public function testSetPermissionForNewAclIfGetAcesCalledBefore() { $sid = $this->getMock('Symfony\\Component\\Security\\Acl\\Model\\SecurityIdentityInterface'); $oid = new ObjectIdentity('entity', 'Acme\\Test'); $granting = true; $mask = 123; $strategy = 'any'; $this->aclProvider->expects($this->once())->method('findAcl')->with($this->identicalTo($oid))->will($this->throwException(new AclNotFoundException())); $this->extension->expects($this->once())->method('validateMask')->with($this->equalTo($mask), $this->identicalTo($oid)); $this->aceProvider->expects($this->never())->method('getAces'); $this->aceProvider->expects($this->never())->method('setPermission'); $this->manager->getAces($sid, $oid); $this->manager->setPermission($sid, $oid, $mask, $granting, $strategy); }
/** * Prepares the context is used in savePrivileges method * * @param array $context * @param array $rootKeys * @param SID $sid * @param ArrayCollection|AclPrivilege[] $privileges */ protected function initSaveContext(array &$context, array $rootKeys, SID $sid, ArrayCollection $privileges) { foreach ($this->manager->getAllExtensions() as $extension) { $extensionKey = $extension->getExtensionKey(); /** @var MaskBuilder[] $maskBuilders */ $maskBuilders = array(); $this->prepareMaskBuilders($maskBuilders, $extension); $context[$extensionKey] = array('extension' => $extension, 'maskBuilders' => $maskBuilders); if (isset($rootKeys[$extensionKey])) { $privilege = $privileges[$rootKeys[$extensionKey]]; $rootMasks = $this->getPermissionMasks($privilege->getPermissions(), $extension, $maskBuilders); } else { $rootMasks = array(); $oid = $this->manager->getRootOid($extension->getExtensionKey()); foreach ($this->manager->getAces($sid, $oid) as $ace) { if (!$ace->isGranting()) { // denying ACE is not supported continue; } $rootMasks[] = $ace->getMask(); } // add missing masks foreach ($extension->getAllMaskBuilders() as $maskBuilder) { $emptyMask = $maskBuilder->get(); $maskAlreadyExist = false; foreach ($rootMasks as $rootMask) { if ($extension->getServiceBits($emptyMask) === $extension->getServiceBits($rootMask)) { $maskAlreadyExist = true; break; } } if (!$maskAlreadyExist) { $rootMasks[] = $emptyMask; } } } $context[$extensionKey]['rootMasks'] = $rootMasks; } }
/** * @param ObjectIdentity $oid * @param string $class * @param int $requiredMask * @return bool * * @see \Oro\Bundle\SecurityBundle\Acl\Domain\PermissionGrantingStrategy::isAceApplicable * @SuppressWarnings(PHPMD.CyclomaticComplexity) * @SuppressWarnings(PHPMD.NPathComplexity) */ private function isGrantedOidMask(ObjectIdentity $oid, $class, $requiredMask) { if (null === ($loggedUser = $this->getLoggedUser())) { return false; } $extension = $this->aclManager->getExtensionSelector()->select($oid); foreach ($loggedUser->getRoles() as $role) { $sid = $this->aclManager->getSid($role); $aces = $this->aclManager->getAces($sid, $oid); if (!$aces && $oid->getType() !== ObjectIdentityFactory::ROOT_IDENTITY_TYPE) { $rootOid = $this->aclManager->getRootOid($oid); return $this->isGrantedOidMask($rootOid, $class, EntityMaskBuilder::GROUP_SYSTEM); } foreach ($aces as $ace) { if ($ace->getAcl()->getObjectIdentity()->getIdentifier() !== $extension->getExtensionKey()) { continue; } $aceMask = $ace->getMask(); if ($oid->getType() === ObjectIdentityFactory::ROOT_IDENTITY_TYPE) { $aceMask = $extension->adaptRootMask($aceMask, new $class()); } if ($extension->getServiceBits($requiredMask) !== $extension->getServiceBits($aceMask)) { continue; } $requiredMask = $extension->removeServiceBits($requiredMask); $aceMask = $extension->removeServiceBits($aceMask); $strategy = $ace->getStrategy(); if (PermissionGrantingStrategy::ALL === $strategy) { return $requiredMask === ($aceMask & $requiredMask); } elseif (PermissionGrantingStrategy::ANY === $strategy) { return 0 !== ($aceMask & $requiredMask); } elseif (PermissionGrantingStrategy::EQUAL === $strategy) { return $requiredMask === $aceMask; } } } return false; }