/**
* Delete any pending access tokens given to this user, and grant access to
* those resources in turn.
*/
public function postPersist(User $user, LifecycleEventArgs $event)
{
$pending_aces = $this->entityManager->getRepository('ActsCamdramSecurityBundle:PendingAccess')->findByEmail($user->getEmail());
foreach ($pending_aces as $pending) {
$ace = new AccessControlEntry();
$ace->setUser($user)->setEntityId($pending->getRid())->setCreatedAt(new \DateTime())->setGrantedBy($pending->getIssuer())->setGrantedAt(new \DateTime())->setType($pending->getType());
$this->entityManager->persist($ace);
$this->entityManager->remove($pending);
}
$this->entityManager->flush();
}
/**
* @Given /^the administrator "([^"]*)" with the email "([^"]*)" and the password "([^"]*)"$/
*/
public function createAdminUser($name, $email, $password)
{
$em = $this->getEntityManager();
$user = $this->createUser($name, $email, $password);
$ace = new AccessControlEntry();
$ace->setUser($user);
$ace->setEntityId(AccessControlEntry::LEVEL_FULL_ADMIN);
$ace->setType('security');
$ace->setGrantedBy($user);
$ace->setCreatedAt(new \DateTime());
$em->persist($ace);
$em->flush();
}
/**
* {@inheritDoc}
*/
public function load(ObjectManager $manager)
{
//Make the admin user an admin
$e = new AccessControlEntry();
$e->setUser($this->getReference('adminuser'));
$e->setGrantedBy($this->getReference('testuser1'));
$e->setEntityId('-2');
$e->setCreatedAt(new \DateTime('2001-01-01'));
$e->setType('security');
$manager->persist($e);
//Make user2 owner of all shows
$shows = $manager->getRepository('ActsCamdramBundle:Show')->findAll();
foreach ($shows as $show) {
$e = new AccessControlEntry();
$e->setUser($this->getReference('testuser2'));
$e->setGrantedBy($this->getReference('adminuser'));
$e->setEntityId($show->getId());
$e->setCreatedAt(new \DateTime('2001-01-01'));
$e->setType('show');
$manager->persist($e);
}
$manager->flush();
}
/**
* Grant access to a resource.
*
* Immediately grant access to a resoure. Creates a new ACE in the
* database, and dispatches a Camdram-specific event that is used
* to trigger sending of emails.
*/
public function grantAccess(OwnableInterface $entity, User $user, User $granter)
{
$ace = new AccessControlEntry();
$ace->setUser($user);
$ace->setEntityId($entity->getId())->setCreatedAt(new \DateTime())->setGrantedBy($granter)->setGrantedAt(new \DateTime())->setType($entity->getAceType());
$this->entityManager->persist($ace);
$this->entityManager->flush();
/* Send a Camdram-specific event that should trigger an email
* notification.
*/
$this->eventDispatcher->dispatch(CamdramSecurityEvents::ACE_CREATED, new AccessControlEntryEvent($ace));
}
/**
* Request to be an admin associated with this show.
*
*
* @param $identifier
*/
public function requestAdminAction($identifier)
{
$this->get('camdram.security.acl.helper')->ensureGranted('ROLE_USER');
$show = $this->getEntity($identifier);
if ($this->get('camdram.security.acl.helper')->isGranted('EDIT', $show)) {
// TODO add a no-action return code.
return $this->routeRedirectView('get_show', array('identifier' => $show->getSlug()));
} else {
// Check if there's already a matching request.
$em = $this->getDoctrine()->getManager();
$ace_repo = $em->getRepository('ActsCamdramSecurityBundle:AccessControlEntry');
$user = $this->getUser();
$em = $this->getDoctrine()->getManager();
$request = $ace_repo->findAceRequest($user, $show);
if ($request != null) {
// A pre-existing request exists. Don't create another one.
return $this->routeRedirectView('get_show', array('identifier' => $show->getSlug()));
}
$ace = new AccessControlEntry();
$ace->setUser($this->getUser())->setEntityId($show->getId())->setCreatedAt(new \DateTime())->setType('request-show');
$em->persist($ace);
$em->flush();
$this->get('event_dispatcher')->dispatch(CamdramSecurityEvents::ACE_CREATED, new AccessControlEntryEvent($ace));
return $this->render('ActsCamdramBundle:Show:access_requested.html.twig');
}
}
