Ticket #524: ticket524.patch

build/manifests/jelix-lib.mn

@@ -23 +23 @@
-  jAclDbUserGroup.class.php
-  jAclDbManager.class.php
-  jAclDb.class.php
+  jAcl2.class.php
+  jAcl2DbUserGroup.class.php
+  jAcl2DbManager.class.php
+  jAcl2Db.class.php
-
-cd lib/jelix/controllers
-  jControllerCmdLine.class.php
@@ -84 +88 @@
-   jaclusergroup.dao.xml
-   jaclgroupsofuser.dao.xml
-   jsession.dao.xml
+   jacl2group.dao.xml
+   jacl2rights.dao.xml
+   jacl2subject.dao.xml
+   jacl2usergroup.dao.xml
+   jacl2groupsofuser.dao.xml
-cd lib/jelix/core-modules/jelix/install/sql
-  delete.mysql.sql
-  install_jacl.schema.mysql.sql
-  install_jacl.data.mysql.sql
+  install_jacl2.schema.mysql.sql
+  install_jacl2.data.mysql.sql
-  install_jsession.schema.mysql.sql
-  delete.pgsql.sql
-  install_jacl.schema.pgsql.sql
-  install_jacl.data.pgsql.sql
+  install_jacl2.schema.pgsql.sql
+  install_jacl2.data.pgsql.sql
-  install_jsession.schema.pgsql.sql
-
-cd lib/jelix/core-modules/jelix/locales/en_US
@@ -304 +317 @@
-  events.xml
-cd lib/jelix-modules/jacldb/classes
-!  jacldb.listener.php
+cd lib/jelix-modules/jacl2db
+  module.xml
+  events.xml
+cd lib/jelix-modules/jacl2db/classes
+!  jacl2db.listener.php
-cd lib/jelix-modules/jauth
-  module.xml
-  events.xml
@@ -351 +369 @@
-  CREDITS
-cd lib/jelix-plugins/auth/
-cd lib/jelix-plugins/acl/
+cd lib/jelix-plugins/acl2/
-cd lib/jelix-plugins/coord/
-cd lib/jelix-plugins/db/
-cd lib/jelix-plugins/urls/
@@ -359 +378 @@
-
-cd lib/jelix/plugins/acl/db
-  db.acl.php
+cd lib/jelix/plugins/acl2/db
+  db.acl2.php
-cd lib/jelix/plugins/auth/db
-  db.auth.php
-cd lib/jelix/plugins/auth/class
@@ -385 +406 @@
-  plugin.xml
-  jacl.coord.ini.php.dist
-
+cd lib/jelix/plugins/coord/jacl2
+! jacl2.coord.php
+  plugin.xml
+  jacl2.coord.ini.php.dist
+
-cd lib/jelix/plugins/jforms/html
-  html.jformscompiler.php
-  html.jformsbuilder.php
@@ -420 +446 @@
-cd lib/jelix/plugins/tpl/common
-  block.ifacl.php
-  block.ifnotacl.php
+  block.ifacl2.php
+  block.ifnotacl2.php
-  block.ifuserconnected.php
-  block.ifusernotconnected.php
-  block.stripws.php

build/manifests/testapp.mn

@@ -137 +137 @@
-  jacl.main_api.html_cli.php
-  jacl.manager.html_cli.php
-  jacl.users_and_groups.html_cli.php
+  jacl2.main_api.html_cli.php
+  jacl2.manager.html_cli.php
+  jacl2.users_and_groups.html_cli.php
-  jdao.conditions.html_cli.php
-  jdao.main_api.html_cli.php
-  jdao.main_api_with_pdo.html_cli.php

testapp/install/install.mysql.sql

@@ -82 +82 @@
-) ENGINE=MyISAM DEFAULT CHARSET=latin1;
-
-
+-- Liste des groupes
+DROP TABLE IF EXISTS `jacl2_group`;
+CREATE TABLE `jacl2_group` (
+  `id_aclgrp` int(11) NOT NULL auto_increment,
+  `name` varchar(150) NOT NULL default '',
+  `grouptype` tinyint(4) NOT NULL default '0',
+  `ownerlogin` varchar(50) default NULL,
+  PRIMARY KEY  (`id_aclgrp`)
+) TYPE=MyISAM AUTO_INCREMENT=1 ;
+
+-- liste des groupes associés à chaque utilisateur
+DROP TABLE IF EXISTS `jacl2_user_group`;
+CREATE TABLE `jacl2_user_group` (
+  `login` varchar(50) NOT NULL default '',
+  `id_aclgrp` int(11) NOT NULL default '0',
+  KEY `login` (`login`,`id_aclgrp`)
+) TYPE=MyISAM;
+
+
+-- liste des sujets, avec leur appartenance à un groupe de valeurs de droits
+DROP TABLE IF EXISTS `jacl2_subject`;
+CREATE TABLE `jacl2_subject` (
+  `id_aclsbj` varchar(100) NOT NULL default '',
+  `label_key` varchar(100) default NULL,
+  PRIMARY KEY  (`id_aclsbj`)
+) TYPE=MyISAM;
+
+-- table centrale
+-- valeurs du droit pour chaque couple sujet/groupe ou triplet sujet/groupe/ressource
+DROP TABLE IF EXISTS `jacl2_rights`;
+CREATE TABLE `jacl2_rights` (
+  `id_aclsbj` varchar(100) NOT NULL default '',
+  `id_aclgrp` int(11) NOT NULL default '0',
+  `id_aclres` varchar(100) NOT NULL default '',
+  PRIMARY KEY  (`id_aclsbj`,`id_aclgrp`,`id_aclres`)
+) TYPE=MyISAM;
+
+
--- --------------------------------------------------------
-
---

testapp/install/install.pgsql.sql

@@ -156 +156 @@
-
-
-
+CREATE TABLE jacl2_group (
+    id_aclgrp serial NOT NULL,
+    name character varying(150) NOT NULL,
+    grouptype smallint NOT NULL,
+    ownerlogin character varying(50)
+);
-
+SELECT pg_catalog.setval(pg_catalog.pg_get_serial_sequence('jacl2_group', 'id_aclgrp'), 1, false);
-
+CREATE TABLE jacl2_rights (
+    id_aclsbj character varying(255) NOT NULL,
+    id_aclgrp integer NOT NULL,
+    id_aclres character varying(100) NOT NULL
+);
-
+CREATE TABLE jacl2_subject (
+    id_aclsbj character varying(100) NOT NULL,
+    label_key character varying(100)
+);
-
+CREATE TABLE jacl2_user_group (
+    "login" character varying(50) NOT NULL,
+    id_aclgrp integer NOT NULL
+);
-
-
+ALTER TABLE ONLY jacl2_group
+    ADD CONSTRAINT jacl2_group_pkey PRIMARY KEY (id_aclgrp);
-
+ALTER TABLE ONLY jacl2_rights
+    ADD CONSTRAINT jacl2_rights_pkey PRIMARY KEY (id_aclsbj, id_aclgrp, id_aclres);
+
+ALTER TABLE ONLY jacl2_subject
+    ADD CONSTRAINT jacl2_subject_pkey PRIMARY KEY (id_aclsbj);
+
+ALTER TABLE ONLY jacl2_user_group
+    ADD CONSTRAINT jacl2_user_group_pkey PRIMARY KEY ("login", id_aclgrp);
+
+ALTER TABLE ONLY jacl2_rights
+    ADD CONSTRAINT jacl2_rights_id_aclgrp_fkey FOREIGN KEY (id_aclgrp) REFERENCES jacl2_group(id_aclgrp);
+
+ALTER TABLE ONLY jacl2_rights
+    ADD CONSTRAINT jacl2_rights_id_aclsbj_fkey FOREIGN KEY (id_aclsbj) REFERENCES jacl2_subject(id_aclsbj);
+
+ALTER TABLE ONLY jacl2_user_group
+    ADD CONSTRAINT jacl2_user_group_id_aclgrp_fkey FOREIGN KEY (id_aclgrp) REFERENCES jacl2_group(id_aclgrp);
+
+
+
+
+
+
+

testapp/modules/jelix_tests/tests/jacl2.manager.html_cli.php

@@ +1 @@
+<?php
+/**
+* @package     testapp
+* @subpackage  jelix_tests module
+* @author      Jouanneau Laurent
+* @contributor
+* @copyright   2007-2008 Jouanneau laurent
+* @link        http://www.jelix.org
+* @licence     GNU Lesser General Public Licence see LICENCE file or http://www.gnu.org/licenses/lgpl.html
+*/
+
+class UTjacl2manager extends jUnitTestCaseDb {
+
+
+    public function testStart(){
+        $this->dbProfil = jAcl2Db::getProfil();
+        $this->emptyTable('jacl2_user_group');
+        $this->emptyTable('jacl2_rights');
+        $this->emptyTable('jacl2_subject');
+
+        $groups= array(array('id_aclgrp'=>1, 'name'=>'group1', 'grouptype'=>0, 'ownerlogin'=>null));
+
+        $this->insertRecordsIntoTable('jacl2_group', array('id_aclgrp','name','grouptype','ownerlogin'), $groups, true);
+    }
+
+    protected $subjects;
+
+    public function testAddSubject(){
+        jAcl2DbManager::addSubject('super.cms' , 'cms~rights.super.cms');
+        $this->subjects = array(
+            array('id_aclsbj'=>'super.cms', 'label_key'=>'cms~rights.super.cms'),
+        );
+        $this->assertTableContainsRecords('jacl2_subject', $this->subjects);
+
+        jAcl2DbManager::addSubject('jxacl.groups.management', 'jxacl~db.sbj.groups.management');
+        jAcl2DbManager::addSubject('admin.access', 'admin~rights.access');
+        jAcl2DbManager::addSubject('admin.foo', 'admin~rights.foo');
+
+        $this->subjects[] = array('id_aclsbj'=>'jxacl.groups.management', 'label_key'=>'jxacl~db.sbj.groups.management');
+        $this->subjects[] = array('id_aclsbj'=>'admin.access', 'label_key'=>'admin~rights.access');
+        $this->subjects[] = array('id_aclsbj'=>'admin.foo', 'label_key'=>'admin~rights.foo');
+
+        $this->assertTableContainsRecords('jacl2_subject', $this->subjects);
+    }
+
+    public function testRemoveSubject(){
+        jAcl2DbManager::removeSubject('admin.foo');
+        array_pop($this->subjects);
+        $this->assertTableContainsRecords('jacl2_subject', $this->subjects);
+    }
+
+    protected $rights;
+    public function testAddRight(){
+        jAcl2DbManager::addSubject('super.cms.list' , 'cms~rights.super.cms.list');
+        jAcl2DbManager::addSubject('super.cms.update' , 'cms~rights.super.cms.update');
+        $this->subjects[] = array('id_aclsbj'=>'super.cms.list', 'label_key'=>'cms~rights.super.cms.list');
+        $this->subjects[] = array('id_aclsbj'=>'super.cms.update', 'label_key'=>'cms~rights.super.cms.update');
+        $this->assertTableContainsRecords('jacl2_subject', $this->subjects);
+
+        $this->assertTrue(jAcl2DbManager::addRight(1, 'super.cms.list' ));
+        $this->rights = array(array('id_aclsbj'=>'super.cms.list' ,'id_aclgrp'=>1, 'id_aclres'=> null));
+        $this->assertTableContainsRecords('jacl2_rights', $this->rights);
+
+        $this->assertTrue(jAcl2DbManager::addRight(1, 'admin.access'));
+        $this->rights[] = array('id_aclsbj'=>'admin.access' ,'id_aclgrp'=>1, 'id_aclres'=> null);
+        $this->assertTableContainsRecords('jacl2_rights', $this->rights);
+
+        $this->assertFalse(jAcl2DbManager::addRight(1, 'admin.access.bla'));
+        $this->assertFalse(jAcl2DbManager::addRight(1, 'admin.dont.exist'));
+        $this->assertTrue(jAcl2DbManager::addRight(1, 'super.cms.list' )); // on tente d'inserer le meme droit
+        $this->assertTableContainsRecords('jacl2_rights', $this->rights);
+    }
+
+    public function testRemoveRight(){
+        jAcl2DbManager::removeRight(1, 'admin.access' );
+        $r = $this->rights;
+        array_pop($r);
+        $this->assertTableContainsRecords('jacl2_rights', $r);
+        $this->assertTrue(jAcl2DbManager::addRight(1, 'admin.access' ));
+    }
+
+    public function testAddResourceRight(){
+        $this->assertTrue(jAcl2DbManager::addRight(1, 'super.cms.update', 154));
+        $this->assertTrue(jAcl2DbManager::addRight(1, 'super.cms.update', 92));
+        $this->rights[] = array('id_aclsbj'=>'super.cms.update' ,'id_aclgrp'=>1, 'id_aclres'=> '154');
+        $this->rights[] = array('id_aclsbj'=>'super.cms.update' ,'id_aclgrp'=>1, 'id_aclres'=> '92');
+        $this->assertTableContainsRecords('jacl2_rights', $this->rights);
+    }
+    public function testRemoveResourceRight(){
+        jAcl2DbManager::removeResourceRight('super.cms.update', 92);
+        array_pop($this->rights);
+        $this->assertTableContainsRecords('jacl2_rights', $this->rights);
+    }
+
+    public function testRemoveSubject2(){
+        // remove a subject when rights exists on it
+        jAcl2DbManager::removeSubject('super.cms.update');
+        array_pop($this->subjects);
+        $this->assertTableContainsRecords('jacl2_subject', $this->subjects);
+
+        $this->rights=  array( array('id_aclsbj'=>'super.cms.list' ,'id_aclgrp'=>1, 'id_aclres'=> null),
+                                array('id_aclsbj'=>'admin.access' ,'id_aclgrp'=>1, 'id_aclres'=> null));
+        $this->assertTableContainsRecords('jacl2_rights', $this->rights);
+    }
+}
+
+?>

testapp/modules/jelix_tests/tests/jacl2.main_api.html_cli.php

@@ +1 @@
+<?php
+/**
+* @package     testapp
+* @subpackage  jelix_tests module
+* @author      Jouanneau Laurent
+* @contributor
+* @copyright   2007-2008 Jouanneau laurent
+* @link        http://www.jelix.org
+* @licence     GNU Lesser General Public Licence see LICENCE file or http://www.gnu.org/licenses/lgpl.html
+*/
+
+
+if(!class_exists('jAuth',false)) {
+    class jAuth {
+
+        static public $connect = true;
+
+        static function isConnected() {
+            return self::$connect;
+        }
+
+        static function getUserSession() {
+            return $_SESSION['JELIX_USER'];
+        }
+    }
+}
+
+
+class userTest2 {
+    public $login;
+}
+
+
+class UTjacl2 extends jUnitTestCaseDb {
+
+    public function testStart(){
+        $this->dbProfil = jAcl2Db::getProfil();
+        $this->emptyTable('jacl2_rights');
+        $this->emptyTable('jacl2_subject');
+
+        $groups= array(array('id_aclgrp'=>1, 'name'=>'group1', 'grouptype'=>0, 'ownerlogin'=>null),
+                       array('id_aclgrp'=>2, 'name'=>'group2', 'grouptype'=>0, 'ownerlogin'=>null));
+
+        $this->insertRecordsIntoTable('jacl2_group', array('id_aclgrp','name','grouptype','ownerlogin'), $groups, true);
+
+        $_SESSION['JELIX_USER'] = new userTest2();
+        $_SESSION['JELIX_USER']->login = 'laurent';
+
+        $usergroups=array(
+            array('login'=>'laurent', 'id_aclgrp'=>1),
+        );
+        $this->insertRecordsIntoTable('jacl2_user_group', array('login','id_aclgrp'), $usergroups, true);
+    }
+
+    public function testIsMemberOfGroup(){
+        $this->assertTrue(jAcl2DbUserGroup::isMemberOfGroup (1));
+        $this->assertFalse(jAcl2DbUserGroup::isMemberOfGroup (2));
+    }
+
+    public function testCheckRight(){
+        jAcl2DbManager::addSubject('super.cms.list', 'cms~rights.super.cms');
+        jAcl2DbManager::addSubject('super.cms.update', 'cms~rights.super.cms');
+        jAcl2DbManager::addSubject('super.cms.delete', 'cms~rights.super.cms');
+        jAcl2DbManager::addSubject('admin.access',1 , 'admin~rights.access');
+        jAcl2DbManager::addRight(1, 'super.cms.list' );
+        jAcl2DbManager::addRight(1, 'super.cms.update' );
+        jAcl2DbManager::addRight(1, 'super.cms.delete', 154);
+
+        $this->assertTrue(jAcl2::check('super.cms.list'));
+        $this->assertTrue(jAcl2::check('super.cms.update'));
+        $this->assertFalse(jAcl2::check('super.cms.delete'));
+        $this->assertFalse(jAcl2::check('super.cms.create')); // doesn't exist
+        $this->assertFalse(jAcl2::check('super.cms.read'));// doesn't exist
+        $this->assertFalse(jAcl2::check('super.cms.delete'));// doesn't exist
+
+
+
+        $this->assertFalse(jAcl2::check('admin.access'));
+        $this->assertTrue(jAcl2::check('super.cms.list',154)); // droit sur une ressource
+        $this->assertTrue(jAcl2::check('super.cms.update',154)); // droit sur une ressource
+        $this->assertTrue(jAcl2::check('super.cms.delete',154)); // droit sur une ressource
+        $this->assertTrue(jAcl2::check('super.cms.list',122)); // ressource non repertoriée
+        $this->assertTrue(jAcl2::check('super.cms.update',122)); // ressource non repertoriée
+        $this->assertFalse(jAcl2::check('super.cms.delete',122)); // ressource non repertoriée
+
+        jAcl2DbManager::addRight(1, 'admin.access');
+
+        $this->assertTrue(jAcl2::check('admin.access'));
+
+    }
+
+    public function testGetRightDisconnect(){
+        jAuth::$connect = false;
+        jAcl2::clearCache();
+        $this->assertFalse(jAcl2::check('super.cms.list'));
+        $this->assertFalse(jAcl2::check('admin.access'));
+        jAuth::$connect = true;
+        jAcl2::clearCache();
+    }
+
+
+    public function testEnd(){
+        $_SESSION['JELIX_USER']=null;
+    }
+
+}
+
+?>

testapp/modules/jelix_tests/tests/jacl2.users_and_groups.html_cli.php

@@ +1 @@
+<?php
+/**
+* @package     testapp
+* @subpackage  jelix_tests module
+* @author      Jouanneau Laurent
+* @contributor
+* @copyright   2007 Jouanneau laurent
+* @link        http://www.jelix.org
+* @licence     GNU Lesser General Public Licence see LICENCE file or http://www.gnu.org/licenses/lgpl.html
+*/
+
+
+/**
+ * Tests on user and group management in jAcl
+ * CAREFULL ! DON'T CHANGE THE ORDER OF METHODS
+ */
+class UTjacl2usergroup extends jUnitTestCaseDb {
+    
+    protected $groups;
+    protected $defaultGroupId;
+
+    protected $grpId1;
+    protected $grpId2;
+    protected $grpId3;
+    protected $grpId4;
+    protected $grpId5;
+    protected $grpId6;
+    protected $grpId7;
+
+    public function testStart(){
+        $this->dbProfil = jAcl2Db::getProfil();
+
+        $this->emptyTable('jacl2_user_group');
+        $this->emptyTable('jacl2_group');
+    }
+
+    public function testCreateGroup(){
+
+        // creation d'un groupe
+
+        $this->grpId1 = jAcl2DbUserGroup::createGroup('group1');
+        $this->assertTrue($this->grpId1 != '', 'jAcl2DbUserGroup::createGroup failed : id is empty');
+        $this->groups = array(array('id_aclgrp'=>$this->grpId1,
+            'name'=>'group1',
+            'grouptype'=>0,
+            'ownerlogin'=>null));
+        $this->assertTableContainsRecords('jacl2_group', $this->groups);
+
+        // creation de deux autres groupes
+
+        $this->grpId2 = jAcl2DbUserGroup::createGroup('group2');
+        $this->grpId3 = jAcl2DbUserGroup::createGroup('group3');
+        $this->groups[] = array('id_aclgrp'=>$this->grpId2,
+            'name'=>'group2',
+            'grouptype'=>0,
+            'ownerlogin'=>null);
+        $this->groups[] = array('id_aclgrp'=>$this->grpId3,
+            'name'=>'group3',
+            'grouptype'=>0,
+            'ownerlogin'=>null);
+        $this->assertTableContainsRecords('jacl2_group', $this->groups);
+
+    }
+
+    public function testDefaultGroup(){
+        // on met un des groupes par defaut
+        jAcl2DbUserGroup::setDefaultGroup($this->grpId2,false);
+        $this->assertTableContainsRecords('jacl2_group', $this->groups);
+        jAcl2DbUserGroup::setDefaultGroup($this->grpId2,true);
+        $this->defaultGroupId = $this->grpId2; // for next test method
+        $this->groups[1]['grouptype']=1;
+        $this->assertTableContainsRecords('jacl2_group', $this->groups);
+    }
+
+    public function testRenameGroup(){
+        // changement de nom d'un groupe
+        jAcl2DbUserGroup::updateGroup($this->grpId3, 'newgroup3');
+        $this->groups[2]['name']='newgroup3';
+        $this->assertTableContainsRecords('jacl2_group', $this->groups);
+    }
+
+    public function testGroupList(){
+        // recuperation de la liste de tous les groupes
+        $list = jAcl2DbUserGroup::getGroupList()->fetchAll();
+
+        $verif='<array>
+    <object>
+        <string property="id_aclgrp" value="'.$this->grpId1.'" />
+        <string property="name" value="group1" />
+        <string property="grouptype" value="0" />
+        <null property="ownerlogin"/>
+    </object>
+    <object>
+        <string property="id_aclgrp" value="'.$this->grpId2.'" />
+        <string property="name" value="group2" />
+        <string property="grouptype" value="1" />
+        <null property="ownerlogin"/>
+    </object>
+    <object>
+        <string property="id_aclgrp" value="'.$this->grpId3.'" />
+        <string property="name" value="newgroup3" />
+        <string property="grouptype" value="0" />
+        <null property="ownerlogin"/>
+    </object>
+</array>';
+
+        $this->assertComplexIdenticalStr($list, $verif);
+    }
+
+    public function testRemoveGroup(){
+        // creation d'un autre groupe
+        $this->grpId4 = jAcl2DbUserGroup::createGroup('group4');
+        $records2 = $this->groups;
+        $records2[] = array('id_aclgrp'=>$this->grpId4,
+            'name'=>'group4',
+            'grouptype'=>0,
+            'ownerlogin'=>null);
+        $this->assertTableContainsRecords('jacl2_group', $records2);
+
+        // destruction d'un groupe (ici qui n'a pas de user)
+        jAcl2DbUserGroup::removeGroup($this->grpId4);
+        $this->assertTableContainsRecords('jacl2_group', $this->groups);
+
+    }
+
+    protected $usergroups=array();
+
+    public function testCreateUser(){
+        $this->assertTableIsEmpty('jacl2_user_group');
+
+        // creation d'un user dans les acl, sans le mettre dans les groupes par defaut
+        jAcl2DbUserGroup::createUser('laurent',false);
+        $this->grpId5 = $this->getLastId('id_aclgrp', 'jacl2_group');
+
+        $this->groups[] = array('id_aclgrp'=>$this->grpId5,
+            'name'=>'laurent',
+            'grouptype'=>2,
+            'ownerlogin'=>'laurent');
+        $this->assertTableContainsRecords('jacl2_group', $this->groups);
+
+        $this->usergroups=array(
+            array('login'=>'laurent', 'id_aclgrp'=>$this->grpId5),
+        );
+        $this->assertTableContainsRecords('jacl2_user_group', $this->usergroups);
+    }
+
+    public function testCreateUser2(){
+        // creation d'un deuxième user dans les acl, en le mettant 
+        // dans les groupes par defaut
+        jAcl2DbUserGroup::createUser('max');
+        $this->grpId6 = $this->getLastId('id_aclgrp', 'jacl2_group');
+
+        $this->groups[] = array('id_aclgrp'=>$this->grpId6,
+            'name'=>'max',
+            'grouptype'=>2,
+            'ownerlogin'=>'max');
+        $this->assertTableContainsRecords('jacl2_group', $this->groups);
+
+        $this->usergroups=array(
+            array('login'=>'laurent', 'id_aclgrp'=>$this->grpId5),
+            array('login'=>'max', 'id_aclgrp'=>$this->grpId6),
+            array('login'=>'max', 'id_aclgrp'=>$this->defaultGroupId),
+        );
+        $this->assertTableContainsRecords('jacl2_user_group', $this->usergroups);
+    }
+
+    public function testAddUserIntoGroup(){
+        // ajout d'un user dans un groupe
+        jAcl2DbUserGroup::createUser('robert');
+        $this->grpId7 = $this->getLastId('id_aclgrp', 'jacl2_group');
+        jAcl2DbUserGroup::addUserToGroup('robert', $this->grpId1);
+
+        $this->groups[] = array('id_aclgrp'=>$this->grpId7,
+            'name'=>'robert',
+            'grouptype'=>2,
+            'ownerlogin'=>'robert');
+        $this->assertTableContainsRecords('jacl2_group', $this->groups);
+
+        $this->usergroups=array(
+            array('login'=>'laurent', 'id_aclgrp'=>$this->grpId5),
+            array('login'=>'max', 'id_aclgrp'=>$this->grpId6),
+            array('login'=>'max', 'id_aclgrp'=>$this->defaultGroupId),
+            array('login'=>'robert', 'id_aclgrp'=>$this->grpId7),
+            array('login'=>'robert', 'id_aclgrp'=>$this->defaultGroupId),
+            array('login'=>'robert', 'id_aclgrp'=>$this->grpId1),
+        );
+        $this->assertTableContainsRecords('jacl2_user_group', $this->usergroups);
+    }
+
+    public function testUsersList(){
+
+        // récuperation de la liste des users
+        $list = jAcl2DbUserGroup::getUsersList($this->defaultGroupId)->fetchAll();
+        $verif='<array>
+    <object>
+        <string property="id_aclgrp" value="'.$this->defaultGroupId.'" />
+        <string property="login" value="max" />
+    </object>
+    <object>
+        <string property="id_aclgrp" value="'.$this->defaultGroupId.'" />
+        <string property="login" value="robert" />
+    </object>
+</array>';
+        $this->assertComplexIdenticalStr($list, $verif);
+    }
+
+    public function testRemoveUserFromGroup(){
+
+        // on enleve un user dans un groupe
+        jAcl2DbUserGroup::removeUserFromGroup('robert', $this->grpId1);
+
+        $this->usergroups=array(
+            array('login'=>'laurent', 'id_aclgrp'=>$this->grpId5),
+            array('login'=>'max', 'id_aclgrp'=>$this->grpId6),
+            array('login'=>'max', 'id_aclgrp'=>$this->defaultGroupId),
+            array('login'=>'robert', 'id_aclgrp'=>$this->grpId7),
+            array('login'=>'robert', 'id_aclgrp'=>$this->defaultGroupId),
+        );
+        $this->assertTableContainsRecords('jacl2_user_group', $this->usergroups);
+
+    }
+
+    public function testRemoveUser(){
+        // on enleve un user
+        jAcl2DbUserGroup::removeUser('robert');
+        $this->usergroups=array(
+            array('login'=>'laurent', 'id_aclgrp'=>$this->grpId5),
+            array('login'=>'max', 'id_aclgrp'=>$this->grpId6),
+            array('login'=>'max', 'id_aclgrp'=>$this->defaultGroupId),
+        );
+        $this->assertTableContainsRecords('jacl2_user_group', $this->usergroups);
+        array_pop($this->groups);
+        $this->assertTableContainsRecords('jacl2_group', $this->groups);
+    }
+
+    public function testRemoveUsedGroup(){
+        // on detruit un groupe qui a des users
+        // on ajoute d'abord un user dans un groupe
+        jAcl2DbUserGroup::addUserToGroup('max', $this->grpId3);
+
+        $this->usergroups=array(
+            array('login'=>'laurent', 'id_aclgrp'=>$this->grpId5),
+            array('login'=>'max', 'id_aclgrp'=>$this->grpId6),
+            array('login'=>'max', 'id_aclgrp'=>$this->defaultGroupId),
+            array('login'=>'max', 'id_aclgrp'=> $this->grpId3),
+        );
+        $this->assertTableContainsRecords('jacl2_user_group', $this->usergroups);
+
+        // ok maintenant on supprime le groupe
+
+        jAcl2DbUserGroup::removeGroup($this->grpId3);
+        $this->usergroups=array(
+            array('login'=>'laurent', 'id_aclgrp'=>$this->grpId5),
+            array('login'=>'max', 'id_aclgrp'=>$this->grpId6),
+            array('login'=>'max', 'id_aclgrp'=>$this->defaultGroupId),
+        );
+        $this->assertTableContainsRecords('jacl2_user_group', $this->usergroups);
+        unset($this->groups[2]);
+        $this->assertTableContainsRecords('jacl2_group', $this->groups);
+
+
+    }
+}
+
+?>

testapp/modules/jelix_tests/tests/jacl.main_api.html_cli.php

@@ -9 +9 @@
-* @licence     GNU Lesser General Public Licence see LICENCE file or http://www.gnu.org/licenses/lgpl.html
-*/
-
+if(!class_exists('jAuth',false)) {
+    class jAuth {
-
-
+
-
-
+
+
+
-
-
-
+
+
+
-    }
-
-    static function getUserSession() {
-        return $_SESSION['JELIX_USER'];
-    }
-}
-
+
-class userTest {
-    public $login;
-}

lib/jelix-modules/jacl2db/events.xml

@@ +1 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<events xmlns="http://jelix.org/ns/events/1.0">
+   <listener name="jacl2db">
+       <event name="AuthNewUser" />
+       <event name="AuthRemoveUser" />
+   </listener>
+</events>

lib/jelix-modules/jacl2db/module.xml

@@ +1 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<module xmlns="http://jelix.org/ns/module/1.0">
+
+</module>

lib/jelix-modules/jacl2db/classes/jacl2db.listener.php

@@ +1 @@
+<?php
+/**
+* @package     jelix-modules
+* @subpackage  jacl2db
+* @author      Jouanneau Laurent
+* @contributor 
+* @copyright   2008 Jouanneau laurent
+* @licence     http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public Licence, see LICENCE file
+* @since 1.1
+*/
+
+/**
+ * @package     jelix-modules
+ * @subpackage  jacl2db
+ * @since 1.1
+ */
+class jacl2dbListener extends jEventListener{
+
+   /**
+    * Called when a user is created : set up default rights on this user
+    *
+    * @param jEvent $event   the event
+    */
+   function onAuthNewUser($event){
+        if($GLOBALS['gJConfig']->acl['enableAclDbEventListener']) {
+            $user = $event->getParam('user');
+            jAcl2DbUserGroup::createUser($user->login);
+        }
+   }
+
+   /**
+    * Called when a user has been removed : delete rights about this user
+    *
+    * @param jEvent $event   the event
+    */
+   function onAuthRemoveUser($event){
+        if($GLOBALS['gJConfig']->acl['enableAclDbEventListener']) {
+            $login = $event->getParam('login');
+            jAcl2DbUserGroup::removeUser($login);
+        }
+   }
+}

lib/jelix/plugins/tpl/common/block.ifnotacl2.php

@@ +1 @@
+<?php
+/**
+* @package     jelix
+* @subpackage  jtpl_plugin
+* @author      Jouanneau Laurent
+* @contributor Dominique Papin
+* @copyright   2006-2008 Jouanneau laurent
+* @copyright   2007 Dominique Papin
+* @link        http://www.jelix.org
+* @licence     GNU Lesser General Public Licence see LICENCE file or http://www.gnu.org/licenses/lgpl.html
+*/
+
+/**
+ * a special if block to test easily a right value
+ *
+ * <pre>{ifnotacl2 'subject',54} ..here generated content if the user has NOT the right  {/ifnotacl2}</pre>
+ * @param jTplCompiler $compiler the template compiler
+ * @param boolean true if it is the begin of block, else false
+ * @param $params array  0=>subject 1=>optional resource
+ * @return string the php code corresponding to the begin or end of the block
+ */
+function jtpl_block_common_ifnotacl2($compiler, $begin, $params=array())
+{
+    if($begin){
+        if(count($params) == 1){
+            $content = ' if(!jAcl2::check('.$params[0].')):';
+        }elseif(count($params) == 2){
+            $content = ' if(!jAcl2::check('.$params[0].','.$params[1].')):';
+        }else{
+            $content='';
+            $compiler->doError2('errors.tplplugin.block.bad.argument.number','ifnotacl2',1);
+        }
+    }else{
+        $content = ' endif; ';
+    }
+    return $content;
+}
+
+?>

lib/jelix/plugins/tpl/common/block.ifacl2.php

@@ +1 @@
+<?php
+/**
+* @package     jelix
+* @subpackage  jtpl_plugin
+* @author      Jouanneau Laurent
+* @contributor Dominique Papin
+* @copyright   2006-2008 Jouanneau laurent
+* @copyright   2007 Dominique Papin
+* @link        http://www.jelix.org
+* @licence     GNU Lesser General Public Licence see LICENCE file or http://www.gnu.org/licenses/lgpl.html
+*/
+
+/**
+ * a special if block to test easily a right value
+ *
+ * <pre>{ifacl2 'subject',54} ..here generated content if the user has the right  {/ifacl2}</pre>
+ * @param jTplCompiler $compiler the template compiler
+ * @param boolean true if it is the begin of block, else false
+ * @param $param array  0=>subject 1=>optional resource
+ * @return string the php code corresponding to the begin or end of the block
+ */
+function jtpl_block_common_ifacl2($compiler, $begin, $param=array())
+{
+    if($begin){
+        if(count($param) == 1){
+            $content = ' if(jAcl2::check('.$param[0].')):';
+        }elseif(count($param) == 3){
+            $content = ' if(jAcl2::check('.$param[0].','.$param[1].')):';
+        }else{
+            $content='';
+            $compiler->doError2('errors.tplplugin.block.bad.argument.number','ifacl2',1);
+        }
+    }else{
+        $content = ' endif; ';
+    }
+    return $content;
+}
+
+?>

lib/jelix/plugins/tpl/common/block.ifacl.php

@@ -13 +13 @@
-/**
- * a special if block to test easily a right value
- *
-
+'value', 
- * @param jTplCompiler $compiler the template compiler
- * @param boolean true if it is the begin of block, else false
- * @param $param array  0=>subject 1=>right value 2=>optional resource

lib/jelix/plugins/tpl/common/block.ifnotacl.php

@@ -13 +13 @@
-/**
- * a special if block to test easily a right value
- *
-
+'value',
- * @param jTplCompiler $compiler the template compiler
- * @param boolean true if it is the begin of block, else false
- * @param $params array  0=>subject 1=>right value 2=>optional resource

lib/jelix/plugins/acl2/db/db.acl2.php

@@ +1 @@
+<?php
+/**
+* @package     jelix
+* @subpackage  acl_driver
+* @author      Laurent Jouanneau
+* @copyright   2006-2008 Laurent Jouanneau
+* @link        http://www.jelix.org
+* @licence     http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public Licence, see LICENCE file
+*/
+
+/**
+ * driver for jAcl2 based on a database
+ * @package jelix
+ * @subpackage acl_driver
+ */
+class dbAcl2Driver implements jIAcl2Driver {
+
+    /**
+     * 
+     */
+    function __construct (){ }
+
+
+    protected static $aclres = array();
+    protected static $acl = array();
+
+    /**
+     * return the value of the right on the given subject (and on the optional resource)
+     * @param string $subject the key of the subject
+     * @param string $resource the id of a resource
+     * @return boolean true if the right is ok
+     */
+    public function getRight($subject, $resource=null){
+
+        if($resource === null && isset(self::$acl[$subject])){
+            return self::$acl[$subject];
+        }elseif(isset(self::$aclres[$subject][$resource])){
+            return self::$aclres[$subject][$resource];
+        }
+
+        if(!jAuth::isConnected()) // not authicated == no rights
+            return false;
+
+        $groups = jAcl2DbUserGroup::getGroups();
+
+        if (count($groups) == 0) {
+            self::$acl[$subject] = false;
+            self::$aclres[$subject][$resource] = false;
+            return false;
+        }
+
+        $hasRight = false;
+        $dao = jDao::get('jelix~jacl2rights', jAcl2Db::getProfil());
+        $right = $dao->getRight($subject, $groups);
+        self::$acl[$subject] = $hasRight = ($right != false);
+
+        if($resource !== null){
+            if($hasRight) {
+                self::$aclres[$subject][$resource] = true;
+            }
+            else {
+                $right = $dao->getRightWithRes($subject, $groups, $resource);
+                self::$aclres[$subject][$resource] = $hasRight = ($right != false);
+            }
+        }
+
+        return $hasRight;
+    }
+
+    /**
+     * clear right cache
+     * @since 1.0b2
+     */
+    public function clearCache(){
+        self::$acl = array();
+        self::$aclres = array();
+    }
+    
+}
+
+?>

lib/jelix/plugins/coord/jacl2/jacl2.coord.php

@@ +1 @@
+<?php
+/**
+* @package    jelix
+* @subpackage coord_plugin
+* @author     Laurent Jouanneau
+* @contributor  
+* @copyright  2008 Laurent Jouanneau
+* @licence  http://www.gnu.org/licenses/lgpl.html GNU Lesser General Public Licence, see LICENCE file
+* @since 1.1
+*/
+
+/**
+ *
+ */
+require(JELIX_LIB_PATH.'acl/jAcl2.class.php');
+
+/**
+* @package    jelix
+* @subpackage coord_plugin
+* @since 1.1
+*/
+class jAcl2CoordPlugin implements jICoordPlugin {
+    public $config;
+
+    function __construct($conf){
+        $this->config = $conf;
+    }
+
+    /**
+     * @param  array  $params   plugin parameters for the current action
+     * @return null or jSelectorAct  if action should change
+     */
+    public function beforeAction ($params){
+        $selector = null;
+        $aclok = true;
+
+        if(isset($params['jacl2.right'])) {
+            $aclok = jAcl::check($params['jacl2.right']);
+
+        }elseif(isset($params['jacl2.rights.and'])) {
+            $aclok = true;
+            foreach($params['jacl2.rights.and'] as $right) {
+                if(!jAcl::check($right)) {
+                    $aclok = false;
+                    break;
+                }
+            }
+        }elseif(isset($params['jacl2.rights.or'])) {
+            $aclok = false;
+            foreach($params['jacl2.rights.or'] as $right) {
+                if(jAcl::check($right)) {
+                    $aclok = true;
+                    break;
+                }
+            }
+        }
+
+        if(!$aclok){
+            if($this->config['on_error'] == 1 
+                || !$GLOBALS['gJCoord']->request->isAllowedResponse('jResponseRedirect')){
+                throw new jException($this->config['error_message']);
+            }else{
+                $selector= new jSelectorAct($this->config['on_error_action']);
+            }
+        }
+
+        return $selector;
+    }
+
+    public function beforeOutput(){}
+
+    public function afterProcess (){}
+
+}

lib/jelix/plugins/coord/jacl2/jacl2.coord.ini.php.dist

@@ +1 @@
+;<?php die(''); ?>
+;for security reasons , don't remove or modify the first line
+
+; What to do if a right is required but the user has not this right
+; 1 = gene