Beispiel #1
0
 /**
  * Tests if there is an access control list for the given object.
  *
  * @param string $objectId The object to lookup in the access control system
  *
  * @return bool Returns true if an access control list exists for the given object, otherwise false
  */
 public function existsAcl($objectId, $objectType)
 {
     if ($objectId === null || $objectType === null) {
         return false;
     }
     try {
         $this->aclProvider->findAcl(new ObjectIdentity($objectId, $objectType));
         return true;
     } catch (AclNotFoundException $exc) {
         return false;
     }
 }
Beispiel #2
0
 /**
  * {@inheritdoc}
  */
 public function vote(TokenInterface $token, $object, array $attributes)
 {
     if (!$object instanceof SecurityCondition) {
         return VoterInterface::ACCESS_ABSTAIN;
     }
     if ($object->getObjectType() === null || $object->getObjectId() === null) {
         return VoterInterface::ACCESS_ABSTAIN;
     }
     try {
         $objectIdentity = new ObjectIdentity($object->getObjectId(), $object->getObjectType());
         $this->aclProvider->findAcl($objectIdentity);
         // only called to check if acl exists
         return parent::vote($token, $objectIdentity, $attributes);
     } catch (AclNotFoundException $exc) {
         return VoterInterface::ACCESS_ABSTAIN;
     }
 }
Beispiel #3
0
 /**
  * Get Acl based on given OID and Parent OID
  *
  * @param ObjectIdentityInterface $oid
  * @param array $sids
  * @param ObjectIdentityInterface $rootOid
  * @return RootBasedAclWrapper|\Symfony\Component\Security\Acl\Model\AclInterface
  */
 protected function getAcl(ObjectIdentityInterface $oid, array $sids, ObjectIdentityInterface $rootOid)
 {
     $acl = $this->baseAclProvider->findAcl($oid, $sids);
     try {
         $rootAcl = $this->baseAclProvider->findAcl($rootOid, $sids);
     } catch (AclNotFoundException $noRootAcl) {
         return $acl;
     }
     return new RootBasedAclWrapper($acl, $rootAcl);
 }
Beispiel #4
0
 /**
  * @test
  */
 public function anonymousAclQueryShouldDelegateToIsGrantedWhenAclIsFound()
 {
     $file = File::create(array('id' => 1));
     $acl = $this->getMockForAbstractClass('Symfony\\Component\\Security\\Acl\\Model\\AclInterface');
     $acl->expects($this->once())->method('isGranted')->with($this->equalTo(array(MaskBuilder::MASK_VIEW)));
     $this->aclProvider->expects($this->once())->method('findAcl')->with($this->isInstanceOf('Symfony\\Component\\Security\\Acl\\Domain\\ObjectIdentity'))->will($this->returnValue($acl));
     $acl = new SymfonyAuthorizationAdapter($this->context, $this->aclProvider, false);
     $acl->attachTo($this->filelib);
     $ret = $acl->anonymousAclQueryWith($file);
 }
Beispiel #5
0
 /**
  * Queries ACL with domain object
  *
  * @param object $domainObject
  *
  * @return boolean
  */
 public function anonymousAclQueryWith($domainObject)
 {
     $oid = ObjectIdentity::fromDomainObject($domainObject);
     try {
         $acl = $this->aclProvider->findAcl($oid);
         $roleIdentity = new RoleSecurityIdentity('IS_AUTHENTICATED_ANONYMOUSLY');
         return $acl->isGranted(array(MaskBuilder::MASK_VIEW), array($roleIdentity), false);
     } catch (\Exception $e) {
         return false;
     }
 }
Beispiel #6
0
 /**
  * Get Acl based on given OID and Parent OID
  *
  * @param ObjectIdentityInterface $oid
  * @param array $sids
  * @param ObjectIdentityInterface $rootOid
  * @return RootBasedAclWrapper|\Symfony\Component\Security\Acl\Model\AclInterface
  */
 protected function getAcl(ObjectIdentityInterface $oid, array $sids, ObjectIdentityInterface $rootOid)
 {
     $acl = $this->baseAclProvider->findAcl($oid, $sids);
     if ($this->baseAclProvider->isReplaceWithUnderlyingAcl($acl)) {
         $underlyingOid = $this->objectIdentityFactory->underlying($oid);
         return $this->getAcl($underlyingOid, $sids, $rootOid);
     }
     try {
         $rootAcl = $this->baseAclProvider->findAcl($rootOid, $sids);
         if ($this->baseAclProvider->isEmptyAcl($acl)) {
             return $rootAcl;
         } else {
             return new RootBasedAclWrapper($acl, $rootAcl);
         }
     } catch (AclNotFoundException $noRootAcl) {
         return $acl;
     }
 }
Beispiel #7
0
 /**
  * Fetch ACL permissions for the specified entity
  *
  * @param object $object
  *
  * @return array
  */
 protected function getAclPermissions($object)
 {
     $roles = array();
     try {
         $objectIdentity = ObjectIdentity::fromDomainObject($object);
         /* @var AclInterface $acl */
         $acl = $this->aclProvider->findAcl($objectIdentity);
         $objectAces = $acl->getObjectAces();
         /* @var AuditableEntryInterface $ace */
         foreach ($objectAces as $ace) {
             $securityIdentity = $ace->getSecurityIdentity();
             if ($securityIdentity instanceof RoleSecurityIdentity && $ace->getMask() & MaskBuilder::MASK_VIEW != 0) {
                 $roles[] = $securityIdentity->getRole();
             }
         }
     } catch (AclNotFoundException $e) {
         // No ACL found... assume default
         $roles = array('IS_AUTHENTICATED_ANONYMOUSLY');
     }
     return $roles;
 }
Beispiel #8
0
 public function testNegativeVoteWithMultipleAttributes()
 {
     $this->aclProvider->findAcl(Argument::any())->willThrow(AclNotFoundException::class);
     $access = $this->voter->vote($this->token->reveal(), new SecurityCondition('sulu.security.roles', null), ['view', 'security']);
     $this->assertSame(VoterInterface::ACCESS_DENIED, $access);
 }