tiny auth allowAdmin and cleanup

Controller/Component/Auth/TinyAuthorize.php

@@ -39,7 +39,9 @@ class TinyAuthorize extends BaseAuthorize {
 
 	protected $_defaults = array(
 		'allowUser' => false, # quick way to allow user access to non prefixed urls
+		'allowAdmin' => false, # quick way to allow admin access to admin prefixed urls
 		'adminPrefix' => 'admin_',
+		'adminRole' => null, # needed together with adminPrefix if allowAdmin is enabled
 		'cache' => AUTH_CACHE,
 		'cacheKey' => 'tiny_auth_acl',
 		'autoClearCache' => false, # usually done by Cache automatically in debug mode,
@@ -102,6 +104,14 @@ class TinyAuthorize extends BaseAuthorize {
 				return true;
 			}
 		}
+		if (!empty($this->settings['allowAdmin']) && !empty($this->settings['adminRole'])) {
+			# all admin actions are accessable for logged in admins
+			if (mb_strpos($action, $this->settings['adminPrefix']) === 0) {
+				if (in_array((string)$this->settings['adminRole'], $roles)) {
+					return true;
+				}
+			}
+		}
 
 		if ($this->_acl === null) {
 			$this->_acl = $this->_getAcl();

Controller/Component/AuthExtComponent.php

@@ -55,7 +55,13 @@ class AuthExtComponent extends AuthComponent {
 	# field name in DB , if none is specified there will be no floodProtection
 	public $floodProtection = null;
 
-
+	/**
+	 * Merge in Configure::read('Auth') settings
+	 *
+	 * @param mixed $Collection
+	 * @param mixed $settings
+	 * @return void
+	 */
 	public function __construct(ComponentCollection $Collection, $settings = array()) {
 		$settings = array_merge($this->settings, (array)Configure::read('Auth'), (array)$settings);
 
@@ -69,22 +75,12 @@ class AuthExtComponent extends AuthComponent {
 	}
 
 	/**
-	 * 2.1 fix for allowing * as wildcard (tmp solution)
-	 * 2012-01-10 ms
+	 * AuthExtComponent::login()
+	 *
+	 * @overwrite
+	 * @param mixed $user
+	 * @return boolean Success
 	 */
-	public function allow($action = null) {
-		if (((array)$action) === array('*')) {
-			parent::allow();
-			trigger_error('* is deprecated for allow() - use allow() without any argument to allow all actions');
-			return;
-		}
-		$args = func_get_args();
-		if (empty($args) || $action === null) {
-			parent::allow();
-		}
-		parent::allow($args);
-	}
-
 	public function login($user = null) {
 		$Model = $this->getModel();
 		$this->_setDefaults();
@@ -187,7 +183,7 @@ class AuthExtComponent extends AuthComponent {
 			return false;
 		}
 
-		$completeAuth = array($this->settings['userModel']=>$user);
+		$completeAuth = array($this->settings['userModel'] => $user);
 
 		# roles
 		if (!empty($with)) {
@@ -260,11 +256,11 @@ class AuthExtComponent extends AuthComponent {
 	 * Main execution method. Handles redirecting of invalid users, and processing
 	 * of login form data.
 	 *
+	 * @overwrite
 	 * @param Controller $controller A reference to the instantiating controller object
 	 * @return boolean
 	 */
 	public function startup(Controller $controller) {
-		//parent::startup($controller);
 		if ($controller->name === 'CakeError') {
 			return true;
 		}
@@ -285,61 +281,16 @@ class AuthExtComponent extends AuthComponent {
 		if (!$this->_setDefaults()) {
 			return false;
 		}
-		$request = $controller->request;
-
-		$url = '';
-
-		if (isset($request->url)) {
-			$url = $request->url;
-		}
-		$url = Router::normalize($url);
-		$loginAction = Router::normalize($this->loginAction);
-
-		$allowedActions = $this->allowedActions;
-		$isAllowed = (
-			$this->allowedActions == array('*') ||
-			in_array($action, array_map('strtolower', $allowedActions))
-		);
 
-		if ($loginAction != $url && $isAllowed) {
+		if ($this->_isAllowed($controller)) {
 			return true;
 		}
 
-		if ($loginAction == $url) {
-			if (empty($request->data)) {
-				if (!$this->Session->check('Auth.redirect') && !$this->loginRedirect && env('HTTP_REFERER')) {
-					$this->Session->write('Auth.redirect', $controller->referer(null, true));
-				}
-			}
-			return true;
-		} else {
-			if (!$this->_getUser()) {
-				if (!$request->is('ajax')) {
-					$this->flash($this->authError);
-					$this->Session->write('Auth.redirect', $request->here());
-					$controller->redirect($loginAction);
-					return false;
-				} elseif (!empty($this->ajaxLogin)) {
-					$controller->viewPath = 'Elements';
-					echo $controller->render($this->ajaxLogin, $this->RequestHandler->ajaxLayout);
-					$this->_stop();
-					return false;
-				} else {
-					$controller->redirect(null, 403);
-				}
-			}
-		}
 		if (empty($this->authorize) || $this->isAuthorized($this->user())) {
 			return true;
 		}
 
-		$this->flash($this->authError);
-		$default = '/';
-		if (!empty($this->loginRedirect)) {
-			$default = $this->loginRedirect;
-		}
-		$controller->redirect($controller->referer($default), null, true);
-		return false;
+		$this->_unauthorized($controller);
 	}
 
 	/**

Model/MyModel.php

@@ -822,6 +822,19 @@ class MyModel extends Model {
 		return $return;
 	}
 
+	/**
+	 * Delete all records using an atomic query similar to updateAll().
+	 * Note: Does not need manual sanitizing/escaping, though.
+	 *
+	 * Does not do any callbacks
+	 *
+	 * @param mixed $conditions Conditions to match, true for all records
+	 * @return bool Success
+	 */
+	public function deleteAllRaw($conditions = true) {
+		return $this->getDataSource()->delete($this, $conditions);
+	}
+
 /** Validation Functions **/
 
 	/**

Test/Case/Controller/Component/Auth/TinyAuthorizeTest.php

@@ -4,7 +4,6 @@
  *
  * 2012-11-05 ms
  */
-//App::uses('AuthComponent', 'Controller/Component');
 App::uses('TinyAuthorize', 'Tools.Controller/Component/Auth');
 App::uses('MyCakeTestCase', 'Tools.TestSuite');
 App::uses('Controller', 'Controller');
@@ -14,7 +13,7 @@ App::uses('CakeRequest', 'Network');
 /**
  * Test case for DirectAuthentication
  *
- * @package       Cake.Test.Case.Controller.Component.Auth
+ * @package Test.Case.Controller.Component.Auth
  */
 class TinyAuthorizeTest extends MyCakeTestCase {
 
@@ -31,11 +30,8 @@ class TinyAuthorizeTest extends MyCakeTestCase {
  */
 	public function setUp() {
 		parent::setUp();
-		//$this->Controller = new Controller();
 		$this->Collection = new ComponentCollection();
 
-		//$this->auth = new TinyAuthorize($this->Collection, array());
-		//$User = ClassRegistry::init('User');
 		$this->request = new CakeRequest(null, false);
 
 		$aclData = <<<INI
@@ -228,6 +224,40 @@ INI;
 	}
 
 	/**
+	 * @return void
+	 */
+	public function testAdminMethodsAllowed() {
+		$this->request->params['controller'] = 'users';
+		$this->request->params['action'] = 'some_action';
+		$config = array('allowAdmin' => true, 'adminRole' => 3, 'autoClearCache' => true);
+
+		$object = new TestTinyAuthorize($this->Collection, $config);
+
+		$user = array(
+			'role_id' => 1,
+		);
+		$res = $object->authorize($user, $this->request);
+		$this->assertFalse($res);
+
+		$this->request->params['controller'] = 'users';
+		$this->request->params['action'] = 'admin_index';
+
+		$object = new TestTinyAuthorize($this->Collection, $config);
+
+		$user = array(
+			'role_id' => 1,
+		);
+		$res = $object->authorize($user, $this->request);
+		$this->assertFalse($res);
+
+		$user = array(
+			'role_id' => 3,
+		);
+		$res = $object->authorize($user, $this->request);
+		$this->assertTrue($res);
+	}
+
+	/**
 	 * Should only be used in combination with Auth->allow() to mark those as public in the acl.ini, as well.
 	 * Not necessary and certainly not recommended as acl.ini only.
 	 *

Test/Case/Model/MyModelTest.php

@@ -119,6 +119,23 @@ class MyModelTest extends MyCakeTestCase {
 	}
 
 	/**
+	 * Test deleteAllRaw()
+	 *
+	 * @return void
+	 */
+	public function testDeleteAllRaw() {
+		$result = $this->App->deleteAllRaw(array('user !=' => 'foo', 'created <' => date(FORMAT_DB_DATE), 'id >' => 1));
+		$this->assertTrue($result);
+		$result = $this->App->getAffectedRows();
+		$this->assertIdentical(3, $result);
+
+		$result = $this->App->deleteAllRaw();
+		$this->assertTrue($result);
+		$result = $this->App->getAffectedRows();
+		$this->assertIdentical(1, $result);
+	}
+
+	/**
 	 * test truncate
 	 */
 	public function testTruncate() {