From: Bernd Bleßmann <bernd@kivitendo-premium.de>
Date: Fri, 3 Aug 2018 12:23:09 +0000 (+0200)
Subject: SL::Auth: evaluate_rights_ary: Negierung (!) ermöglichen
X-Git-Tag: release-3.5.4~326
X-Git-Url: http://wagnertech.de/git?a=commitdiff_plain;h=78b2353815ed98472688c2f17b31d17bb2450ff4;p=kivitendo-erp.git

SL::Auth: evaluate_rights_ary: Negierung (!) ermöglichen
---

diff --git a/SL/Auth.pm b/SL/Auth.pm
index 04145f2cf..82be3b8d8 100644
--- a/SL/Auth.pm
+++ b/SL/Auth.pm
@@ -1077,23 +1077,36 @@ sub evaluate_rights_ary {
 
   my $value  = 0;
   my $action = '|';
+  my $negate = 0;
 
   foreach my $el (@{$ary}) {
     if (ref $el eq "ARRAY") {
+      my $val = evaluate_rights_ary($el);
+      $val    = !$val if $negate;
+      $negate = 0;
       if ($action eq '|') {
-        $value |= evaluate_rights_ary($el);
+        $value |= $val;
       } else {
-        $value &= evaluate_rights_ary($el);
+        $value &= $val;
       }
 
     } elsif (($el eq '&') || ($el eq '|')) {
       $action = $el;
 
+    } elsif ($el eq '!') {
+      $negate = !$negate;
+
     } elsif ($action eq '|') {
-      $value |= $el;
+      my $val = $el;
+      $val    = !$val if $negate;
+      $negate = 0;
+      $value |= $val;
 
     } else {
-      $value &= $el;
+      my $val = $el;
+      $val    = !$val if $negate;
+      $negate = 0;
+      $value &= $val;
 
     }
   }
diff --git a/t/auth/evaluate_rights_ary.t b/t/auth/evaluate_rights_ary.t
new file mode 100644
index 000000000..7203d0a76
--- /dev/null
+++ b/t/auth/evaluate_rights_ary.t
@@ -0,0 +1,29 @@
+use strict;
+
+use Test::More;
+
+use lib 't';
+use Support::TestSetup;
+
+Support::TestSetup::login();
+
+use_ok 'SL::Auth';
+
+ok( SL::Auth::evaluate_rights_ary(['1']), 'simple: right');
+ok(!SL::Auth::evaluate_rights_ary(['0']), 'simple: no right');
+ok( SL::Auth::evaluate_rights_ary(['1', '|', 0]), 'simple: or');
+ok( SL::Auth::evaluate_rights_ary(['0', '|', '1']), 'simple: or 2');
+ok(!SL::Auth::evaluate_rights_ary(['1', '&', '0']), 'simple: and');
+ok(!SL::Auth::evaluate_rights_ary(['0', '&', '1']), 'simple: and 2');
+ok( SL::Auth::evaluate_rights_ary(['1', '&', '1']), 'simple: and 3');
+ok(!SL::Auth::evaluate_rights_ary(['!', '1']), 'simple: not');
+ok( SL::Auth::evaluate_rights_ary(['!', '0']), 'simple: not 2');
+ok(!SL::Auth::evaluate_rights_ary(['!', '!', '0']), 'simple: double not');
+ok( SL::Auth::evaluate_rights_ary(['!', ['0']]), 'not 1');
+ok(!SL::Auth::evaluate_rights_ary(['!', ['1']]), 'not 2');
+ok( SL::Auth::evaluate_rights_ary(['!', '!', ['1']]), 'double not');
+ok( SL::Auth::evaluate_rights_ary([ '!', ['!', ['1', '&', '1'], '&', '!', '!', ['1', '|', '!', '1']] ]), 'something more coplex');
+
+done_testing;
+
+1;