From 213afde7588611ac89bc348869cdbf0e0ca14126 Mon Sep 17 00:00:00 2001 From: Bui Sy Nguyen Date: Fri, 22 Jan 2016 12:09:10 +0700 Subject: [PATCH] Implement #6: remove Zend_Acl** class and usefproject\amf\acl\** classes instead --- fproject/Zend/Acl/Assert/Interface.php | 64 ---- fproject/Zend/Acl/Resource.php | 75 ---- fproject/Zend/Acl/Resource/Interface.php | 37 -- fproject/Zend/Acl/Role.php | 75 ---- fproject/Zend/Acl/Role/Interface.php | 37 -- fproject/Zend/Amf/Adobe/Auth.php | 11 +- fproject/Zend/Amf/Adobe/Introspector.php | 6 +- fproject/Zend/Amf/Server.php | 11 +- fproject/{Zend => amf/acl}/Acl.php | 338 ++++++++---------- fproject/amf/acl/AssertInterface.php | 39 ++ fproject/amf/acl/Resource.php | 61 ++++ fproject/amf/acl/ResourceInterface.php | 30 ++ fproject/amf/acl/Role.php | 61 ++++ fproject/amf/acl/RoleInterface.php | 30 ++ .../Registry.php => amf/acl/RoleRegistry.php} | 115 +++--- tests/Zend/Amf/AuthTest.php | 30 +- tests/Zend/Amf/ServerTest.php | 3 +- 17 files changed, 457 insertions(+), 566 deletions(-) delete mode 100644 fproject/Zend/Acl/Assert/Interface.php delete mode 100644 fproject/Zend/Acl/Resource.php delete mode 100644 fproject/Zend/Acl/Resource/Interface.php delete mode 100644 fproject/Zend/Acl/Role.php delete mode 100644 fproject/Zend/Acl/Role/Interface.php rename fproject/{Zend => amf/acl}/Acl.php (80%) create mode 100644 fproject/amf/acl/AssertInterface.php create mode 100644 fproject/amf/acl/Resource.php create mode 100644 fproject/amf/acl/ResourceInterface.php create mode 100644 fproject/amf/acl/Role.php create mode 100644 fproject/amf/acl/RoleInterface.php rename fproject/{Zend/Acl/Role/Registry.php => amf/acl/RoleRegistry.php} (65%) diff --git a/fproject/Zend/Acl/Assert/Interface.php b/fproject/Zend/Acl/Assert/Interface.php deleted file mode 100644 index b95f785..0000000 --- a/fproject/Zend/Acl/Assert/Interface.php +++ /dev/null @@ -1,64 +0,0 @@ -_resourceId = (string) $resourceId; - } - - /** - * Defined by Zend_Acl_Resource_Interface; returns the Resource identifier - * - * @return string - */ - public function getResourceId() - { - return $this->_resourceId; - } - - /** - * Defined by Zend_Acl_Resource_Interface; returns the Resource identifier - * Proxies to getResourceId() - * - * @return string - */ - public function __toString() - { - return $this->getResourceId(); - } -} diff --git a/fproject/Zend/Acl/Resource/Interface.php b/fproject/Zend/Acl/Resource/Interface.php deleted file mode 100644 index 3c6d358..0000000 --- a/fproject/Zend/Acl/Resource/Interface.php +++ /dev/null @@ -1,37 +0,0 @@ -_roleId = (string) $roleId; - } - - /** - * Defined by Zend_Acl_Role_Interface; returns the Role identifier - * - * @return string - */ - public function getRoleId() - { - return $this->_roleId; - } - - /** - * Defined by Zend_Acl_Role_Interface; returns the Role identifier - * Proxies to getRoleId() - * - * @return string - */ - public function __toString() - { - return $this->getRoleId(); - } -} diff --git a/fproject/Zend/Acl/Role/Interface.php b/fproject/Zend/Acl/Role/Interface.php deleted file mode 100644 index 0bd3fb5..0000000 --- a/fproject/Zend/Acl/Role/Interface.php +++ /dev/null @@ -1,37 +0,0 @@ -_acl = new Zend_Acl(); + $this->_acl = new \fproject\amf\acl\Acl(); $xml = Zend_Xml_Security::scanFile($rolefile); /* Roles file format: @@ -73,7 +70,7 @@ public function __construct($rolefile) */ foreach($xml->role as $role) { - $this->_acl->addRole(new Zend_Acl_Role((string)$role["id"])); + $this->_acl->addRole(new \fproject\amf\acl\Role((string)$role["id"])); foreach($role->user as $user) { $this->_users[(string)$user["name"]] = array("password" => (string)$user["password"], "role" => (string)$role["id"]); @@ -84,7 +81,7 @@ public function __construct($rolefile) /** * Get ACL with roles from XML file * - * @return Zend_Acl + * @return \fproject\amf\acl\Acl */ public function getAcl() { diff --git a/fproject/Zend/Amf/Adobe/Introspector.php b/fproject/Zend/Amf/Adobe/Introspector.php index dc57910..52ea954 100644 --- a/fproject/Zend/Amf/Adobe/Introspector.php +++ b/fproject/Zend/Amf/Adobe/Introspector.php @@ -115,10 +115,10 @@ public function introspect($serviceClass, $options = array()) /** * Authentication handler * - * @param Zend_Acl $acl - * @return unknown_type + * @param \fproject\amf\acl\Acl $acl + * @return bool */ - public function initAcl(Zend_Acl $acl) + public function initAcl(\fproject\amf\acl\Acl $acl) { return false; // we do not need auth for this class } diff --git a/fproject/Zend/Amf/Server.php b/fproject/Zend/Amf/Server.php index 51f7b1f..106cc9b 100644 --- a/fproject/Zend/Amf/Server.php +++ b/fproject/Zend/Amf/Server.php @@ -125,7 +125,7 @@ class Zend_Amf_Server implements Zend_Server_Interface /** * ACL handler object * - * @var Zend_Acl + * @var \fproject\amf\acl\Acl */ protected $_acl; /** @@ -166,10 +166,10 @@ public function getAuth() /** * Set ACL adapter * - * @param Zend_Acl $acl + * @param \fproject\amf\acl\Acl $acl * @return Zend_Amf_Server */ - public function setAcl(Zend_Acl $acl) + public function setAcl(\fproject\amf\acl\Acl $acl) { $this->_acl = $acl; return $this; @@ -177,7 +177,7 @@ public function setAcl(Zend_Acl $acl) /** * Get ACL adapter * - * @return Zend_Acl + * @return \fproject\amf\acl\Acl */ public function getAcl() { @@ -244,8 +244,7 @@ protected function _checkAcl($object, $function) if($object) { $class = is_object($object)?get_class($object):$object; if(!$this->_acl->has($class)) { - require_once 'Zend/Acl/Resource.php'; - $this->_acl->addResource(new Zend_Acl_Resource($class)); + $this->_acl->addResource(new \fproject\amf\acl\Resource($class)); } $call = array($object, "initAcl"); if(is_callable($call) && !call_user_func($call, $this->_acl)) { diff --git a/fproject/Zend/Acl.php b/fproject/amf/acl/Acl.php similarity index 80% rename from fproject/Zend/Acl.php rename to fproject/amf/acl/Acl.php index 45b1c93..35334b8 100644 --- a/fproject/Zend/Acl.php +++ b/fproject/amf/acl/Acl.php @@ -1,62 +1,27 @@ _getRoleRegistry()->remove($role); - if ($role instanceof Zend_Acl_Role_Interface) { + if ($role instanceof RoleInterface) { $roleId = $role->getRoleId(); } else { $roleId = $role; @@ -249,8 +215,8 @@ public function removeRole($role) /** * Removes all Roles from the registry * - * @uses Zend_Acl_Role_Registry::removeAll() - * @return Zend_Acl Provides a fluent interface + * @uses RoleRegistry::removeAll() + * @return Acl Provides a fluent interface */ public function removeRoleAll() { @@ -274,39 +240,40 @@ public function removeRoleAll() * The $parent parameter may be a reference to, or the string identifier for, * the existing Resource from which the newly added Resource will inherit. * - * @param Zend_Acl_Resource_Interface|string $resource - * @param Zend_Acl_Resource_Interface|string $parent - * @throws \fproject\amf\AmfException - * @return Zend_Acl Provides a fluent interface + * @param ResourceInterface|string $resource + * @param ResourceInterface|string $parent + * @throws AmfException + * @return Acl Provides a fluent interface */ public function addResource($resource, $parent = null) { if (is_string($resource)) { - $resource = new Zend_Acl_Resource($resource); + $resource = new Resource($resource); } - if (!$resource instanceof Zend_Acl_Resource_Interface) { - throw new \fproject\amf\AmfException('addResource() expects $resource to be of type Zend_Acl_Resource_Interface'); + if (!$resource instanceof ResourceInterface) { + throw new AmfException('addResource() expects $resource to be of type ResourceInterface'); } $resourceId = $resource->getResourceId(); if ($this->has($resourceId)) { - throw new \fproject\amf\AmfException("Resource id '$resourceId' already exists in the ACL"); + throw new AmfException("Resource id '$resourceId' already exists in the ACL"); } $resourceParent = null; if (null !== $parent) { try { - if ($parent instanceof Zend_Acl_Resource_Interface) { + if ($parent instanceof ResourceInterface) { $resourceParentId = $parent->getResourceId(); } else { $resourceParentId = $parent; } $resourceParent = $this->get($resourceParentId); - } catch (\fproject\amf\AmfException $e) { - throw new \fproject\amf\AmfException("Parent Resource id '$resourceParentId' does not exist", 0, $e); + } catch (AmfException $e) { + /** @var $resourceParentId */ + throw new AmfException("Parent Resource id '$resourceParentId' does not exist", 0, $e); } $this->_resources[$resourceParentId]['children'][$resourceId] = $resource; } @@ -325,20 +292,20 @@ public function addResource($resource, $parent = null) * * The $resource parameter can either be a Resource or a Resource identifier. * - * @param Zend_Acl_Resource_Interface|string $resource - * @throws \fproject\amf\AmfException - * @return Zend_Acl_Resource_Interface + * @param ResourceInterface|string $resource + * @throws AmfException + * @return ResourceInterface */ public function get($resource) { - if ($resource instanceof Zend_Acl_Resource_Interface) { + if ($resource instanceof ResourceInterface) { $resourceId = $resource->getResourceId(); } else { $resourceId = (string) $resource; } if (!$this->has($resource)) { - throw new \fproject\amf\AmfException("Resource '$resourceId' not found"); + throw new AmfException("Resource '$resourceId' not found"); } return $this->_resources[$resourceId]['instance']; @@ -349,12 +316,12 @@ public function get($resource) * * The $resource parameter can either be a Resource or a Resource identifier. * - * @param Zend_Acl_Resource_Interface|string $resource + * @param ResourceInterface|string $resource * @return boolean */ public function has($resource) { - if ($resource instanceof Zend_Acl_Resource_Interface) { + if ($resource instanceof ResourceInterface) { $resourceId = $resource->getResourceId(); } else { $resourceId = (string) $resource; @@ -372,19 +339,19 @@ public function has($resource) * through the entire inheritance tree to determine whether $resource * inherits from $inherit through its ancestor Resources. * - * @param Zend_Acl_Resource_Interface|string $resource - * @param Zend_Acl_Resource_Interface|string $inherit - * @param boolean $onlyParent - * @throws Zend_Acl_Resource_Registry_Exception - * @return boolean + * @param ResourceInterface|string $resource + * @param ResourceInterface|string $inherit + * @param boolean $onlyParent + * @return bool + * @throws AmfException */ public function inherits($resource, $inherit, $onlyParent = false) { try { $resourceId = $this->get($resource)->getResourceId(); $inheritId = $this->get($inherit)->getResourceId(); - } catch (\fproject\amf\AmfException $e) { - throw new \fproject\amf\AmfException($e->getMessage(), $e->getCode(), $e); + } catch (AmfException $e) { + throw new AmfException($e->getMessage(), $e->getCode(), $e); } if (null !== $this->_resources[$resourceId]['parent']) { @@ -413,19 +380,20 @@ public function inherits($resource, $inherit, $onlyParent = false) * * The $resource parameter can either be a Resource or a Resource identifier. * - * @param Zend_Acl_Resource_Interface|string $resource - * @throws \fproject\amf\AmfException - * @return Zend_Acl Provides a fluent interface + * @param ResourceInterface|string $resource + * @throws AmfException + * @return Acl Provides a fluent interface */ public function remove($resource) { try { $resourceId = $this->get($resource)->getResourceId(); - } catch (\fproject\amf\AmfException $e) { - throw new \fproject\amf\AmfException($e->getMessage(), $e->getCode(), $e); + } catch (AmfException $e) { + throw new AmfException($e->getMessage(), $e->getCode(), $e); } $resourcesRemoved = array($resourceId); + /** @var ResourceInterface $resourceParent */ if (null !== ($resourceParent = $this->_resources[$resourceId]['parent'])) { unset($this->_resources[$resourceParent->getResourceId()]['children'][$resourceId]); } @@ -450,7 +418,7 @@ public function remove($resource) /** * Removes all Resources * - * @return Zend_Acl Provides a fluent interface + * @return Acl Provides a fluent interface */ public function removeAll() { @@ -470,14 +438,14 @@ public function removeAll() /** * Adds an "allow" rule to the ACL * - * @param Zend_Acl_Role_Interface|string|array $roles - * @param Zend_Acl_Resource_Interface|string|array $resources - * @param string|array $privileges - * @param Zend_Acl_Assert_Interface $assert - * @uses Zend_Acl::setRule() - * @return Zend_Acl Provides a fluent interface + * @param RoleInterface|string|array $roles + * @param ResourceInterface|string|array $resources + * @param string|array $privileges + * @param AssertInterface $assert + * @uses Acl::setRule() + * @return Acl Provides a fluent interface */ - public function allow($roles = null, $resources = null, $privileges = null, Zend_Acl_Assert_Interface $assert = null) + public function allow($roles = null, $resources = null, $privileges = null, AssertInterface $assert = null) { return $this->setRule(self::OP_ADD, self::TYPE_ALLOW, $roles, $resources, $privileges, $assert); } @@ -485,14 +453,14 @@ public function allow($roles = null, $resources = null, $privileges = null, Zend /** * Adds a "deny" rule to the ACL * - * @param Zend_Acl_Role_Interface|string|array $roles - * @param Zend_Acl_Resource_Interface|string|array $resources + * @param RoleInterface|string|array $roles + * @param ResourceInterface|string|array $resources * @param string|array $privileges - * @param Zend_Acl_Assert_Interface $assert - * @uses Zend_Acl::setRule() - * @return Zend_Acl Provides a fluent interface + * @param AssertInterface $assert + * @uses Acl::setRule() + * @return Acl Provides a fluent interface */ - public function deny($roles = null, $resources = null, $privileges = null, Zend_Acl_Assert_Interface $assert = null) + public function deny($roles = null, $resources = null, $privileges = null, AssertInterface $assert = null) { return $this->setRule(self::OP_ADD, self::TYPE_DENY, $roles, $resources, $privileges, $assert); } @@ -500,11 +468,11 @@ public function deny($roles = null, $resources = null, $privileges = null, Zend_ /** * Removes "allow" permissions from the ACL * - * @param Zend_Acl_Role_Interface|string|array $roles - * @param Zend_Acl_Resource_Interface|string|array $resources + * @param RoleInterface|string|array $roles + * @param ResourceInterface|string|array $resources * @param string|array $privileges - * @uses Zend_Acl::setRule() - * @return Zend_Acl Provides a fluent interface + * @uses Acl::setRule() + * @return Acl Provides a fluent interface */ public function removeAllow($roles = null, $resources = null, $privileges = null) { @@ -514,11 +482,11 @@ public function removeAllow($roles = null, $resources = null, $privileges = null /** * Removes "deny" restrictions from the ACL * - * @param Zend_Acl_Role_Interface|string|array $roles - * @param Zend_Acl_Resource_Interface|string|array $resources + * @param RoleInterface|string|array $roles + * @param ResourceInterface|string|array $resources * @param string|array $privileges - * @uses Zend_Acl::setRule() - * @return Zend_Acl Provides a fluent interface + * @uses Acl::setRule() + * @return Acl Provides a fluent interface */ public function removeDeny($roles = null, $resources = null, $privileges = null) { @@ -568,23 +536,23 @@ public function removeDeny($roles = null, $resources = null, $privileges = null) * * @param string $operation * @param string $type - * @param Zend_Acl_Role_Interface|string|array $roles - * @param Zend_Acl_Resource_Interface|string|array $resources + * @param RoleInterface|string|array $roles + * @param ResourceInterface|string|array $resources * @param string|array $privileges - * @param Zend_Acl_Assert_Interface $assert - * @throws \fproject\amf\AmfException - * @uses Zend_Acl_Role_Registry::get() - * @uses Zend_Acl::get() - * @return Zend_Acl Provides a fluent interface + * @param AssertInterface $assert + * @throws AmfException + * @uses RoleRegistry::get() + * @uses Acl::get() + * @return Acl Provides a fluent interface */ public function setRule($operation, $type, $roles = null, $resources = null, $privileges = null, - Zend_Acl_Assert_Interface $assert = null) + AssertInterface $assert = null) { // ensure that the rule type is valid; normalize input to uppercase $type = strtoupper($type); if (self::TYPE_ALLOW !== $type && self::TYPE_DENY !== $type) { - throw new \fproject\amf\AmfException("Unsupported rule type; must be either '" . self::TYPE_ALLOW . "' or '" + throw new AmfException("Unsupported rule type; must be either '" . self::TYPE_ALLOW . "' or '" . self::TYPE_DENY . "'"); } @@ -720,6 +688,7 @@ public function setRule($operation, $type, $roles = null, $resources = null, $pr } else { // this block will apply to all resources in a global rule foreach ($roles as $role) { + /** @var array $allResources */ /** * since null (all resources) was passed to this setRule() call, we need * clean up all the rules for the global allResources, as well as the indivually @@ -763,7 +732,7 @@ public function setRule($operation, $type, $roles = null, $resources = null, $pr default: - throw new \fproject\amf\AmfException("Unsupported operation; must be either '" . self::OP_ADD . "' or '" + throw new AmfException("Unsupported operation; must be either '" . self::OP_ADD . "' or '" . self::OP_REMOVE . "'"); } @@ -778,7 +747,7 @@ public function setRule($operation, $type, $roles = null, $resources = null, $pr * * If either $role or $resource is null, then the query applies to all Roles or all Resources, * respectively. Both may be null to query whether the ACL has a "blacklist" rule - * (allow everything to all). By default, Zend_Acl creates a "whitelist" rule (deny + * (allow everything to all). By default, Acl creates a "whitelist" rule (deny * everything to all), and this method would return false unless this default has * been overridden (i.e., by executing $acl->allow()). * @@ -791,11 +760,11 @@ public function setRule($operation, $type, $roles = null, $resources = null, $pr * and its respective parents are checked similarly before the lower-priority parents of * the Role are checked. * - * @param Zend_Acl_Role_Interface|string $role - * @param Zend_Acl_Resource_Interface|string $resource + * @param RoleInterface|string $role + * @param ResourceInterface|string $resource * @param string $privilege - * @uses Zend_Acl::get() - * @uses Zend_Acl_Role_Registry::get() + * @uses Acl::get() + * @uses RoleRegistry::get() * @return boolean */ public function isAllowed($role = null, $resource = null, $privilege = null) @@ -809,7 +778,7 @@ public function isAllowed($role = null, $resource = null, $privilege = null) // keep track of originally called role $this->_isAllowedRole = $role; $role = $this->_getRoleRegistry()->get($role); - if (!$this->_isAllowedRole instanceof Zend_Acl_Role_Interface) { + if (!$this->_isAllowedRole instanceof RoleInterface) { $this->_isAllowedRole = $role; } } @@ -818,7 +787,7 @@ public function isAllowed($role = null, $resource = null, $privilege = null) // keep track of originally called resource $this->_isAllowedResource = $resource; $resource = $this->get($resource); - if (!$this->_isAllowedResource instanceof Zend_Acl_Resource_Interface) { + if (!$this->_isAllowedResource instanceof ResourceInterface) { $this->_isAllowedResource = $resource; } } @@ -827,7 +796,7 @@ public function isAllowed($role = null, $resource = null, $privilege = null) // query on all privileges do { // depth-first search on $role if it is not 'allRoles' pseudo-parent - if (null !== $role && null !== ($result = $this->_roleDFSAllPrivileges($role, $resource, $privilege))) { + if (null !== $role && null !== ($result = $this->_roleDFSAllPrivileges($role, $resource))) { return $result; } @@ -868,6 +837,8 @@ public function isAllowed($role = null, $resource = null, $privilege = null) } while (true); // loop terminates at 'allResources' pseudo-parent } + + return false; } /** @@ -876,12 +847,12 @@ public function isAllowed($role = null, $resource = null, $privilege = null) * If no Role registry has been created yet, a new default Role registry * is created and returned. * - * @return Zend_Acl_Role_Registry + * @return RoleRegistry */ protected function _getRoleRegistry() { if (null === $this->_roleRegistry) { - $this->_roleRegistry = new Zend_Acl_Role_Registry(); + $this->_roleRegistry = new RoleRegistry(); } return $this->_roleRegistry; } @@ -893,11 +864,11 @@ protected function _getRoleRegistry() * This method returns true if a rule is found and allows access. If a rule exists and denies access, * then this method returns false. If no applicable rule is found, then this method returns null. * - * @param Zend_Acl_Role_Interface $role - * @param Zend_Acl_Resource_Interface $resource + * @param RoleInterface $role + * @param ResourceInterface $resource * @return boolean|null */ - protected function _roleDFSAllPrivileges(Zend_Acl_Role_Interface $role, Zend_Acl_Resource_Interface $resource = null) + protected function _roleDFSAllPrivileges(RoleInterface $role, ResourceInterface $resource = null) { $dfs = array( 'visited' => array(), @@ -927,17 +898,17 @@ protected function _roleDFSAllPrivileges(Zend_Acl_Role_Interface $role, Zend_Acl * * This method is used by the internal depth-first search algorithm and may modify the DFS data structure. * - * @param Zend_Acl_Role_Interface $role - * @param Zend_Acl_Resource_Interface $resource + * @param RoleInterface $role + * @param ResourceInterface $resource * @param array $dfs * @return boolean|null - * @throws \fproject\amf\AmfException + * @throws AmfException */ - protected function _roleDFSVisitAllPrivileges(Zend_Acl_Role_Interface $role, Zend_Acl_Resource_Interface $resource = null, + protected function _roleDFSVisitAllPrivileges(RoleInterface $role, ResourceInterface $resource = null, &$dfs = null) { if (null === $dfs) { - throw new \fproject\amf\AmfException('$dfs parameter may not be null'); + throw new AmfException('$dfs parameter may not be null'); } if (null !== ($rules = $this->_getRules($resource, $role))) { @@ -966,17 +937,17 @@ protected function _roleDFSVisitAllPrivileges(Zend_Acl_Role_Interface $role, Zen * This method returns true if a rule is found and allows access. If a rule exists and denies access, * then this method returns false. If no applicable rule is found, then this method returns null. * - * @param Zend_Acl_Role_Interface $role - * @param Zend_Acl_Resource_Interface $resource + * @param RoleInterface $role + * @param ResourceInterface $resource * @param string $privilege * @return boolean|null - * @throws \fproject\amf\AmfException + * @throws AmfException */ - protected function _roleDFSOnePrivilege(Zend_Acl_Role_Interface $role, Zend_Acl_Resource_Interface $resource = null, + protected function _roleDFSOnePrivilege(RoleInterface $role, ResourceInterface $resource = null, $privilege = null) { if (null === $privilege) { - throw new \fproject\amf\AmfException('$privilege parameter may not be null'); + throw new AmfException('$privilege parameter may not be null'); } $dfs = array( @@ -1007,22 +978,22 @@ protected function _roleDFSOnePrivilege(Zend_Acl_Role_Interface $role, Zend_Acl_ * * This method is used by the internal depth-first search algorithm and may modify the DFS data structure. * - * @param Zend_Acl_Role_Interface $role - * @param Zend_Acl_Resource_Interface $resource + * @param RoleInterface $role + * @param ResourceInterface $resource * @param string $privilege * @param array $dfs * @return boolean|null - * @throws \fproject\amf\AmfException + * @throws AmfException */ - protected function _roleDFSVisitOnePrivilege(Zend_Acl_Role_Interface $role, Zend_Acl_Resource_Interface $resource = null, + protected function _roleDFSVisitOnePrivilege(RoleInterface $role, ResourceInterface $resource = null, $privilege = null, &$dfs = null) { if (null === $privilege) { - throw new \fproject\amf\AmfException('$privilege parameter may not be null'); + throw new AmfException('$privilege parameter may not be null'); } if (null === $dfs) { - throw new \fproject\amf\AmfException('$dfs parameter may not be null'); + throw new AmfException('$dfs parameter may not be null'); } if (null !== ($ruleTypeOnePrivilege = $this->_getRuleType($resource, $role, $privilege))) { @@ -1055,12 +1026,12 @@ protected function _roleDFSVisitOnePrivilege(Zend_Acl_Role_Interface $role, Zend * If all three parameters are null, then the default ACL rule type is returned, * based on whether its assertion method passes. * - * @param Zend_Acl_Resource_Interface $resource - * @param Zend_Acl_Role_Interface $role + * @param ResourceInterface $resource + * @param RoleInterface $role * @param string $privilege * @return string|null */ - protected function _getRuleType(Zend_Acl_Resource_Interface $resource = null, Zend_Acl_Role_Interface $role = null, + protected function _getRuleType(ResourceInterface $resource = null, RoleInterface $role = null, $privilege = null) { // get the rules for the $resource and $role @@ -1083,14 +1054,19 @@ protected function _getRuleType(Zend_Acl_Resource_Interface $resource = null, Ze // check assertion first if ($rule['assert']) { + /** @var AssertInterface $assertion */ $assertion = $rule['assert']; $assertionValue = $assertion->assert( $this, - ($this->_isAllowedRole instanceof Zend_Acl_Role_Interface) ? $this->_isAllowedRole : $role, - ($this->_isAllowedResource instanceof Zend_Acl_Resource_Interface) ? $this->_isAllowedResource : $resource, + ($this->_isAllowedRole instanceof RoleInterface) ? $this->_isAllowedRole : $role, + ($this->_isAllowedResource instanceof ResourceInterface) ? $this->_isAllowedResource : $resource, $this->_isAllowedPrivilege ); } + else + { + $assertionValue = false; + } if (null === $rule['assert'] || $assertionValue) { return $rule['type']; @@ -1111,12 +1087,12 @@ protected function _getRuleType(Zend_Acl_Resource_Interface $resource = null, Ze * * If the $create parameter is true, then a rule set is first created and then returned to the caller. * - * @param Zend_Acl_Resource_Interface $resource - * @param Zend_Acl_Role_Interface $role + * @param ResourceInterface $resource + * @param RoleInterface $role * @param boolean $create * @return array|null */ - protected function &_getRules(Zend_Acl_Resource_Interface $resource = null, Zend_Acl_Role_Interface $role = null, + protected function &_getRules(ResourceInterface $resource = null, RoleInterface $role = null, $create = false) { // create a reference to null diff --git a/fproject/amf/acl/AssertInterface.php b/fproject/amf/acl/AssertInterface.php new file mode 100644 index 0000000..34e325a --- /dev/null +++ b/fproject/amf/acl/AssertInterface.php @@ -0,0 +1,39 @@ +_resourceId = (string) $resourceId; + } + + /** + * Defined by \fproject\amf\acl\ResourceInterface; returns the Resource identifier + * + * @return string + */ + public function getResourceId() + { + return $this->_resourceId; + } + + /** + * Defined by \fproject\amf\acl\ResourceInterface; returns the Resource identifier + * Proxies to getResourceId() + * + * @return string + */ + public function __toString() + { + return $this->getResourceId(); + } +} diff --git a/fproject/amf/acl/ResourceInterface.php b/fproject/amf/acl/ResourceInterface.php new file mode 100644 index 0000000..b89f974 --- /dev/null +++ b/fproject/amf/acl/ResourceInterface.php @@ -0,0 +1,30 @@ +_roleId = (string) $roleId; + } + + /** + * Defined by \fproject\amf\acl\RoleInterface; returns the Role identifier + * + * @return string + */ + public function getRoleId() + { + return $this->_roleId; + } + + /** + * Defined by \fproject\amf\acl\RoleInterface; returns the Role identifier + * Proxies to getRoleId() + * + * @return string + */ + public function __toString() + { + return $this->getRoleId(); + } +} diff --git a/fproject/amf/acl/RoleInterface.php b/fproject/amf/acl/RoleInterface.php new file mode 100644 index 0000000..7344924 --- /dev/null +++ b/fproject/amf/acl/RoleInterface.php @@ -0,0 +1,30 @@ +getRoleId(); if ($this->has($roleId)) { - throw new \fproject\amf\AmfException("Role id '$roleId' already exists in the registry"); + throw new AmfException("Role id '$roleId' already exists in the registry"); } $roleParents = []; @@ -76,14 +64,15 @@ public function add(Zend_Acl_Role_Interface $role, $parents = null) } foreach ($parents as $parent) { try { - if ($parent instanceof Zend_Acl_Role_Interface) { + if ($parent instanceof RoleInterface) { $roleParentId = $parent->getRoleId(); } else { $roleParentId = $parent; } $roleParent = $this->get($roleParentId); - } catch (\fproject\amf\AmfException $e) { - throw new \fproject\amf\AmfException("Parent Role id '$roleParentId' does not exist", 0, $e); + } catch (AmfException $e) { + /** @var mixed $roleParentId */ + throw new AmfException("Parent Role id '$roleParentId' does not exist", 0, $e); } $roleParents[$roleParentId] = $roleParent; $this->_roles[$roleParentId]['children'][$roleId] = $role; @@ -104,20 +93,20 @@ public function add(Zend_Acl_Role_Interface $role, $parents = null) * * The $role parameter can either be a Role or a Role identifier. * - * @param Zend_Acl_Role_Interface|string $role - * @throws \fproject\amf\AmfException - * @return Zend_Acl_Role_Interface + * @param RoleInterface|string $role + * @throws AmfException + * @return RoleInterface */ public function get($role) { - if ($role instanceof Zend_Acl_Role_Interface) { + if ($role instanceof RoleInterface) { $roleId = $role->getRoleId(); } else { $roleId = (string) $role; } if (!$this->has($role)) { - throw new \fproject\amf\AmfException("Role '$roleId' not found"); + throw new AmfException("Role '$roleId' not found"); } return $this->_roles[$roleId]['instance']; @@ -128,12 +117,12 @@ public function get($role) * * The $role parameter can either be a Role or a Role identifier. * - * @param Zend_Acl_Role_Interface|string $role + * @param RoleInterface|string $role * @return boolean */ public function has($role) { - if ($role instanceof Zend_Acl_Role_Interface) { + if ($role instanceof RoleInterface) { $roleId = $role->getRoleId(); } else { $roleId = (string) $role; @@ -152,8 +141,8 @@ public function has($role) * * If the Role does not have any parents, then an empty array is returned. * - * @param Zend_Acl_Role_Interface|string $role - * @uses Zend_Acl_Role_Registry::get() + * @param RoleInterface|string $role + * @uses RoleRegistry::get() * @return array */ public function getParents($role) @@ -172,10 +161,10 @@ public function getParents($role) * through the entire inheritance DAG to determine whether $role * inherits from $inherit through its ancestor Roles. * - * @param Zend_Acl_Role_Interface|string $role - * @param Zend_Acl_Role_Interface|string $inherit + * @param RoleInterface|string $role + * @param RoleInterface|string $inherit * @param boolean $onlyParents - * @throws \fproject\amf\AmfException + * @throws AmfException * @return boolean */ public function inherits($role, $inherit, $onlyParents = false) @@ -183,8 +172,8 @@ public function inherits($role, $inherit, $onlyParents = false) try { $roleId = $this->get($role)->getRoleId(); $inheritId = $this->get($inherit)->getRoleId(); - } catch (\fproject\amf\AmfException $e) { - throw new \fproject\amf\AmfException($e->getMessage(), $e->getCode(), $e); + } catch (AmfException $e) { + throw new AmfException($e->getMessage(), $e->getCode(), $e); } $inherits = isset($this->_roles[$roleId]['parents'][$inheritId]); @@ -207,16 +196,16 @@ public function inherits($role, $inherit, $onlyParents = false) * * The $role parameter can either be a Role or a Role identifier. * - * @param Zend_Acl_Role_Interface|string $role - * @throws \fproject\amf\AmfException - * @return Zend_Acl_Role_Registry Provides a fluent interface + * @param RoleInterface|string $role + * @throws AmfException + * @return RoleRegistry Provides a fluent interface */ public function remove($role) { try { $roleId = $this->get($role)->getRoleId(); - } catch (\fproject\amf\AmfException $e) { - throw new \fproject\amf\AmfException($e->getMessage(), $e->getCode(), $e); + } catch (AmfException $e) { + throw new AmfException($e->getMessage(), $e->getCode(), $e); } foreach ($this->_roles[$roleId]['children'] as $childId => $child) { @@ -234,7 +223,7 @@ public function remove($role) /** * Removes all Roles from the registry * - * @return Zend_Acl_Role_Registry Provides a fluent interface + * @return RoleRegistry Provides a fluent interface */ public function removeAll() { diff --git a/tests/Zend/Amf/AuthTest.php b/tests/Zend/Amf/AuthTest.php index 1d00e1d..f5e7ec5 100644 --- a/tests/Zend/Amf/AuthTest.php +++ b/tests/Zend/Amf/AuthTest.php @@ -30,8 +30,6 @@ require_once 'Zend/Amf/Parse/TypeLoader.php'; require_once 'Zend/Amf/Value/Messaging/RemotingMessage.php'; require_once 'Zend/Session.php'; -require_once 'Zend/Acl.php'; -require_once 'Zend/Acl/Role.php'; /** * @category Zend @@ -62,7 +60,7 @@ public function setUp() $this->_server = new Zend_Amf_Server(); $this->_server->setProduction(false); Zend_Amf_Parse_TypeLoader::resetMap(); - $this->_acl = new Zend_Acl(); + $this->_acl = new \fproject\amf\acl\Acl(); } protected function tearDown() @@ -138,7 +136,7 @@ public function testAnonymousDenied() { Zend_Session::$_unitTestEnabled = true; $this->_server->setAuth(new WrongPassword()); - $this->_acl->addRole(new Zend_Acl_Role(Zend_Amf_Constants::GUEST_ROLE)); + $this->_acl->addRole(new \fproject\amf\acl\Role(Zend_Amf_Constants::GUEST_ROLE)); $this->_server->setAcl($this->_acl); $resp = $this->_callService(); $this->assertTrue($resp instanceof Zend_Amf_Value_Messaging_ErrorMessage); @@ -149,7 +147,7 @@ public function testAnonymousOK() { Zend_Session::$_unitTestEnabled = true; $this->_server->setAuth(new WrongPassword()); - $this->_acl->addRole(new Zend_Acl_Role(Zend_Amf_Constants::GUEST_ROLE)); + $this->_acl->addRole(new \fproject\amf\acl\Role(Zend_Amf_Constants::GUEST_ROLE)); $this->_acl->allow(Zend_Amf_Constants::GUEST_ROLE, null, null); $this->_server->setAcl($this->_acl); $resp = $this->_callService(); @@ -180,7 +178,7 @@ public function testRightPassword() { Zend_Session::$_unitTestEnabled = true; $this->_server->setAuth(new RightPassword("testuser", "testrole")); - $this->_acl->addRole(new Zend_Acl_Role("testrole")); + $this->_acl->addRole(new \fproject\amf\acl\Role("testrole")); $this->_acl->allow("testrole", null, null); $this->_server->setAcl($this->_acl); $resp = $this->_callServiceAuth("testuser", ""); @@ -192,7 +190,7 @@ public function testRightPassword() public function testNoAcl() { $this->_server->setAuth(new RightPassword("testuser", "testrole")); - $this->_acl->addRole(new Zend_Acl_Role("testrole")); + $this->_acl->addRole(new \fproject\amf\acl\Role("testrole")); $this->_server->setAcl($this->_acl); $resp = $this->_callServiceAuth("testuser", ""); $this->assertTrue($resp[0]->getData() instanceof Zend_Amf_Value_Messaging_AcknowledgeMessage); @@ -205,7 +203,7 @@ public function testNoAcl() public function testNoClassAcl() { $this->_server->setAuth(new RightPassword("testuser", "testrole")); - $this->_acl->addRole(new Zend_Acl_Role("testrole")); + $this->_acl->addRole(new \fproject\amf\acl\Role("testrole")); $this->_server->setAcl($this->_acl); $resp = $this->_callServiceAuth("testuser", "", 'Zend_Amf_Auth_testclass_NoAcl'); $this->assertTrue($resp[0]->getData() instanceof Zend_Amf_Value_Messaging_AcknowledgeMessage); @@ -217,8 +215,8 @@ public function testClassAclAllowed() { Zend_Session::$_unitTestEnabled = true; $this->_server->setAuth(new RightPassword("testuser", "testrole")); - $this->_acl->addRole(new Zend_Acl_Role("testrole")); - $this->_acl->addRole(new Zend_Acl_Role("testrole2")); + $this->_acl->addRole(new \fproject\amf\acl\Role("testrole")); + $this->_acl->addRole(new \fproject\amf\acl\Role("testrole2")); $this->_server->setAcl($this->_acl); $resp = $this->_callServiceAuth("testuser", "", 'Zend_Amf_Auth_testclass_Acl'); $this->assertTrue($resp[0]->getData() instanceof Zend_Amf_Value_Messaging_AcknowledgeMessage); @@ -229,8 +227,8 @@ public function testClassAclAllowed() public function testClassAclDenied() { $this->_server->setAuth(new RightPassword("testuser", "testrole2")); - $this->_acl->addRole(new Zend_Acl_Role("testrole")); - $this->_acl->addRole(new Zend_Acl_Role("testrole2")); + $this->_acl->addRole(new \fproject\amf\acl\Role("testrole")); + $this->_acl->addRole(new \fproject\amf\acl\Role("testrole2")); $this->_server->setAcl($this->_acl); $resp = $this->_callServiceAuth("testuser", "", 'Zend_Amf_Auth_testclass_Acl'); $this->assertTrue($resp[0]->getData() instanceof Zend_Amf_Value_Messaging_AcknowledgeMessage); @@ -244,8 +242,8 @@ public function testClassAclAllowed2() { Zend_Session::$_unitTestEnabled = true; $this->_server->setAuth(new RightPassword("testuser", "testrole2")); - $this->_acl->addRole(new Zend_Acl_Role("testrole")); - $this->_acl->addRole(new Zend_Acl_Role("testrole2")); + $this->_acl->addRole(new \fproject\amf\acl\Role("testrole")); + $this->_acl->addRole(new \fproject\amf\acl\Role("testrole2")); $this->_server->setAcl($this->_acl); $resp = $this->_callServiceAuth("testuser", "", 'Zend_Amf_Auth_testclass_Acl', 'hello2'); $this->assertTrue($resp[0]->getData() instanceof Zend_Amf_Value_Messaging_AcknowledgeMessage); @@ -256,7 +254,7 @@ public function testLogout() { Zend_Session::$_unitTestEnabled = true; $this->_server->setAuth(new RightPassword("testuser", "testrole")); - $this->_acl->addRole(new Zend_Acl_Role("testrole")); + $this->_acl->addRole(new \fproject\amf\acl\Role("testrole")); $this->_acl->allow("testrole", null, null); $this->_server->setAcl($this->_acl); $resp = $this->_callServiceAuth("testuser", ""); @@ -322,7 +320,7 @@ function hello2() { return "hello2!"; } - function initAcl(Zend_Acl $acl) { + function initAcl(\fproject\amf\acl\Acl $acl) { $acl->allow("testrole", null, "hello"); $acl->allow("testrole2", null, "hello2"); return true; diff --git a/tests/Zend/Amf/ServerTest.php b/tests/Zend/Amf/ServerTest.php index e641f58..11f8667 100644 --- a/tests/Zend/Amf/ServerTest.php +++ b/tests/Zend/Amf/ServerTest.php @@ -30,7 +30,6 @@ require_once 'Zend/Amf/Parse/TypeLoader.php'; require_once 'Zend/Amf/Value/Messaging/RemotingMessage.php'; require_once 'Zend/Amf/Adobe/Auth.php'; -require_once 'Zend/Acl.php'; require_once 'ServiceA.php'; require_once 'ServiceB.php'; require_once 'Zend/Session.php'; @@ -1107,7 +1106,7 @@ public function testSettingAuthAdapterWithAclSetsServerAcl() /** @group ZF-11529 */ public function testSettingAuthAdapterWithAclWhenServerAclAlreadyPopulatedWillNotChangeServerAcl() { - $acl = new Zend_Acl(); + $acl = new \fproject\amf\acl\Acl(); $this->_server->setAcl($acl); $aclFile = dirname(__FILE__) . '/_files/acl.xml';