From 3769fa796dd7960272178181f8522929a7bd82ce Mon Sep 17 00:00:00 2001 From: gwoo Date: Sun, 8 Jul 2007 21:01:31 +0000 Subject: [PATCH] updating auth, acl and tests git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5410 3807eeeb-6ff5-0310-8944-8be069107fe0 --- cake/dispatcher.php | 6 +- cake/libs/controller/components/acl.php | 80 ++++---- cake/libs/controller/components/auth.php | 171 +++++++++++------- cake/libs/controller/controller.php | 9 + .../libs/controller/components/auth.test.php | 109 ++++++++--- cake/tests/fixtures/auth_user_fixture.php | 12 +- 6 files changed, 233 insertions(+), 154 deletions(-) diff --git a/cake/dispatcher.php b/cake/dispatcher.php index 01d415819..9748a229b 100644 --- a/cake/dispatcher.php +++ b/cake/dispatcher.php @@ -232,9 +232,7 @@ class Dispatcher extends Object { $controller->namedArgs = true; } if (!empty($controller->params['pass'])) { - $controller->passed_args =& $controller->params['pass']; $controller->passedArgs =& $controller->params['pass']; - if ($controller->namedArgs === true) { $controller->namedArgs = array(); $c = count($controller->passedArgs); @@ -265,9 +263,7 @@ class Dispatcher extends Object { $controller->namedArgs = am($namedArgs, $controller->namedArgs); } } else { - $controller->passed_args = null; $controller->passedArgs = null; - /* set default namedArgs if they exist*/ if ($controller->namedArgs === true) { $controller->passedArgs = array(); $controller->namedArgs = array(); @@ -292,6 +288,7 @@ class Dispatcher extends Object { $controller->layout = $params['layout']; } } + foreach (array('components', 'helpers') as $var) { if (isset($params[$var]) && !empty($params[$var]) && is_array($controller->{$var})) { $diff = array_diff($params[$var], $controller->{$var}); @@ -302,7 +299,6 @@ class Dispatcher extends Object { if (!is_null($controller->webservices)) { array_push($controller->components, $controller->webservices); array_push($controller->helpers, $controller->webservices); - $component =& new Component($controller); } Router::setRequestInfo(array($params, array('base' => $this->base, 'here' => $this->here, 'webroot' => $this->webroot, 'passedArgs' => $controller->passedArgs, 'argSeparator' => $controller->argSeparator, 'namedArgs' => $controller->namedArgs, 'webservices' => $controller->webservices))); $controller->_initComponents(); diff --git a/cake/libs/controller/components/acl.php b/cake/libs/controller/components/acl.php index b535c8875..036f76982 100644 --- a/cake/libs/controller/components/acl.php +++ b/cake/libs/controller/components/acl.php @@ -26,8 +26,6 @@ * @lastmodified $Date$ * @license http://www.opensource.org/licenses/mit-license.php The MIT License */ -uses('model' . DS . 'db_acl'); - /** * Access Control List factory class. * @@ -39,11 +37,13 @@ uses('model' . DS . 'db_acl'); class AclComponent extends Object { var $_instance = null; + + var $name = ACL_CLASSNAME; /** * Constructor. Will return an instance of the correct ACL class. * */ - function __construct() { + function startup(&$controller) { $this->getACL(); } /** @@ -53,8 +53,7 @@ class AclComponent extends Object { */ function &getACL() { if ($this->_instance == null) { - $classname = ACL_CLASSNAME; - $this->_instance = new $classname; + $this->_instance =& new $this->name(); $this->_instance->initialize($this); } return $this->_instance; @@ -216,6 +215,7 @@ class DB_ACL extends AclBase { * */ function __construct() { + uses('model' . DS . 'db_acl'); parent::__construct(); $this->Aro =& new Aro(); $this->Aco =& new Aco(); @@ -345,11 +345,11 @@ class DB_ACL extends AclBase { } if (in_array($action, $permKeys)) { $save[$action] = $value; - } + } } } } - + $save['aro_id'] = $perms['aro']; $save['aco_id'] = $perms['aco']; @@ -419,8 +419,6 @@ class DB_ACL extends AclBase { * @return array */ function getAclLink($aro, $aco) { - $Link = new Permission(); - $obj = array(); $obj['Aro'] = $this->Aro->node($aro); $obj['Aco'] = $this->Aco->node($aco); @@ -475,7 +473,7 @@ class INI_ACL extends AclBase { } /** * Main ACL check function. Checks to see if the ARO (access request object) has access to the ACO (access control object). - * Looks at the acl.ini.php file for permissions (see instructions in/config/acl.ini.php). + * Looks at the acl.ini.php file for permissions (see instructions in /config/acl.ini.php). * * @param string $aro * @param string $aco @@ -487,58 +485,45 @@ class INI_ACL extends AclBase { } $aclConfig = $this->config; - //First, if the user is specifically denied, then DENY if (isset($aclConfig[$aro]['deny'])) { $userDenies = $this->arrayTrim(explode(",", $aclConfig[$aro]['deny'])); if (array_search($aco, $userDenies)) { - //echo "User Denied!"; return false; } } - //Second, if the user is specifically allowed, then ALLOW if (isset($aclConfig[$aro]['allow'])) { $userAllows = $this->arrayTrim(explode(",", $aclConfig[$aro]['allow'])); if (array_search($aco, $userAllows)) { - //echo "User Allowed!"; return true; } } - //Check group permissions if (isset($aclConfig[$aro]['groups'])) { $userGroups = $this->arrayTrim(explode(",", $aclConfig[$aro]['groups'])); foreach ($userGroups as $group) { - //If such a group exists, if (array_key_exists($group, $aclConfig)) { - //If the group is specifically denied, then DENY if (isset($aclConfig[$group]['deny'])) { $groupDenies=$this->arrayTrim(explode(",", $aclConfig[$group]['deny'])); if (array_search($aco, $groupDenies)) { - //echo("Group Denied!"); return false; } } - //If the group is specifically allowed, then ALLOW if (isset($aclConfig[$group]['allow'])) { $groupAllows = $this->arrayTrim(explode(",", $aclConfig[$group]['allow'])); if (array_search($aco, $groupAllows)) { - //echo("Group Allowed!"); return true; } } } } } - - //Default, DENY - //echo("DEFAULT: DENY."); return false; } /** @@ -551,34 +536,33 @@ class INI_ACL extends AclBase { $fileLineArray = file($fileName); foreach ($fileLineArray as $fileLine) { - $dataLine = trim($fileLine); - $firstChar = substr($dataLine, 0, 1); + $dataLine = trim($fileLine); + $firstChar = substr($dataLine, 0, 1); - if ($firstChar != ';' && $dataLine != '') { - if ($firstChar == '[' && substr($dataLine, -1, 1) == ']') { - $sectionName = preg_replace('/[\[\]]/', '', $dataLine); - } else { - $delimiter = strpos($dataLine, '='); - - if ($delimiter > 0) { - $key = strtolower(trim(substr($dataLine, 0, $delimiter))); - $value = trim(substr($dataLine, $delimiter + 1)); - - if (substr($value, 0, 1) == '"' && substr($value, -1) == '"') { - $value = substr($value, 1, -1); - } - - $iniSetting[$sectionName][$key]=stripcslashes($value); - } else { - if (!isset($sectionName)) { - $sectionName = ''; - } - - $iniSetting[$sectionName][strtolower(trim($dataLine))]=''; - } - } + if ($firstChar != ';' && $dataLine != '') { + if ($firstChar == '[' && substr($dataLine, -1, 1) == ']') { + $sectionName = preg_replace('/[\[\]]/', '', $dataLine); } else { + $delimiter = strpos($dataLine, '='); + + if ($delimiter > 0) { + $key = strtolower(trim(substr($dataLine, 0, $delimiter))); + $value = trim(substr($dataLine, $delimiter + 1)); + + if (substr($value, 0, 1) == '"' && substr($value, -1) == '"') { + $value = substr($value, 1, -1); + } + + $iniSetting[$sectionName][$key]=stripcslashes($value); + } else { + if (!isset($sectionName)) { + $sectionName = ''; + } + + $iniSetting[$sectionName][strtolower(trim($dataLine))]=''; + } } + } } return $iniSetting; diff --git a/cake/libs/controller/components/auth.php b/cake/libs/controller/components/auth.php index 9a4dce377..e52dd150f 100644 --- a/cake/libs/controller/components/auth.php +++ b/cake/libs/controller/components/auth.php @@ -46,7 +46,16 @@ class AuthComponent extends Object { * @var array * @access public */ - var $components = array('Session', 'Acl', 'RequestHandler'); + var $components = array('Session', 'RequestHandler'); +/** + * The name of the component to use for Authorization or set this to 'controller' + * and the Controller::isAuthorized() method will be used + * The component used for Authorization should have a "check" method + * + * @var string + * @access public + */ + var $authorize = 'Acl'; /** * The name of an optional view element to render when an Ajax request is made * with an invalid or expired session @@ -62,13 +71,6 @@ class AuthComponent extends Object { * @access public */ var $userModel = 'User'; -/** - * The name of the model that represents objects which users can be authorized for against. - * - * @var string - * @access public - */ - var $objectModel = null; /** * Additional query conditions to use when looking up and authenticating users, * i.e. array('User.is_active' => 1). @@ -133,14 +135,13 @@ class AuthComponent extends Object { */ var $logoutRedirect = null; /** - * The type of automatic ACL validation to perform, where 'actions' validates - * the controller action of the current request, 'objects' validates against - * model objects accessed, and null prevents automatic validation. + * The name of the model that represents objects which users can be authorized for against. * * @var string * @access public */ - var $validate = 'actions'; + var $objectModel = null; + /** * Error to display when user login fails. For security purposes, only one error is used for all * login failures, so as not to expose information on why the login failed. @@ -249,9 +250,11 @@ class AuthComponent extends Object { if (low($controller->name) == 'app' || (low($controller->name) == 'tests' && Configure::read() > 0)) { return; } + if (!$this->__setDefaults()) { - return; + return false; } + $this->data = $controller->data = $this->hashPasswords($controller->data); if ($this->allowedActions == array('*') || in_array($controller->action, $this->allowedActions)) { @@ -269,35 +272,65 @@ class AuthComponent extends Object { if (!$this->Session->check('Auth.redirect')) { $this->Session->write('Auth.redirect', $controller->referer()); } - return; + return false; } $data = array( $this->userModel . '.' . $this->fields['username'] => '= ' . $controller->data[$this->userModel][$this->fields['username']], $this->userModel . '.' . $this->fields['password'] => '= ' . $controller->data[$this->userModel][$this->fields['password']] ); + if ($this->login($data) && $this->autoRedirect) { $controller->redirect($this->redirect(), null, true); + return true; } else { $this->Session->setFlash($this->loginError, 'default', array(), 'Auth.login'); unset($controller->data[$this->userModel][$this->fields['password']]); } - return; + return false; } else { if (!$this->user()) { if (!$this->RequestHandler->isAjax()) { $this->Session->write('Auth.redirect', $url); - $controller->redirect($this->_normalizeURL($this->loginAction)); + $controller->redirect($this->_normalizeURL($this->loginAction), null, true); + return false; } elseif (!empty($this->ajaxLogin)) { $controller->viewPath = 'elements'; $controller->render($this->ajaxLogin, 'ajax'); + exit(); } - exit(); } } - if (!$this->isAuthorized($controller)) { - $this->Session->setFlash($this->authError); - $controller->redirect($controller->referer(), null, true); + extract($this->__authType($this->authorize)); + if($type !== 'controller') { + if(isset($controller->Acl)) { + $this->Acl =& $controller->Acl; + if($type == 'model') { + if(!isset($object)) { + if (isset($controller->{$controller->modelClass}) && is_object($controller->{$controller->modelClass})) { + $object = $controller->modelClass; + } elseif (!empty($controller->uses) && isset($controller->{$controller->uses[0]}) && is_object($controller->{$controller->uses[0]})) { + $object = $controller->uses[0]; + } else { + $object = $this->objectModel; + } + } + } + if ($this->isAuthorized($type, null, $object)) { + return true; + } + } else { + trigger_error(__('Could not find AclComponent. Please include Acl in Controller::$components.', true), E_USER_WARNING); + } + } else { + if (method_exists($controller, 'isAuthorized')) { + if($controller->isAuthorized()) { + return true; + } + } } + $this->Session->setFlash($this->authError); + $controller->redirect($controller->referer(), null, true); + return false; } /** * Attempts to introspect the correct values for object properties including @@ -313,7 +346,7 @@ class AuthComponent extends Object { return false; } if (empty($this->loginAction)) { - $this->loginAction = Inflector::underscore(Inflector::pluralize($this->userModel)) . '/login'; + $this->loginAction = Router::url(array('controller'=> Inflector::underscore(Inflector::pluralize($this->userModel)), 'action'=>'login')); } if (empty($this->sessionKey)) { $this->sessionKey = 'Auth.' . $this->userModel; @@ -333,27 +366,17 @@ class AuthComponent extends Object { * @param string $type * @return boolean True if $user is authorized, otherwise false */ - function isAuthorized(&$controller, $type = null, $user = null) { + function isAuthorized($type = null, $user = null, $object = null) { if (empty($user) && !$this->user()) { return false; } elseif (empty($user)) { $user = $this->user(); } + extract($this->__authType($type)); - if (($type == 'objects' || $type == 'association')) { - if (!isset($this->params['id'])) { - return; - } elseif (empty($this->objectModel)) { - if (isset($controller->{$controller->modelClass}) && is_object($controller->{$controller->modelClass})) { - $this->objectModel = $controller->modelClass; - } elseif (!empty($controller->uses) && isset($controller->{$controller->uses[0]}) && is_object($controller->{$controller->uses[0]})) { - $this->objectModel = $controller->uses[0]; - } else { - trigger_error(__('Could not find $objectModel. Please set AuthComponent::$objectModel in beforeFilter().', true), E_USER_WARNING); - return; - } - } + if(!$object) { + $object = $this->objectModel; } $valid = false; @@ -361,13 +384,7 @@ class AuthComponent extends Object { case 'actions': $valid = $this->Acl->check($user, $this->action()); break; - case 'objects': - - break; - case 'association': - - break; - case 'controller': + case 'crud': $this->mapActions(); if (!isset($this->actionMap[$this->params['action']])) { trigger_error('Auth::startup() - Attempted access of un-mapped action "' . $this->params['action'] . '" in controller "' . $this->params['controller'] . '"', E_USER_WARNING); @@ -375,12 +392,26 @@ class AuthComponent extends Object { $valid = $this->Acl->check($user, $this->action(':controller'), $this->actionMap[$this->params['action']]); } break; + case 'model': + if(empty($object)) { + trigger_error(__('Could not find $this->objectModel. Please set AuthComponent::$objectModel in beforeFilter().', true), E_USER_WARNING); + return; + } + $model = $this->getModel($object); + if (method_exists($model, 'isAuthorized')) { + if($model->isAuthorized()) { + return true; + } + } else { + trigger_error(__($object.'::isAuthorized() is not defined.', true), E_USER_WARNING); + } + break; case null: case false: return true; break; default: - trigger_error(__('Auth::startup() - $validate is set to an incorrect value. Allowed settings are: "controller", "actions", "objects", "association" or null.', true), E_USER_WARNING); + trigger_error(__('Auth::startup() - $authorize is set to an incorrect value. Allowed settings are: "actions", "crud", "model" or null.', true), E_USER_WARNING); break; } return $valid; @@ -393,21 +424,19 @@ class AuthComponent extends Object { */ function __authType($auth = null) { if (empty($auth)) { - $auth = $this->validate; + $auth = $this->authorize; } - $object = $assoc = null; - + $object = null; if (is_array($auth)) { $type = key($auth); $object = $auth[$type]; - if (isset($auth[0])) { $assoc = $auth[0]; } } else { $type = $auth; } - return compact('type', 'object', 'assoc'); + return compact('type', 'object'); } /** * Takes a list of actions in the current controller for which authentication is not required, or @@ -518,6 +547,7 @@ class AuthComponent extends Object { if (!$this->Session->check($this->sessionKey)) { return null; } + if ($key == null) { return array($this->userModel => $this->Session->read($this->sessionKey)); } else { @@ -566,7 +596,7 @@ class AuthComponent extends Object { */ function validate($object, $user = null, $action = null) { if (empty($user)) { - $this->getUserModel(); + $this->getModel(); $user = $this->user(); } if (empty($user)) { @@ -597,32 +627,34 @@ class AuthComponent extends Object { * @access public * @return object A reference to a model object. */ - function &getUserModel() { - $user = null; - - if (!ClassRegistry::isKeySet($this->userModel)) { - if (!loadModel(Inflector::underscore($this->userModel))) { - trigger_error(__('Auth::getUserModel() - $userModel is not set or could not be found', true) . $this->userModel, E_USER_WARNING); + function &getModel($name = null) { + $model = null; + if(!$name) { + $name = $this->userModel; + } + if (!ClassRegistry::isKeySet($name)) { + if (!loadModel(Inflector::underscore($name))) { + trigger_error(__('Auth::getModel() - $userModel is not set or could not be found', true) . $name, E_USER_WARNING); return null; } else { - $model = $this->userModel; - $user = new $model(); + $model = new $name(); } } - if (empty($user)) { + if (empty($model)) { if (PHP5) { - $user = ClassRegistry::getObject($this->userModel); + $model = ClassRegistry::getObject($name); } else { - $user =& ClassRegistry::getObject($this->userModel); + $model =& ClassRegistry::getObject($name); } } - if (empty($user)) { - trigger_error(__('Auth::getUserModel() - $userModel is not set or could not be found', true) . $this->userModel, E_USER_WARNING); + if (empty($model)) { + trigger_error(__('Auth::getModel() - $name is not set or could not be found', true) . $name, E_USER_WARNING); return null; } - return $user; + + return $model; } /** * Identifies a user based on specific criteria. @@ -667,7 +699,8 @@ class AuthComponent extends Object { $this->fields['password'] => $user[$this->userModel . '.' . $this->fields['password']] ); } - $model =& $this->getUserModel(); + $model =& $this->getModel(); + $data = $model->find(am($find, $this->userScope), null, null, -1); if (empty($data) || empty($data[$this->userModel])) { @@ -675,7 +708,7 @@ class AuthComponent extends Object { } } elseif (is_numeric($user)) { // Assume it's a user's ID - $model =& $this->getUserModel(); + $model =& $this->getModel(); $data = $model->find(am(array($model->escapeField() => $user), $this->userScope)); if (empty($data) || empty($data[$this->userModel])) { @@ -701,7 +734,7 @@ class AuthComponent extends Object { function hashPasswords($data) { if (isset($data[$this->userModel])) { if (!empty($data[$this->userModel][$this->fields['username']]) && !empty($data[$this->userModel][$this->fields['password']])) { - $model =& $this->getUserModel(); + $model =& $this->getModel(); $data[$this->userModel][$this->fields['password']] = $this->password($data[$this->userModel][$this->fields['password']]); } } @@ -735,9 +768,13 @@ class AuthComponent extends Object { function _normalizeURL($url = '/') { if (is_array($url)) { $url = Router::url($url); - $paths = Router::getPaths(); + } + + $paths = Router::getPaths(); + if(stristr($url, $paths['base'])) { $url = r($paths['base'], '', $url); } + $url = '/' . $url . '/'; while (strpos($url, '//') !== false) { diff --git a/cake/libs/controller/controller.php b/cake/libs/controller/controller.php index 55f9917a5..7e37a0415 100644 --- a/cake/libs/controller/controller.php +++ b/cake/libs/controller/controller.php @@ -563,6 +563,15 @@ class Controller extends Object { unset($args[0]); call_user_func_array(array(&$this, $action), $args); } +/** + * contoroller callback to tie into Auth component. + * + * @return bool + */ + function isAuthorized() { + trigger_error(__($this->name.'::isAuthorized() is not defined.', true), E_USER_WARNING); + return false; + } /** * Returns number of errors in a submitted FORM. * diff --git a/cake/tests/cases/libs/controller/components/auth.test.php b/cake/tests/cases/libs/controller/components/auth.test.php index 90907f41b..de5f7592d 100644 --- a/cake/tests/cases/libs/controller/components/auth.test.php +++ b/cake/tests/cases/libs/controller/components/auth.test.php @@ -36,7 +36,7 @@ class AuthUser extends CakeTestModel { } function bindNode($object) { - return 'Roles/User'; + return 'Roles/Admin'; } } @@ -47,13 +47,11 @@ class AuthTestController extends Controller { function __construct() { $this->params = Router::parse('/auth_test'); - Router::setRequestInfo(array($this->params, array('base' => '/', 'here' => '/', 'webroot' => '/', 'passedArgs' => array(), 'argSeparator' => ':', 'namedArgs' => array(), 'webservices' => null))); + Router::setRequestInfo(array($this->params, array('base' => null, 'here' => '/', 'webroot' => '/', 'passedArgs' => array(), 'argSeparator' => ':', 'namedArgs' => array(), 'webservices' => null))); parent::__construct(); } function beforeFilter() { - $this->Auth->userModel = 'AuthUser'; - $this->Auth->logoutAction = 'login'; $this->Auth->allow('logout'); } @@ -69,6 +67,7 @@ class AuthTestController extends Controller { function redirect() { return false; + exit(); } function isAuthorized() { @@ -90,43 +89,95 @@ class AuthTest extends CakeTestCase { function testIt(){ $this->assertTrue(true); } + + function testNoAuth() { + $this->assertFalse($this->Controller->Auth->isAuthorized()); + } + + function testLogin() { + $this->AuthUser =& new AuthUser(); + $user['id'] = 1; + $user['username'] = 'mariano'; + $user['password'] = Security::hash(CAKE_SESSION_STRING . 'cake'); + $this->AuthUser->save($user, false); + + $authUser = $this->AuthUser->find(); + + $this->Controller->data['AuthUser']['username'] = $authUser['AuthUser']['username']; + $this->Controller->data['AuthUser']['password'] = 'cake'; + + $this->Controller->params['url']['url'] = 'auth_test/login'; + + $this->Controller->Auth->initialize($this->Controller); + + $this->Controller->Auth->loginAction = 'auth_test/login'; + $this->Controller->Auth->userModel = 'AuthUser'; + + $this->Controller->Auth->startup($this->Controller); + $user = $this->Controller->Auth->user(); + $this->assertEqual($user, array('AuthUser'=>array('id'=>1, 'username'=>'mariano', 'created'=> '2007-03-17 01:16:23', 'updated'=> date('Y-m-d H:i:s')))); + $this->Controller->Session->del('Auth'); + } + function testAuthController(){ $this->AuthUser =& new AuthUser(); $user = $this->AuthUser->find(); $this->Controller->Session->write('Auth', $user); + $this->Controller->Auth->userModel = 'AuthUser'; $this->Controller->Auth->authorize = 'controller'; - $this->Controller->Auth->startup($this->Controller); - $this->assertTrue(true); + $result = $this->Controller->Auth->startup($this->Controller); + $this->assertTrue($result); + $this->Controller->Session->del('Auth'); } - function testNoAuth() { - $this->assertFalse($this->Controller->Auth->isAuthorized($this->Controller)); - } -/* - function testUserData() { + + function testAuthWithDB_ACL() { $this->AuthUser =& new AuthUser(); - foreach ($this->AuthUser->findAll() as $key => $result) { - $result['User']['password'] = Security::hash(CAKE_SESSION_STRING . $result['User']['password']); - $this->AuthUser->save($result, false); - } + $user = $this->AuthUser->find(); + $this->Controller->Session->write('Auth', $user); - $authUser = $this->AuthUser->read(); - $this->Controller->data['User']['username'] = $authUser['User']['username']; - $this->Controller->data['User']['password'] = $authUser['User']['password']; + $this->Controller->params['controller'] = 'auth_test'; + $this->Controller->params['action'] = 'add'; + + $this->Controller->Acl->startup($this->Controller); + + $this->Controller->Acl->Aro->id = null; + $this->Controller->Acl->Aro->create(array('alias'=>'Roles')); + $this->Controller->Acl->Aro->save(); + $this->Controller->Acl->Aro->create(array('alias'=>'Admin')); + $this->Controller->Acl->Aro->save(); + $this->Controller->Acl->Aro->create(array('model'=>'AuthUser', 'foreign_key'=>'1', 'alias'=> 'mariano')); + $this->Controller->Acl->Aro->save(); + $this->Controller->Acl->Aro->setParent(1, 2); + $this->Controller->Acl->Aro->setParent(2, 3); + + $this->Controller->Acl->Aco->create(array('alias'=>'Root')); + $this->Controller->Acl->Aco->save(); + $this->Controller->Acl->Aco->create(array('alias'=>'AuthTest')); + $this->Controller->Acl->Aco->save(); + $this->Controller->Acl->Aco->setParent(1, 2); + + $this->Controller->Acl->allow('Roles/Admin', 'Root'); + $this->Controller->Acl->allow('Roles/Admin', 'Root/AuthTest'); + + $this->Controller->Auth->initialize($this->Controller); + + $this->Controller->Auth->userModel = 'AuthUser'; + $this->Controller->Auth->authorize = 'crud'; + $this->Controller->Auth->actionPath = 'Root/'; - $this->Controller->Auth->authorize = 'Acl'; $this->Controller->Auth->startup($this->Controller); - $this->Controller->Auth->params['controller'] = 'auth_test'; - $this->Controller->Auth->params['action'] = 'add'; - pr($this->Controller->Auth); - $this->Controller->Auth->Acl->create(1, null, 'chartjes'); - $this->Controller->Auth->Acl->create(0, null, 'Users'); - $this->Controller->Auth->Acl->setParent('Users', 1); - $this->Controller->Auth->Acl->create(0, null, '/Home/home'); - $this->Controller->Auth->Acl->allow('Users', 'Home/home'); - $this->assertTrue($this->Controller->Auth->isAuthorized($this->Controller, 'controller')); + + $this->assertTrue($this->Controller->Auth->isAuthorized()); + + + $this->Controller->Session->del('Auth'); + $this->Controller->Acl->Aro->execute('truncate users;'); + $this->Controller->Acl->Aro->execute('truncate aros;'); + $this->Controller->Acl->Aro->execute('truncate acos;'); + $this->Controller->Acl->Aro->execute('truncate aros_acos;'); } -*/ + function tearDown() { unset($this->Controller, $this->AuthUser); } diff --git a/cake/tests/fixtures/auth_user_fixture.php b/cake/tests/fixtures/auth_user_fixture.php index b7cb25158..59c48eea0 100644 --- a/cake/tests/fixtures/auth_user_fixture.php +++ b/cake/tests/fixtures/auth_user_fixture.php @@ -36,16 +36,18 @@ class AuthUserFixture extends CakeTestFixture { var $name = 'AuthUser'; var $fields = array( 'id' => array('type' => 'integer', 'key' => 'primary'), - 'user' => array('type' => 'string', 'null' => false), + 'username' => array('type' => 'string', 'null' => false), 'password' => array('type' => 'string', 'null' => false), 'created' => 'datetime', 'updated' => 'datetime' ); var $records = array( - array('id' => 1, 'user' => 'mariano', 'password' => '5f4dcc3b5aa765d61d8327deb882cf99', 'created' => '2007-03-17 01:16:23', 'updated' => '2007-03-17 01:18:31'), - array('id' => 2, 'user' => 'nate', 'password' => '5f4dcc3b5aa765d61d8327deb882cf99', 'created' => '2007-03-17 01:18:23', 'updated' => '2007-03-17 01:20:31'), - array('id' => 3, 'user' => 'larry', 'password' => '5f4dcc3b5aa765d61d8327deb882cf99', 'created' => '2007-03-17 01:20:23', 'updated' => '2007-03-17 01:22:31'), - array('id' => 4, 'user' => 'garrett', 'password' => '5f4dcc3b5aa765d61d8327deb882cf99', 'created' => '2007-03-17 01:22:23', 'updated' => '2007-03-17 01:24:31'), + array('id' => 1, 'username' => 'mariano', 'password' => '5f4dcc3b5aa765d61d8327deb882cf99', 'created' => '2007-03-17 01:16:23', 'updated' => '2007-03-17 01:18:31'), + array('id' => 2, 'username' => 'nate', 'password' => '5f4dcc3b5aa765d61d8327deb882cf99', 'created' => '2007-03-17 01:18:23', 'updated' => '2007-03-17 01:20:31'), + array('id' => 3, 'username' => 'larry', 'password' => '5f4dcc3b5aa765d61d8327deb882cf99', 'created' => '2007-03-17 01:20:23', 'updated' => '2007-03-17 01:22:31'), + array('id' => 4, 'username' => 'garrett', 'password' => '5f4dcc3b5aa765d61d8327deb882cf99', 'created' => '2007-03-17 01:22:23', 'updated' => '2007-03-17 01:24:31'), + array('id' => 5, 'username' => 'chartjes', 'password' => '5f4dcc3b5aa765d61d8327deb882cf99', 'created' => '2007-03-17 01:22:23', 'updated' => '2007-03-17 01:24:31'), + ); }