Skip to content

Commit

Permalink
Fix phalcon#12004
Browse files Browse the repository at this point in the history
  • Loading branch information
@Jurigag
Jurigag committed Jul 22, 2016
1 parent 86439dd commit 18da335
Show file tree
Hide file tree
Showing 3 changed files with 47 additions and 24 deletions.
3 changes: 2 additions & 1 deletion CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,7 +106,8 @@
- Fixed `Phalcon\Forms\Form::getValue`. Now Elements can have names that match with the internal Form getters [#10398](https://github.com/phalcon/cphalcon/issues/10398)
- Add `setContentLength()` method to `Phalcon\Http\Response`
- Fixed `Phalcon\Mvc\Model\Manager::_mergeFindParameters` - Merging conditions [#11987](https://github.com/phalcon/cphalcon/issues/11987)
- Renamed `Phalcon\Http\Request::isSoapRequest` to `Phalcon\Http\Request::isSoap` and `Phalcon\Http\Request::isSecureRequest` to `Phalcon\Http\Request::isSecure`. Left the originals functions as aliases and marked them deprecated.
- Renamed `Phalcon\Http\Request::isSoapRequest` to `Phalcon\Http\Request::isSoap` and `Phalcon\Http\Request::isSecureRequest` to `Phalcon\Http\Request::isSecure`. Left the originals functions as aliases and marked them deprecated.
- Fixed wildcard inheritance in `Phalcon\Acl\Adapter\Memory` [#12004](https://github.com/phalcon/cphalcon/issues/12004)

# [2.0.13](https://github.com/phalcon/cphalcon/releases/tag/phalcon-v2.0.13) (2016-05-19)
- Restored `Phalcon\Text::camelize` behavior [#11767](https://github.com/phalcon/cphalcon/issues/11767)
Expand Down
25 changes: 2 additions & 23 deletions phalcon/acl/adapter/memory.zep
View file
Original file line number Diff line number Diff line change
Expand Up @@ -371,7 +371,7 @@ class Memory extends Adapter
*/
protected function _allowOrDeny(string roleName, string resourceName, var access, var action, var func = null)
{
var defaultAccess, accessList, accessName, accessKey, accessKeyAll, internalAccess;
var accessList, accessName, accessKey;

if !isset this->_rolesNames[roleName] {
throw new Exception("Role '" . roleName . "' does not exist in ACL");
Expand All @@ -381,9 +381,7 @@ class Memory extends Adapter
throw new Exception("Resource '" . resourceName . "' does not exist in ACL");
}

let defaultAccess = this->_defaultAccess;
let accessList = this->_accessList;
let internalAccess = this->_access;

if typeof access == "array" {

Expand All @@ -401,13 +399,6 @@ class Memory extends Adapter
if func != null {
let this->_func[accessKey] = func;
}

if accessName != "*" {
let accessKeyAll = roleName . "!" . resourceName . "!*";
if !isset internalAccess[accessKeyAll] {
let this->_access[accessKeyAll] = defaultAccess;
}
}
}

} else {
Expand All @@ -429,18 +420,6 @@ class Memory extends Adapter
let this->_func[accessKey] = func;
}

if access != "*" {
let accessKey = roleName . "!" . resourceName . "!*";

/**
* If there is no default action for all the rest actions in the resource set the
* default one
*/
if !isset internalAccess[accessKey] {
let this->_access[accessKey] = this->_defaultAccess;
}
}

}
}

Expand Down Expand Up @@ -666,7 +645,7 @@ class Memory extends Adapter
}

if haveAccess == null {
return false;
return (this->_defaultAccess == Acl::ALLOW);
}

/**
Expand Down
43 changes: 43 additions & 0 deletions tests/unit/Acl/Adapter/MemoryTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -535,4 +535,47 @@ function () {
}
);
}


/**
* Tests function in Acl Allow Method
*
* @issue 12004
*
* @author Wojciech Slawski <jurigag@gmail.com>
* @since 2016-07-22
*/
public function testIssue12004()
{
$this->specify(
'Wildcard inheritance should work correctly.',
function () {
$acl = new Memory();

$acl->setDefaultAction(Acl::DENY);

$roleGuest = new Role("guest");
$roleUser = new Role("user");
$roleAdmin = new Role("admin");
$roleSuperAdmin = new Role("superadmin");

$acl->addRole($roleGuest);
$acl->addRole($roleUser, $roleGuest);
$acl->addRole($roleAdmin, $roleUser);
$acl->addRole($roleSuperAdmin, $roleAdmin);

$acl->addResource("payment", ["paypal", "facebook",]);

$acl->allow($roleGuest->getName(), "payment", "paypal");
$acl->allow($roleGuest->getName(), "payment", "facebook");

$acl->allow($roleUser->getName(), "payment", "*");

expect($acl->isAllowed($roleUser->getName(), "payment", "notSet"))->true();
expect($acl->isAllowed($roleUser->getName(), "payment", "*"))->true();
expect($acl->isAllowed($roleAdmin->getName(), "payment", "notSet"))->true();
expect($acl->isAllowed($roleAdmin->getName(), "payment", "*"))->true();
}
);
}
}

0 comments on commit 18da335

Please sign in to comment.