/** * Gets a list of all permission names supported by ACL extension which is responsible * to process domain objects of the given type(s). * In case when $extensionKeyOrKeys argument contains several keys this method returns * unique combination of all permission names supported by the requested ACL extensions. * For example if one ACL extension supports VIEW, CREATE and EDIT permissions * and another ACL extension supports VIEW and DELETE permissions, * the result will be: VIEW, CREATE, EDIT, DELETE * * @param string|string[] $extensionKeyOrKeys The ACL extension key(s) * @return string[] */ public function getPermissionNames($extensionKeyOrKeys) { if (is_string($extensionKeyOrKeys)) { return $this->manager->getExtensionSelector()->select($this->manager->getRootOid($extensionKeyOrKeys))->getPermissions(); } $result = array(); foreach ($extensionKeyOrKeys as $extensionKey) { $extension = $this->manager->getExtensionSelector()->select($this->manager->getRootOid($extensionKey)); foreach ($extension->getPermissions() as $permission) { if (!in_array($permission, $result)) { $result[] = $permission; } } } return $result; }
/** * @param ObjectIdentity $oid * @param string $class * @param int $requiredMask * @return bool * * @see \Oro\Bundle\SecurityBundle\Acl\Domain\PermissionGrantingStrategy::isAceApplicable * @SuppressWarnings(PHPMD.CyclomaticComplexity) * @SuppressWarnings(PHPMD.NPathComplexity) */ private function isGrantedOidMask(ObjectIdentity $oid, $class, $requiredMask) { if (null === ($loggedUser = $this->getLoggedUser())) { return false; } $extension = $this->aclManager->getExtensionSelector()->select($oid); foreach ($loggedUser->getRoles() as $role) { $sid = $this->aclManager->getSid($role); $aces = $this->aclManager->getAces($sid, $oid); if (!$aces && $oid->getType() !== ObjectIdentityFactory::ROOT_IDENTITY_TYPE) { $rootOid = $this->aclManager->getRootOid($oid); return $this->isGrantedOidMask($rootOid, $class, EntityMaskBuilder::GROUP_SYSTEM); } foreach ($aces as $ace) { if ($ace->getAcl()->getObjectIdentity()->getIdentifier() !== $extension->getExtensionKey()) { continue; } $aceMask = $ace->getMask(); if ($oid->getType() === ObjectIdentityFactory::ROOT_IDENTITY_TYPE) { $aceMask = $extension->adaptRootMask($aceMask, new $class()); } if ($extension->getServiceBits($requiredMask) !== $extension->getServiceBits($aceMask)) { continue; } $requiredMask = $extension->removeServiceBits($requiredMask); $aceMask = $extension->removeServiceBits($aceMask); $strategy = $ace->getStrategy(); if (PermissionGrantingStrategy::ALL === $strategy) { return $requiredMask === ($aceMask & $requiredMask); } elseif (PermissionGrantingStrategy::ANY === $strategy) { return 0 !== ($aceMask & $requiredMask); } elseif (PermissionGrantingStrategy::EQUAL === $strategy) { return $requiredMask === $aceMask; } } } return false; }