/**
* @param OnClearEventArgs $event
* @param OrganizationContextTokenInterface $token
*/
protected function checkOrganization(OnClearEventArgs $event, OrganizationContextTokenInterface $token)
{
$organization = $token->getOrganizationContext();
if (!is_object($organization)) {
return;
}
$organizationClass = ClassUtils::getClass($organization);
if ($event->getEntityClass() && $event->getEntityClass() !== $organizationClass) {
return;
}
$em = $event->getEntityManager();
if ($em !== $this->doctrine->getManagerForClass($organizationClass)) {
return;
}
$organization = $this->refreshEntity($organization, $organizationClass, $em);
if (!$organization) {
return;
}
$token->setOrganizationContext($organization);
}
/**
* Check organization. If user try to access entity what was created in organization this user do not have access -
* deny access. We should check organization for all the entities what have ownership
* (USER, BUSINESS_UNIT, ORGANIZATION ownership types)
*
* @param mixed $object
* @param OrganizationContextTokenInterface $securityToken
* @return bool
*/
protected function isAccessDeniedByOrganizationContext($object, OrganizationContextTokenInterface $securityToken)
{
try {
// try to get entity organization value
$objectOrganization = $this->entityOwnerAccessor->getOrganization($object);
// check entity organization with current organization
if ($objectOrganization && $objectOrganization->getId() !== $securityToken->getOrganizationContext()->getId()) {
return true;
}
} catch (InvalidEntityException $e) {
// in case if entity has no organization field (none ownership type)
}
return false;
}
public function testSerialize()
{
$newToken = unserialize(serialize($this->token));
$this->assertEquals($newToken->getUser()->getId(), $this->token->getUser()->getId());
$this->assertEquals($newToken->getOrganizationContext()->getId(), $this->token->getOrganizationContext()->getId());
}