Merge branch 'hotfix/normalize-acl-resource-names'

Close #128

CHANGELOG.md

@@ -2,7 +2,7 @@
 
 All notable changes to this project will be documented in this file, in reverse chronological order by release.
 
-## 1.4.3 - TBD
+## 1.4.3 - 2016-09-30
 
 ### Added
 
@@ -18,7 +18,11 @@ All notable changes to this project will be documented in this file, in reverse
 
 ### Fixed
 
-- Nothing.
+- [#128](https://github.com/zfcampus/zf-mvc-auth/pull/128) fixes an issue
+  stemming from changes in the Admin API; controller service names are often
+  written in configuration using dash, versus namespace, separators, which
+  causes authorization lookups to fail. This version now converts dashes to
+  namespace separators in the controller names when creating the ACL.
 
 ## 1.4.2 - 2016-08-03
 

src/Factory/AclAuthorizationFactory.php

@@ -94,6 +94,10 @@ protected function createAclFromConfig(array $config)
      */
     protected function createAclConfigFromPrivileges($controllerService, array $privileges, &$aclConfig, $denyByDefault)
     {
+        // Normalize the controller service name.
+        // zend-mvc will always pass the name using namespace seprators, but
+        // the admin may write the name using dash seprators.
+        $controllerService = strtr($controllerService, '-', '\\');
         if (isset($privileges['actions'])) {
             foreach ($privileges['actions'] as $action => $methods) {
                 $action = lcfirst($action);

test/Factory/AclAuthorizationFactoryTest.php

@@ -21,37 +21,50 @@ public function setUp()
         $this->factory  = new AclAuthorizationFactory();
     }
 
-    public function testCanCreateWhitelistAcl()
+    public function whitelistAclProvider()
     {
-        $config = ['zf-mvc-auth' => ['authorization' => [
-            'Foo\Bar\RestController' => [
-                'entity' => [
-                    'GET'    => false,
-                    'POST'   => false,
-                    'PUT'    => true,
-                    'PATCH'  => true,
-                    'DELETE' => true,
-                ],
-                'collection' => [
-                    'GET'    => false,
-                    'POST'   => true,
-                    'PUT'    => false,
-                    'PATCH'  => false,
-                    'DELETE' => false,
+        $entityConfig = [
+            'GET'    => false,
+            'POST'   => false,
+            'PUT'    => true,
+            'PATCH'  => true,
+            'DELETE' => true,
+        ];
+        $collectionConfig = [
+            'GET'    => false,
+            'POST'   => true,
+            'PUT'    => false,
+            'PATCH'  => false,
+            'DELETE' => false,
+        ];
+        $rpcConfig = [
+            'GET'    => false,
+            'POST'   => true,
+            'PUT'    => false,
+            'PATCH'  => false,
+            'DELETE' => false,
+        ];
+
+        foreach (['Foo\Bar\\', 'Foo-Bar-'] as $namespace) {
+            yield $namespace => [['zf-mvc-auth' => ['authorization' => [
+                $namespace . 'RestController' => [
+                    'entity' => $entityConfig,
+                    'collection' => $collectionConfig,
                 ],
-            ],
-            'Foo\Bar\RpcController' => [
-                'actions' => [
-                    'do' => [
-                        'GET'    => false,
-                        'POST'   => true,
-                        'PUT'    => false,
-                        'PATCH'  => false,
-                        'DELETE' => false,
+                $namespace . 'RpcController' => [
+                    'actions' => [
+                        'do' => $rpcConfig,
                     ],
                 ],
-            ],
-        ]]];
+            ]]]];
+        }
+    }
+
+    /**
+     * @dataProvider whitelistAclProvider
+     */
+    public function testCanCreateWhitelistAcl(array $config)
+    {
         $this->services->setService('config', $config);
 
         $factory = $this->factory;
@@ -63,6 +76,9 @@ public function testCanCreateWhitelistAcl()
         $authorizations = $config['zf-mvc-auth']['authorization'];
 
         foreach ($authorizations as $resource => $rules) {
+            // Internally, zend-mvc is always using namespace separators, so
+            // ensure we test against those specifically.
+            $resource = strtr($resource, '-', '\\');
             switch (true) {
                 case (array_key_exists('entity', $rules)):
                     foreach ($rules['entity'] as $method => $expected) {
@@ -237,4 +253,8 @@ public function testRpcActionsAreNormalizedWhenCreatingAcl()
         $this->assertInstanceOf('ZF\MvcAuth\Authorization\AclAuthorization', $acl);
         $this->assertFalse($acl->isAllowed('guest', 'Foo\Bar\RpcController::do', 'POST'));
     }
+
+    public function testNormalizesControllerServiceNames()
+    {
+    }
 }