Merge remote-tracking branch 'upstream/master'

zendframework · May 9, 2013 · d78b598 · d78b598
commit d78b598
Show file tree

Hide file tree

Showing 20 changed files with 212 additions and 107 deletions.
diff --git a/composer.json b/composer.json
@@ -20,8 +20,8 @@
     },
     "extra": {
         "branch-alias": {
-            "dev-master": "2.4-dev",
-            "dev-develop": "2.5-dev"
+            "dev-master": "2.2-dev",
+            "dev-develop": "2.3-dev"
         }
     },
     "autoload-dev": {

diff --git a/src/Acl.php b/src/Acl.php
@@ -3,19 +3,13 @@
  * Zend Framework (http://framework.zend.com/)
  *
  * @link      http://github.com/zendframework/zf2 for the canonical source repository
- * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
  * @license   http://framework.zend.com/license/new-bsd New BSD License
- * @package   Zend_Permissions
  */
 
 namespace Zend\Permissions\Acl;
 
-/**
- * @category   Zend
- * @package    Zend_Permissions
- * @subpackage Acl
- */
-class Acl
+class Acl implements AclInterface
 {
     /**
      * Rule type: allow
@@ -139,7 +133,7 @@ public function getRole($role)
      * The $role parameter can either be a Role or a Role identifier.
      *
      * @param  Role\RoleInterface|string $role
-     * @return boolean
+     * @return bool
      */
     public function hasRole($role)
     {
@@ -157,8 +151,8 @@ public function hasRole($role)
      *
      * @param  Role\RoleInterface|string    $role
      * @param  Role\RoleInterface|string    $inherit
-     * @param  boolean                      $onlyParents
-     * @return boolean
+     * @param  bool                      $onlyParents
+     * @return bool
      */
     public function inheritsRole($role, $inherit, $onlyParents = false)
     {
@@ -307,7 +301,7 @@ public function getResource($resource)
      * The $resource parameter can either be a Resource or a Resource identifier.
      *
      * @param  Resource\ResourceInterface|string $resource
-     * @return boolean
+     * @return bool
      */
     public function hasResource($resource)
     {
@@ -331,9 +325,9 @@ public function hasResource($resource)
      *
      * @param  Resource\ResourceInterface|string    $resource
      * @param  Resource\ResourceInterface|string    inherit
-     * @param  boolean                              $onlyParent
+     * @param  bool                              $onlyParent
      * @throws Exception\InvalidArgumentException
-     * @return boolean
+     * @return bool
      */
     public function inheritsResource($resource, $inherit, $onlyParent = false)
     {
@@ -562,6 +556,10 @@ public function setRule($operation, $type, $roles = null, $resources = null,
         if (!is_array($resources)) {
             if (null === $resources && count($this->resources) > 0) {
                 $resources = array_keys($this->resources);
+                // Passing a null resource; make sure "global" permission is also set!
+                if (!in_array(null, $resources)) {
+                    array_unshift($resources, null);
+                }
             } else {
                 $resources = array($resources);
             }
@@ -572,7 +570,11 @@ public function setRule($operation, $type, $roles = null, $resources = null,
         $resources = array();
         foreach ($resourcesTemp as $resource) {
             if (null !== $resource) {
-                $resources[] = $this->getResource($resource);
+                $resourceObj = $this->getResource($resource);
+                $resourceId = $resourceObj->getResourceId();
+                $children = $this->getChildResources($resourceObj);
+                $resources = array_merge($resources, $children);
+                $resources[$resourceId] = $resourceObj;
             } else {
                 $resources[] = null;
             }
@@ -659,6 +661,28 @@ public function setRule($operation, $type, $roles = null, $resources = null,
         return $this;
     }
 
+    /**
+     * Returns all child resources from the given resource.
+     *
+     * @param  Resource\ResourceInterface|string    $resource
+     * @return Resource\ResourceInterface[]
+     */
+    protected function getChildResources(Resource\ResourceInterface $resource)
+    {
+        $return = array();
+        $id = $resource->getResourceId();
+
+        $children = $this->resources[$id]['children'];
+        foreach ($children as $child) {
+            $child_return = $this->getChildResources($child);
+            $child_return[$child->getResourceId()] = $child;
+
+            $return = array_merge($return, $child_return);
+        }
+
+        return $return;
+    }
+
     /**
      * Returns true if and only if the Role has access to the Resource
      *
@@ -683,7 +707,7 @@ public function setRule($operation, $type, $roles = null, $resources = null,
      * @param  Role\RoleInterface|string            $role
      * @param  Resource\ResourceInterface|string    $resource
      * @param  string                               $privilege
-     * @return boolean
+     * @return bool
      */
     public function isAllowed($role = null, $resource = null, $privilege = null)
     {
@@ -747,7 +771,10 @@ public function isAllowed($role = null, $resource = null, $privilege = null)
                 if (null !== ($ruleType = $this->getRuleType($resource, null, $privilege))) {
                     return self::TYPE_ALLOW === $ruleType;
                 } elseif (null !== ($ruleTypeAllPrivileges = $this->getRuleType($resource, null, null))) {
-                    return self::TYPE_ALLOW === $ruleTypeAllPrivileges;
+                    $result = self::TYPE_ALLOW === $ruleTypeAllPrivileges;
+                    if ($result || null === $resource) {
+                        return $result;
+                    }
                 }
 
                 // try next Resource
@@ -782,7 +809,7 @@ protected function getRoleRegistry()
      *
      * @param  Role\RoleInterface           $role
      * @param  Resource\ResourceInterface   $resource
-     * @return boolean|null
+     * @return bool|null
      */
     protected function roleDFSAllPrivileges(Role\RoleInterface $role, Resource\ResourceInterface $resource = null)
     {
@@ -818,7 +845,7 @@ protected function roleDFSAllPrivileges(Role\RoleInterface $role, Resource\Resou
      * @param  Role\RoleInterface           $role
      * @param  Resource\ResourceInterface   $resource
      * @param  array                        $dfs
-     * @return boolean|null
+     * @return bool|null
      * @throws Exception\RuntimeException
      */
     protected function roleDFSVisitAllPrivileges(Role\RoleInterface $role, Resource\ResourceInterface $resource = null, &$dfs = null)
@@ -856,7 +883,7 @@ protected function roleDFSVisitAllPrivileges(Role\RoleInterface $role, Resource\
      * @param  Role\RoleInterface           $role
      * @param  Resource\ResourceInterface   $resource
      * @param  string                       $privilege
-     * @return boolean|null
+     * @return bool|null
      * @throws Exception\RuntimeException
      */
     protected function roleDFSOnePrivilege(Role\RoleInterface $role, Resource\ResourceInterface $resource = null, $privilege = null)
@@ -898,7 +925,7 @@ protected function roleDFSOnePrivilege(Role\RoleInterface $role, Resource\Resour
      * @param  Resource\ResourceInterface   $resource
      * @param  string                       $privilege
      * @param  array                        $dfs
-     * @return boolean|null
+     * @return bool|null
      * @throws Exception\RuntimeException
      */
     protected function roleDFSVisitOnePrivilege(Role\RoleInterface $role, Resource\ResourceInterface $resource = null,
@@ -990,9 +1017,9 @@ protected function getRuleType(Resource\ResourceInterface $resource = null, Role
             return null;
         } elseif (self::TYPE_ALLOW === $rule['type']) {
             return self::TYPE_DENY;
-        } else {
-            return self::TYPE_ALLOW;
         }
+
+        return self::TYPE_ALLOW;
     }
 
     /**
@@ -1005,7 +1032,7 @@ protected function getRuleType(Resource\ResourceInterface $resource = null, Role
      *
      * @param  Resource\ResourceInterface $resource
      * @param  Role\RoleInterface         $role
-     * @param  boolean                    $create
+     * @param  bool                    $create
      * @return array|null
      */
     protected function &getRules(Resource\ResourceInterface $resource = null, Role\RoleInterface $role = null, $create = false)

diff --git a/src/AclInterface.php b/src/AclInterface.php
@@ -0,0 +1,51 @@
+<?php
+/**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link      http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://framework.zend.com/license/new-bsd New BSD License
+ */
+
+namespace Zend\Permissions\Acl;
+
+interface AclInterface
+{
+    /**
+     * Returns true if and only if the Resource exists in the ACL
+     *
+     * The $resource parameter can either be a Resource or a Resource identifier.
+     *
+     * @param  Resource\ResourceInterface|string $resource
+     * @return bool
+     */
+    public function hasResource($resource);
+
+    /**
+     * Returns true if and only if the Role has access to the Resource
+     *
+     * The $role and $resource parameters may be references to, or the string identifiers for,
+     * an existing Resource and Role combination.
+     *
+     * If either $role or $resource is null, then the query applies to all Roles or all Resources,
+     * respectively. Both may be null to query whether the ACL has a "blacklist" rule
+     * (allow everything to all). By default, Zend_Acl creates a "whitelist" rule (deny
+     * everything to all), and this method would return false unless this default has
+     * been overridden (i.e., by executing $acl->allow()).
+     *
+     * If a $privilege is not provided, then this method returns false if and only if the
+     * Role is denied access to at least one privilege upon the Resource. In other words, this
+     * method returns true if and only if the Role is allowed all privileges on the Resource.
+     *
+     * This method checks Role inheritance using a depth-first traversal of the Role registry.
+     * The highest priority parent (i.e., the parent most recently added) is checked first,
+     * and its respective parents are checked similarly before the lower-priority parents of
+     * the Role are checked.
+     *
+     * @param  Role\RoleInterface|string            $role
+     * @param  Resource\ResourceInterface|string    $resource
+     * @param  string                               $privilege
+     * @return bool
+     */
+    public function isAllowed($role = null, $resource = null, $privilege = null);
+}
diff --git a/src/Assertion/AssertionInterface.php b/src/Assertion/AssertionInterface.php
@@ -3,9 +3,8 @@
  * Zend Framework (http://framework.zend.com/)
  *
  * @link      http://github.com/zendframework/zf2 for the canonical source repository
- * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
  * @license   http://framework.zend.com/license/new-bsd New BSD License
- * @package   Zend_Permissions
  */
 
 namespace Zend\Permissions\Acl\Assertion;
@@ -14,11 +13,6 @@
 use Zend\Permissions\Acl\Resource\ResourceInterface;
 use Zend\Permissions\Acl\Role\RoleInterface;
 
-/**
- * @category   Zend
- * @package    Zend_Permissions
- * @subpackage Acl
- */
 interface AssertionInterface
 {
     /**
@@ -32,7 +26,7 @@ interface AssertionInterface
      * @param  RoleInterface         $role
      * @param  ResourceInterface $resource
      * @param  string                         $privilege
-     * @return boolean
+     * @return bool
      */
     public function assert(Acl $acl, RoleInterface $role = null, ResourceInterface $resource = null, $privilege = null);
 }
diff --git a/src/Exception/ExceptionInterface.php b/src/Exception/ExceptionInterface.php
@@ -3,17 +3,11 @@
  * Zend Framework (http://framework.zend.com/)
  *
  * @link      http://github.com/zendframework/zf2 for the canonical source repository
- * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
  * @license   http://framework.zend.com/license/new-bsd New BSD License
- * @package   Zend_Permissions
  */
 
 namespace Zend\Permissions\Acl\Exception;
 
-/**
- * @category   Zend
- * @package    Zend_Permissions
- * @subpackage Acl
- */
 interface ExceptionInterface
 {}
diff --git a/src/Exception/InvalidArgumentException.php b/src/Exception/InvalidArgumentException.php
@@ -3,18 +3,12 @@
  * Zend Framework (http://framework.zend.com/)
  *
  * @link      http://github.com/zendframework/zf2 for the canonical source repository
- * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
  * @license   http://framework.zend.com/license/new-bsd New BSD License
- * @package   Zend_Permissions
  */
 
 namespace Zend\Permissions\Acl\Exception;
 
-/**
- * @category   Zend
- * @package    Zend_Permissions
- * @subpackage Acl
- */
 class InvalidArgumentException extends \InvalidArgumentException implements
     ExceptionInterface
 {}
diff --git a/src/Exception/RuntimeException.php b/src/Exception/RuntimeException.php
@@ -3,18 +3,12 @@
  * Zend Framework (http://framework.zend.com/)
  *
  * @link      http://github.com/zendframework/zf2 for the canonical source repository
- * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
  * @license   http://framework.zend.com/license/new-bsd New BSD License
- * @package   Zend_Permissions
  */
 
 namespace Zend\Permissions\Acl\Exception;
 
-/**
- * @category   Zend
- * @package    Zend_Permissions
- * @subpackage Acl
- */
 class RuntimeException extends \RuntimeException implements
     ExceptionInterface
 {

diff --git a/src/Resource/GenericResource.php b/src/Resource/GenericResource.php
@@ -3,18 +3,12 @@
  * Zend Framework (http://framework.zend.com/)
  *
  * @link      http://github.com/zendframework/zf2 for the canonical source repository
- * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
  * @license   http://framework.zend.com/license/new-bsd New BSD License
- * @package   Zend_Permissions
  */
 
 namespace Zend\Permissions\Acl\Resource;
 
-/**
- * @category   Zend
- * @package    Zend_Permissions
- * @subpackage Acl
- */
 class GenericResource implements ResourceInterface
 {
     /**

diff --git a/src/Resource/ResourceInterface.php b/src/Resource/ResourceInterface.php
@@ -3,18 +3,12 @@
  * Zend Framework (http://framework.zend.com/)
  *
  * @link      http://github.com/zendframework/zf2 for the canonical source repository
- * @copyright Copyright (c) 2005-2012 Zend Technologies USA Inc. (http://www.zend.com)
+ * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
  * @license   http://framework.zend.com/license/new-bsd New BSD License
- * @package   Zend_Permissions
  */
 
 namespace Zend\Permissions\Acl\Resource;
 
-/**
- * @category   Zend
- * @package    Zend_Permissions
- * @subpackage Acl
- */
 interface ResourceInterface
 {
     /**