/**
* Applies ACL conditions to the search query
*
* @param Query $query
* @param string $permission
*
* @return Query
*/
public function apply(Query $query, $permission = 'VIEW')
{
$querySearchAliases = $this->getSearchAliases($query);
$allowedAliases = [];
$ownerExpressions = [];
$expr = $query->getCriteria()->expr();
if (count($querySearchAliases) !== 0) {
foreach ($querySearchAliases as $entityAlias) {
$className = $this->mappingProvider->getEntityClass($entityAlias);
if ($className) {
$ownerField = sprintf('%s_owner', $entityAlias);
$condition = $this->ownershipDataBuilder->getAclConditionData($className, $permission);
if (count($condition) === 0 || !($condition[0] === null && $condition[3] === null)) {
$allowedAliases[] = $entityAlias;
// in case if we should not limit data for entity
if (count($condition) === 0 || $condition[1] === null) {
$ownerExpressions[] = $expr->gte('integer.' . $ownerField, SearchListener::EMPTY_OWNER_ID);
continue;
}
$owners = !empty($condition[1]) ? $condition[1] : SearchListener::EMPTY_OWNER_ID;
$ownerExpressions[] = !is_array($owners) || count($owners) === 1 ? $expr->eq('integer.' . $ownerField, $owners) : $expr->in('integer.' . $ownerField, $owners);
}
}
}
}
if (count($ownerExpressions) !== 0) {
$query->getCriteria()->andWhere(new CompositeExpression(CompositeExpression::TYPE_OR, $ownerExpressions));
}
$query->from($allowedAliases);
$this->addOrganizationLimits($query, $expr);
return $query;
}
/**
* @dataProvider dataProvider
*/
public function testApply(QueryBuilder $queryBuilder, $conditions, $resultHandler, $walkerResult, $exception)
{
$eventDispatcher = $this->getMock('Symfony\\Component\\EventDispatcher\\EventDispatcherInterface');
$this->conditionBuilder = $this->getMockBuilder('Oro\\Bundle\\SecurityBundle\\ORM\\Walker\\OwnershipConditionDataBuilder')->disableOriginalConstructor()->getMock();
$this->conditionBuilder->expects($this->any())->method('getAclConditionData')->will($this->returnCallback(function ($entityName, $permission) use($conditions) {
if (isset($conditions[$entityName])) {
return $conditions[$entityName];
}
return null;
}));
$conditionalFactorBuilder = new AclConditionalFactorBuilder();
$this->helper = new AclHelper($this->conditionBuilder, $eventDispatcher, $conditionalFactorBuilder);
$query = $this->helper->apply($queryBuilder);
$this->{$resultHandler}($query->getHints());
$parserResult = $this->getMockBuilder('Doctrine\\ORM\\Query\\ParserResult')->disableOriginalConstructor()->getMock();
$this->assertEquals($query->getDQL(), $queryBuilder->getDQL());
$this->walker = new AclWalker($query, $parserResult, []);
$resultAst = $this->walker->walkSelectStatement($query->getAST());
$this->{$walkerResult}($resultAst);
if ($exception) {
list($class, $message) = $exception;
$this->setExpectedException($class, $message);
}
$this->assertNotEmpty($query->getSQL());
}
public function testGetUserIdWithNonLoginUser()
{
$token = $this->getMock('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface');
$token->expects($this->any())->method('getUser')->will($this->returnValue('anon'));
$this->securityContext->expects($this->any())->method('getToken')->will($this->returnValue($token));
$this->assertNull($this->builder->getUserId());
}
/**
* @dataProvider dataProvider
*/
public function testApply(QueryBuilder $queryBuilder, $conditions, $resultHandler, $walkerResult)
{
$this->conditionBuilder = $this->getMockBuilder('Oro\\Bundle\\SecurityBundle\\ORM\\Walker\\OwnershipConditionDataBuilder')->disableOriginalConstructor()->getMock();
$this->conditionBuilder->expects($this->any())->method('getAclConditionData')->will($this->returnCallback(function ($entityName, $permission) use($conditions) {
if (isset($conditions[$entityName])) {
return $conditions[$entityName];
}
return null;
}));
$this->helper = new AclHelper($this->conditionBuilder);
$query = $this->helper->apply($queryBuilder);
$this->{$resultHandler}($query->getHints());
$parserResult = $this->getMockBuilder('Doctrine\\ORM\\Query\\ParserResult')->disableOriginalConstructor()->getMock();
$this->assertEquals($query->getDQL(), $queryBuilder->getDQL());
$this->walker = new AclWalker($query, $parserResult, []);
$resultAst = $this->walker->walkSelectStatement($query->getAST());
$this->{$walkerResult}($resultAst);
}
/**
* Process where and join statements
*
* @param RangeVariableDeclaration $rangeVariableDeclaration
* @param string $permission
*
* @return Node|null
*/
protected function processRangeVariableDeclarationShare(RangeVariableDeclaration $rangeVariableDeclaration, $permission)
{
$entityName = $rangeVariableDeclaration->abstractSchemaName;
$entityAlias = $rangeVariableDeclaration->aliasIdentificationVariable;
$resultData = $this->builder->getAclShareData($entityName, $entityAlias, $permission);
if (!empty($resultData)) {
list($shareCondition, $queryComponents) = $resultData;
$this->addQueryComponents($queryComponents);
return $shareCondition;
}
return null;
}
/**
* Process where statement
*
* @param RangeVariableDeclaration $rangeVariableDeclaration
* @param $permission
* @param bool $isJoin
* @return null|AclCondition|JoinAclCondition
*/
protected function processRangeVariableDeclaration(RangeVariableDeclaration $rangeVariableDeclaration, $permission, $isJoin = false)
{
$this->addEntityAlias($rangeVariableDeclaration);
$entityName = $rangeVariableDeclaration->abstractSchemaName;
$entityAlias = $rangeVariableDeclaration->aliasIdentificationVariable;
$resultData = $this->builder->getAclConditionData($entityName, $permission);
if ($resultData === null || !empty($resultData)) {
$entityField = $value = null;
if (!empty($resultData)) {
list($entityField, $value) = $resultData;
}
if ($isJoin) {
return new JoinAclCondition($entityAlias, $entityField, $value);
} else {
return new AclCondition($entityAlias, $entityField, $value);
}
}
return null;
}
/**
* Process where statement
*
* @param RangeVariableDeclaration $rangeVariableDeclaration
* @param string $permission
* @param bool $isJoin
* @param bool $isSubRequest
*
* @return null|AclCondition|JoinAclCondition
*/
protected function processRangeVariableDeclaration(RangeVariableDeclaration $rangeVariableDeclaration, $permission, $isJoin = false, $isSubRequest = false)
{
$this->addEntityAlias($rangeVariableDeclaration);
$entityName = $rangeVariableDeclaration->abstractSchemaName;
$entityAlias = $rangeVariableDeclaration->aliasIdentificationVariable;
$isUserTable = in_array($rangeVariableDeclaration->abstractSchemaName, [self::ORO_USER_CLASS]);
$resultData = false;
if (!$isUserTable || $rangeVariableDeclaration->isRoot) {
$resultData = $this->builder->getAclConditionData($entityName, $permission);
}
if ($resultData !== false && ($resultData === null || !empty($resultData))) {
$entityField = $value = $pathExpressionType = $organizationField = $organizationValue = $ignoreOwner = null;
if (!empty($resultData)) {
list($entityField, $value, $pathExpressionType, $organizationField, $organizationValue, $ignoreOwner) = $resultData;
}
if ($isJoin) {
return new JoinAclCondition($entityAlias, $entityField, $value, $pathExpressionType, $organizationField, $organizationValue, $ignoreOwner);
} else {
return new AclCondition($entityAlias, $entityField, $value, $pathExpressionType, $organizationField, $organizationValue, $ignoreOwner);
}
}
return null;
}
