/** * Adds the permissions for the current user to the serialization. * * @param ObjectEvent $event */ public function onPostSerialize(ObjectEvent $event) { $document = $event->getObject(); if (!($document instanceof SecurityBehavior && $document instanceof LocaleBehavior && $document instanceof WebspaceBehavior && $this->tokenStorage !== null && $this->tokenStorage->getToken() !== null && $this->tokenStorage->getToken()->getUser() instanceof UserInterface)) { return; } /** @var JsonSerializationVisitor $visitor */ $visitor = $event->getVisitor(); $visitor->addData('_permissions', $this->accessControlManager->getUserPermissionByArray($document->getLocale(), ContentAdmin::SECURITY_CONTEXT_PREFIX . $document->getWebspaceName(), $document->getPermissions(), $this->tokenStorage->getToken()->getUser())); }
/** * {@inheritdoc} */ public function getParameters() { $parameters = []; foreach ($this->adminPool->getSecurityContexts() as $system => $sections) { foreach ($sections as $section => $contexts) { foreach ($contexts as $context => $permissionTypes) { $parameters[$context] = $this->accessControlManager->getUserPermissions(new SecurityCondition($context), $this->tokenStorage->getToken()->getUser()); } } } return $parameters; }
public function onPostSerialize(ObjectEvent $event) { $object = $event->getObject(); // FIXME This should be removed, once all entities are restructured not using the ApiWrapper, possible BC break if ($object instanceof ApiWrapper) { $object = $object->getEntity(); } if (!$object instanceof SecuredEntityInterface) { return; } $event->getVisitor()->addData('_permissions', $this->accessControlManager->getUserPermissions(new SecurityCondition($object->getSecurityContext(), null, get_class($object), $object->getId()), $this->tokenStorage->getToken()->getUser())); }
public function testNegativeVoteWithMultipleAttributes() { $securityCondition = new SecurityCondition('sulu.security.roles', null); $this->accessControlManager->getUserPermissions($securityCondition, $this->user)->willReturn(['view' => true, 'add' => true, 'security' => false]); $access = $this->voter->vote($this->token->reveal(), $securityCondition, ['view', 'security']); $this->assertSame(VoterInterface::ACCESS_DENIED, $access); }
/** * {@inheritdoc} */ public function vote(TokenInterface $token, $object, array $attributes) { /** @var User $user */ $user = $token->getUser(); if (!is_object($object) || !$this->supportsClass(get_class($object))) { return VoterInterface::ACCESS_ABSTAIN; } $userPermissions = $this->accessControlManager->getUserPermissions($object, $user); // only if all attributes are granted the access is granted foreach ($attributes as $attribute) { if (isset($userPermissions[$attribute]) && !$userPermissions[$attribute]) { return VoterInterface::ACCESS_DENIED; } } return VoterInterface::ACCESS_GRANTED; }
public function postAction(Request $request) { try { $identifier = $request->get('id'); $type = $request->get('type'); $permissions = $request->get('permissions'); $securityContext = $request->get('securityContext'); if (!$identifier) { throw new MissingParameterException(static::class, 'id'); } if (!$type) { throw new MissingParameterException(static::class, 'class'); } if (!is_array($permissions)) { throw new RestException('The "permissions" must be passed as an array'); } if ($securityContext) { $this->securityChecker->checkPermission($securityContext, PermissionTypes::SECURITY); } // transfer all permission strings to booleans foreach ($permissions as &$permission) { array_walk($permission, function (&$permissionLine) { $permissionLine = $permissionLine === 'true' || $permissionLine === true; }); } $this->accessControlManager->setPermissions($type, $identifier, $permissions); return $this->viewHandler->handle(View::create(['id' => $identifier, 'type' => $type, 'permissions' => $permissions])); } catch (RestException $exc) { return $this->viewHandler->handle(View::create($exc->toArray(), 400)); } }
public function testOnPostSerializeWithApiWrapper() { $apiWrapper = $this->prophesize(ApiWrapper::class); $entity = $this->prophesize(SecuredEntityInterface::class); $entity->getId()->willReturn(7); $entity->getSecurityContext()->willReturn('sulu.example'); $apiWrapper->getEntity()->willReturn($entity); $this->objectEvent->getObject()->willReturn($apiWrapper); $securityCondition = new SecurityCondition('sulu.example', null, get_class($entity->reveal()), 7); $permission = ['_permissions' => ['permission' => 'value']]; $this->accessControlManager->getUserPermissions($securityCondition, $this->user->reveal())->willReturn($permission); $this->visitor->addData('_permissions', $permission)->shouldBeCalled(); $this->securedEntitySubscriber->onPostSerialize($this->objectEvent->reveal()); }
/** * Add data for serialization of content objects. * * @param ObjectEvent $event */ public function onPostSerialize(ObjectEvent $event) { /** @var Content $content */ $content = $event->getObject(); /** @var JsonSerializationVisitor $visitor */ $visitor = $event->getVisitor(); if (!$content instanceof Content) { return; } foreach ($content->getData() as $key => $value) { $visitor->addData($key, $value); } $visitor->addData('publishedState', WorkflowStage::PUBLISHED === $content->getWorkflowStage()); if (RedirectType::EXTERNAL === $content->getNodeType()) { $visitor->addData('linked', 'external'); } elseif (RedirectType::INTERNAL === $content->getNodeType()) { $visitor->addData('linked', 'internal'); } if (null !== $content->getLocalizationType()) { $visitor->addData('type', $content->getLocalizationType()->toArray()); } $visitor->addData('_permissions', $this->accessControlManager->getUserPermissionByArray($content->getLocale(), ContentAdmin::SECURITY_CONTEXT_PREFIX . $content->getWebspaceKey(), $content->getPermissions(), $this->tokenStorage->getToken()->getUser())); }
/** * {@inheritdoc} */ public function getNodesTree($uuid, $webspaceKey, $languageCode, $excludeGhosts = false, $excludeShadows = false, $appendWebspaceNode = false) { $nodes = $this->loadNodeAndAncestors($uuid, $webspaceKey, $languageCode, $excludeGhosts, $excludeShadows, true); if ($appendWebspaceNode) { $webspace = $this->webspaceManager->getWebspaceCollection()->getWebspace($webspaceKey); $result = ['_embedded' => ['nodes' => [['id' => $this->sessionManager->getContentNode($webspace->getKey())->getIdentifier(), 'path' => '/', 'title' => $webspace->getName(), 'publishedState' => true, 'hasSub' => true, '_embedded' => ['nodes' => $nodes], '_links' => ['children' => ['href' => $this->apiBasePath . '?depth=1&webspace=' . $webspaceKey . '&language=' . $languageCode . ($excludeGhosts === true ? '&exclude-ghosts=true' : '')]]]]]]; } else { $result = ['_embedded' => ['nodes' => $nodes]]; } if ($this->tokenStorage && ($token = $this->tokenStorage->getToken())) { $result['_permissions'] = $this->accessControlManager->getUserPermissions(new SecurityCondition('sulu.webspaces.' . $webspaceKey), $token->getUser()); } // add api links $result['_links'] = ['self' => ['href' => $this->apiBasePath . '/tree?uuid=' . $uuid . '&webspace=' . $webspaceKey . '&language=' . $languageCode . ($excludeGhosts === true ? '&exclude-ghosts=true' : '') . ($appendWebspaceNode === true ? '&webspace-node=true' : '')]]; return $result; }
/** * @dataProvider provideWrongPermissionData */ public function testPostActionWithWrongData($id, $class, $permissions) { $request = new Request([], ['id' => $id, 'type' => $class, 'permissions' => $permissions]); $this->accessControlManager->setPermissions(Argument::cetera())->shouldNotBeCalled(); $this->permissionController->postAction($request); }