adulau/cakephp2-php8
1
0
Fork 0
mirror of https://github.com/kamilwylegala/cakephp2-php8.git synced 2024-11-15 03:18:26 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

Fix inherited permissions when checking the '*' permission.

Browse source 
When checking inherited permissions for '*' also copy inherited
permissions onto the inherited list. By copying the inherited values, we
get the union of explit allow and inherited permissions, which if all
things go well will match the permission key list.

Refs #8114
This commit is contained in:
mark_story 2016-02-16 22:21:06 -05:00
parent 68082fad02
commit b2509ea13d
2 changed files with 32 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/Cake/Model/Permission.php
View file

@ -107,10 +107,10 @@ class Permission extends AppModel {
return false;
}
$inherited = array();
$acoIDs = Hash::extract($acoPath, '{n}.' . $this->Aco->alias . '.id');
$count = count($aroPath);
$inherited = array();
for ($i = 0; $i < $count; $i++) {
$permAlias = $this->alias;
@ -134,8 +134,8 @@ class Permission extends AppModel {
if (!empty($perm)) {
if ($perm[$key] == -1) {
return false;
} elseif ($perm[$key] == 1) {
$inherited[$key] = 1;
} elseif ($perm[$key] == 1 || $perm[$key] == 0) {
$inherited[$key] = $perm[$key];
}
}
}

31
lib/Cake/Test/Case/Controller/Component/Acl/DbAclTest.php
View file

@ -429,17 +429,44 @@ class DbAclTest extends CakeTestCase {
* @return void
*/
public function testInherit() {
//parent doesn't have access inherit should still deny
// parent doesn't have access inherit should still deny
$this->assertFalse($this->Acl->check('Milton', 'smash', 'delete'));
$this->Acl->inherit('Milton', 'smash', 'delete');
$this->assertFalse($this->Acl->check('Milton', 'smash', 'delete'));
//inherit parent
// inherit parent
$this->assertFalse($this->Acl->check('Milton', 'smash', 'read'));
$this->Acl->inherit('Milton', 'smash', 'read');
$this->assertTrue($this->Acl->check('Milton', 'smash', 'read'));
}
/**
* test inherit from deny method
*
* @return void
*/
public function testInheritParentDeny() {
$this->Acl->Aco->create(array('parent_id' => null, 'alias' => 'world'));
$this->Acl->Aco->save();
$this->Acl->Aco->create(array('parent_id' => $this->Acl->Aco->id, 'alias' => 'town'));
$this->Acl->Aco->save();
$this->Acl->Aro->create(array('parent_id' => null, 'alias' => 'Jane'));
$this->Acl->Aro->save();
// Setup deny on create for parent
$this->Acl->allow('Jane', 'world', '*');
$this->Acl->deny('Jane', 'world', 'create');
// Setup inherit and specify allow for create on child.
$this->Acl->inherit('Jane', 'town', '*');
$this->Acl->allow('Jane', 'town', 'create');
$this->assertTrue($this->Acl->check('Jane', 'town', 'create'), 'Should have access due to override');
$this->assertTrue($this->Acl->check('Jane', 'town', '*'), 'Should have access due to inherit');
}
/**
* testDbGrant method
*