From 6b3ef5c2ee828601409a135e3f87737ef054a590 Mon Sep 17 00:00:00 2001
From: Cedric <c.gross@kreiz-it.fr>
Date: Sat, 22 Dec 2018 19:24:49 +0100
Subject: [PATCH 1/3] Fix hardcoded permID in test

---
 PhpRbac/tests/src/RbacManagerTest.php | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/PhpRbac/tests/src/RbacManagerTest.php b/PhpRbac/tests/src/RbacManagerTest.php
index 99bc9bd..4dcab5a 100644
--- a/PhpRbac/tests/src/RbacManagerTest.php
+++ b/PhpRbac/tests/src/RbacManagerTest.php
@@ -141,12 +141,12 @@ public function testManagerCheckTitle()
     public function testManagerCheckPath()
     {
         self::$rbac->Permissions->addPath('/permissions_1/permissions_2/permissions_3');
-        $perm_id_1 = self::$rbac->Permissions->pathId('/permissions_1/permissions_2/permissions_3');
+        $perm_id_1 = self::$rbac->Permissions->pathId('/permissions_1/permissions_2');
 
         self::$rbac->Roles->addPath('/roles_1/roles_2/roles_3');
         $role_id_1 = self::$rbac->Roles->pathId('/roles_1/roles_2/roles_3');
 
-        self::$rbac->Roles->assign($role_id_1, 3);
+        self::$rbac->Roles->assign($role_id_1, $perm_id_1);
         self::$rbac->Users->assign($role_id_1, 5);
 
         $result = self::$rbac->check('/permissions_1/permissions_2', 5);
@@ -222,12 +222,12 @@ public function testManagerEnforceTitle()
     public function testManagerEnforcePath()
     {
         self::$rbac->Permissions->addPath('/permissions_1/permissions_2/permissions_3');
-        $perm_id_1 = self::$rbac->Permissions->pathId('/permissions_1/permissions_2/permissions_3');
+        $perm_id_1 = self::$rbac->Permissions->pathId('/permissions_1/permissions_2');
 
         self::$rbac->Roles->addPath('/roles_1/roles_2/roles_3');
         $role_id_1 = self::$rbac->Roles->pathId('/roles_1/roles_2/roles_3');
 
-        self::$rbac->Roles->assign($role_id_1, 3);
+        self::$rbac->Roles->assign($role_id_1, $perm_id_1);
         self::$rbac->Users->assign($role_id_1, 5);
 
         $result = self::$rbac->enforce('/permissions_1/permissions_2', 5);

From f0a073356a4391814714a7dd6b169c3b2c499604 Mon Sep 17 00:00:00 2001
From: Cedric <c.gross@kreiz-it.fr>
Date: Sat, 22 Dec 2018 19:52:35 +0100
Subject: [PATCH 2/3] Implement recursive check

---
 PhpRbac/src/PhpRbac/Rbac.php          |  4 +--
 PhpRbac/src/PhpRbac/core/lib/rbac.php | 14 ++++++++---
 PhpRbac/tests/src/RbacManagerTest.php | 35 +++++++++++++++++++++++++++
 3 files changed, 48 insertions(+), 5 deletions(-)

diff --git a/PhpRbac/src/PhpRbac/Rbac.php b/PhpRbac/src/PhpRbac/Rbac.php
index 0002cf2..bf7a46c 100644
--- a/PhpRbac/src/PhpRbac/Rbac.php
+++ b/PhpRbac/src/PhpRbac/Rbac.php
@@ -33,9 +33,9 @@ public function assign($role, $permission)
         return Jf::$Rbac->assign($role, $permission);
     }
 
-    public function check($permission, $user_id)
+    public function check($permission, $user_id, $recurse = false)
     {
-        return Jf::$Rbac->check($permission, $user_id);
+        return Jf::$Rbac->check($permission, $user_id, $recurse);
     }
 
     public function enforce($permission, $user_id)
diff --git a/PhpRbac/src/PhpRbac/core/lib/rbac.php b/PhpRbac/src/PhpRbac/core/lib/rbac.php
index 9c2dc3e..7de7bf2 100644
--- a/PhpRbac/src/PhpRbac/core/lib/rbac.php
+++ b/PhpRbac/src/PhpRbac/core/lib/rbac.php
@@ -569,12 +569,15 @@ function assign($Role, $Permission)
      *        	containing a number)
      * @param string|integer $UserID
      *        	User ID of a user
+     * @param bool $Recurse
+     *          Use when $Permission is a path, allow system to recursively 
+     *          find permission
      *
      * @throws RbacPermissionNotFoundException
      * @throws RbacUserNotProvidedException
      * @return boolean
      */
-    function check($Permission, $UserID = null)
+    function check($Permission, $UserID = null, $Recurse = false)
     {
         if ($UserID === null)
             throw new \RbacUserNotProvidedException ("\$UserID is a required argument.");
@@ -586,10 +589,15 @@ function check($Permission, $UserID = null)
         }
         else
         {
-            if (substr ( $Permission, 0, 1 ) == "/")
+            if (substr ( $Permission, 0, 1 ) == "/") {
                 $PermissionID = $this->Permissions->pathId ( $Permission );
-            else
+                if ($PermissionID === null && $Recurse) {
+                    $newPath = implode('/', explode('/', $Permission, -1));
+                    return $this->check($newPath, $UserID, true);
+                }
+            } else {
                 $PermissionID = $this->Permissions->titleId ( $Permission );
+            }
         }
 
         // if invalid, throw exception
diff --git a/PhpRbac/tests/src/RbacManagerTest.php b/PhpRbac/tests/src/RbacManagerTest.php
index 4dcab5a..31d58f7 100644
--- a/PhpRbac/tests/src/RbacManagerTest.php
+++ b/PhpRbac/tests/src/RbacManagerTest.php
@@ -154,6 +154,41 @@ public function testManagerCheckPath()
         $this->assertTrue($result);
     }
 
+    public function testManagerCheckRecursivePath()
+    {
+        self::$rbac->Permissions->addPath('/permissions_1/permissions_2');
+        $perm_id_1 = self::$rbac->Permissions->pathId('/permissions_1/permissions_2');
+        
+        self::$rbac->Roles->addPath('/roles_1/roles_2/roles_3');
+        $role_id_1 = self::$rbac->Roles->pathId('/roles_1/roles_2/roles_3');
+        
+        self::$rbac->Roles->assign($role_id_1, $perm_id_1);
+        self::$rbac->Users->assign($role_id_1, 5);
+        
+        $result = self::$rbac->check('/permissions_1/permissions_2/permissons_3', 5, true);
+        
+        $this->assertTrue($result);
+    }
+
+    /**
+     * @expectedException RbacPermissionNotFoundException
+     */
+    
+    public function testManagerCheckNonRecursivePath()
+    {
+        self::$rbac->Permissions->addPath('/permissions_1/permissions_2');
+        $perm_id_1 = self::$rbac->Permissions->pathId('/permissions_1/permissions_2');
+        
+        self::$rbac->Roles->addPath('/roles_1/roles_2/roles_3');
+        $role_id_1 = self::$rbac->Roles->pathId('/roles_1/roles_2/roles_3');
+        
+        self::$rbac->Roles->assign($role_id_1, $perm_id_1);
+        self::$rbac->Users->assign($role_id_1, 5);
+        
+        self::$rbac->check('/permissions_1/permissions_2/permissons_3', 5, false);
+        
+    }
+    
     public function testManagerCheckBadPermBadUserFalse()
     {
         $result = self::$rbac->check(5, 5);

From 29485f68c1543c800c734b0064c27523f461d450 Mon Sep 17 00:00:00 2001
From: Cedric <c.gross@kreiz-it.fr>
Date: Mon, 24 Dec 2018 14:25:06 +0100
Subject: [PATCH 3/3] Implement recursive enforce

---
 PhpRbac/src/PhpRbac/Rbac.php          |  4 ++--
 PhpRbac/src/PhpRbac/core/lib/rbac.php |  8 ++++++--
 PhpRbac/tests/src/RbacManagerTest.php | 16 ++++++++++++++++
 3 files changed, 24 insertions(+), 4 deletions(-)

diff --git a/PhpRbac/src/PhpRbac/Rbac.php b/PhpRbac/src/PhpRbac/Rbac.php
index bf7a46c..b998c2d 100644
--- a/PhpRbac/src/PhpRbac/Rbac.php
+++ b/PhpRbac/src/PhpRbac/Rbac.php
@@ -38,9 +38,9 @@ public function check($permission, $user_id, $recurse = false)
         return Jf::$Rbac->check($permission, $user_id, $recurse);
     }
 
-    public function enforce($permission, $user_id)
+    public function enforce($permission, $user_id, $recurse = false)
     {
-        return Jf::$Rbac->enforce($permission, $user_id);
+        return Jf::$Rbac->enforce($permission, $user_id, $recurse);
     }
 
     public function reset($ensure = false)
diff --git a/PhpRbac/src/PhpRbac/core/lib/rbac.php b/PhpRbac/src/PhpRbac/core/lib/rbac.php
index 7de7bf2..8eb8c24 100644
--- a/PhpRbac/src/PhpRbac/core/lib/rbac.php
+++ b/PhpRbac/src/PhpRbac/core/lib/rbac.php
@@ -644,14 +644,18 @@ function check($Permission, $UserID = null, $Recurse = false)
     *
     * @param integer $UserID
     *
+    * @param bool $Recurse
+    *          Use when $Permission is a path, allow system to recursively 
+    *          find permission
+    *
     * @throws RbacUserNotProvidedException
     */
-	function enforce($Permission, $UserID = null)
+	function enforce($Permission, $UserID = null, $Recurse = false)
 	{
 	if ($UserID === null)
                 throw new \RbacUserNotProvidedException ("\$UserID is a required argument.");
 
-		if (! $this->check($Permission, $UserID)) {
+		if (! $this->check($Permission, $UserID, $Recurse)) {
             header('HTTP/1.1 403 Forbidden');
             die("<strong>Forbidden</strong>: You do not have permission to access this resource.");
         }
diff --git a/PhpRbac/tests/src/RbacManagerTest.php b/PhpRbac/tests/src/RbacManagerTest.php
index 31d58f7..dba9751 100644
--- a/PhpRbac/tests/src/RbacManagerTest.php
+++ b/PhpRbac/tests/src/RbacManagerTest.php
@@ -270,6 +270,22 @@ public function testManagerEnforcePath()
         $this->assertTrue($result);
     }
 
+    public function testManagerEnforceRecursivePath()
+    {
+        self::$rbac->Permissions->addPath('/permissions_1/permissions_2');
+        $perm_id_1 = self::$rbac->Permissions->pathId('/permissions_1/permissions_2');
+        
+        self::$rbac->Roles->addPath('/roles_1/roles_2/roles_3');
+        $role_id_1 = self::$rbac->Roles->pathId('/roles_1/roles_2/roles_3');
+        
+        self::$rbac->Roles->assign($role_id_1, $perm_id_1);
+        self::$rbac->Users->assign($role_id_1, 5);
+        
+        $result = self::$rbac->enforce('/permissions_1/permissions_2/permissions_3', 5, true);
+        
+        $this->assertTrue($result);
+    }
+    
     /**
      * @expectedException RbacUserNotProvidedException
      */