public function testSetPermissionForNewAclIfGetAcesCalledBefore()
 {
     $sid = $this->getMock('Symfony\\Component\\Security\\Acl\\Model\\SecurityIdentityInterface');
     $oid = new ObjectIdentity('entity', 'Acme\\Test');
     $granting = true;
     $mask = 123;
     $strategy = 'any';
     $this->aclProvider->expects($this->once())->method('findAcl')->with($this->identicalTo($oid))->will($this->throwException(new AclNotFoundException()));
     $this->extension->expects($this->once())->method('validateMask')->with($this->equalTo($mask), $this->identicalTo($oid));
     $this->aceProvider->expects($this->never())->method('getAces');
     $this->aceProvider->expects($this->never())->method('setPermission');
     $this->manager->getAces($sid, $oid);
     $this->manager->setPermission($sid, $oid, $mask, $granting, $strategy);
 }
 /**
  * Prepares the context is used in savePrivileges method
  *
  * @param array $context
  * @param array $rootKeys
  * @param SID $sid
  * @param ArrayCollection|AclPrivilege[] $privileges
  */
 protected function initSaveContext(array &$context, array $rootKeys, SID $sid, ArrayCollection $privileges)
 {
     foreach ($this->manager->getAllExtensions() as $extension) {
         $extensionKey = $extension->getExtensionKey();
         /** @var MaskBuilder[] $maskBuilders */
         $maskBuilders = array();
         $this->prepareMaskBuilders($maskBuilders, $extension);
         $context[$extensionKey] = array('extension' => $extension, 'maskBuilders' => $maskBuilders);
         if (isset($rootKeys[$extensionKey])) {
             $privilege = $privileges[$rootKeys[$extensionKey]];
             $rootMasks = $this->getPermissionMasks($privilege->getPermissions(), $extension, $maskBuilders);
         } else {
             $rootMasks = array();
             $oid = $this->manager->getRootOid($extension->getExtensionKey());
             foreach ($this->manager->getAces($sid, $oid) as $ace) {
                 if (!$ace->isGranting()) {
                     // denying ACE is not supported
                     continue;
                 }
                 $rootMasks[] = $ace->getMask();
             }
             // add missing masks
             foreach ($extension->getAllMaskBuilders() as $maskBuilder) {
                 $emptyMask = $maskBuilder->get();
                 $maskAlreadyExist = false;
                 foreach ($rootMasks as $rootMask) {
                     if ($extension->getServiceBits($emptyMask) === $extension->getServiceBits($rootMask)) {
                         $maskAlreadyExist = true;
                         break;
                     }
                 }
                 if (!$maskAlreadyExist) {
                     $rootMasks[] = $emptyMask;
                 }
             }
         }
         $context[$extensionKey]['rootMasks'] = $rootMasks;
     }
 }
 /**
  * @param ObjectIdentity $oid
  * @param string $class
  * @param int $requiredMask
  * @return bool
  *
  * @see \Oro\Bundle\SecurityBundle\Acl\Domain\PermissionGrantingStrategy::isAceApplicable
  * @SuppressWarnings(PHPMD.CyclomaticComplexity)
  * @SuppressWarnings(PHPMD.NPathComplexity)
  */
 private function isGrantedOidMask(ObjectIdentity $oid, $class, $requiredMask)
 {
     if (null === ($loggedUser = $this->getLoggedUser())) {
         return false;
     }
     $extension = $this->aclManager->getExtensionSelector()->select($oid);
     foreach ($loggedUser->getRoles() as $role) {
         $sid = $this->aclManager->getSid($role);
         $aces = $this->aclManager->getAces($sid, $oid);
         if (!$aces && $oid->getType() !== ObjectIdentityFactory::ROOT_IDENTITY_TYPE) {
             $rootOid = $this->aclManager->getRootOid($oid);
             return $this->isGrantedOidMask($rootOid, $class, EntityMaskBuilder::GROUP_SYSTEM);
         }
         foreach ($aces as $ace) {
             if ($ace->getAcl()->getObjectIdentity()->getIdentifier() !== $extension->getExtensionKey()) {
                 continue;
             }
             $aceMask = $ace->getMask();
             if ($oid->getType() === ObjectIdentityFactory::ROOT_IDENTITY_TYPE) {
                 $aceMask = $extension->adaptRootMask($aceMask, new $class());
             }
             if ($extension->getServiceBits($requiredMask) !== $extension->getServiceBits($aceMask)) {
                 continue;
             }
             $requiredMask = $extension->removeServiceBits($requiredMask);
             $aceMask = $extension->removeServiceBits($aceMask);
             $strategy = $ace->getStrategy();
             if (PermissionGrantingStrategy::ALL === $strategy) {
                 return $requiredMask === ($aceMask & $requiredMask);
             } elseif (PermissionGrantingStrategy::ANY === $strategy) {
                 return 0 !== ($aceMask & $requiredMask);
             } elseif (PermissionGrantingStrategy::EQUAL === $strategy) {
                 return $requiredMask === $aceMask;
             }
         }
     }
     return false;
 }