[limb-svn] r7024 - in 3.x/trunk/limb/acl: src tests/cases

Sat May 17 16:11:58 MSD 2008

Author: korchasa
Date: 2008-05-17 16:11:58 +0400 (Sat, 17 May 2008)
New Revision: 7024
URL: http://fisheye.limb-project.com/changelog/limb/?cs=7024

Modified:
   3.x/trunk/limb/acl/src/lmbAcl.class.php
   3.x/trunk/limb/acl/tests/cases/lmbAclAllowsTest.class.php
Log:
-- add default policy for inherits

Modified: 3.x/trunk/limb/acl/src/lmbAcl.class.php
===================================================================

--- 3.x/trunk/limb/acl/src/lmbAcl.class.php	2008-05-17 11:22:26 UTC (rev 7023)
+++ 3.x/trunk/limb/acl/src/lmbAcl.class.php	2008-05-17 12:11:58 UTC (rev 7024)
@@ -15,6 +15,7 @@
 class lmbAcl
 {
   protected $_default_policy;
+  protected $_default_inherits_policy;
   
   protected $_roles = array();
   protected $_resources = array();
@@ -22,8 +23,9 @@
   public $_resources_rules = array();
   public $_privileges_rules = array();  
 
-  function __construct($default_policy = false)
+  function __construct($default_inherits_policy = true, $default_policy = false)
   {
+    $this->_default_inherits_policy = $default_inherits_policy;
     $this->_default_policy = $default_policy;
   }
 
@@ -137,7 +139,7 @@
     else
     {
       if(!array_key_exists($privelege, $this->_roles_rules[$role]))
-        return false;
+        return $this->_default_policy;
       return $this->_roles_rules[$role][$privelege];
     }
   }
@@ -233,8 +235,8 @@
       return $this->_getRoleRule($role, $privilege);
 
     foreach($this->getRoleInherits($role) as $inherit)
-      if($this->isAllowed($inherit, $resource, $privilege))
-        return true;
+      if($this->_default_inherits_policy == $this->isAllowed($inherit, $resource, $privilege))
+        return $this->_default_inherits_policy;
       
     return $this->_default_policy;
   }

Modified: 3.x/trunk/limb/acl/tests/cases/lmbAclAllowsTest.class.php
===================================================================
--- 3.x/trunk/limb/acl/tests/cases/lmbAclAllowsTest.class.php	2008-05-17 11:22:26 UTC (rev 7023)
+++ 3.x/trunk/limb/acl/tests/cases/lmbAclAllowsTest.class.php	2008-05-17 12:11:58 UTC (rev 7024)
@@ -67,7 +67,7 @@
   
   function testDefaultPolicy()
   {
-    $acl = new lmbAcl($default_policy = true);
+    $acl = new lmbAcl(true, $default_policy = true);
     $acl->addRole('guest');
     $acl->addResource('news');
     $this->assertTrue($acl->isAllowed('guest', 'news', 'view'));
@@ -185,9 +185,9 @@
     $this->assertFalse($acl->isAllowed('spy', 'secret', 'view'));
   }  
   
-  function testAllowAndDenyWithInherits_AllowingIndependedFromInheritsDefinition()
+  function testAllowAndDenyWithInherits_DefaultInheritsPolicyisAllow()
   {
-    $acl = new lmbAcl();
+    $acl = new lmbAcl($default_inherits_policy = true);
     
     $acl->addRole('user');
     $acl->addRole('intruder');
@@ -201,4 +201,21 @@
     $this->assertTrue($acl->isAllowed('firstly user'));
     $this->assertTrue($acl->isAllowed('firstly intruder'));
   }  
+  
+  function testAllowAndDenyWithInherits_DefaultInheritsPolicyisDeny()
+  {
+    $acl = new lmbAcl($default_inherits_policy = false);
+    
+    $acl->addRole('user');
+    $acl->addRole('intruder');
+    
+    $acl->addRole('firstly user', array('user', 'intruder'));
+    $acl->addRole('firstly intruder', array('intruder', 'user'));
+            
+    $acl->allow('user');
+    $acl->deny('intruder');
+    
+    $this->assertFalse($acl->isAllowed('firstly user'));
+    $this->assertFalse($acl->isAllowed('firstly intruder'));
+  }  
 }

