adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2025-01-18 18:46:17 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fixes #2902, DB_ACL::allow allowing all when $actions is not an array.

Browse source 
Fixes #2988, AclComponent check() does not inherit permissions.
Fixes #3022, Inconsistent table alias quoting crashes Acl node lookup with PostgreSQL.
Fixes #3129, Console ACL Shell ACO View Broken
Fixes #3176, Problems with ACL support on Microsoft SQL Server.
Closes #3311 as invalid, DboSourceTest::testArrayConditionsParsing tests added 
Fixes #3312, DB_ACL::check() fail returning right permission
Fixes #3344, Model->field adds incorrect condition under certain circumstances.
Fixes #3400, Cookie Component: When reading a non-existing key it throws a notice.
Fixes #3407, Since [5768] CookieComponent throws warning when used in beforeFilter().
Closes #3401, Added form test to ensure $Form->fields array is what the security component requires.
Updated AclComponentTest
Merged changes in app/ to cake/console/libs/templates/skel
Fixed generated link to Run More Test after running Group > All tests


git-svn-id: https://svn.cakephp.org/repo/branches/1.2.x.x@5776 3807eeeb-6ff5-0310-8944-8be069107fe0
This commit is contained in:
phpnut 2007-10-17 12:51:17 +00:00
parent be65aa8ee3
commit 998ee569e7
14 changed files with 336 additions and 146 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
app/webroot/test.php
View file

@ -132,7 +132,7 @@ if (!vendor('simpletest' . DS . 'reporter')) {
$show = '?show=cases';
}
}
echo "<p><a href='" . $_SERVER['PHP_SELF'] . $show . "'>Run more tests</a></p>\n";
echo "<p><a href='" . RUN_TEST_LINK . $show . "'>Run more tests</a></p>\n";
break;
}
}
@ -181,7 +181,7 @@ if (!vendor('simpletest' . DS . 'reporter')) {
switch (CAKE_TEST_OUTPUT) {
case CAKE_TEST_OUTPUT_HTML:
$baseUrl = BASE;
$characterSet = 'charset=utf-8';
$characterSet = 'ISO-8859-1';
include CAKE . 'tests' . DS . 'lib' . DS . 'header.php';
break;
case CAKE_TEST_OUTPUT_TEXT:
@ -212,6 +212,7 @@ if (!vendor('simpletest' . DS . 'reporter')) {
CakePHPTestHeader();
CakePHPTestSuiteHeader();
define('RUN_TEST_LINK', $_SERVER['PHP_SELF']);
if (isset($_GET['group'])) {
if ('all' == $_GET['group']) {

12
cake/console/libs/acl.php
View file

@ -74,14 +74,14 @@ class AclShell extends Shell {
$this->dataSource = $this->params['datasource'];
}
if (ACL_CLASSNAME != 'DB_ACL') {
if (Configure::read('Acl.classname') != 'DB_ACL') {
$out = "--------------------------------------------------\n";
$out .= __("Error: Your current Cake configuration is set to", true) . "\n";
$out .= __("an ACL implementation other than DB. Please change", true) . "\n";
$out .= __("your core config to reflect your decision to use", true) . "\n";
$out .= __("DB_ACL before attempting to use this script", true) . ".\n";
$out .= "--------------------------------------------------\n";
$out .= sprintf(__("Current ACL Classname: %s", true), ACL_CLASSNAME) . "\n";
$out .= sprintf(__("Current ACL Classname: %s", true), Configure::read('Acl.classname')) . "\n";
$out .= "--------------------------------------------------\n";
$this->err($out);
exit();
@ -284,7 +284,11 @@ class AclShell extends Shell {
}
$nodes = $this->Acl->{$class}->findAll($conditions, null, 'lft ASC');
if (empty($nodes)) {
$this->error(sprintf(__("%s not found", true), $this->args[1]), __("No tree returned.", true));
if(isset($this->args[1])) {
$this->error(sprintf(__("%s not found", true), $this->args[1]), __("No tree returned.", true));
} elseif (isset($this->args[0])) {
$this->error(sprintf(__("%s not found", true), $this->args[0]), __("No tree returned.", true));
}
}
$this->out($class . " tree:");
$this->hr();
@ -487,4 +491,4 @@ class AclShell extends Shell {
return $vars;
}
}
?>
?>

6
cake/console/libs/templates/skel/.htaccess
View file

@ -1,5 +1,5 @@
<IfModule mod_rewrite.c>
RewriteEngine on
RewriteRule ^$ webroot/ [L]
RewriteRule (.*) webroot/$1 [L]
RewriteEngine on
RewriteRule ^$ webroot/ [L]
RewriteRule (.*) webroot/$1 [L]
</IfModule>

8
cake/console/libs/templates/skel/webroot/.htaccess
View file

@ -1,6 +1,6 @@
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]
RewriteEngine On
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule ^(.*)$ index.php?url=$1 [QSA,L]
</IfModule>

59
cake/console/libs/templates/skel/webroot/css.php
View file

@ -26,13 +26,14 @@
* @lastmodified $Date$
* @license http://www.opensource.org/licenses/mit-license.php The MIT License
*/
if (!defined('CAKE_CORE_INCLUDE_PATH')) {
header('HTTP/1.1 404 Not Found');
exit('File Not Found');
}
/**
* Enter description here...
*/
require(CONFIGS . 'paths.php');
require(CAKE . 'basics.php');
require(LIBS . 'folder.php');
require(LIBS . 'file.php');
uses('file');
/**
* Enter description here...
*
@ -41,13 +42,13 @@
* @return unknown
*/
function make_clean_css($path, $name) {
require(VENDORS . 'csspp' . DS . 'csspp.php');
$data =file_get_contents($path);
$csspp =new csspp();
$output=$csspp->compress($data);
$ratio =100 - (round(strlen($output) / strlen($data), 3) * 100);
$output=" /* file: $name, ratio: $ratio% */ " . $output;
return $output;
require(VENDORS . 'csspp' . DS . 'csspp.php');
$data = file_get_contents($path);
$csspp = new csspp();
$output = $csspp->compress($data);
$ratio = 100 - (round(strlen($output) / strlen($data), 3) * 100);
$output = " /* file: $name, ratio: $ratio% */ " . $output;
return $output;
}
/**
* Enter description here...
@ -57,15 +58,15 @@
* @return unknown
*/
function write_css_cache($path, $content) {
if (!is_dir(dirname($path))) {
mkdir(dirname($path));
}
$cache=new File($path);
return $cache->write($content);
if (!is_dir(dirname($path))) {
mkdir(dirname($path));
}
$cache = new File($path);
return $cache->write($content);
}
if (preg_match('|\.\.|', $url) || !preg_match('|^ccss/(.+)$|i', $url, $regs)) {
die(__('Wrong file name.'));
die('Wrong file name.');
}
$filename = 'css/' . $regs[1];
@ -73,23 +74,25 @@
$cachepath = CACHE . 'css' . DS . str_replace(array('/','\\'), '-', $regs[1]);
if (!file_exists($filepath)) {
die(__('Wrong file name.'));
die('Wrong file name.');
}
if (file_exists($cachepath)) {
$templateModified=filemtime($filepath);
$cacheModified =filemtime($cachepath);
$templateModified = filemtime($filepath);
$cacheModified = filemtime($cachepath);
if ($templateModified > $cacheModified) {
$output=make_clean_css($filepath, $filename);
write_css_cache($cachepath, $output);
} else {
$output = file_get_contents($cachepath);
}
if ($templateModified > $cacheModified) {
$output = make_clean_css($filepath, $filename);
write_css_cache($cachepath, $output);
} else {
$output = file_get_contents($cachepath);
}
} else {
$output=make_clean_css($filepath, $filename);
write_css_cache($cachepath, $output);
$output = make_clean_css($filepath, $filename);
write_css_cache($cachepath, $output);
$templateModified = time();
}
header("Date: " . date("D, j M Y G:i:s ", $templateModified) . 'GMT');
header("Content-Type: text/css");
header("Expires: " . gmdate("D, j M Y H:i:s", time() + DAY) . " GMT");

5
cake/console/libs/templates/skel/webroot/test.php
View file

@ -27,7 +27,7 @@
* @license http://www.opensource.org/licenses/opengroup.php The Open Group Test Suite License
*/
error_reporting(E_ALL);
set_time_limit(600);
set_time_limit(0);
ini_set('memory_limit','128M');
if (!defined('DS')) {
define('DS', DIRECTORY_SEPARATOR);
@ -132,7 +132,7 @@ if (!vendor('simpletest' . DS . 'reporter')) {
$show = '?show=cases';
}
}
echo "<p><a href='" . $_SERVER['PHP_SELF'] . $show . "'>Run more tests</a></p>\n";
echo "<p><a href='" . RUN_TEST_LINK . $show . "'>Run more tests</a></p>\n";
break;
}
}
@ -212,6 +212,7 @@ if (!vendor('simpletest' . DS . 'reporter')) {
CakePHPTestHeader();
CakePHPTestSuiteHeader();
define('RUN_TEST_LINK', $_SERVER['PHP_SELF']);
if (isset($_GET['group'])) {
if ('all' == $_GET['group']) {

28
cake/libs/controller/components/acl.php
View file

@ -271,29 +271,32 @@ class DB_ACL extends AclBase {
return false;
}
for ($i = count($aroPath) - 1; $i >= 0; $i--) {
$perms = $this->Aro->Permission->findAll(
array(
$this->Aro->Permission->name . '.aro_id' => $aroPath[$i][$this->Aro->name]['id'],
$this->Aro->Permission->name . '.aco_id' => $acoPath->extract('{n}.' . $this->Aco->name . '.id')
),
null, array($this->Aco->name .'.lft' => 'desc'), null, null, 0
);
$inherited = array();
for ($i = 0 ; $i < count($aroPath); $i++) {
$perms = $this->Aro->Permission->findAll(array(
$this->Aro->Permission->name . '.aro_id' => $aroPath[$i][$this->Aro->name]['id'],
$this->Aro->Permission->name . '.aco_id' => $acoPath->extract('{n}.' . $this->Aco->name . '.id')),
null, array($this->Aco->name . '.lft' => 'desc'), null, null, 0);
if (empty($perms)) {
continue;
} else {
foreach (Set::extract($perms, '{n}.' . $this->Aro->Permission->name) as $perm) {
if ($action == '*') {
// ARO must be cleared for ALL ACO actions
foreach ($permKeys as $key) {
if (!empty($perm)) {
if ($perm[$key] != 1) {
if ($perm[$key] == -1) {
return false;
} elseif ($perm[$key] == 1) {
$inherited[$key] = 1;
}
}
}
return true;
if (count($inherited) === count($permKeys)) {
return true;
}
} else {
switch($perm['_' . $action]) {
case -1:
@ -339,7 +342,6 @@ class DB_ACL extends AclBase {
} else {
if (!is_array($actions)) {
$actions = array('_' . $actions);
$actions = am($permKeys, $actions);
}
if (is_array($actions)) {
foreach ($actions as $action) {
@ -584,4 +586,4 @@ class INI_ACL extends AclBase {
return $array;
}
}
?>
?>

7
cake/libs/controller/components/cookie.php
View file

@ -162,6 +162,7 @@ class CookieComponent extends Object {
* @deprecated use Controller::beforeFilter() to set the properties of the CookieComponent
*/
function initialize(&$controller) {
$this->key = Configure::read('Security.salt');
if (is_object($controller)) {
if (isset($controller->cookieName)) {
$this->name = $controller->cookieName;
@ -190,7 +191,6 @@ class CookieComponent extends Object {
*/
function startup() {
$this->__expire($this->time);
$this->key = Configure::read('Security.salt');
if (isset($_COOKIE[$this->name])) {
$this->__values = $this->__decrypt($_COOKIE[$this->name]);
@ -268,8 +268,9 @@ class CookieComponent extends Object {
if (count($name) > 1) {
if (isset($this->__values[$name[0]])) {
$value = $this->__values[$name[0]][$name[1]];
return $value;
if(isset($this->__values[$name[0]][$name[1]])) {
return $this->__values[$name[0]][$name[1]];
}
}
return null;
} else {

53
cake/libs/model/db_acl.php
View file

@ -91,23 +91,36 @@ class AclNode extends AppModel {
$start = $path[0];
unset($path[0]);
$i = 0;
$cond = "WHERE ({$type}.lft <= {$type}{$i}.lft AND {$type}.rght >= {$type}{$i}.rght) ";
$query = "SELECT {$type}.id, {$type}.parent_id, {$type}.model, {$type}.foreign_key, {$type}.alias FROM {$prefix}{$table} {$db->alias} {$type} ";
$query .= "LEFT JOIN {$prefix}{$table} {$db->alias} {$type}0 ";
$query .= "ON {$type}0.alias = " . $db->value($start) . " ";
$queryData = array('conditions' => array(
$db->name("{$type}.lft") . ' <= ' . $db->name("{$type}0.lft"),
$db->name("{$type}.rght") . ' >= ' . $db->name("{$type}0.rght")),
'fields' => array('id', 'parent_id', 'model', 'foreign_key', 'alias'),
'joins' => array(array('table' => $db->name($prefix . $table),
'alias' => "{$type}0",
'type' => 'LEFT',
'conditions' => array("{$type}0.alias" => $start))),
'order' => $db->name("{$type}.lft") . ' DESC');
foreach ($path as $i => $alias) {
$j = $i - 1;
$cond .="OR ";
$query .= "LEFT JOIN {$prefix}{$table} {$db->alias} {$type}{$i} ";
$query .= "ON {$type}{$i}.lft > {$type}{$j}.lft AND {$type}{$i}.rght < {$type}{$j}.rght ";
$query .= "AND {$type}{$i}.alias = " . $db->value($alias) . " ";
$cond .="({$type}.lft <= {$type}{$i}.lft AND {$type}.rght >= {$type}{$i}.rght ) ";
array_push($queryData['joins'], array(
'table' => $db->name($prefix . $table),
'alias' => "{$type}{$i}",
'type' => 'LEFT',
'conditions' => array(
$db->name("{$type}{$i}.lft") . ' > ' . $db->name("{$type}{$j}.lft"),
$db->name("{$type}{$i}.rght") . ' < ' . $db->name("{$type}{$j}.rght"),
$db->name("{$type}{$i}.alias") . ' = ' . $db->value($alias))));
$queryData['conditions'] = array('or' => array(
$db->name("{$type}.lft") . ' <= ' . $db->name("{$type}0.lft") . ' AND ' . $db->name("{$type}.rght") . ' >= ' . $db->name("{$type}0.rght"),
$db->name("{$type}.lft") . ' <= ' . $db->name("{$type}{$i}.lft") . ' AND ' . $db->name("{$type}.rght") . ' >= ' . $db->name("{$type}{$i}.rght")));
}
$result = $this->query("{$query} {$cond} ORDER BY {$type}.lft DESC", $this->cacheQueries);
$result = $db->read($this, $queryData, -1);
} elseif (is_object($ref) && is_a($ref, 'Model')) {
$ref = array('model' => $ref->name, 'foreign_key' => $ref->id);
} elseif (is_array($ref) && !(isset($ref['model']) && isset($ref['foreign_key']))) {
$name = key($ref);
if (!ClassRegistry::isKeySet($name)) {
@ -139,10 +152,16 @@ class AclNode extends AppModel {
$ref["{$type}0.{$key}"] = $val;
}
}
$query = "SELECT {$type}.id, {$type}.parent_id, {$type}.model, {$type}.foreign_key, {$type}.alias FROM {$prefix}{$table} {$db->alias} {$type} ";
$query .= "LEFT JOIN {$prefix}{$table} {$db->alias} {$type}0 ";
$query .= "ON {$type}.lft <= {$type}0.lft AND {$type}.rght >= {$type}0.rght ";
$result = $this->query("{$query} " . $db->conditions($ref) ." ORDER BY {$type}.lft DESC", $this->cacheQueries);
$queryData = array('conditions' => $ref,
'fields' => array('id', 'parent_id', 'model', 'foreign_key', 'alias'),
'joins' => array(array('table' => $db->name($prefix . $table),
'alias' => "{$type}0",
'type' => 'LEFT',
'conditions' => array(
$db->name("{$type}.lft") . ' <= ' . $db->name("{$type}0.lft"),
$db->name("{$type}.rght") . ' >= ' . $db->name("{$type}0.rght")))),
'order' => $db->name("{$type}.lft") . ' DESC');
$result = $db->read($this, $queryData, -1);
if (!$result) {
trigger_error("AclNode::node() - Couldn't find {$type} node identified by \"" . print_r($ref, true) . "\"", E_USER_WARNING);
@ -266,4 +285,4 @@ class Permission extends AppModel {
parent::__construct();
}
}
?>
?>

2
cake/libs/model/model.php
View file

@ -981,7 +981,7 @@ class Model extends Overloadable {
* @return field contents
*/
function field($name, $conditions = null, $order = null) {
if ($conditions === null) {
if ($conditions === null && $this->id !== false) {
$conditions = array($this->name . '.' . $this->primaryKey => $this->id);
}
if ($this->recursive >= 1) {

214
cake/tests/cases/libs/controller/components/acl.test.php
View file

@ -26,9 +26,62 @@
* @lastmodified $Date$
* @license http://www.opensource.org/licenses/opengroup.php The Open Group Test Suite License
*/
if (!defined('CAKEPHP_UNIT_TEST_EXECUTION')) {
define('CAKEPHP_UNIT_TEST_EXECUTION', 1);
}
uses('controller' . DS . 'components' . DS .'acl');
uses('controller'.DS.'components'.DS.'acl', 'model'.DS.'db_acl');
if(!class_exists('aclnodetestbase')) {
class AclNodeTestBase extends AclNode {
var $useDbConfig = 'test_suite';
var $cacheSources = false;
}
}
if(!class_exists('arotest')) {
class AroTest extends AclNodeTestBase {
var $name = 'AroTest';
var $useTable = 'aros';
var $hasAndBelongsToMany = array('AcoTest' => array('with' => 'PermissionTest'));
}
}
if(!class_exists('acotest')) {
class AcoTest extends AclNodeTestBase {
var $name = 'AcoTest';
var $useTable = 'acos';
var $hasAndBelongsToMany = array('AroTest' => array('with' => 'PermissionTest'));
}
}
if(!class_exists('permissiontest')) {
class PermissionTest extends CakeTestModel {
var $name = 'PermissionTest';
var $useTable = 'aros_acos';
var $cacheQueries = false;
var $belongsTo = array('AroTest' => array('foreignKey' => 'aro_id'),
'AcoTest' => array('foreignKey' => 'aco_id')
);
var $actsAs = null;
}
}
if(!class_exists('acoactiontest')) {
class AcoActionTest extends CakeTestModel {
var $name = 'AcoActionTest';
var $useTable = 'aco_actions';
var $belongsTo = array('AcoTest' => array('foreignKey' => 'aco_id'));
}
}
if(!class_exists('db_acl_test')) {
class DB_ACL_TEST extends DB_ACL {
function __construct() {
$this->Aro =& new AroTest();
$this->Aro->Permission =& new PermissionTest();
$this->Aco =& new AcoTest();
$this->Aro->Permission =& new PermissionTest();
}
}
}
/**
* Short description for class.
*
@ -38,111 +91,146 @@ uses('controller'.DS.'components'.DS.'acl', 'model'.DS.'db_acl');
class AclComponentTest extends CakeTestCase {
var $fixtures = array('core.aro', 'core.aco', 'core.aros_aco', 'core.aco_action');
function skip() {
$this->skipif (false, 'AclComponentTest almost implemented');
}
function startTest() {
Configure::write('Acl.classname', 'DB_ACL');
Configure::write('Acl.classname', 'DB_ACL_TEST');
Configure::write('Acl.database', 'test_suite');
$this->Acl =& new AclComponent();
$this->__testInitDbAcl();
}
function __testInitDbAcl() {
$this->Acl->Aro->id = null;
$this->Acl->Aro->create(array('alias'=>'Roles'));
function testAclCreate() {
$this->Acl->Aro->create(array('alias'=>'Global'));
$result = $this->Acl->Aro->save();
$this->assertTrue($result);
$this->Acl->Aro->create(array('alias'=>'Admin'));
$parent = $this->Acl->Aro->id;
$this->Acl->Aro->create(array('parent_id' => $parent, 'alias'=>'Account'));
$result = $this->Acl->Aro->save();
$this->assertTrue($result);
$this->Acl->Aro->create(array('model'=>'AuthUser', 'foreign_key'=>'1', 'alias'=> 'mariano'));
$this->Acl->Aro->create(array('parent_id' => $parent, 'alias'=>'Manager'));
$result = $this->Acl->Aro->save();
$this->assertTrue($result);
$this->Acl->Aro->setParent(1, 2);
$this->Acl->Aro->setParent(2, 3);
$parent = $this->Acl->Aro->id;
$this->Acl->Aco->create(array('alias'=>'Root'));
$this->Acl->Aro->create(array('parent_id' => $parent, 'alias'=>'Secretary'));
$result = $this->Acl->Aro->save();
$this->assertTrue($result);
$this->Acl->Aco->create(array('alias'=>'Reports'));
$result = $this->Acl->Aco->save();
$this->assertTrue($result);
$this->Acl->Aco->create(array('alias'=>'AuthTest'));
$report = $this->Acl->Aco->id;
$this->Acl->Aco->create(array('parent_id' => $report, 'alias'=>'Accounts'));
$result = $this->Acl->Aco->save();
$this->assertTrue($result);
$this->Acl->Aco->setParent(1, 2);
$account = $this->Acl->Aco->id;
$this->Acl->Aco->create(array('parent_id' => $account, 'alias'=>'Contacts'));
$result = $this->Acl->Aco->save();
$this->assertTrue($result);
$this->Acl->Aco->create(array('parent_id' => $report, 'alias'=>'Messages'));
$result = $this->Acl->Aco->save();
$this->assertTrue($result);
$this->Acl->Aco->create(array('parent_id' => $account, 'alias'=>'MonthView'));
$result = $this->Acl->Aco->save();
$this->assertTrue($result);
$this->Acl->Aco->create(array('parent_id' => $account, 'alias'=>'Links'));
$result = $this->Acl->Aco->save();
$this->assertTrue($result);
$this->Acl->Aco->create(array('parent_id' => $account, 'alias'=>'Numbers'));
$result = $this->Acl->Aco->save();
$this->assertTrue($result);
$this->Acl->Aco->create(array('parent_id' => $report, 'alias'=>'QuickStats'));
$result = $this->Acl->Aco->save();
$this->assertTrue($result);
$this->Acl->Aco->create(array('parent_id' => $report, 'alias'=>'Bills'));
$result = $this->Acl->Aco->save();
$this->assertTrue($result);
}
function testDbAclAllow() {
$result = $this->Acl->allow('Roles/Admin', 'Root');
$result = $this->Acl->allow('Manager','Reports',array('read','delete','update'));
$this->assertTrue($result);
$result = $this->Acl->allow('Roles/Admin', 'Root/AuthTest');
$result = $this->Acl->allow('Secretary','Links',array('create'));
$this->assertTrue($result);
}
function testDbAclCheck() {
$aro = null;
$aco = null;
$action = "*";
$result = $this->Acl->check('Secretary','Links','read');
$this->assertTrue($result);
$result = $this->Acl->check('Roles/Admin', 'Root', $action);
$result = $this->Acl->check('Secretary','Links','delete');
$this->assertTrue($result);
$result = $this->Acl->check('Secretary','Links','update');
$this->assertTrue($result);
$result = $this->Acl->check('Secretary','Links','create');
$this->assertTrue($result);
$result = $this->Acl->check('Secretary','Links','*');
$this->assertTrue($result);
$result = $this->Acl->check('Secretary','Links','create');
$this->assertTrue($result);
$result = $this->Acl->check('Manager','Links','read');
$this->assertTrue($result);
$result = $this->Acl->check('Manager','Links','delete');
$this->assertTrue($result);
$result = $this->Acl->check('Manager','Links','create');
$this->assertFalse($result);
$result = $this->Acl->check('Account','Links','read');
$this->assertFalse($result);
$result = $this->Acl->allow('Global','Reports', 'read');
$this->assertTrue($result);
$result = $this->Acl->check('Account','Links','create');
$this->assertFalse($result);
$result = $this->Acl->check('Account','Links','update');
$this->assertFalse($result);
$result = $this->Acl->check('Account','Links','delete');
$this->assertFalse($result);
$result = $this->Acl->allow('Global','Reports');
$this->assertTrue($result);
$result = $this->Acl->check('Account','Links','read');
$this->assertTrue($result);
}
function testDbAclDeny() {
$this->Acl->deny('Secretary','Links',array('delete'));
$action = "*";
$result = $this->Acl->deny('Roles/Admin', 'Root/AuthTest', $action);
$this->assertTrue($result);
$result = $this->Acl->check('Roles/Admin', 'Root/AuthTest', $action);
$result = $this->Acl->check('Secretary','Links','delete');
$this->assertFalse($result);
}
function testDbAclInherit() {
$action = "*";
$result = $this->Acl->inherit('Roles/Admin', 'Root/AuthTest', $action);
$this->assertTrue($result);
}
function testDbAclGrant() {
$aro = 'Roles/Admin';
$aco = 'Root/AuthTest';
$action = "*";
$result = $this->Acl->grant($aro, $aco, $action);
$this->assertTrue($result);
}
function testDbAclRevoke() {
$aro = 'Roles/Admin';
$aco = 'Root/AuthTest';
$action = "*";
$result = $this->Acl->revoke($aro, $aco, $action);
$this->assertTrue($result);
function after() {
parent::after('end');
}
function endTest() {
function tearDown() {
unset($this->Acl);
}
}
?>
?>

5
cake/tests/cases/libs/model/datasources/dbo_source.test.php
View file

@ -1632,6 +1632,11 @@ class DboSourceTest extends UnitTestCase {
$result = $this->db->conditions(array('MD5(CONCAT(Reg.email,Reg.id))' => 'blah'));
$expected = " WHERE MD5(CONCAT(`Reg`.`email`,`Reg`.`id`)) = 'blah'";
$this->assertEqual($result, $expected);
$conditions = array('id' => array(2, 5, 6, 9, 12, 45, 78, 43, 76));
$result = $this->db->conditions($conditions);
$expected = " WHERE `id` IN (2, 5, 6, 9, 12, 45, 78, 43, 76) ";
$this->assertEqual($result, $expected);
}
function testMixedConditionsParsing() {

8
cake/tests/cases/libs/model/db_acl.test.php
View file

@ -129,7 +129,9 @@ if(!class_exists('db_acl_test')) {
class AclNodeTest extends CakeTestCase {
var $fixtures = array('core.aro', 'core.aco', 'core.aros_aco', 'core.aco_action');
function testNodeNesting() {
function startTest() {
Configure::write('Acl.classname', 'DB_ACL_TEST');
Configure::write('Acl.database', 'test_suite');
}
function testNode(){
@ -158,14 +160,10 @@ if(!class_exists('db_acl_test')) {
$expected = array(8, 7, 6, 1);
$this->assertEqual($result, $expected);
//action3 is an action with no ACO entry
//the default returned ACOs should be its parents
$result = Set::extract($aco->node('Controller2/action3'), '{n}.AcoTest.id');
$expected = array(6, 1);
$this->assertEqual($result, $expected);
//action3 and record5 have none ACO entry
//the default returned ACOs should be their parents ACO
$result = Set::extract($aco->node('Controller2/action3/record5'), '{n}.AcoTest.id');
$expected = array(6, 1);
$this->assertEqual($result, $expected);

70
cake/tests/cases/libs/view/helpers/form.test.php
View file

@ -220,6 +220,64 @@ class FormHelperTest extends CakeTestCase {
$this->assertNoPattern('/<input[^<>]+[^type|name|value|id]=[^<>]*>/', $result);
}
function testFormSecurityFields() {
$key = 'testKey';
$fields = array('Model' => array('password', 'username', 'valid'),
'_Model' => array('valid' => '0'),
'__Token' => array('key' => $key));
$this->Form->params['_Token']['key'] = $key;
$result = $this->Form->secure($fields);
$expected = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
$this->assertPattern('/'.$expected.'/', $result);
$this->assertPattern('/input type="hidden" name="data\[__Token\]\[fields\]" value="'.$expected.'"/', $result);
}
function testFormSecuredInput() {
$fields = array('Model' => array(
'0' => 'field',
'1' => 'field2',
'2' => 'field4'),
'_Model'=> array(
'field3' => '',
'field4' => '0'),
'__Token'=>array(
'key' => 'testKey'));
$fields = $this->__sortFields($fields);
$fieldsKey = urlencode(Security::hash(serialize($fields) . Configure::read('Security.salt')));
$fields['__Token']['fields'] = $fieldsKey;
$this->Form->params['_Token']['key'] = 'testKey';
$result = $this->Form->create('Contact', array('url' => '/contacts/add'));
$expected = '/^<form method="post" action="\/contacts\/add"(.+)<input type="hidden" name="data\[__Token\]\[key\]" value="testKey"(.+)<\/p>$/';
$this->assertPattern($expected, $result);
$result = $this->Form->input('Model.field', array('type' => 'text'));
$expected = '<div class="input"><label for="ModelField">Field</label><input name="data[Model][field]" type="text" value="" id="ModelField" /></div>';
$this->assertEqual($result, $expected);
$result = $this->Form->input('Model.field2', array('type' => 'text'));
$expected = '<div class="input"><label for="ModelField2">Field2</label><input name="data[Model][field2]" type="text" value="" id="ModelField2" /></div>';
$this->assertEqual($result, $expected);
$result = $this->Form->hidden('Model.field3', array('type' => 'text'));
$expected = '<input type="hidden" name="data[_Model][field3]" type="text" value="" id="ModelField3" />';
$this->assertEqual($result, $expected);
$result = $this->Form->input('Model.field4', array('type'=>'checkbox'));
$expected = '<div class="input"><input type="hidden" name="data[_Model][field4]" value="0" id="ModelField4_" /><input type="checkbox" name="data[Model][field4]" value="1" id="ModelField4" /><label for="ModelField4">Field4</label></div>';
$this->assertEqual($result, $expected);
$result = $this->Form->secure($this->Form->fields);
$expected = '/<p style="display: none;"><input type="hidden" name="data\[__Token\]\[fields\]" value="'.$fieldsKey.'" id="(.+)" \/><\/p>$/';
$this->assertPattern($expected, $result);
$result = $this->Form->fields;
$result = $this->__sortFields($result);
$this->assertEqual($result, $fields);
}
function testFormValidationAssociated() {
$this->UserForm =& ClassRegistry::getObject('UserForm');
$this->UserForm->OpenidUrl =& ClassRegistry::getObject('OpenidUrl');
@ -1059,6 +1117,16 @@ class FormHelperTest extends CakeTestCase {
unset($this->Form);
}
function __sortFields($fields) {
foreach ($fields as $key => $value) {
if(strpos($key, '_') !== 0) {
sort($fields[$key]);
}
}
ksort($fields);
return $fields;
}
}
?>
?>