mirror of
https://github.com/kamilwylegala/cakephp2-php8.git
synced 2024-11-15 03:18:26 +00:00
Merge pull request #8279 from cakephp/issue-8114
Fix inherited permissions when checking the '*' permission.
This commit is contained in:
Mark Story
commit
ff6cdd4b73
3 changed files with 33 additions and 7 deletions
|
|
@ -107,10 +107,10 @@ class Permission extends AppModel {
|
|||
return false;
|
||||
}
|
||||
|
||||
$inherited = array();
|
||||
$acoIDs = Hash::extract($acoPath, '{n}.' . $this->Aco->alias . '.id');
|
||||
|
||||
$count = count($aroPath);
|
||||
$inherited = array();
|
||||
for ($i = 0; $i < $count; $i++) {
|
||||
$permAlias = $this->alias;
|
||||
|
||||
|
|
@ -129,13 +129,12 @@ class Permission extends AppModel {
|
|||
$perms = Hash::extract($perms, '{n}.' . $this->alias);
|
||||
foreach ($perms as $perm) {
|
||||
if ($action === '*') {
|
||||
|
||||
foreach ($permKeys as $key) {
|
||||
if (!empty($perm)) {
|
||||
if ($perm[$key] == -1) {
|
||||
return false;
|
||||
} elseif ($perm[$key] == 1) {
|
||||
$inherited[$key] = 1;
|
||||
} elseif ($perm[$key] == 1 || $perm[$key] == 0) {
|
||||
$inherited[$key] = $perm[$key];
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -253,7 +253,7 @@ class AclShellTest extends CakeTestCase {
|
|||
$this->Task->args = array('AuthUser.2', 'ROOT/Controller1', 'create');
|
||||
$this->Task->check();
|
||||
|
||||
$this->Task->args = array('AuthUser.2', 'ROOT/Controller1', '*');
|
||||
$this->Task->args = array('AuthUser.2', 'ROOT/Controller1', 'delete');
|
||||
$this->Task->check();
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -429,17 +429,44 @@ class DbAclTest extends CakeTestCase {
|
|||
* @return void
|
||||
*/
|
||||
public function testInherit() {
|
||||
//parent doesn't have access inherit should still deny
|
||||
// parent doesn't have access inherit should still deny
|
||||
$this->assertFalse($this->Acl->check('Milton', 'smash', 'delete'));
|
||||
$this->Acl->inherit('Milton', 'smash', 'delete');
|
||||
$this->assertFalse($this->Acl->check('Milton', 'smash', 'delete'));
|
||||
|
||||
//inherit parent
|
||||
// inherit parent
|
||||
$this->assertFalse($this->Acl->check('Milton', 'smash', 'read'));
|
||||
$this->Acl->inherit('Milton', 'smash', 'read');
|
||||
$this->assertTrue($this->Acl->check('Milton', 'smash', 'read'));
|
||||
}
|
||||
|
||||
/**
|
||||
* test inherit from deny method
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
public function testInheritParentDeny() {
|
||||
$this->Acl->Aco->create(array('parent_id' => null, 'alias' => 'world'));
|
||||
$this->Acl->Aco->save();
|
||||
|
||||
$this->Acl->Aco->create(array('parent_id' => $this->Acl->Aco->id, 'alias' => 'town'));
|
||||
$this->Acl->Aco->save();
|
||||
|
||||
$this->Acl->Aro->create(array('parent_id' => null, 'alias' => 'Jane'));
|
||||
$this->Acl->Aro->save();
|
||||
|
||||
// Setup deny on create for parent
|
||||
$this->Acl->allow('Jane', 'world', '*');
|
||||
$this->Acl->deny('Jane', 'world', 'create');
|
||||
|
||||
// Setup inherit and specify allow for create on child.
|
||||
$this->Acl->inherit('Jane', 'town', '*');
|
||||
$this->Acl->allow('Jane', 'town', 'create');
|
||||
|
||||
$this->assertTrue($this->Acl->check('Jane', 'town', 'create'), 'Should have access due to override');
|
||||
$this->assertTrue($this->Acl->check('Jane', 'town', '*'), 'Should have access due to inherit');
|
||||
}
|
||||
|
||||
/**
|
||||
* testDbGrant method
|
||||
*
|
||||
|
|
|
|||
Loading…
Reference in a new issue