/**
* @param Permission $role
*/
public function addPermission(Permission $role)
{
$role->addGroup($this);
if (!$this->permissions->contains($role)) {
$this->permissions->add($role);
}
}
/**
* @return array
*/
public function getConfig()
{
return array('entity' => Permission::clazz(), 'security' => array('role' => ModeraBackendSecurityBundle::ROLE_ACCESS_BACKEND_TOOLS_SECURITY_SECTION, 'actions' => array('create' => ModeraBackendSecurityBundle::ROLE_MANAGE_PERMISSIONS, 'remove' => ModeraBackendSecurityBundle::ROLE_MANAGE_PERMISSIONS, 'update' => ModeraBackendSecurityBundle::ROLE_MANAGE_PERMISSIONS)), 'hydration' => array('groups' => array('list' => function (Permission $permission) {
$groups = array();
foreach ($permission->getGroups() as $group) {
$groups[] = $group->getId();
}
return array('id' => $permission->getId(), 'name' => $permission->getName(), 'category' => $permission->getCategory()->getName(), 'groups' => $groups);
}), 'profiles' => array('list')));
}
public function testGetByRole()
{
$user1 = new User();
$user2 = new User();
$user3 = new User();
$user1->setUsername('user1');
$user1->setPassword('pwd1');
$user1->setEmail('*****@*****.**');
$user2->setUsername('user2');
$user2->setPassword('pwd2');
$user2->setEmail('*****@*****.**');
$user3->setUsername('user3');
$user3->setPassword('pwd3');
$user3->setEmail('*****@*****.**');
$permission1 = new Permission();
$permission2 = new Permission();
$permission1->setRoleName('ROLE_USER');
$permission1->addUser($user1);
$permission2->setRoleName('ROLE_ADMIN');
$permission2->addUser($user2);
$group1 = new Group();
$group2 = new Group();
$group1->setName('User');
$group1->addPermission($permission1);
$group1->addUser($user3);
$group2->setName('Admin');
$group2->addPermission($permission2);
$group2->addUser($user3);
self::$em->persist($user1);
self::$em->persist($user2);
self::$em->persist($user3);
self::$em->persist($permission1);
self::$em->persist($permission2);
self::$em->persist($group1);
self::$em->persist($group2);
self::$em->flush();
$rootUserHandler = \Phake::mock('Modera\\SecurityBundle\\RootUserHandling\\RootUserHandlerInterface');
$service = new UserService(self::$em, $rootUserHandler);
$this->assertEquals(array($user1, $user3), $service->getUsersByRole('ROLE_USER'));
$this->assertEquals(array($user2, $user3), $service->getUsersByRole('ROLE_ADMIN'));
$this->assertEquals(array($user1->getId(), $user3->getId()), $service->getIdsByRole('ROLE_USER'));
$this->assertEquals(array($user2->getId(), $user3->getId()), $service->getIdsByRole('ROLE_ADMIN'));
}
/**
* @return array
*/
public function installPermissions()
{
$permissionInstalled = 0;
$permissions = $this->permissionsProvider->getItems();
foreach ($permissions as $permission) {
/* @var \Modera\SecurityBundle\Model\PermissionInterface $permission */
$entityPermission = $this->em->getRepository(Permission::clazz())->findOneBy(array('roleName' => $permission->getRole()));
if (!$entityPermission) {
$entityPermission = new Permission();
$entityPermission->setRoleName($permission->getRole());
$this->em->persist($entityPermission);
++$permissionInstalled;
}
$entityPermission->setDescription($permission->getDescription());
$entityPermission->setName($permission->getName());
$category = $this->em->getRepository(PermissionCategory::clazz())->findOneBy(array('technicalName' => $permission->getCategory()));
if ($category) {
$entityPermission->setCategory($category);
}
}
$this->em->flush();
return array('installed' => $permissionInstalled, 'removed' => 0);
}
public function testGetRolesWithAsterisk()
{
$em = \Phake::mock('Doctrine\\ORM\\EntityManager');
$container = \Phake::mock('Symfony\\Component\\DependencyInjection\\ContainerInterface');
$bundleConfig = array('root_user' => array('roles' => '*'));
$databaseRoles = array(array('roleName' => 'FOO_ROLE'), array('roleName' => 'BAR_ROLE'));
\Phake::when($container)->get('doctrine.orm.entity_manager')->thenReturn($em);
\Phake::when($container)->getParameter(ModeraSecurityExtension::CONFIG_KEY)->thenReturn($bundleConfig);
$query = \Phake::mock('Doctrine\\ORM\\AbstractQuery');
\Phake::when($em)->createQuery(sprintf('SELECT e.roleName FROM %s e', Permission::clazz()))->thenReturn($query);
\Phake::when($query)->getResult(Query::HYDRATE_SCALAR)->thenReturn($databaseRoles);
$handler = new SemanticConfigRootUserHandler($container);
$this->assertSame(array('FOO_ROLE', 'BAR_ROLE'), $handler->getRoles());
}
public function testGetRawRoles()
{
$user = new User();
$this->assertEquals(0, count($user->getRawRoles()));
// ---
$groupPermission = \Phake::mock(Permission::clazz());
$userPermission = \Phake::mock(Permission::clazz());
$group = \Phake::mock(Group::clazz());
\Phake::when($group)->getPermissions()->thenReturn([$groupPermission]);
$user->addPermission($userPermission);
$user->setGroups([$group]);
$userRoles = $user->getRawRoles();
$this->assertEquals(2, count($userRoles));
$this->assertSame($groupPermission, $userRoles[0]);
$this->assertSame($userPermission, $userRoles[1]);
}
/**
* {@inheritdoc}
*/
public function getRoles()
{
$roles = $this->config['roles'];
if (is_string($roles) && '*' == $roles) {
$query = sprintf('SELECT e.roleName FROM %s e', Permission::clazz());
$query = $this->em->createQuery($query);
$roleNames = array();
foreach ($query->getResult(Query::HYDRATE_SCALAR) as $roleName) {
$roleNames[] = $roleName['roleName'];
}
return $roleNames;
} elseif (is_array($roles)) {
return $roles;
} else {
throw new \RuntimeException('Neither "*" nor array is used to define root user roles!');
}
}
public function testInstallPermission()
{
$category = new PermissionCategoryEntity();
$category->setName('Foo category');
$category->setTechnicalName('foo_category');
self::$em->persist($category);
self::$em->flush();
$permission = new Permission('foo name', 'FOO_ROLE', $category->getTechnicalName(), 'foo description');
$pp = $this->permissionsProvider;
$pp->expects($this->atLeastOnce())->method('getItems')->will($this->returnValue(array($permission)));
$result = $this->installer->installPermissions();
$this->assertValidResultStructure($result);
$this->assertEquals(1, $result['installed']);
$this->assertEquals(0, $result['removed']);
/* @var PermissionEntity $installedPermission */
$installedPermission = $this->getLastRecordInDatabase(PermissionEntity::clazz());
$this->assertNotNull($installedPermission);
$this->assertEquals($permission->getName(), $installedPermission->getName());
$this->assertEquals($permission->getDescription(), $installedPermission->getDescription());
$this->assertEquals($permission->getRole(), $installedPermission->getRole());
$this->assertNotNull($installedPermission->getCategory());
$this->assertEquals($category->getId(), $installedPermission->getCategory()->getId());
// ---
$result = $this->installer->installPermissions();
$this->assertValidResultStructure($result);
$this->assertEquals(0, $result['installed']);
$this->assertEquals(0, $result['removed']);
}
/**
* @param $roleName
*
* @return array
*/
public function getIdsByRole($roleName)
{
$ids = array();
$qb = $this->em->createQueryBuilder();
$qb->select('p, u, g')->from(Permission::clazz(), 'p')->leftJoin('p.users', 'u')->leftJoin('p.groups', 'g')->where($qb->expr()->eq('p.roleName', ':roleName'))->setParameter('roleName', $roleName);
$query = $qb->getQuery();
$permission = $query->getOneOrNullResult($query::HYDRATE_ARRAY);
if ($permission) {
foreach ($permission['users'] as $u) {
$ids[] = $u['id'];
}
$groupIds = array();
foreach ($permission['groups'] as $g) {
$groupIds[] = $g['id'];
}
if (count($groupIds)) {
$qb = $this->em->createQueryBuilder();
$qb->select('g, u')->from(Group::clazz(), 'g')->leftJoin('g.users', 'u')->where($qb->expr()->in('g.id', $groupIds));
$groups = $qb->getQuery()->getArrayResult();
foreach ($groups as $g) {
foreach ($g['users'] as $u) {
$ids[] = $u['id'];
}
}
}
}
return array_keys(array_flip($ids));
}
/**
* @return array
*/
private static function getTablesClasses()
{
return array(Permission::clazz(), PermissionCategory::clazz(), User::clazz(), Group::clazz(), Activity::clazz());
}
/**
* @param Permission $role
*/
public function addPermission(Permission $role)
{
$role->addUser($this);
if (!$this->permissions->contains($role)) {
$this->permissions[] = $role;
}
}
