/**
  * Load the ACL per role
  *
  * @param Role $role
  */
 protected function loadAcls(Role $role)
 {
     if (User::ROLE_ANONYMOUS === $role->getRole()) {
         return;
     }
     $sid = $this->aclManager->getSid($role);
     foreach ($this->aclManager->getAllExtensions() as $extension) {
         $rootOid = $this->aclManager->getRootOid($extension->getExtensionKey());
         foreach ($extension->getAllMaskBuilders() as $maskBuilder) {
             $fullAccessMask = $maskBuilder->hasConst('GROUP_SYSTEM') ? $maskBuilder->getConst('GROUP_SYSTEM') : $maskBuilder->getConst('GROUP_ALL');
             $this->aclManager->setPermission($sid, $rootOid, $fullAccessMask, true);
         }
     }
 }
 protected function updateUserRole(AclManager $manager)
 {
     $sid = $manager->getSid($this->getRole(LoadRolesData::ROLE_ADMINISTRATOR));
     $oid = $manager->getOid('entity:Oro\\Bundle\\EmailBundle\\Entity\\Email');
     $maskBuilder = $manager->getMaskBuilder($oid)->add('VIEW_SYSTEM')->add('CREATE_SYSTEM')->add('EDIT_SYSTEM');
     $manager->setPermission($sid, $oid, $maskBuilder->get());
 }
Beispiel #3
0
 /**
  * @param AbstractRole $role
  */
 protected function processPrivileges(AbstractRole $role)
 {
     $decodedPrivileges = json_decode($this->form->get('privileges')->getData(), true);
     $formPrivileges = [];
     foreach ($this->privilegeConfig as $fieldName => $config) {
         $privilegesArray = $decodedPrivileges[$fieldName];
         $privileges = [];
         foreach ($privilegesArray as $privilege) {
             $aclPrivilege = new AclPrivilege();
             foreach ($privilege['permissions'] as $name => $permission) {
                 $aclPrivilege->addPermission(new AclPermission($permission['name'], $permission['accessLevel']));
             }
             $aclPrivilegeIdentity = new AclPrivilegeIdentity($privilege['identity']['id'], $privilege['identity']['name']);
             $aclPrivilege->setIdentity($aclPrivilegeIdentity);
             $privileges[] = $aclPrivilege;
         }
         if ($config['fix_values']) {
             $this->fxPrivilegeValue($privileges, $config['default_value']);
         }
         $formPrivileges = array_merge($formPrivileges, $privileges);
     }
     array_walk($formPrivileges, function (AclPrivilege $privilege) {
         $privilege->setGroup($this->getAclGroup());
     });
     $this->privilegeRepository->savePrivileges($this->aclManager->getSid($role), new ArrayCollection($formPrivileges));
     $this->aclCache->clearCache();
 }
Beispiel #4
0
 protected function updateManagerRole(AclManager $manager)
 {
     $sid = $manager->getSid($this->getRole(LoadRolesData::ROLE_MANAGER));
     // grant to manage own calendar events
     $oid = $manager->getOid('entity:Oro\\Bundle\\CalendarBundle\\Entity\\CalendarEvent');
     $maskBuilder = $manager->getMaskBuilder($oid)->add('VIEW_SYSTEM')->add('CREATE_SYSTEM')->add('EDIT_SYSTEM')->add('DELETE_SYSTEM');
     $manager->setPermission($sid, $oid, $maskBuilder->get());
 }
 /**
  * @param Role $role
  */
 protected function processPrivileges(Role $role)
 {
     $formPrivileges = array();
     foreach ($this->privilegeConfig as $fieldName => $config) {
         $privileges = $this->form->get($fieldName)->getData();
         $formPrivileges = array_merge($formPrivileges, $privileges);
     }
     $this->aclManager->getPrivilegeRepository()->savePrivileges($this->aclManager->getSid($role), new ArrayCollection($formPrivileges));
 }
 protected function updateUserRole(AclManager $manager)
 {
     $roles = ['ROLE_ONLINE_SALES_REP', 'ROLE_MARKETING_MANAGER', 'ROLE_LEADS_DEVELOPMENT_REP'];
     foreach ($roles as $roleName) {
         $sid = $manager->getSid($this->getRole($roleName));
         $oid = $manager->getOid('entity:Oro\\Bundle\\EmailBundle\\Entity\\EmailUser');
         $maskBuilder = $manager->getMaskBuilder($oid)->add('VIEW_BASIC')->add('CREATE_BASIC')->add('EDIT_BASIC');
         $manager->setPermission($sid, $oid, $maskBuilder->get());
     }
 }
 protected function updateUserRole(AclManager $manager)
 {
     $roles = [LoadRolesData::ROLE_USER, LoadRolesData::ROLE_MANAGER];
     foreach ($roles as $roleName) {
         $sid = $manager->getSid($this->getRole($roleName));
         $oid = $manager->getOid('entity:Oro\\Bundle\\EmailBundle\\Entity\\EmailUser');
         $maskBuilder = $manager->getMaskBuilder($oid)->add('VIEW_BASIC')->add('CREATE_BASIC')->add('EDIT_BASIC');
         $manager->setPermission($sid, $oid, $maskBuilder->get());
     }
 }
 /**
  * Load the ACL per role
  *
  * @param AclManager $manager
  * @param Role       $role
  *
  * @see Oro\Bundle\SecurityBundle\DataFixtures\ORM\LoadAclRoles
  */
 protected function loadAcls(AclManager $manager, Role $role)
 {
     $sid = $manager->getSid($role);
     foreach ($manager->getAllExtensions() as $extension) {
         $rootOid = $manager->getRootOid($extension->getExtensionKey());
         foreach ($extension->getAllMaskBuilders() as $maskBuilder) {
             $fullAccessMask = $maskBuilder->hasConst('GROUP_SYSTEM') ? $maskBuilder->getConst('GROUP_SYSTEM') : $maskBuilder->getConst('GROUP_ALL');
             $manager->setPermission($sid, $rootOid, $fullAccessMask, true);
         }
     }
 }
Beispiel #9
0
 /**
  * @param Role $role
  */
 protected function processPrivileges(Role $role)
 {
     $formPrivileges = array();
     foreach ($this->privilegeConfig as $fieldName => $config) {
         $privileges = $this->form->get($fieldName)->getData();
         if ($config['fix_values']) {
             $this->fxPrivilegeValue($privileges, $config['default_value']);
         }
         $formPrivileges = array_merge($formPrivileges, $privileges);
     }
     $this->privilegeRepository->savePrivileges($this->aclManager->getSid($role), new ArrayCollection($formPrivileges));
 }
 protected function updateManagerRole(AclManager $manager)
 {
     $sid = $manager->getSid($this->getReference('manager_role'));
     // grant to view other user's calendar for the same business unit
     $oid = $manager->getOid('entity:Oro\\Bundle\\CalendarBundle\\Entity\\CalendarConnection');
     $maskBuilder = $manager->getMaskBuilder($oid)->add('VIEW_SYSTEM');
     $manager->setPermission($sid, $oid, $maskBuilder->get());
     // grant to manage own calendar events
     $oid = $manager->getOid('entity:Oro\\Bundle\\CalendarBundle\\Entity\\CalendarEvent');
     $maskBuilder = $manager->getMaskBuilder($oid)->add('VIEW_SYSTEM')->add('CREATE_SYSTEM')->add('EDIT_SYSTEM')->add('DELETE_SYSTEM');
     $manager->setPermission($sid, $oid, $maskBuilder->get());
 }
 /**
  * @param ObjectIdentity $oid
  * @param string $class
  * @param int $requiredMask
  * @return bool
  *
  * @see \Oro\Bundle\SecurityBundle\Acl\Domain\PermissionGrantingStrategy::isAceApplicable
  * @SuppressWarnings(PHPMD.CyclomaticComplexity)
  * @SuppressWarnings(PHPMD.NPathComplexity)
  */
 private function isGrantedOidMask(ObjectIdentity $oid, $class, $requiredMask)
 {
     if (null === ($loggedUser = $this->getLoggedUser())) {
         return false;
     }
     $extension = $this->aclManager->getExtensionSelector()->select($oid);
     foreach ($loggedUser->getRoles() as $role) {
         $sid = $this->aclManager->getSid($role);
         $aces = $this->aclManager->getAces($sid, $oid);
         if (!$aces && $oid->getType() !== ObjectIdentityFactory::ROOT_IDENTITY_TYPE) {
             $rootOid = $this->aclManager->getRootOid($oid);
             return $this->isGrantedOidMask($rootOid, $class, EntityMaskBuilder::GROUP_SYSTEM);
         }
         foreach ($aces as $ace) {
             if ($ace->getAcl()->getObjectIdentity()->getIdentifier() !== $extension->getExtensionKey()) {
                 continue;
             }
             $aceMask = $ace->getMask();
             if ($oid->getType() === ObjectIdentityFactory::ROOT_IDENTITY_TYPE) {
                 $aceMask = $extension->adaptRootMask($aceMask, new $class());
             }
             if ($extension->getServiceBits($requiredMask) !== $extension->getServiceBits($aceMask)) {
                 continue;
             }
             $requiredMask = $extension->removeServiceBits($requiredMask);
             $aceMask = $extension->removeServiceBits($aceMask);
             $strategy = $ace->getStrategy();
             if (PermissionGrantingStrategy::ALL === $strategy) {
                 return $requiredMask === ($aceMask & $requiredMask);
             } elseif (PermissionGrantingStrategy::ANY === $strategy) {
                 return 0 !== ($aceMask & $requiredMask);
             } elseif (PermissionGrantingStrategy::EQUAL === $strategy) {
                 return $requiredMask === $aceMask;
             }
         }
     }
     return false;
 }
 /**
  * @param ObjectManager $manager
  * @param AclManager    $aclManager
  */
 protected function setBuyerShoppingListPermissions(ObjectManager $manager, AclManager $aclManager)
 {
     $chainMetadataProvider = $this->container->get('oro_security.owner.metadata_provider.chain');
     $allowedAcls = ['VIEW_BASIC', 'CREATE_BASIC', 'EDIT_BASIC', 'DELETE_BASIC'];
     $role = $this->getBuyerRole($manager);
     if ($aclManager->isAclEnabled()) {
         $sid = $aclManager->getSid($role);
         $className = $this->container->getParameter('orob2b_shopping_list.entity.shopping_list.class');
         foreach ($aclManager->getAllExtensions() as $extension) {
             if ($extension instanceof EntityAclExtension) {
                 $chainMetadataProvider->startProviderEmulation(FrontendOwnershipMetadataProvider::ALIAS);
                 $oid = $aclManager->getOid('entity:' . $className);
                 $builder = $aclManager->getMaskBuilder($oid);
                 $mask = $builder->reset()->get();
                 foreach ($allowedAcls as $acl) {
                     $mask = $builder->add($acl)->get();
                 }
                 $aclManager->setPermission($sid, $oid, $mask);
                 $chainMetadataProvider->stopProviderEmulation();
             }
         }
     }
 }
Beispiel #13
0
 protected function loadUserRole(AclManager $manager)
 {
     $sid = $manager->getSid($this->getRole(LoadRolesData::ROLE_USER));
     foreach ($manager->getAllExtensions() as $extension) {
         $rootOid = $manager->getRootOid($extension->getExtensionKey());
         foreach ($extension->getAllMaskBuilders() as $maskBuilder) {
             if ($maskBuilder->hasConst('GROUP_BASIC')) {
                 if ($maskBuilder->hasConst('MASK_VIEW_SYSTEM')) {
                     $mask = $maskBuilder->getConst('MASK_VIEW_SYSTEM');
                     /* @todo now only SYSTEM level is supported
                        | $maskBuilder->getConst('MASK_CREATE_BASIC')
                        | $maskBuilder->getConst('MASK_EDIT_BASIC')
                        | $maskBuilder->getConst('MASK_DELETE_BASIC')
                        | $maskBuilder->getConst('MASK_ASSIGN_BASIC')
                        | $maskBuilder->getConst('MASK_SHARE_BASIC');
                        */
                 } else {
                     $mask = $maskBuilder->getConst('GROUP_BASIC');
                 }
             } else {
                 $mask = $maskBuilder->getConst('GROUP_NONE');
             }
             $manager->setPermission($sid, $rootOid, $mask, true);
         }
     }
 }
 /**
  * @param AclManager $aclManager
  * @param AccountUserRole $role
  * @param string $className
  * @param array $allowedAcls
  */
 protected function setRolePermissions(AclManager $aclManager, AccountUserRole $role, $className, array $allowedAcls)
 {
     /* @var $chainMetadataProvider ChainMetadataProvider */
     $chainMetadataProvider = $this->container->get('oro_security.owner.metadata_provider.chain');
     if ($aclManager->isAclEnabled()) {
         $sid = $aclManager->getSid($role);
         foreach ($aclManager->getAllExtensions() as $extension) {
             if ($extension instanceof EntityAclExtension) {
                 $chainMetadataProvider->startProviderEmulation(FrontendOwnershipMetadataProvider::ALIAS);
                 $oid = $aclManager->getOid('entity:' . $className);
                 $builder = $aclManager->getMaskBuilder($oid);
                 $mask = $builder->reset()->get();
                 foreach ($allowedAcls as $acl) {
                     $mask = $builder->add($acl)->get();
                 }
                 $aclManager->setPermission($sid, $oid, $mask);
                 $chainMetadataProvider->stopProviderEmulation();
             }
         }
     }
 }
 /**
  * @param ObjectManager $manager
  * @param AclManager $aclManager
  * @return AccountUserRole
  */
 protected function createBuyerRole(ObjectManager $manager, AclManager $aclManager)
 {
     $role = $this->createEntity(self::BUYER, $this->defaultRoles[self::BUYER]);
     $this->setWebsiteDefaultRoles($manager, $role);
     if ($aclManager->isAclEnabled()) {
         $sid = $aclManager->getSid($role);
         foreach ($aclManager->getAllExtensions() as $extension) {
             $this->setPermissionGroup($aclManager, $extension, $sid, 'GROUP_NONE');
         }
     }
     return $role;
 }