Ejemplo n.º 1
0
 /**
  * Add ACL check to API get list query criteria
  *
  * @param GetListBefore $event
  */
 public function onGetListBefore(GetListBefore $event)
 {
     $acl = $this->securityFacade->getRequestAcl($this->request, true);
     if ($acl && $event->getClassName() === $acl->getClass()) {
         $event->setCriteria($this->aclHelper->applyAclToCriteria($event->getClassName(), $event->getCriteria(), $acl->getPermission()));
     }
 }
Ejemplo n.º 2
0
 /**
  * Stores the object in the request.
  *
  * @param Request                $request
  * @param ConfigurationInterface $configuration
  * @return bool
  * @throws AccessDeniedException When User doesn't have permission to the object
  */
 public function apply(Request $request, ConfigurationInterface $configuration)
 {
     $request->attributes->set('_oro_access_checked', false);
     $isSet = parent::apply($request, $configuration);
     if ($this->securityFacade && $isSet) {
         $object = $request->attributes->get($configuration->getName());
         if ($object) {
             $granted = $this->securityFacade->isRequestObjectIsGranted($request, $object);
             if ($granted === -1) {
                 $acl = $this->securityFacade->getRequestAcl($request);
                 throw new AccessDeniedException('You do not get ' . $acl->getPermission() . ' permission for this object');
             } elseif ($granted === 1) {
                 $request->attributes->set('_oro_access_checked', true);
             }
         }
     }
     return $isSet;
 }
Ejemplo n.º 3
0
 public function testGeWrongRequestAcl()
 {
     $request = new Request();
     $request->attributes->add(['_controller' => 'wrong controller']);
     $this->annotationProvider->expects($this->never())->method('findAnnotation');
     $this->classResolver->expects($this->never())->method('isEntity');
     $this->classResolver->expects($this->never())->method('getEntityClass');
     $this->assertNull($this->facade->getRequestAcl($request, true));
 }