/**
* Constructs an underlying ObjectIdentity for given ObjectIdentity
* Underlying is class level ObjectIdentity for given object level ObjectIdentity.
*
* @param ObjectIdentity $oid
* @return ObjectIdentity
* @throws InvalidAclException
*/
public function underlying(ObjectIdentity $oid)
{
if ($oid->getIdentifier() === self::ROOT_IDENTITY_TYPE || $oid->getIdentifier() === ($extensionKey = $this->extensionSelector->select($oid)->getExtensionKey())) {
throw new InvalidAclException(sprintf('Cannot get underlying ACL for %s', $oid));
}
return new ObjectIdentity($extensionKey, $oid->getType());
}
public function createTskAcl(Contact $contact)
{
$aclProvider = $this->getContainer()->get('security.acl.provider');
$objectIdentity = ObjectIdentity::fromDomainObject($contact);
$orgIdentity = 'ROLE_ORG_' . $contact->getOrganization()->getId();
$orgSecurityIdentity = new RoleSecurityIdentity($orgIdentity);
$builder = new MaskBuilder();
$builder->add('VIEW');
$builder->add('EDIT');
$builder->add('CREATE');
$builder->add('MASTER');
try {
try {
$acl = $aclProvider->createAcl($objectIdentity);
$acl->insertObjectAce($orgSecurityIdentity, $builder->get());
foreach ($contact->getSchools() as $school) {
$schoolIdentity = 'ROLE_SCHOOL_' . $school->getId();
$schoolSecurityIdentity = new RoleSecurityIdentity($schoolIdentity);
$acl->insertObjectAce($schoolSecurityIdentity, $builder->get());
}
$aclProvider->updateAcl($acl);
} catch (AclAlreadyExistsException $e) {
// keep going ...
}
} catch (AclException $e) {
throw $e;
}
}
/**
* This method is here to make your life better, so overwrite it
*
* @param \Symfony\Component\Form\Form $form the valid form
* @param \Taskeet\MainBundle\Entity\Event $Ticket your \Taskeet\MainBundle\Entity\Event object
*/
public function postSave(\Symfony\Component\Form\Form $form, \Taskeet\MainBundle\Entity\Event $Event)
{
$proveedor = $this->container->get('security.acl.provider');
$idObjeto = ObjectIdentity::fromDomainObject($Event);
//poniendo al usuario logueado como owner
$this->setPermissions($proveedor, $idObjeto, $this->getUser(), MaskBuilder::MASK_OWNER);
if ($data = $form->get('repeat')->getData()) {
$start = clone $form->get('startDate')->getData();
$end = clone $form->get('dueDate')->getData();
$ocurrences = $form->get('ocurrences')->getData();
$interval = new DateInterval($form->get('repeat')->getData());
$periodo = new \DatePeriod($start, $interval, $ocurrences, \DatePeriod::EXCLUDE_START_DATE);
foreach ($periodo as $key => $fecha) {
$event = clone $Event;
$event->setStartDate($fecha);
$event->setDueDate($end->add($interval));
$event->setTitle(sprintf('%s-%s', $Event->getTitle(), $key));
// $event->setSlug(sprintf('%s-%s', $Event->getSlug(), $key));
$this->preSave($form, $event);
$this->saveObject($event);
$idObjeto = ObjectIdentity::fromDomainObject($event);
$this->setPermissions($proveedor, $idObjeto, $this->getUser(), MaskBuilder::MASK_OWNER);
}
}
}
/**
* Gets the form
*
* @param \Sonata\AdminBundle\Util\AdminObjectAclData $data
* @return \Symfony\Component\Form\Form
*/
public function createForm(AdminObjectAclData $data)
{
// Retrieve object identity
$objectIdentity = ObjectIdentity::fromDomainObject($data->getObject());
$acl = $data->getSecurityHandler()->getObjectAcl($objectIdentity);
if (!$acl) {
$acl = $data->getSecurityHandler()->createAcl($objectIdentity);
}
$data->setAcl($acl);
$masks = $data->getMasks();
// Create a form to set ACL
$formBuilder = $this->formFactory->createBuilder('form');
foreach ($data->getAclUsers() as $aclUser) {
$securityIdentity = UserSecurityIdentity::fromAccount($aclUser);
foreach ($data->getUserPermissions() as $permission) {
try {
$checked = $acl->isGranted(array($masks[$permission]), array($securityIdentity));
} catch (NoAceFoundException $e) {
$checked = false;
}
$formBuilder->add($aclUser->getId() . $permission, 'checkbox', array('required' => false, 'data' => $checked));
}
}
$form = $formBuilder->getForm();
$data->setForm($form);
return $form;
}
/**
* Creates a new Url entity.
*
*/
public function createAction(Request $request)
{
$entity = new Url();
$form = $this->createCreateForm($entity);
$form->handleRequest($request);
// sets the author field to session username
$entity->setAuthor($this->get('security.token_storage')->getToken()->getUser());
if ($form->isValid()) {
$em = $this->getDoctrine()->getManager();
$em->persist($entity);
$em->flush();
//check logged in user for acl creation
if ($this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
// creating the ACL
$aclProvider = $this->get('security.acl.provider');
$objectIdentity = ObjectIdentity::fromDomainObject($entity);
$acl = $aclProvider->createAcl($objectIdentity);
// retrieving the security identity of the currently logged-in user
$tokenStorage = $this->get('security.token_storage');
$user = $tokenStorage->getToken()->getUser();
$securityIdentity = UserSecurityIdentity::fromAccount($user);
// grant owner access
$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
$aclProvider->updateAcl($acl);
}
return $this->redirect($this->generateUrl('url_show', array('id' => $entity->getId())));
}
return $this->render('SurlUrlBundle:Url:new.html.twig', array('entity' => $entity, 'form' => $form->createView()));
}
protected function setUp()
{
$this->initAutoload();
$bbapp = $this->getBBApp();
$this->initDb($bbapp);
$this->getBBApp()->setIsStarted(true);
$this->initAcl();
$this->site = new Site();
$this->site->setLabel('Test Site')->setServerName('test_server');
$this->groupEditor = new Group();
$this->groupEditor->setName('groupName');
$this->groupEditor->setSite($this->site);
$bbapp->getEntityManager()->persist($this->site);
$bbapp->getEntityManager()->persist($this->groupEditor);
$bbapp->getEntityManager()->flush();
// setup ACE for site
$aclProvider = $this->getSecurityContext()->getACLProvider();
$objectIdentity = ObjectIdentity::fromDomainObject($this->site);
$acl = $aclProvider->createAcl($objectIdentity);
// retrieving the security identity of the currently logged-in user
$securityIdentity = new UserSecurityIdentity($this->groupEditor->getName(), 'BackBee\\Security\\Group');
// grant owner access
$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_EDIT);
$aclProvider->updateAcl($acl);
// authenticate user , set up permissions
$token = $this->createAuthUser('api_user', array('ROLE_API_USER'));
}
/**
* Muestra el formulario para crear una nueva oferta y se encarga del
* procesamiento de la información recibida y la creación de las nuevas
* entidades de tipo Oferta
*/
public function ofertaNuevaAction()
{
$peticion = $this->getRequest();
$oferta = new Oferta();
$formulario = $this->createForm(new OfertaType(), $oferta);
if ($peticion->getMethod() == 'POST') {
$formulario->bindRequest($peticion);
if ($formulario->isValid()) {
// Completar las propiedades de la oferta que una tienda no puede establecer
$tienda = $this->get('security.context')->getToken()->getUser();
$oferta->setCompras(0);
$oferta->setRevisada(false);
$oferta->setTienda($tienda);
$oferta->setCiudad($tienda->getCiudad());
// Copiar la foto subida y guardar la ruta
$oferta->subirFoto($this->container->getParameter('cupon.directorio.imagenes'));
$em = $this->getDoctrine()->getEntityManager();
$em->persist($oferta);
$em->flush();
// Asignar el permiso necesario para que la tienda pueda modificar esta oferta
$idObjeto = ObjectIdentity::fromDomainObject($oferta);
$idUsuario = UserSecurityIdentity::fromAccount($tienda);
$acl = $this->get('security.acl.provider')->createAcl($idObjeto);
$acl->insertObjectAce($idUsuario, MaskBuilder::MASK_OPERATOR);
$this->get('security.acl.provider')->updateAcl($acl);
return $this->redirect($this->generateUrl('extranet_portada'));
}
}
return $this->render('TiendaBundle:Extranet:formulario.html.twig', array('accion' => 'crear', 'formulario' => $formulario->createView()));
}
/**
* @Route("/create", name="freedom_objective_dashboard_create", options={"expose"=true})
* @Template()
*/
public function createAction()
{
$objective = new Objective();
$form = $this->createForm(new ObjectiveCreateType(), $objective);
$request = $this->get('request');
if ($request->getMethod() == 'POST') {
$form->handleRequest($request);
if ($form->isValid()) {
$objective->setUser($this->getUser());
$objective->setNbsteps(count($objective->getSteps()));
foreach ($objective->getSteps() as $key => $value) {
$value->setObjective($objective);
$objective->addStep($value);
}
$em = $this->getDoctrine()->getManager();
$em->persist($objective);
$em->flush();
//ACL
$aclProvider = $this->get('security.acl.provider');
$objectIdentity = ObjectIdentity::fromDomainObject($objective);
$acl = $aclProvider->createAcl($objectIdentity);
$securityContext = $this->get('security.context');
$user = $securityContext->getToken()->getUser();
$securityIdentity = UserSecurityIdentity::fromAccount($user);
$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
$aclProvider->updateAcl($acl);
return $this->redirect($this->generateUrl('freedom_objective_dashboard_details', array('id' => $objective->getId())));
}
}
return array('form' => $form->createView());
}
/**
* This method is here to make your life better, so overwrite it
*
* @param \Symfony\Component\Form\Form $form the valid form
* @param \Taskeet\MainBundle\Entity\Ticket $Ticket your \Taskeet\MainBundle\Entity\Ticket object
*/
public function postSave(\Symfony\Component\Form\Form $form, \Taskeet\MainBundle\Entity\Ticket $Ticket)
{
$proveedor = $this->container->get('security.acl.provider');
$idObjeto = ObjectIdentity::fromDomainObject($Ticket);
//poniendo al usuario logueado como owner
$this->setPermissions($proveedor, $idObjeto, $this->getUser(), MaskBuilder::MASK_OWNER);
//si la tarea tiene asignado un empleado se le asigna el perm operator
if ($assignedTo = $Ticket->getAssignedTo()) {
$this->setPermissions($proveedor, $idObjeto, $assignedTo, MaskBuilder::MASK_EDIT);
}
if ($data = $form->get('repeat')->getData()) {
$start = clone $form->get('startDate')->getData();
$end = clone $form->get('dueDate')->getData();
$ocurrences = $form->get('ocurrences')->getData();
$interval = new DateInterval($form->get('repeat')->getData());
$periodo = new \DatePeriod($start, $interval, $ocurrences, \DatePeriod::EXCLUDE_START_DATE);
$em = $this->getDoctrine()->getManager();
foreach ($periodo as $key => $fecha) {
$ticket = clone $Ticket;
$ticket->setStartDate($fecha);
$ticket->setDueDate($end->add($interval));
$ticket->setTitle(sprintf('%s-%s', $Ticket->getTitle(), $key));
$ticket->setSlug(sprintf('%s-%s', $Ticket->getSlug(), $key));
$this->saveObject($ticket);
$idObjeto = ObjectIdentity::fromDomainObject($ticket);
$this->setPermissions($proveedor, $idObjeto, $this->getUser(), MaskBuilder::MASK_OWNER);
$this->setPermissions($proveedor, $idObjeto, $ticket->getAssignedTo(), MaskBuilder::MASK_EDIT);
}
}
}
/**
* {@inheritDoc}
*/
public function load(ObjectManager $manager)
{
$stepOrg = new Organization();
$stepOrg->setName('Step Inventory');
$manager->persist($stepOrg);
$demoOrg = new Organization();
$demoOrg->setName('Acme Inc.');
$manager->persist($demoOrg);
$manager->flush();
$this->addReference('stepOrg', $stepOrg);
$this->addReference('demoOrg', $demoOrg);
$aclProvider = $this->container->get('security.acl.provider');
$devRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_DEV');
$adminRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_ADMIN');
$leadRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_LEAD');
$userRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_USER');
$objectIdentity = ObjectIdentity::fromDomainObject($stepOrg);
$acl = $aclProvider->createAcl($objectIdentity);
$acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW);
$acl->insertObjectAce($devRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR);
$aclProvider->updateAcl($acl);
$objectIdentity = ObjectIdentity::fromDomainObject($demoOrg);
$acl = $aclProvider->createAcl($objectIdentity);
$acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW);
$acl->insertObjectAce($adminRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR);
$aclProvider->updateAcl($acl);
}
/**
* New category page
* @return \Symfony\Component\HttpFoundation\Response
*/
public function newAction(Request $request)
{
$category = new Category();
$user = $this->getUser();
$category->setJeweler($user);
//j'associe mon jeweler 1 à mon produit
// je crée un formulaire de produit
$form = $this->createForm(new CategoryType($user), $category, array('validation_groups' => 'new', 'attr' => array('method' => 'post', 'novalidate' => 'novalidate', 'action' => $this->generateUrl('store_backend_category_new'))));
$form->handleRequest($request);
if ($form->isValid()) {
$em = $this->getDoctrine()->getManager();
//je récupère le manager de Doctrine
// j'upload mon fichier en faisant appel a la methode upload()
$category->upload();
$em->persist($category);
//j'enregistre mon objet product dans doctrine
$em->flush();
//j'envoie ma requete d'insert à ma table product
// création de l'ACL
$aclProvider = $this->get('security.acl.provider');
$objectIdentity = ObjectIdentity::fromDomainObject($category);
$acl = $aclProvider->createAcl($objectIdentity);
// retrouve l'identifiant de sécurité de l'utilisateur actuellement connecté
$tokenStorage = $this->get('security.token_storage');
$user = $tokenStorage->getToken()->getUser();
$securityIdentity = UserSecurityIdentity::fromAccount($user);
// donne accès au propriétaire
$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
$aclProvider->updateAcl($acl);
$this->get('session')->getFlashBag()->add('success', 'Votre catégorie a bien été crée');
return $this->redirectToRoute('store_backend_category_list');
//redirection selon la route
}
return $this->render('StoreBackendBundle:Category:new.html.twig', array('form' => $form->createView()));
}
/**
* {@inheritDoc}
*/
public function load(ObjectManager $manager)
{
$tidLabel = new Label();
$tidLabel->setName('TravelerId Label');
$tidLabel->setDescription('ZPL TID Label');
$tidLabel->setTemplate('
^XA
^FO50,50^BY3
^BCN,100,Y,N,N
^FD{{tid}}
^XZ
');
$manager->persist($tidLabel);
$manager->flush();
//$this->addReference('dfwOffice', $dfwOffice);
$aclProvider = $this->container->get('security.acl.provider');
$devRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_DEV');
$adminRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_ADMIN');
$leadRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_LEAD');
$userRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_USER');
$objectIdentity = ObjectIdentity::fromDomainObject($tidLabel);
$acl = $aclProvider->createAcl($objectIdentity);
$acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW);
$acl->insertObjectAce($adminRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR);
$aclProvider->updateAcl($acl);
}
/**
* Actualiza la acl del objeto en cuestión.
*
* @param $object
* @param array $applyTo
* @throws \Symfony\Component\Security\Acl\Exception\InvalidDomainObjectException
*/
public function updateAcl($object, $applyTo = array())
{
$objectIdentity = ObjectIdentity::fromDomainObject($object);
$aclProviderCallable = $this->aclProviderCallable;
$aclProviderCallable($objectIdentity, 'delete');
$acl = $aclProviderCallable($objectIdentity, 'create');
$this->applyAcl($acl, $applyTo);
}
/**
* {@inheritDoc}
*/
public function getObjectIdentity($domainObject)
{
try {
return ObjectIdentity::fromDomainObject($domainObject);
} catch (InvalidDomainObjectException $failed) {
return null;
}
}
public function testFromDomainObjectWithoutInterfaceAllowsZeroAsIdentifier()
{
$domainObject = new TestDomainObject();
$domainObject->id = '0';
$id = ObjectIdentity::fromDomainObject($domainObject);
$this->assertSame('0', $id->getIdentifier());
$this->assertEquals('Symfony\\Component\\Security\\Acl\\Tests\\Domain\\TestDomainObject', $id->getType());
}
public function test_vote_objectScope()
{
$aclManager = $this->getBBApp()->getContainer()->get('security.acl_manager');
$aclManager->insertOrUpdateClassAce(ObjectIdentity::fromDomainObject($this->user), new UserSecurityIdentity($this->group->getObjectIdentifier(), get_class($this->group)), MaskBuilder::MASK_EDIT);
$this->assertEquals(BBAclVoter::ACCESS_GRANTED, $this->aclVoter->vote($this->token, $this->user, ['EDIT']));
$this->assertEquals(BBAclVoter::ACCESS_DENIED, $this->aclVoter->vote($this->token, new ObjectIdentity('all', get_class($this->user)), ['EDIT']));
$this->assertEquals(BBAclVoter::ACCESS_DENIED, $this->aclVoter->vote($this->token, new ObjectIdentity(23545866754, get_class($this->user)), ['EDIT']));
}
/**
* This method is here to make your life better, so overwrite it
*
* @param \Symfony\Component\Form\Form $form the valid form
* @param \Taskeet\MainBundle\Entity\Ticket $Ticket your \Taskeet\MainBundle\Entity\Ticket object
*/
public function postSave(\Symfony\Component\Form\Form $form, \Taskeet\MainBundle\Entity\Ticket $Ticket)
{
$proveedor = $this->container->get('security.acl.provider');
$idObjeto = ObjectIdentity::fromDomainObject($Ticket);
//si la tarea tiene asignado un empleado se le asigna el perm operator
if ($assignedTo = $Ticket->getAssignedTo()) {
$this->setPermissions($proveedor, $idObjeto, $assignedTo, MaskBuilder::MASK_EDIT);
}
}
/**
* Creates the ACE for a user.
*
* @param UserInterface $user
*/
public function createUserAce(UserInterface $user)
{
if (!$this->aclProvider) {
return;
}
$oid = ObjectIdentity::fromDomainObject($user);
$acl = $this->aclProvider->createAcl($oid);
$acl->insertObjectAce(UserSecurityIdentity::fromAccount($user), MaskBuilder::MASK_OWNER);
$this->aclProvider->updateAcl($acl);
}
/**
* This method is here to make your life better, so overwrite it
*
* @param \Symfony\Component\Form\Form $form the valid form
* @param \Taskeet\MainBundle\Entity\Project $Project your \Taskeet\MainBundle\Entity\Project object
*/
public function postSave(\Symfony\Component\Form\Form $form, \Taskeet\MainBundle\Entity\Project $Project)
{
$proveedor = $this->container->get('security.acl.provider');
$idObjeto = ObjectIdentity::fromDomainObject($Project);
//asignando permisos para ver a los miembros
$users = $Project->getMembers();
foreach ($users as $user) {
$this->setPermissions($proveedor, $idObjeto, $user, MaskBuilder::MASK_VIEW);
}
}
/**
* {@inheritDoc}
*/
public function load(ObjectManager $manager)
{
$userRole = new Role();
$userRole->setName('User');
$userRole->setRole('ROLE_USER');
$userRole->setIsAllowedToSwitch(false);
$manager->persist($userRole);
$leadRole = new Role();
$leadRole->setName('Lead');
$leadRole->setRole('ROLE_LEAD');
$leadRole->setIsAllowedToSwitch(false);
$leadRole->addRoleToHierarchy($userRole);
$manager->persist($leadRole);
$adminRole = new Role();
$adminRole->setName('Admin');
$adminRole->setRole('ROLE_ADMIN');
$adminRole->setIsAllowedToSwitch(false);
$adminRole->addRoleToHierarchy($leadRole);
$manager->persist($adminRole);
$devRole = new Role();
$devRole->setName('Dev');
$devRole->setRole('ROLE_DEV');
$devRole->setIsAllowedToSwitch(true);
$devRole->addRoleToHierarchy($adminRole);
$manager->persist($devRole);
$manager->flush();
$this->addReference('ROLE_USER', $userRole);
$this->addReference('ROLE_LEAD', $leadRole);
$this->addReference('ROLE_ADMIN', $adminRole);
$this->addReference('ROLE_DEV', $devRole);
$aclProvider = $this->container->get('security.acl.provider');
$devRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_DEV');
$adminRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_ADMIN');
$leadRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_LEAD');
$userRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_USER');
$objectIdentity = ObjectIdentity::fromDomainObject($userRole);
$acl = $aclProvider->createAcl($objectIdentity);
$acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW);
$acl->insertObjectAce($devRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR);
$aclProvider->updateAcl($acl);
$objectIdentity = ObjectIdentity::fromDomainObject($leadRole);
$acl = $aclProvider->createAcl($objectIdentity);
$acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW);
$acl->insertObjectAce($devRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR);
$aclProvider->updateAcl($acl);
$objectIdentity = ObjectIdentity::fromDomainObject($adminRole);
$acl = $aclProvider->createAcl($objectIdentity);
$acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW);
$acl->insertObjectAce($devRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR);
$aclProvider->updateAcl($acl);
$objectIdentity = ObjectIdentity::fromDomainObject($devRole);
$acl = $aclProvider->createAcl($objectIdentity);
$acl->insertObjectAce($devRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR);
$aclProvider->updateAcl($acl);
}
/**
* {@inheritDoc}
*/
public function load(ObjectManager $manager)
{
$refs = $this->referenceRepository->getReferences();
$orgRefNames = [];
$deptRefNames = [];
$linkRefNames = [];
foreach ($refs as $ref) {
$refNames = $this->referenceRepository->getReferenceNames($ref);
if (is_a($ref, 'AppBundle\\Entity\\Department')) {
$deptRefNames[] = $refNames[0];
}
if (is_a($ref, 'AppBundle\\Entity\\MenuLink')) {
$linkRefNames[] = $refNames[0];
}
}
$items = [];
foreach ($deptRefNames as $deptRefName) {
$i = 1;
$department = $this->getReference($deptRefName);
foreach ($linkRefNames as $linkRefName) {
$item = new MenuItem();
$item->isActive(true);
$item->setPosition($i);
$item->setMenuLink($this->getReference($linkRefName));
$item->setOrganization($department->getOffice()->getOrganization());
if (in_array($linkRefName, ['inventoryAuditLink', 'inventoryActionLink', 'inventoryLogLink'])) {
$item->setParent($items[$deptRefName]['mainLink']);
} else {
if (in_array($linkRefName, ['adminInventoryLink', 'adminAccountingLink'])) {
$item->setParent($items[$deptRefName]['adminLink']);
} else {
$item->setDepartment($department);
}
}
$manager->persist($item);
$items[$deptRefName][$linkRefName] = $item;
$i++;
}
}
$manager->flush();
$aclProvider = $this->container->get('security.acl.provider');
$devRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_DEV');
$adminRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_ADMIN');
$leadRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_LEAD');
$userRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_USER');
foreach ($items as $deptItems) {
foreach ($deptItems as $item) {
$objectIdentity = ObjectIdentity::fromDomainObject($item);
$acl = $aclProvider->createAcl($objectIdentity);
$acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW);
$acl->insertObjectAce($adminRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR);
$aclProvider->updateAcl($acl);
}
}
}
public function setOwner(Project $project, User $user, $save = true)
{
$project->setOwner($user);
$objectIdentity = ObjectIdentity::fromDomainObject($project);
$entry = $this->acl->createAcl($objectIdentity);
$securityIdentity = UserSecurityIdentity::fromAccount($user);
$entry->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
$this->acl->updateAcl($entry);
if ($save) {
$this->saveProject($project);
}
}
/**
* Save acl for new object
*
* @param Object $object
* @param Integer $mask
*/
public function saveObjectAcl($object, $mask = MaskBuilder::MASK_OWNER)
{
// creating the ACL
$objectIdentity = ObjectIdentity::fromDomainObject($object);
$acl = $this->container->get('security.acl.provider')->createAcl($objectIdentity);
// retrieving the security identity of the currently logged-in user
$user = $this->container->get('security.context')->getToken()->getUser();
$securityIdentity = UserSecurityIdentity::fromAccount($user);
// grant owner access
$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
$this->container->get('security.acl.provider')->updateAcl($acl);
}
public function grantDefaultPrivileges($dbObject)
{
// creating the ACL
$objectIdentity = ObjectIdentity::fromDomainObject($dbObject);
$acl = $this->aclProvider->createAcl($objectIdentity);
$user = $this->tokenStorage->getToken()->getUser();
$securityIdentity = UserSecurityIdentity::fromAccount($user);
$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
$securityIdentity = new RoleSecurityIdentity("ROLE_MODO");
$acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OPERATOR);
$securityIdentity = new RoleSecurityIdentity("ROLE_ADMIN");
$acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER);
$this->aclProvider->updateAcl($acl);
}
/**
* {@inheritdoc}
*/
public function getObjectIdentity($domainObject)
{
try {
if ($domainObject instanceof ObjectIdentityInterface) {
return $domainObject;
}
if (method_exists($domainObject, 'getId') && is_null($domainObject->getId())) {
return new ObjectIdentity('CLASS', ClassUtils::getRealClass($domainObject));
}
return ObjectIdentity::fromDomainObject($domainObject);
} catch (InvalidDomainObjectException $failed) {
return;
}
}
/**
* This method is here to make your life better, so overwrite it
*
* @param \Symfony\Component\Form\Form $form the valid form
* @param \Taskeet\MainBundle\Entity\Department $Department your \Taskeet\MainBundle\Entity\Department object
*/
public function postSave(\Symfony\Component\Form\Form $form, \Taskeet\MainBundle\Entity\Department $Department)
{
$proveedor = $this->container->get('security.acl.provider');
$idObjeto = ObjectIdentity::fromDomainObject($Department);
//si el departamento tiene asignado un encargado se le asigna el perm owner
if ($owner = $Department->getOwner()) {
$this->setPermissions($proveedor, $idObjeto, $owner, MaskBuilder::MASK_OWNER);
}
//asignando permisos para ver a los miembros
$users = $Department->getUsers();
foreach ($users as $user) {
$this->setPermissions($proveedor, $idObjeto, $user, MaskBuilder::MASK_VIEW);
}
}
public function postPersist(LifecycleEventArgs $args)
{
$entity = $args->getEntity();
if ($entity instanceof Product) {
// creating the ACL
$aclProvider = $this->container->get('security.acl.provider');
$objectIdentity = ObjectIdentity::fromDomainObject($entity);
$acl = $aclProvider->createAcl($objectIdentity);
// retrieving the security identity of the currently logged-in user
$securityIdentity = UserSecurityIdentity::fromAccount($entity->getUser());
// grant owner access
$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
$aclProvider->updateAcl($acl);
}
}
public function countOtherUserInTheSamePage($controller, $action, $entity)
{
$date = new \DateTime('@' . strtotime('-30 minutes'));
$from = 'SELECT owner, entity FROM admin_log ' . 'WHERE created_at > "' . $date->format('Y-m-d H:i:s') . '" ' . 'AND controller = "\\\\' . str_replace('\\', '\\\\', $controller) . '" ' . 'AND action = "' . $action . '" ' . 'AND entity = "' . str_replace('\\', '\\\\', (string) ObjectIdentity::fromDomainObject($entity)) . '" ' . 'ORDER BY created_at DESC';
$sql = 'SELECT owner, entity FROM :from_result AS orderer_log GROUP BY owner';
$result = $this->getEntityManager()->getConnection()->executeQuery($sql, array('form_result' => $from));
$verif = $this->_getActualAdminEdition();
$return = $result->fetchAll(\PDO::FETCH_ASSOC);
foreach ($return as $key => $result) {
if (array_key_exists($result['owner'], $verif) && $verif[$result['owner']] != $result['entity']) {
unset($return[$key]);
}
}
return count($return);
}
/**
* execute
*
* @param InputInterface $input
* @param OutputInterface $output
* @access protected
* @return void
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
// creating the ACL
$objectClass = $input->getArgument('objectClass');
$objectId = $input->getArgument('objectId');
$doctrine = $input->getOption('doctrine');
$entityManager = $input->getOption('entity-manager');
if (!$doctrine) {
$doctrine = 'doctrine';
}
if ($doctrine != 'doctrine' && $doctrine != 'doctrine_mongodb') {
$output->writeln('<error>You have to choose between "doctrine" and "doctrine_mongodb"</error>');
return 1;
}
$object = $this->get($doctrine)->getManager($entityManager ?: null)->getRepository($objectClass)->find($objectId);
if (!$object) {
$output->writeln('<error>Unable to find the ' . $objectClass . ':' . $objectId . '</error>');
return 1;
}
$aclProvider = $this->get('security.acl.provider');
$objectIdentity = ObjectIdentity::fromDomainObject($object);
try {
$acl = $aclProvider->findAcl($objectIdentity);
} catch (\Symfony\Component\Security\Acl\Exception\AclNotFoundException $e) {
$output->writeln('<error>No previous acl found for ' . $objectClass . ':' . $objectId . '</error>');
return 1;
}
// retrieving the security identity of the currently logged-in user
$username = $input->getArgument('username');
$user = $this->get('fos_user.user_manager')->findUserByUsernameOrEmail($username);
if (!$user) {
$output->writeln('<error>User ' . $username . ' not found.</error>');
return 1;
}
$securityIdentity = UserSecurityIdentity::fromAccount($user);
$aceList = $acl->getObjectAces();
$i = 0;
foreach ($aceList as $ace) {
if ($ace->getSecurityIdentity() == $securityIdentity) {
// Got it! Let's remove it!
$output->writeln('got one');
$acl->deleteObjectAce($i);
}
$i++;
}
$aclProvider->updateAcl($acl);
$output->writeln('<info>ACL successfully updated.</info>');
}
/**
* {@inheritdoc}
*/
public function batchConfigureAcls(OutputInterface $output, AdminInterface $admin, UserSecurityIdentity $securityIdentity = null)
{
$securityHandler = $admin->getSecurityHandler();
if (!$securityHandler instanceof AclSecurityHandlerInterface) {
$output->writeln('Admin class is not configured to use ACL : <info>ignoring</info>');
return;
}
$output->writeln(sprintf(' > generate ACLs for %s', $admin->getCode()));
$objectOwnersMsg = is_null($securityIdentity) ? '' : ' and set the object owner';
/** @var DocumentManager $om */
$om = $admin->getModelManager()->getDocumentManager();
$qb = $om->createQueryBuilder($admin->getClass());
$count = 0;
$countUpdated = 0;
$countAdded = 0;
try {
$batchSize = 20;
$batchSizeOutput = 200;
$objectIds = array();
foreach ($qb->getQuery()->iterate() as $row) {
$objectIds[] = ObjectIdentity::fromDomainObject($row);
$objectIdIterator = new \ArrayIterator($objectIds);
// detach from Doctrine, so that it can be Garbage-Collected immediately
$om->detach($row);
++$count;
if ($count % $batchSize == 0) {
list($batchAdded, $batchUpdated) = $this->configureAcls($output, $admin, $objectIdIterator, $securityIdentity);
$countAdded += $batchAdded;
$countUpdated += $batchUpdated;
$objectIds = array();
}
if ($count % $batchSizeOutput == 0) {
$output->writeln(sprintf(' - generated class ACEs%s for %s objects (added %s, updated %s)', $objectOwnersMsg, $count, $countAdded, $countUpdated));
}
}
if (count($objectIds) > 0) {
list($batchAdded, $batchUpdated) = $this->configureAcls($output, $admin, $objectIdIterator, $securityIdentity);
$countAdded += $batchAdded;
$countUpdated += $batchUpdated;
}
} catch (\BadMethodCallException $e) {
throw new ModelManagerException('', 0, $e);
}
$output->writeln(sprintf(' - [TOTAL] generated class ACEs%s for %s objects (added %s, updated %s)', $objectOwnersMsg, $count, $countAdded, $countUpdated));
}
