/** * @param string $function * @param array $arguments * * @return mixed */ private function collectManagement($function, $arguments) { $this->stopwatch->start('acl.managements'); $result = call_user_func_array([$this->aclManager, $function], $arguments); $periods = $this->stopwatch->stop('acl.managements')->getPeriods(); $oidType = 'Class' === substr($function, -5) ? AclIdentifierInterface::OID_TYPE_CLASS : AclIdentifierInterface::OID_TYPE_OBJECT; if ('delete' === substr($function, 0, 6)) { $permissions = null; $oid = $this->aclIdentifier->getObjectIdentity($oidType, $arguments[0]); $sid = null; $field = null; } else { $permissions = $arguments[0]; $oid = $this->aclIdentifier->getObjectIdentity($oidType, $arguments[1]); $sid = false !== strpos($function, 'Role') ? $this->aclIdentifier->getRoleSecurityIdentity($arguments[2]) : $this->aclIdentifier->getUserSecurityIdentity(isset($arguments[2]) ? $arguments[2] : null); $field = isset($arguments[3]) ? $arguments[3] : null; } $this->managements[] = ['method' => $function, 'permissions' => (array) $permissions, 'oid' => $oid, 'sid' => $sid, 'field' => $field, 'time' => end($periods)->getDuration()]; return $result; }
/** * @param string $function * @param array $arguments * * @return mixed */ private function collectCheck($function, array $arguments) { $this->stopwatch->start('acl.checks'); $result = call_user_func_array([$this->aclChecker, $function], $arguments); $periods = $this->stopwatch->stop('acl.checks')->getPeriods(); $oidType = 'Class' === substr($function, -5) ? AclIdentifierInterface::OID_TYPE_CLASS : AclIdentifierInterface::OID_TYPE_OBJECT; if ('is' === substr($function, 0, 2)) { $attributes = $arguments[0]; $field = isset($arguments[2]) ? $arguments[2] : null; $oid = $this->getObjectToSecure->invoke($this->aclChecker, $oidType, $arguments[1], $field); $sid = $this->aclIdentifier->getUserSecurityIdentity(); } else { $sid = 'role' === substr($function, 0, 4) ? $this->aclIdentifier->getRoleSecurityIdentity($arguments[0]) : $this->aclIdentifier->getUserSecurityIdentity($arguments[0]); $attributes = $arguments[1]; $field = isset($arguments[3]) ? $arguments[3] : null; $oid = $this->getObjectToSecure->invoke($this->aclChecker, $oidType, $arguments[2], $field); } $isFieldVote = $oid instanceof FieldVote; $this->checks[] = ['method' => $function, 'result' => $result, 'attributes' => (array) $attributes, 'oid' => $isFieldVote ? $oid->getDomainObject() : $oid, 'sid' => $sid, 'field' => $isFieldVote ? $oid->getField() : null, 'time' => end($periods)->getDuration()]; return $result; }
/** * {@inheritdoc} */ public function revokeRoleOnObject($permissions, $object, $role, $field = null) { $this->revoke($this->aclIdentifier->getObjectIdentity(AclIdentifierInterface::OID_TYPE_OBJECT, $object), $this->aclIdentifier->getRoleSecurityIdentity($role), $permissions, AclIdentifierInterface::OID_TYPE_OBJECT, $field); }