/**
* Gets a list of all permission names supported by ACL extension which is responsible
* to process domain objects of the given type(s).
* In case when $extensionKeyOrKeys argument contains several keys this method returns
* unique combination of all permission names supported by the requested ACL extensions.
* For example if one ACL extension supports VIEW, CREATE and EDIT permissions
* and another ACL extension supports VIEW and DELETE permissions,
* the result will be: VIEW, CREATE, EDIT, DELETE
*
* @param string|string[] $extensionKeyOrKeys The ACL extension key(s)
* @return string[]
*/
public function getPermissionNames($extensionKeyOrKeys)
{
if (is_string($extensionKeyOrKeys)) {
return $this->manager->getExtensionSelector()->select($this->manager->getRootOid($extensionKeyOrKeys))->getPermissions();
}
$result = array();
foreach ($extensionKeyOrKeys as $extensionKey) {
$extension = $this->manager->getExtensionSelector()->select($this->manager->getRootOid($extensionKey));
foreach ($extension->getPermissions() as $permission) {
if (!in_array($permission, $result)) {
$result[] = $permission;
}
}
}
return $result;
}
/**
* @param ObjectIdentity $oid
* @param string $class
* @param int $requiredMask
* @return bool
*
* @see \Oro\Bundle\SecurityBundle\Acl\Domain\PermissionGrantingStrategy::isAceApplicable
* @SuppressWarnings(PHPMD.CyclomaticComplexity)
* @SuppressWarnings(PHPMD.NPathComplexity)
*/
private function isGrantedOidMask(ObjectIdentity $oid, $class, $requiredMask)
{
if (null === ($loggedUser = $this->getLoggedUser())) {
return false;
}
$extension = $this->aclManager->getExtensionSelector()->select($oid);
foreach ($loggedUser->getRoles() as $role) {
$sid = $this->aclManager->getSid($role);
$aces = $this->aclManager->getAces($sid, $oid);
if (!$aces && $oid->getType() !== ObjectIdentityFactory::ROOT_IDENTITY_TYPE) {
$rootOid = $this->aclManager->getRootOid($oid);
return $this->isGrantedOidMask($rootOid, $class, EntityMaskBuilder::GROUP_SYSTEM);
}
foreach ($aces as $ace) {
if ($ace->getAcl()->getObjectIdentity()->getIdentifier() !== $extension->getExtensionKey()) {
continue;
}
$aceMask = $ace->getMask();
if ($oid->getType() === ObjectIdentityFactory::ROOT_IDENTITY_TYPE) {
$aceMask = $extension->adaptRootMask($aceMask, new $class());
}
if ($extension->getServiceBits($requiredMask) !== $extension->getServiceBits($aceMask)) {
continue;
}
$requiredMask = $extension->removeServiceBits($requiredMask);
$aceMask = $extension->removeServiceBits($aceMask);
$strategy = $ace->getStrategy();
if (PermissionGrantingStrategy::ALL === $strategy) {
return $requiredMask === ($aceMask & $requiredMask);
} elseif (PermissionGrantingStrategy::ANY === $strategy) {
return 0 !== ($aceMask & $requiredMask);
} elseif (PermissionGrantingStrategy::EQUAL === $strategy) {
return $requiredMask === $aceMask;
}
}
}
return false;
}
