/**
* Updates or creates ACE with the given attributes for the given ACL
*
* @param ACL $acl
* @param AclExtensionInterface $extension
* @param bool $replace If true the mask and strategy of the existing ACE should be replaced with the given ones
* @param string $type The ACE type. Can be one of AclManager::*_ACE constants
* @param string|null $field The name of a field.
* Set to null for class-based or object-based ACE
* Set to not null class-field-based or object-field-based ACE
* @param SID $sid
* @param bool $granting
* @param int $mask
* @param string|null $strategy If null the strategy should not be changed for existing ACE
* or the appropriate strategy should be selected automatically for new ACE
* ALL strategy is used for $granting = true
* ANY strategy is used for $granting = false
* @return bool True if a permission was updated or created
*/
public function setPermission(ACL $acl, AclExtensionInterface $extension, $replace, $type, $field, SID $sid, $granting, $mask, $strategy = null)
{
$hasChanges = false;
$found = false;
$maskServiceBits = $extension->getServiceBits($mask);
$aces = $this->getAces($acl, $type, $field);
foreach ($aces as $index => $ace) {
if ($sid->equals($ace->getSecurityIdentity()) && $granting === $ace->isGranting()) {
if ($mask === $ace->getMask() && ($strategy === null || $strategy === $ace->getStrategy())) {
$found = true;
} elseif ($replace && $maskServiceBits === $extension->getServiceBits($ace->getMask())) {
$this->updateAce($acl, $type, $field, $index, $mask, $strategy);
$found = true;
$hasChanges = true;
}
}
}
if (!$found) {
$this->insertAce($acl, $type, $field, 0, $sid, $granting, $mask, $strategy);
$hasChanges = true;
}
return $hasChanges;
}
/**
* Gets a list of masks from permissions given in $permissions argument
*
* @param ArrayCollection|AclPermission[] $permissions
* @param AclExtensionInterface $extension
* @param MaskBuilder[] $maskBuilders
* @return int[]
*/
protected function getPermissionMasks($permissions, AclExtensionInterface $extension, array $maskBuilders)
{
$masks = array();
foreach ($maskBuilders as $maskBuilder) {
$maskBuilder->reset();
}
foreach ($permissions as $permission) {
$maskBuilder = $maskBuilders[$permission->getName()];
$accessLevelName = AccessLevel::getAccessLevelName($permission->getAccessLevel());
if ($accessLevelName !== null) {
$maskName = 'MASK_' . $permission->getName() . '_' . $accessLevelName;
// check if a mask builder supports access levels
if (!$maskBuilder->hasConst($maskName)) {
// remove access level name from the mask name if a mask builder do not support access levels
$maskName = 'MASK_' . $permission->getName();
}
$maskBuilder->add($maskBuilder->getConst($maskName));
}
$masks[$extension->getServiceBits($maskBuilder->get())] = $maskBuilder->get();
}
return array_values($masks);
}
