table "auth_assignment"
( (
"item_name" varchar(64) not null, "item_name" varchar(64) not null,
"user_id" varchar(64) not null, "user_id" varchar(64) not null,
"biz_rule" text, "rule_name" varchar(64),
"data" text, "data" text,
primary key ("item_name","user_id"), primary key ("item_name","user_id"),
foreign key ("item_name") references "auth_item" ("name") on delete cascade on update cascade foreign key ("item_name") references "auth_item" ("name") on delete cascade on update cascade,
foreign key ("rule_name") references "auth_rule" ("name") on delete set null on update cascade
); );
framework/rbac/schema-pgsql.sql
...@@ -12,15 +12,24 @@ ...@@ -12,15 +12,24 @@
drop table if exists "auth_assignment"; drop table if exists "auth_assignment";
drop table if exists "auth_item_child"; drop table if exists "auth_item_child";
drop table if exists "auth_item"; drop table if exists "auth_item";
drop table if exists "auth_rule";
create table "auth_rule"
(
"name" varchar(64) not null,
"data" text,
primary key ("name")
);
create table "auth_item" create table "auth_item"
( (
"name" varchar(64) not null, "name" varchar(64) not null,
"type" integer not null, "type" integer not null,
"description" text, "description" text,
"biz_rule" text, "rule_name" varchar(64),
"data" text, "data" text,
primary key ("name") primary key ("name"),
foreign key ("rule_name") references "auth_rule" ("name") on delete set null on update cascade
); );
create index auth_item_type_idx on "auth_item" ("type"); create index auth_item_type_idx on "auth_item" ("type");
...@@ -38,8 +47,9 @@ create table "auth_assignment" ...@@ -38,8 +47,9 @@ create table "auth_assignment"
( (
"item_name" varchar(64) not null, "item_name" varchar(64) not null,
"user_id" varchar(64) not null, "user_id" varchar(64) not null,
"biz_rule" text, "rule_name" varchar(64),
"data" text, "data" text,
primary key ("item_name","user_id"), primary key ("item_name","user_id"),
foreign key ("item_name") references "auth_item" ("name") on delete cascade on update cascade foreign key ("item_name") references "auth_item" ("name") on delete cascade on update cascade,
foreign key ("rule_name") references "auth_rule" ("name") on delete set null on update cascade
); );
framework/rbac/schema-sqlite.sql
...@@ -9,36 +9,47 @@ ...@@ -9,36 +9,47 @@
* @since 2.0 * @since 2.0
*/ */
drop table if exists 'auth_assignment'; drop table if exists "auth_assignment";
drop table if exists 'auth_item_child'; drop table if exists "auth_item_child";
drop table if exists 'auth_item'; drop table if exists "auth_item";
drop table if exists "auth_rule";
create table 'auth_item' create table "auth_rule"
(
"name" varchar(64) not null,
"data" text,
primary key ("name")
);
create table "auth_item"
( (
"name" varchar(64) not null, "name" varchar(64) not null,
"type" integer not null, "type" integer not null,
"description" text, "description" text,
"biz_rule" text, "rule_name" varchar(64),
"data" text, "data" text,
primary key ("name"), primary key ("name"),
key "type" ("type") foreign key ("rule_name") references "auth_rule" ("name") on delete set null on update cascade
); );
create table 'auth_item_child' create index "auth_item_type_idx" on "auth_item" ("type");
create table "auth_item_child"
( (
"parent" varchar(64) not null, "parent" varchar(64) not null,
"child" varchar(64) not null, "child" varchar(64) not null,
primary key ("parent","child"), primary key ("parent","child"),
foreign key ("parent") references 'auth_item' ("name") on delete cascade on update cascade, foreign key ("parent") references "auth_item" ("name") on delete cascade on update cascade,
foreign key ("child") references 'auth_item' ("name") on delete cascade on update cascade foreign key ("child") references "auth_item" ("name") on delete cascade on update cascade
); );
create table 'auth_assignment' create table "auth_assignment"
( (
"item_name" varchar(64) not null, "item_name" varchar(64) not null,
"user_id" varchar(64) not null, "user_id" varchar(64) not null,
"biz_rule" text, "rule_name" varchar(64),
"data" text, "data" text,
primary key ("item_name","user_id"), primary key ("item_name","user_id"),
foreign key ("item_name") references 'auth_item' ("name") on delete cascade on update cascade foreign key ("item_name") references "auth_item" ("name") on delete cascade on update cascade,
foreign key ("rule_name") references "auth_rule" ("name") on delete set null on update cascade
); );
tests/unit/framework/rbac/AuthorRule.php 0 → 100644
<?php
namespace yiiunit\framework\rbac;
use yii\rbac\Rule;
/**
* Checks if authorID matches userID passed via params
*/
class AuthorRule extends Rule
{
public $name = 'isAuthor';
public $reallyReally = false;
/**
* @inheritdoc
*/
public function execute($params, $data)
{
return $params['authorID'] == $params['userID'];
}
}
\ No newline at end of file
tests/unit/framework/rbac/DbManagerTestCase.php 0 → 100644
<?php
namespace yiiunit\framework\rbac;
use yii\db\Connection;
use yii\rbac\DbManager;
/**
* DbManagerTestCase
*/
abstract class DbManagerTestCase extends ManagerTestCase
{
protected $database;
protected $driverName = 'mysql';
/**
* @var Connection
*/
protected $db;
protected function setUp()
{
parent::setUp();
$databases = $this->getParam('databases');
$this->database = $databases[$this->driverName];
$pdo_database = 'pdo_'.$this->driverName;
if (!extension_loaded('pdo') || !extension_loaded($pdo_database)) {
$this->markTestSkipped('pdo and '.$pdo_database.' extension are required.');
}
$this->auth = new DbManager(['db' => $this->getConnection()]);
$this->auth->init();
$this->prepareData();
}
protected function tearDown()
{
parent::tearDown();
if ($this->db) {
$this->db->close();
}
$this->destroyApplication();
}
/**
* @param boolean $reset whether to clean up the test database
* @param boolean $open whether to open and populate test database
* @throws \yii\base\InvalidParamException
* @throws \yii\db\Exception
* @throws \yii\base\InvalidConfigException
* @return \yii\db\Connection
*/
public function getConnection($reset = true, $open = true)
{
if (!$reset && $this->db) {
return $this->db;
}
$db = new Connection;
$db->dsn = $this->database['dsn'];
if (isset($this->database['username'])) {
$db->username = $this->database['username'];
$db->password = $this->database['password'];
}
if (isset($this->database['attributes'])) {
$db->attributes = $this->database['attributes'];
}
if ($open) {
$db->open();
$lines = explode(';', file_get_contents(\Yii::getAlias('@yii/rbac/schema-'.$this->driverName.'.sql')));
foreach ($lines as $line) {
if (trim($line) !== '') {
$db->pdo->exec($line);
}
}
}
$this->db = $db;
return $db;
}
}
tests/unit/framework/rbac/ManagerTestCase.php
...@@ -8,7 +8,7 @@ use yiiunit\TestCase; ...@@ -8,7 +8,7 @@ use yiiunit\TestCase;
abstract class ManagerTestCase extends TestCase abstract class ManagerTestCase extends TestCase
{ {
/** @var \yii\rbac\PhpManager|\yii\rbac\DbManager */ /** @var \yii\rbac\Manager */
protected $auth; protected $auth;
public function testCreateItem() public function testCreateItem()
...@@ -16,24 +16,24 @@ abstract class ManagerTestCase extends TestCase ...@@ -16,24 +16,24 @@ abstract class ManagerTestCase extends TestCase
$type = Item::TYPE_TASK; $type = Item::TYPE_TASK;
$name = 'editUser'; $name = 'editUser';
$description = 'edit a user'; $description = 'edit a user';
$bizRule = 'checkUserIdentity()'; $ruleName = 'isAuthor';
$data = [1, 2, 3]; $data = [1, 2, 3];
$item = $this->auth->createItem($name, $type, $description, $bizRule, $data); $item = $this->auth->createItem($name, $type, $description, $ruleName, $data);
$this->assertTrue($item instanceof Item); $this->assertTrue($item instanceof Item);
$this->assertEquals($item->type, $type); $this->assertEquals($item->type, $type);
$this->assertEquals($item->name, $name); $this->assertEquals($item->name, $name);
$this->assertEquals($item->description, $description); $this->assertEquals($item->description, $description);
$this->assertEquals($item->bizRule, $bizRule); $this->assertEquals($item->ruleName, $ruleName);
$this->assertEquals($item->data, $data); $this->assertEquals($item->data, $data);
// test shortcut // test shortcut
$name2 = 'createUser'; $name2 = 'createUser';
$item2 = $this->auth->createRole($name2, $description, $bizRule, $data); $item2 = $this->auth->createRole($name2, $description, $ruleName, $data);
$this->assertEquals($item2->type, Item::TYPE_ROLE); $this->assertEquals($item2->type, Item::TYPE_ROLE);
// test adding an item with the same name // test adding an item with the same name
$this->setExpectedException('\yii\base\Exception'); $this->setExpectedException('\yii\base\Exception');
$this->auth->createItem($name, $type, $description, $bizRule, $data); $this->auth->createItem($name, $type, $description, $ruleName, $data);
} }
public function testGetItem() public function testGetItem()
...@@ -98,11 +98,11 @@ abstract class ManagerTestCase extends TestCase ...@@ -98,11 +98,11 @@ abstract class ManagerTestCase extends TestCase
public function testAssign() public function testAssign()
{ {
$auth = $this->auth->assign('new user', 'createPost', 'rule', 'data'); $auth = $this->auth->assign('new user', 'createPost', 'isAuthor', 'data');
$this->assertTrue($auth instanceof Assignment); $this->assertTrue($auth instanceof Assignment);
$this->assertEquals($auth->userId, 'new user'); $this->assertEquals($auth->userId, 'new user');
$this->assertEquals($auth->itemName, 'createPost'); $this->assertEquals($auth->itemName, 'createPost');
$this->assertEquals($auth->bizRule, 'rule'); $this->assertEquals($auth->ruleName, 'isAuthor');
$this->assertEquals($auth->data, 'data'); $this->assertEquals($auth->data, 'data');
$this->setExpectedException('\yii\base\Exception'); $this->setExpectedException('\yii\base\Exception');
...@@ -168,14 +168,79 @@ abstract class ManagerTestCase extends TestCase ...@@ -168,14 +168,79 @@ abstract class ManagerTestCase extends TestCase
$this->auth->addItemChild('readPost', 'readPost'); $this->auth->addItemChild('readPost', 'readPost');
} }
public function testExecuteBizRule() public function testGetRule()
{ {
$this->assertTrue($this->auth->executeBizRule(null, [], null)); $rule = $this->auth->getRule('isAuthor');
$this->assertTrue($this->auth->executeBizRule('return 1 == true;', [], null)); $this->assertInstanceOf('yii\rbac\Rule', $rule);
$this->assertTrue($this->auth->executeBizRule('return $params[0] == $params[1];', [1, '1'], null)); $this->assertEquals('isAuthor', $rule->name);
if (!defined('HHVM_VERSION')) { // invalid code crashes on HHVM
$this->assertFalse($this->auth->executeBizRule('invalid;', [], null)); $rule = $this->auth->getRule('nonExisting');
$this->assertNull($rule);
} }
public function testInsertRule()
{
$ruleName = 'isReallyReallyAuthor';
$rule = new AuthorRule(['name' => $ruleName, 'reallyReally' => true]);
$this->auth->insertRule($rule);
/** @var AuthorRule $rule */
$rule = $this->auth->getRule($ruleName);
$this->assertEquals($ruleName, $rule->name);
$this->assertEquals(true, $rule->reallyReally);
}
public function testUpdateRule()
{
$rule = $this->auth->getRule('isAuthor');
$rule->name = "newName";
$rule->reallyReally = false;
$this->auth->updateRule('isAuthor', $rule);
/** @var AuthorRule $rule */
$rule = $this->auth->getRule('isAuthor');
$this->assertEquals(null, $rule);
$rule = $this->auth->getRule('newName');
$this->assertEquals("newName", $rule->name);
$this->assertEquals(false, $rule->reallyReally);
$rule->reallyReally = true;
$this->auth->updateRule('newName', $rule);
$rule = $this->auth->getRule('newName');
$this->assertEquals(true, $rule->reallyReally);
}
public function testGetRules()
{
$rule = new AuthorRule(['name' => 'isReallyReallyAuthor', 'reallyReally' => true]);
$this->auth->insertRule($rule);
$rules = $this->auth->getRules();
$ruleNames = [];
foreach ($rules as $rule) {
$ruleNames[] = $rule->name;
}
$this->assertContains('isReallyReallyAuthor', $ruleNames);
$this->assertContains('isAuthor', $ruleNames);
}
public function testRemoveRule()
{
$this->auth->removeRule('isAuthor');
$rules = $this->auth->getRules();
$this->assertEmpty($rules);
}
public function testExecuteRule()
{
$this->assertTrue($this->auth->executeRule(null, [], null));
$this->assertTrue($this->auth->executeRule('isAuthor', ['userID' => 1, 'authorID' => 1], null));
$this->assertFalse($this->auth->executeRule('isAuthor', ['userID' => 1, 'authorID' => 2], null));
} }
public function testCheckAccess() public function testCheckAccess()
...@@ -231,12 +296,14 @@ abstract class ManagerTestCase extends TestCase ...@@ -231,12 +296,14 @@ abstract class ManagerTestCase extends TestCase
protected function prepareData() protected function prepareData()
{ {
$this->auth->insertRule(new AuthorRule());
$this->auth->createOperation('createPost', 'create a post'); $this->auth->createOperation('createPost', 'create a post');
$this->auth->createOperation('readPost', 'read a post'); $this->auth->createOperation('readPost', 'read a post');
$this->auth->createOperation('updatePost', 'update a post'); $this->auth->createOperation('updatePost', 'update a post');
$this->auth->createOperation('deletePost', 'delete a post'); $this->auth->createOperation('deletePost', 'delete a post');
$task = $this->auth->createTask('updateOwnPost', 'update a post by author himself', 'return $params["authorID"] == $params["userID"];'); $task = $this->auth->createTask('updateOwnPost', 'update a post by author himself', 'isAuthor');
$task->addChild('updatePost'); $task->addChild('updatePost');
$role = $this->auth->createRole('reader'); $role = $this->auth->createRole('reader');
......
tests/unit/framework/rbac/MySQLManagerTest.php 0 → 100644
<?php
namespace yiiunit\framework\rbac;
/**
* MySQLManagerTest
*/
class MySQLManagerTest extends DbManagerTestCase
{
}
tests/unit/framework/rbac/PgSQLManagerTest.php 0 → 100644
<?php
namespace yiiunit\framework\rbac;
/**
* PgSQLManagerTest
*/
class PgSQLManagerTest extends DbManagerTestCase
{
protected $driverName = 'pgsql';
}
tests/unit/framework/rbac/PhpManagerTest.php
...@@ -7,6 +7,7 @@ use yii\rbac\PhpManager; ...@@ -7,6 +7,7 @@ use yii\rbac\PhpManager;
/** /**
* @group rbac * @group rbac
* @property \yii\rbac\PhpManager $auth
*/ */
class PhpManagerTest extends ManagerTestCase class PhpManagerTest extends ManagerTestCase
{ {
......
tests/unit/framework/rbac/SqliteManagerTest.php 0 → 100644
<?php
namespace yiiunit\framework\rbac;
/**
* SqliteManagerTest
*/
class SqliteManagerTest extends DbManagerTestCase
{
protected $driverName = 'sqlite';
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment