Rbac callback assertion

[kanellov]

Hello,

I've implemented an Rbac Assertion Class that uses a callback to do the assertion.

Here is an example:

<?php
use Zend\Permissions\Rbac\Rbac;
use Zend\Permissions\Rbac\Assertion\Callback;

// User is assigned the foo role with id 5
// News article belongs to userId 5
// Jazz article belongs to userId 6

$rbac = new Rbac();
$user = $mySessionObject->getUser();
$news = $articleService->getArticle(5);
$jazz = $articleService->getArticle(6);

$rbac->addRole($user->getRole());
$rbac->getRole($user->getRole())->addPermission('edit.article');

$assertionCb = function ($user, $article) {
    return function ($rbac) use ($user, $article) {
        return $user->getId() == $article->getUserId();
    };
};

// true always - bad!
if ($rbac->isGranted($user->getRole(), 'edit.article')) {
    // hacks another user's article
}

$assertion = new Callback($assertionCb($user, $news));

// true for user id 5, because he belongs to write group and user id matches
if ($rbac->isGranted($user->getRole(), 'edit.article', $assertion)) {
    // edits his own article
}

$assertion = new Callback($assertionCb($user, $jazz));

// false for user id 5
if ($rbac->isGranted($user->getRole(), 'edit.article', $assertion)) {
    // can not edit another user's article
}

I borrowed the example from Zend Framework manual and from Dynamic Assertions section and I altered it to make use of the proposed Assertion Class.

[danizord]

Could be $this->assertAttributeSame($callback, 'callback', $assert);

[kanellov]

Thanks for your comments @danizord. I will update my code.

[kanellov]

OK @danizord I have updated my code.

[weierophinney]

Merged to develop for release with 2.4.