Beispiel #1
0
 /**
  * @param $entity
  * @param User $user
  * @param array $roles
  * @return bool
  * @throws \Exception
  */
 public function setAcl($entity, User $user, array $roles = array())
 {
     if (!is_array($roles)) {
         throw new \Exception('Role Undefined');
     }
     $securityIdentity = UserSecurityIdentity::fromAccount($user);
     $objectIdentity = ObjectIdentity::fromDomainObject($entity);
     $mask = 0;
     foreach ($roles as $role) {
         if (!in_array($role, $this->getMaskList())) {
             throw new \Exception('Role submit not exist');
         }
         if ($role > $mask) {
             $mask = $role;
         }
     }
     try {
         $acl = $this->aclProvider->findAcl($objectIdentity);
         $objectAce = $acl->getObjectAces();
         foreach ($objectAce as $key => $ace) {
             if ($ace->getSecurityIdentity() == $securityIdentity) {
                 if ($ace->getMask() < MaskBuilder::MASK_OWNER) {
                     // don't remove OWNER ROLE
                     $acl->deleteObjectAce($key);
                     $this->aclProvider->updateAcl($acl);
                     return true;
                 } else {
                     return false;
                 }
             }
         }
     } catch (\Exception $e) {
         $acl = $this->aclProvider->createAcl($objectIdentity);
     }
     $acl->insertObjectAce($securityIdentity, $mask);
     $this->aclProvider->updateAcl($acl);
     return true;
 }
Beispiel #2
0
 /**
  * @param Share $model
  * @param object $entity
  */
 protected function onSuccess($model, $entity)
 {
     $objectIdentity = ObjectIdentity::fromDomainObject($entity);
     try {
         $acl = $this->aclProvider->findAcl($objectIdentity);
     } catch (AclNotFoundException $e) {
         $acl = $this->aclProvider->createAcl($objectIdentity);
     }
     $oldSids = $this->extractSids($acl);
     // saves original value of old sids to extract new added elements
     $oldSidsCopy = $oldSids;
     $newSids = $this->generateSids($model);
     // $oldSids - $newSids: to delete
     foreach (array_diff($oldSids, $newSids) as $sid) {
         $acl->deleteObjectAce(array_search($sid, $oldSids, true));
         // fills array again because index was recalculated
         $oldSids = $this->extractSids($acl);
     }
     // $newSids - $oldSids: to insert
     foreach (array_diff($newSids, $oldSidsCopy) as $sid) {
         $acl->insertObjectAce($sid, $this->getMaskBySid($sid));
     }
     $this->aclProvider->updateAcl($acl);
 }
Beispiel #3
0
 /**
  * {@inheritdoc}
  *
  * Inject shared record id to acl SQL queries (such as InsertAccessControlEntrySql) via property updatedAcl.
  */
 public function updateAcl(MutableAclInterface $acl)
 {
     $this->updatedAcl = $acl;
     $this->connection->beginTransaction();
     try {
         $event = new UpdateAcl($acl);
         if ($this->eventDispatcher) {
             $this->eventDispatcher->dispatch(UpdateAcl::NAME_BEFORE, $event);
         }
         parent::updateAcl($acl);
         if ($this->eventDispatcher) {
             $this->eventDispatcher->dispatch(UpdateAcl::NAME_AFTER, $event);
         }
         $this->connection->commit();
     } catch (\Exception $e) {
         $this->updatedAcl = null;
         $this->connection->rollBack();
         throw $e;
     }
     $this->updatedAcl = null;
 }