esserj
commented
10 years ago Yeah the reason is that it was there from before ZfcRbac was compatible, it was in the wait of getting my patch applied. I'll remove it shortly
Closed BrunoSpy closed 8 years ago
esserj
commented
10 years ago Yeah the reason is that it was there from before ZfcRbac was compatible, it was in the wait of getting my patch applied. I'll remove it shortly
esserj
commented
10 years ago fixed
BrunoSpy
commented
10 years ago thanks
But it seems that isGranted isn't working. I had to override \ZfcRbac\Service\Rbac and change $role to $role->getName()
esserj
commented
10 years ago in controllers $this->isGranted('permissionName') seems to be working fine when I test it, could you give a sample scenario where its failing? FYI: if it is the role you need you should be using $this->hasRole('roleName') in the controller
BrunoSpy
commented
10 years ago I use it in a view. For example, if a user has a role with a permission 'permission_name', isGranted('permission_name') always returns false unless you override Rbac.
esserj
commented
10 years ago Can you show me which part you are overriding (snippet)? and can you test if doing it in the controller is giving the expected result?
esserj
commented
10 years ago I just tested it in the view and it seems to all be working fine, can you read this issue and see if you can get any useful information out of it: https://github.com/esserj/RbacUserDoctrineOrm/issues/5
do make sure you remove your Service override
BrunoSpy
commented
10 years ago Here's my function :
public function isGranted($permission, $assert = null)
{
if (!is_string($permission)) {
throw new InvalidArgumentException('isGranted() expects a string for permission');
}
$rbac = $this->getRbac();
if ($assert) {
if ($assert instanceof AssertionInterface) {
if (!$assert->assert($this)) {
return false;
}
} elseif (is_callable($assert)) {
if (!$assert($this)) {
return false;
}
} else {
throw new InvalidArgumentException(
'Assertions must be a Callable or an instance of ZfcRbac\AssertionInterface'
);
}
}
foreach($this->getIdentity()->getRoles() as $role) {
if ($role instanceof Role && !$this->hasRole($role->getName())) {
continue;
}
$event = new Event;
$event->setRole($role->getName())
->setPermission($permission)
->setRbac($rbac);
$this->getEventManager()->trigger(Event::EVENT_IS_GRANTED, $event);
if ($rbac->isGranted($role->getName(), $permission)) {
return true;
}
}
return false;
}my config file (Role.php is exactly the same as yours but with annotation instead of xml markup)
return array(
'doctrine' => array(
'driver' => array(
// overriding zfc-user-doctrine-orm's config
'zfcuser_entity' => array(
'class' => 'Doctrine\ORM\Mapping\Driver\AnnotationDriver',
'paths' => __DIR__ . '/../src/Core/Entity',
),
'RbacUserDoctrineEntity' => array(
'class' => 'Doctrine\ORM\Mapping\Driver\AnnotationDriver',
'paths' => __DIR__ . '/../src/Core/Entity',
),
'orm_default' => array(
'drivers' => array(
'Core\Entity' => 'zfcuser_entity',
),
),
),
),
'rbac-user-doctrine-orm' => array(
'mapper' => array(
'role' => array(
'entityClass' => 'Core\Entity\Role'
)
)
),
'zfcrbac' => array(
'firewalls' => array(
'ZfcRbac\Firewall\Controller' => array(
// array('controller' => 'index', 'actions' => 'index', 'roles' => 'guest')
),
'ZfcRbac\Firewall\Route' => array(
// array('route' => 'profiles/add', 'roles' => 'member'),
// array('route' => 'admin/*', 'roles' => 'administrator')
),
),
),
'zfcuser' => array(
// telling ZfcUser to use our own class
'user_entity_class' => 'Core\Entity\User',
// telling ZfcUserDoctrineORM to skip the entities it defines
'enable_default_entities' => false,
'enable_username' => true,
'enable_display_name' =>true,
'enable_registration' => true,
'auth_identity_fields' => array('username', 'email'),
),
'view_manager' => array(
'display_not_found_reason' => true,
'display_exceptions' => true,
'doctype' => 'HTML5',
'template_path_stack' => array(
__DIR__ . '/../view',
),
),
'view_helpers' => array(
'invokables' => array(
'modalwindow' => 'Core\View\Helper\ModalWindow',
),
),and here is the code of the view :
if($this->zfcUserIdentity()){
foreach ($this->zfcUserIdentity()->getRoles() as $role){
echo "role name : ".$role->getName();
echo "has perm ".$role->hasPermission('centre.modify');
}
} else {
echo "no id";
}
?>
<?php if($this->isGranted('centre.modify')){
echo "permission granted ";
} else {
echo "permission not granted ";
} ?>
<?php if($this->hasRole('admin')){
echo "role granted ";
} else {
echo "role not granted ";
}
wich gives :
role name : admin
has perm 1
permission not granted
role granted
Have you tried adding a __toString to your role entity that returns the name i know i received a patch on that a while ago, seeing yourrole model would also clear up a little maybe, but when i test your view code in a new project i get the expected results so there must be something different in on of the objects you extend or replace that is causing the issue, alternativle ill be happy to have a look if you provide a repo that i can clone to see for myselfwhats happening, makes it alot easier
BrunoSpy
commented
10 years ago Yes I did (as I said, Role.php is a copy of yours with annotations). I can't push the code to a public repo, but here's the code : (link will only last a few hours) http://dl.free.fr/nXKXrGh3m
BrunoSpy
commented
10 years ago And btw, thanks for the help !
esserj
commented
10 years ago I just checked the project out and after finally getting the database to match your project and inserting some dummy permission and role data I notice no problems at all, permissions are recognized and isGranted returns true? are you sure that your role hierarchy is right? (as extensively explained in the issue I linked to above) As that is the only thing I can think of thats wrong?
Or did you apply a fix somewhere that is causing it to currently work? and which file is it? as I cant seem to find an Rbac service override
esserj
commented
10 years ago and to show you you're app is recognizing the permissions:
BrunoSpy
commented
10 years ago Ok... that's really weird... My test role hierarchy is really simple : only one role with one permission. I deleted the Rbac override as the purpose was to show you the issue.
BrunoSpy
commented
10 years ago Coudl you tell me how you configured roles and permissions ?
Here are my datas :
INSERT INTO `permissions` (`id`, `name`) VALUES
(1, 'centre.modify'),
(2, 'events.read'),
(3, 'events.write'),
(4, 'frequencies.read');
INSERT INTO `roles` (`id`, `parent_id`, `name`) VALUES
(1, NULL, 'admin'),
(2, NULL, 'anonymous');
INSERT INTO `roles_permissions` (`role_id`, `permission_id`) VALUES
(1, 1),
(1, 2),
(1, 3),
(1, 4);
INSERT INTO `users` (`id`, `username`, `email`, `displayName`, `password`) VALUES
(1, 'Admin', 'admin@admin.com', 'Administrator', '$2y$14$Zxu17JexBxJEXx4OI86lJOvyGA0lWGKNxBzhKjBuXXmwDf45MkFVy'),
INSERT INTO `users_roles` (`user_id`, `role_id`) VALUES
(1, 1),
Yeah thats weird, you do indeed not have the hierarchy I thought could be the issue, here is my DB setup that you can test with:
INSERT INTO `permissions` (`id`, `name`) VALUES
(1, 'centre.modify'),
(2, 'test');
INSERT INTO `roles` (`id`, `parent_id`, `name`) VALUES
(1, 2, 'guest'),
(2, 3, 'member'),
(3, NULL, 'admin');
INSERT INTO `roles_permissions` (`role_id`, `permission_id`) VALUES
(2, 1),
(2, 2);my user had the admin role in my test case
BrunoSpy
commented
10 years ago It works. Now we must understand why with my datas it's not the case. I.E. when the role has no child.
I assume that guest is your anonymous role ?
esserj
commented
10 years ago Yes thats correct, ill see if i can have a look at the no children test case a little later and post my findings
BrunoSpy
commented
10 years ago Did you found something ?
BrunoSpy
commented
10 years ago It seems that your module has been intergrated into ZfcRbac. Is that right ?
It seems that hasRole from RbacUserDoctrineOrm\Service\Rbac is never called but the method from ZfcRbac\Service\Rbac is.
Do you have any idea why ?