/** * Stores the object in the request. * * @param Request $request * @param ConfigurationInterface $configuration * @return bool * @throws AccessDeniedException When User doesn't have permission to the object */ public function apply(Request $request, ConfigurationInterface $configuration) { $request->attributes->set('_oro_access_checked', false); $isSet = parent::apply($request, $configuration); if ($this->securityFacade && $isSet) { $object = $request->attributes->get($configuration->getName()); if ($object) { $granted = $this->securityFacade->isRequestObjectIsGranted($request, $object); if ($granted === -1) { $acl = $this->securityFacade->getRequestAcl($request); throw new AccessDeniedException('You do not get ' . $acl->getPermission() . ' permission for this object'); } elseif ($granted === 1) { $request->attributes->set('_oro_access_checked', true); } } } return $isSet; }
/** * @dataProvider isRequestObjectIsGrantedProvider */ public function testIsRequestObjectIsGranted($requestController, $isGrant, $result) { $object = new \stdClass(); $request = new Request(); $request->attributes->add(['_controller' => $requestController]); $acl = new Acl(['id' => 1, 'class' => 'OroTestBundle:Test', 'type' => 'entity', 'permission' => 'TEST_PERMISSION']); $this->annotationProvider->expects($this->any())->method('findAnnotation')->will($this->returnValue($acl)); $this->classResolver->expects($this->any())->method('isEntity')->with('OroTestBundle:Test')->will($this->returnValue(true)); $this->classResolver->expects($this->any())->method('getEntityClass')->with('OroTestBundle:Test')->will($this->returnValue('\\stdClass')); $this->securityContext->expects($this->any())->method('isGranted')->with($this->equalTo('TEST_PERMISSION'), $this->identicalTo($object))->will($this->returnValue($isGrant)); $this->assertEquals($result, $this->facade->isRequestObjectIsGranted($request, $object)); }
/** * @param $object * @throws AccessDeniedException */ protected function checkObjectAccess($object) { if (is_object($object) && $this->securityFacade->isRequestObjectIsGranted($this->request, $object) === -1) { throw new AccessDeniedException(); } }