/**
  * Gets a list of all permission names supported by ACL extension which is responsible
  * to process domain objects of the given type(s).
  * In case when $extensionKeyOrKeys argument contains several keys this method returns
  * unique combination of all permission names supported by the requested ACL extensions.
  * For example if one ACL extension supports VIEW, CREATE and EDIT permissions
  * and another ACL extension supports VIEW and DELETE permissions,
  * the result will be: VIEW, CREATE, EDIT, DELETE
  *
  * @param string|string[] $extensionKeyOrKeys The ACL extension key(s)
  * @return string[]
  */
 public function getPermissionNames($extensionKeyOrKeys)
 {
     if (is_string($extensionKeyOrKeys)) {
         return $this->manager->getExtensionSelector()->select($this->manager->getRootOid($extensionKeyOrKeys))->getPermissions();
     }
     $result = array();
     foreach ($extensionKeyOrKeys as $extensionKey) {
         $extension = $this->manager->getExtensionSelector()->select($this->manager->getRootOid($extensionKey));
         foreach ($extension->getPermissions() as $permission) {
             if (!in_array($permission, $result)) {
                 $result[] = $permission;
             }
         }
     }
     return $result;
 }
 /**
  * @param ObjectIdentity $oid
  * @param string $class
  * @param int $requiredMask
  * @return bool
  *
  * @see \Oro\Bundle\SecurityBundle\Acl\Domain\PermissionGrantingStrategy::isAceApplicable
  * @SuppressWarnings(PHPMD.CyclomaticComplexity)
  * @SuppressWarnings(PHPMD.NPathComplexity)
  */
 private function isGrantedOidMask(ObjectIdentity $oid, $class, $requiredMask)
 {
     if (null === ($loggedUser = $this->getLoggedUser())) {
         return false;
     }
     $extension = $this->aclManager->getExtensionSelector()->select($oid);
     foreach ($loggedUser->getRoles() as $role) {
         $sid = $this->aclManager->getSid($role);
         $aces = $this->aclManager->getAces($sid, $oid);
         if (!$aces && $oid->getType() !== ObjectIdentityFactory::ROOT_IDENTITY_TYPE) {
             $rootOid = $this->aclManager->getRootOid($oid);
             return $this->isGrantedOidMask($rootOid, $class, EntityMaskBuilder::GROUP_SYSTEM);
         }
         foreach ($aces as $ace) {
             if ($ace->getAcl()->getObjectIdentity()->getIdentifier() !== $extension->getExtensionKey()) {
                 continue;
             }
             $aceMask = $ace->getMask();
             if ($oid->getType() === ObjectIdentityFactory::ROOT_IDENTITY_TYPE) {
                 $aceMask = $extension->adaptRootMask($aceMask, new $class());
             }
             if ($extension->getServiceBits($requiredMask) !== $extension->getServiceBits($aceMask)) {
                 continue;
             }
             $requiredMask = $extension->removeServiceBits($requiredMask);
             $aceMask = $extension->removeServiceBits($aceMask);
             $strategy = $ace->getStrategy();
             if (PermissionGrantingStrategy::ALL === $strategy) {
                 return $requiredMask === ($aceMask & $requiredMask);
             } elseif (PermissionGrantingStrategy::ANY === $strategy) {
                 return 0 !== ($aceMask & $requiredMask);
             } elseif (PermissionGrantingStrategy::EQUAL === $strategy) {
                 return $requiredMask === $aceMask;
             }
         }
     }
     return false;
 }