public function testSetPermissionForNewAclIfGetAcesCalledBefore()
{
$sid = $this->getMock('Symfony\\Component\\Security\\Acl\\Model\\SecurityIdentityInterface');
$oid = new ObjectIdentity('entity', 'Acme\\Test');
$granting = true;
$mask = 123;
$strategy = 'any';
$this->aclProvider->expects($this->once())->method('findAcl')->with($this->identicalTo($oid))->will($this->throwException(new AclNotFoundException()));
$this->extension->expects($this->once())->method('validateMask')->with($this->equalTo($mask), $this->identicalTo($oid));
$this->aceProvider->expects($this->never())->method('getAces');
$this->aceProvider->expects($this->never())->method('setPermission');
$this->manager->getAces($sid, $oid);
$this->manager->setPermission($sid, $oid, $mask, $granting, $strategy);
}
/**
* Prepares the context is used in savePrivileges method
*
* @param array $context
* @param array $rootKeys
* @param SID $sid
* @param ArrayCollection|AclPrivilege[] $privileges
*/
protected function initSaveContext(array &$context, array $rootKeys, SID $sid, ArrayCollection $privileges)
{
foreach ($this->manager->getAllExtensions() as $extension) {
$extensionKey = $extension->getExtensionKey();
/** @var MaskBuilder[] $maskBuilders */
$maskBuilders = array();
$this->prepareMaskBuilders($maskBuilders, $extension);
$context[$extensionKey] = array('extension' => $extension, 'maskBuilders' => $maskBuilders);
if (isset($rootKeys[$extensionKey])) {
$privilege = $privileges[$rootKeys[$extensionKey]];
$rootMasks = $this->getPermissionMasks($privilege->getPermissions(), $extension, $maskBuilders);
} else {
$rootMasks = array();
$oid = $this->manager->getRootOid($extension->getExtensionKey());
foreach ($this->manager->getAces($sid, $oid) as $ace) {
if (!$ace->isGranting()) {
// denying ACE is not supported
continue;
}
$rootMasks[] = $ace->getMask();
}
// add missing masks
foreach ($extension->getAllMaskBuilders() as $maskBuilder) {
$emptyMask = $maskBuilder->get();
$maskAlreadyExist = false;
foreach ($rootMasks as $rootMask) {
if ($extension->getServiceBits($emptyMask) === $extension->getServiceBits($rootMask)) {
$maskAlreadyExist = true;
break;
}
}
if (!$maskAlreadyExist) {
$rootMasks[] = $emptyMask;
}
}
}
$context[$extensionKey]['rootMasks'] = $rootMasks;
}
}
/**
* @param ObjectIdentity $oid
* @param string $class
* @param int $requiredMask
* @return bool
*
* @see \Oro\Bundle\SecurityBundle\Acl\Domain\PermissionGrantingStrategy::isAceApplicable
* @SuppressWarnings(PHPMD.CyclomaticComplexity)
* @SuppressWarnings(PHPMD.NPathComplexity)
*/
private function isGrantedOidMask(ObjectIdentity $oid, $class, $requiredMask)
{
if (null === ($loggedUser = $this->getLoggedUser())) {
return false;
}
$extension = $this->aclManager->getExtensionSelector()->select($oid);
foreach ($loggedUser->getRoles() as $role) {
$sid = $this->aclManager->getSid($role);
$aces = $this->aclManager->getAces($sid, $oid);
if (!$aces && $oid->getType() !== ObjectIdentityFactory::ROOT_IDENTITY_TYPE) {
$rootOid = $this->aclManager->getRootOid($oid);
return $this->isGrantedOidMask($rootOid, $class, EntityMaskBuilder::GROUP_SYSTEM);
}
foreach ($aces as $ace) {
if ($ace->getAcl()->getObjectIdentity()->getIdentifier() !== $extension->getExtensionKey()) {
continue;
}
$aceMask = $ace->getMask();
if ($oid->getType() === ObjectIdentityFactory::ROOT_IDENTITY_TYPE) {
$aceMask = $extension->adaptRootMask($aceMask, new $class());
}
if ($extension->getServiceBits($requiredMask) !== $extension->getServiceBits($aceMask)) {
continue;
}
$requiredMask = $extension->removeServiceBits($requiredMask);
$aceMask = $extension->removeServiceBits($aceMask);
$strategy = $ace->getStrategy();
if (PermissionGrantingStrategy::ALL === $strategy) {
return $requiredMask === ($aceMask & $requiredMask);
} elseif (PermissionGrantingStrategy::ANY === $strategy) {
return 0 !== ($aceMask & $requiredMask);
} elseif (PermissionGrantingStrategy::EQUAL === $strategy) {
return $requiredMask === $aceMask;
}
}
}
return false;
}
