Ejemplo n.º 1
0
 /**
  * Creates a new Url entity.
  *
  */
 public function createAction(Request $request)
 {
     $entity = new Url();
     $form = $this->createCreateForm($entity);
     $form->handleRequest($request);
     //        sets the author field to session username
     $entity->setAuthor($this->get('security.token_storage')->getToken()->getUser());
     if ($form->isValid()) {
         $em = $this->getDoctrine()->getManager();
         $em->persist($entity);
         $em->flush();
         //check logged in user for acl creation
         if ($this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
             // creating the ACL
             $aclProvider = $this->get('security.acl.provider');
             $objectIdentity = ObjectIdentity::fromDomainObject($entity);
             $acl = $aclProvider->createAcl($objectIdentity);
             // retrieving the security identity of the currently logged-in user
             $tokenStorage = $this->get('security.token_storage');
             $user = $tokenStorage->getToken()->getUser();
             $securityIdentity = UserSecurityIdentity::fromAccount($user);
             // grant owner access
             $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
             $aclProvider->updateAcl($acl);
         }
         return $this->redirect($this->generateUrl('url_show', array('id' => $entity->getId())));
     }
     return $this->render('SurlUrlBundle:Url:new.html.twig', array('entity' => $entity, 'form' => $form->createView()));
 }
Ejemplo n.º 2
0
 /**
  * This method is here to make your life better, so overwrite  it
  *
  * @param \Symfony\Component\Form\Form $form the valid form
  * @param \Taskeet\MainBundle\Entity\Event $Ticket your \Taskeet\MainBundle\Entity\Event object
  */
 public function postSave(\Symfony\Component\Form\Form $form, \Taskeet\MainBundle\Entity\Event $Event)
 {
     $proveedor = $this->container->get('security.acl.provider');
     $idObjeto = ObjectIdentity::fromDomainObject($Event);
     //poniendo al usuario logueado como owner
     $this->setPermissions($proveedor, $idObjeto, $this->getUser(), MaskBuilder::MASK_OWNER);
     if ($data = $form->get('repeat')->getData()) {
         $start = clone $form->get('startDate')->getData();
         $end = clone $form->get('dueDate')->getData();
         $ocurrences = $form->get('ocurrences')->getData();
         $interval = new DateInterval($form->get('repeat')->getData());
         $periodo = new \DatePeriod($start, $interval, $ocurrences, \DatePeriod::EXCLUDE_START_DATE);
         foreach ($periodo as $key => $fecha) {
             $event = clone $Event;
             $event->setStartDate($fecha);
             $event->setDueDate($end->add($interval));
             $event->setTitle(sprintf('%s-%s', $Event->getTitle(), $key));
             // $event->setSlug(sprintf('%s-%s', $Event->getSlug(), $key));
             $this->preSave($form, $event);
             $this->saveObject($event);
             $idObjeto = ObjectIdentity::fromDomainObject($event);
             $this->setPermissions($proveedor, $idObjeto, $this->getUser(), MaskBuilder::MASK_OWNER);
         }
     }
 }
Ejemplo n.º 3
0
 public function createTskAcl(Contact $contact)
 {
     $aclProvider = $this->getContainer()->get('security.acl.provider');
     $objectIdentity = ObjectIdentity::fromDomainObject($contact);
     $orgIdentity = 'ROLE_ORG_' . $contact->getOrganization()->getId();
     $orgSecurityIdentity = new RoleSecurityIdentity($orgIdentity);
     $builder = new MaskBuilder();
     $builder->add('VIEW');
     $builder->add('EDIT');
     $builder->add('CREATE');
     $builder->add('MASTER');
     try {
         try {
             $acl = $aclProvider->createAcl($objectIdentity);
             $acl->insertObjectAce($orgSecurityIdentity, $builder->get());
             foreach ($contact->getSchools() as $school) {
                 $schoolIdentity = 'ROLE_SCHOOL_' . $school->getId();
                 $schoolSecurityIdentity = new RoleSecurityIdentity($schoolIdentity);
                 $acl->insertObjectAce($schoolSecurityIdentity, $builder->get());
             }
             $aclProvider->updateAcl($acl);
         } catch (AclAlreadyExistsException $e) {
             // keep going ...
         }
     } catch (AclException $e) {
         throw $e;
     }
 }
Ejemplo n.º 4
0
 /**
  * Muestra el formulario para crear una nueva oferta y se encarga del
  * procesamiento de la información recibida y la creación de las nuevas
  * entidades de tipo Oferta
  */
 public function ofertaNuevaAction()
 {
     $peticion = $this->getRequest();
     $oferta = new Oferta();
     $formulario = $this->createForm(new OfertaType(), $oferta);
     if ($peticion->getMethod() == 'POST') {
         $formulario->bindRequest($peticion);
         if ($formulario->isValid()) {
             // Completar las propiedades de la oferta que una tienda no puede establecer
             $tienda = $this->get('security.context')->getToken()->getUser();
             $oferta->setCompras(0);
             $oferta->setRevisada(false);
             $oferta->setTienda($tienda);
             $oferta->setCiudad($tienda->getCiudad());
             // Copiar la foto subida y guardar la ruta
             $oferta->subirFoto($this->container->getParameter('cupon.directorio.imagenes'));
             $em = $this->getDoctrine()->getEntityManager();
             $em->persist($oferta);
             $em->flush();
             // Asignar el permiso necesario para que la tienda pueda modificar esta oferta
             $idObjeto = ObjectIdentity::fromDomainObject($oferta);
             $idUsuario = UserSecurityIdentity::fromAccount($tienda);
             $acl = $this->get('security.acl.provider')->createAcl($idObjeto);
             $acl->insertObjectAce($idUsuario, MaskBuilder::MASK_OPERATOR);
             $this->get('security.acl.provider')->updateAcl($acl);
             return $this->redirect($this->generateUrl('extranet_portada'));
         }
     }
     return $this->render('TiendaBundle:Extranet:formulario.html.twig', array('accion' => 'crear', 'formulario' => $formulario->createView()));
 }
Ejemplo n.º 5
0
 /**
  * @Route("/create", name="freedom_objective_dashboard_create", options={"expose"=true})
  * @Template()
  */
 public function createAction()
 {
     $objective = new Objective();
     $form = $this->createForm(new ObjectiveCreateType(), $objective);
     $request = $this->get('request');
     if ($request->getMethod() == 'POST') {
         $form->handleRequest($request);
         if ($form->isValid()) {
             $objective->setUser($this->getUser());
             $objective->setNbsteps(count($objective->getSteps()));
             foreach ($objective->getSteps() as $key => $value) {
                 $value->setObjective($objective);
                 $objective->addStep($value);
             }
             $em = $this->getDoctrine()->getManager();
             $em->persist($objective);
             $em->flush();
             //ACL
             $aclProvider = $this->get('security.acl.provider');
             $objectIdentity = ObjectIdentity::fromDomainObject($objective);
             $acl = $aclProvider->createAcl($objectIdentity);
             $securityContext = $this->get('security.context');
             $user = $securityContext->getToken()->getUser();
             $securityIdentity = UserSecurityIdentity::fromAccount($user);
             $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
             $aclProvider->updateAcl($acl);
             return $this->redirect($this->generateUrl('freedom_objective_dashboard_details', array('id' => $objective->getId())));
         }
     }
     return array('form' => $form->createView());
 }
Ejemplo n.º 6
0
 /**
  * This method is here to make your life better, so overwrite  it
  *
  * @param \Symfony\Component\Form\Form $form the valid form
  * @param \Taskeet\MainBundle\Entity\Ticket $Ticket your \Taskeet\MainBundle\Entity\Ticket object
  */
 public function postSave(\Symfony\Component\Form\Form $form, \Taskeet\MainBundle\Entity\Ticket $Ticket)
 {
     $proveedor = $this->container->get('security.acl.provider');
     $idObjeto = ObjectIdentity::fromDomainObject($Ticket);
     //poniendo al usuario logueado como owner
     $this->setPermissions($proveedor, $idObjeto, $this->getUser(), MaskBuilder::MASK_OWNER);
     //si la tarea tiene asignado un empleado se le asigna el perm operator
     if ($assignedTo = $Ticket->getAssignedTo()) {
         $this->setPermissions($proveedor, $idObjeto, $assignedTo, MaskBuilder::MASK_EDIT);
     }
     if ($data = $form->get('repeat')->getData()) {
         $start = clone $form->get('startDate')->getData();
         $end = clone $form->get('dueDate')->getData();
         $ocurrences = $form->get('ocurrences')->getData();
         $interval = new DateInterval($form->get('repeat')->getData());
         $periodo = new \DatePeriod($start, $interval, $ocurrences, \DatePeriod::EXCLUDE_START_DATE);
         $em = $this->getDoctrine()->getManager();
         foreach ($periodo as $key => $fecha) {
             $ticket = clone $Ticket;
             $ticket->setStartDate($fecha);
             $ticket->setDueDate($end->add($interval));
             $ticket->setTitle(sprintf('%s-%s', $Ticket->getTitle(), $key));
             $ticket->setSlug(sprintf('%s-%s', $Ticket->getSlug(), $key));
             $this->saveObject($ticket);
             $idObjeto = ObjectIdentity::fromDomainObject($ticket);
             $this->setPermissions($proveedor, $idObjeto, $this->getUser(), MaskBuilder::MASK_OWNER);
             $this->setPermissions($proveedor, $idObjeto, $ticket->getAssignedTo(), MaskBuilder::MASK_EDIT);
         }
     }
 }
Ejemplo n.º 7
0
 protected function setUp()
 {
     $this->initAutoload();
     $bbapp = $this->getBBApp();
     $this->initDb($bbapp);
     $this->getBBApp()->setIsStarted(true);
     $this->initAcl();
     $this->site = new Site();
     $this->site->setLabel('Test Site')->setServerName('test_server');
     $this->groupEditor = new Group();
     $this->groupEditor->setName('groupName');
     $this->groupEditor->setSite($this->site);
     $bbapp->getEntityManager()->persist($this->site);
     $bbapp->getEntityManager()->persist($this->groupEditor);
     $bbapp->getEntityManager()->flush();
     // setup ACE for site
     $aclProvider = $this->getSecurityContext()->getACLProvider();
     $objectIdentity = ObjectIdentity::fromDomainObject($this->site);
     $acl = $aclProvider->createAcl($objectIdentity);
     // retrieving the security identity of the currently logged-in user
     $securityIdentity = new UserSecurityIdentity($this->groupEditor->getName(), 'BackBee\\Security\\Group');
     // grant owner access
     $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_EDIT);
     $aclProvider->updateAcl($acl);
     // authenticate user , set up permissions
     $token = $this->createAuthUser('api_user', array('ROLE_API_USER'));
 }
 /**
  * {@inheritDoc}
  */
 public function load(ObjectManager $manager)
 {
     $stepOrg = new Organization();
     $stepOrg->setName('Step Inventory');
     $manager->persist($stepOrg);
     $demoOrg = new Organization();
     $demoOrg->setName('Acme Inc.');
     $manager->persist($demoOrg);
     $manager->flush();
     $this->addReference('stepOrg', $stepOrg);
     $this->addReference('demoOrg', $demoOrg);
     $aclProvider = $this->container->get('security.acl.provider');
     $devRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_DEV');
     $adminRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_ADMIN');
     $leadRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_LEAD');
     $userRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_USER');
     $objectIdentity = ObjectIdentity::fromDomainObject($stepOrg);
     $acl = $aclProvider->createAcl($objectIdentity);
     $acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW);
     $acl->insertObjectAce($devRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR);
     $aclProvider->updateAcl($acl);
     $objectIdentity = ObjectIdentity::fromDomainObject($demoOrg);
     $acl = $aclProvider->createAcl($objectIdentity);
     $acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW);
     $acl->insertObjectAce($adminRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR);
     $aclProvider->updateAcl($acl);
 }
Ejemplo n.º 9
0
 /**
  * New category page
  * @return \Symfony\Component\HttpFoundation\Response
  */
 public function newAction(Request $request)
 {
     $category = new Category();
     $user = $this->getUser();
     $category->setJeweler($user);
     //j'associe mon jeweler 1 à mon produit
     // je crée un formulaire de produit
     $form = $this->createForm(new CategoryType($user), $category, array('validation_groups' => 'new', 'attr' => array('method' => 'post', 'novalidate' => 'novalidate', 'action' => $this->generateUrl('store_backend_category_new'))));
     $form->handleRequest($request);
     if ($form->isValid()) {
         $em = $this->getDoctrine()->getManager();
         //je récupère le manager de Doctrine
         // j'upload mon fichier en faisant appel a la methode upload()
         $category->upload();
         $em->persist($category);
         //j'enregistre mon objet product dans doctrine
         $em->flush();
         //j'envoie ma requete d'insert à ma table product
         // création de l'ACL
         $aclProvider = $this->get('security.acl.provider');
         $objectIdentity = ObjectIdentity::fromDomainObject($category);
         $acl = $aclProvider->createAcl($objectIdentity);
         // retrouve l'identifiant de sécurité de l'utilisateur actuellement connecté
         $tokenStorage = $this->get('security.token_storage');
         $user = $tokenStorage->getToken()->getUser();
         $securityIdentity = UserSecurityIdentity::fromAccount($user);
         // donne accès au propriétaire
         $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
         $aclProvider->updateAcl($acl);
         $this->get('session')->getFlashBag()->add('success', 'Votre catégorie a bien été crée');
         return $this->redirectToRoute('store_backend_category_list');
         //redirection selon la route
     }
     return $this->render('StoreBackendBundle:Category:new.html.twig', array('form' => $form->createView()));
 }
Ejemplo n.º 10
0
 /**
  * {@inheritDoc}
  */
 public function load(ObjectManager $manager)
 {
     $tidLabel = new Label();
     $tidLabel->setName('TravelerId Label');
     $tidLabel->setDescription('ZPL TID Label');
     $tidLabel->setTemplate('
         ^XA
         ^FO50,50^BY3
         ^BCN,100,Y,N,N
         ^FD{{tid}}
         ^XZ
     ');
     $manager->persist($tidLabel);
     $manager->flush();
     //$this->addReference('dfwOffice', $dfwOffice);
     $aclProvider = $this->container->get('security.acl.provider');
     $devRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_DEV');
     $adminRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_ADMIN');
     $leadRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_LEAD');
     $userRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_USER');
     $objectIdentity = ObjectIdentity::fromDomainObject($tidLabel);
     $acl = $aclProvider->createAcl($objectIdentity);
     $acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW);
     $acl->insertObjectAce($adminRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR);
     $aclProvider->updateAcl($acl);
 }
 /**
  * Gets the form
  *
  * @param  \Sonata\AdminBundle\Util\AdminObjectAclData $data
  * @return \Symfony\Component\Form\Form
  */
 public function createForm(AdminObjectAclData $data)
 {
     // Retrieve object identity
     $objectIdentity = ObjectIdentity::fromDomainObject($data->getObject());
     $acl = $data->getSecurityHandler()->getObjectAcl($objectIdentity);
     if (!$acl) {
         $acl = $data->getSecurityHandler()->createAcl($objectIdentity);
     }
     $data->setAcl($acl);
     $masks = $data->getMasks();
     // Create a form to set ACL
     $formBuilder = $this->formFactory->createBuilder('form');
     foreach ($data->getAclUsers() as $aclUser) {
         $securityIdentity = UserSecurityIdentity::fromAccount($aclUser);
         foreach ($data->getUserPermissions() as $permission) {
             try {
                 $checked = $acl->isGranted(array($masks[$permission]), array($securityIdentity));
             } catch (NoAceFoundException $e) {
                 $checked = false;
             }
             $formBuilder->add($aclUser->getId() . $permission, 'checkbox', array('required' => false, 'data' => $checked));
         }
     }
     $form = $formBuilder->getForm();
     $data->setForm($form);
     return $form;
 }
Ejemplo n.º 12
0
 /**
  * Actualiza la acl del objeto en cuestión.
  *
  * @param $object
  * @param array $applyTo
  * @throws \Symfony\Component\Security\Acl\Exception\InvalidDomainObjectException
  */
 public function updateAcl($object, $applyTo = array())
 {
     $objectIdentity = ObjectIdentity::fromDomainObject($object);
     $aclProviderCallable = $this->aclProviderCallable;
     $aclProviderCallable($objectIdentity, 'delete');
     $acl = $aclProviderCallable($objectIdentity, 'create');
     $this->applyAcl($acl, $applyTo);
 }
 /**
  * {@inheritDoc}
  */
 public function getObjectIdentity($domainObject)
 {
     try {
         return ObjectIdentity::fromDomainObject($domainObject);
     } catch (InvalidDomainObjectException $failed) {
         return null;
     }
 }
Ejemplo n.º 14
0
 public function testFromDomainObjectWithoutInterfaceAllowsZeroAsIdentifier()
 {
     $domainObject = new TestDomainObject();
     $domainObject->id = '0';
     $id = ObjectIdentity::fromDomainObject($domainObject);
     $this->assertSame('0', $id->getIdentifier());
     $this->assertEquals('Symfony\\Component\\Security\\Acl\\Tests\\Domain\\TestDomainObject', $id->getType());
 }
Ejemplo n.º 15
0
 public function test_vote_objectScope()
 {
     $aclManager = $this->getBBApp()->getContainer()->get('security.acl_manager');
     $aclManager->insertOrUpdateClassAce(ObjectIdentity::fromDomainObject($this->user), new UserSecurityIdentity($this->group->getObjectIdentifier(), get_class($this->group)), MaskBuilder::MASK_EDIT);
     $this->assertEquals(BBAclVoter::ACCESS_GRANTED, $this->aclVoter->vote($this->token, $this->user, ['EDIT']));
     $this->assertEquals(BBAclVoter::ACCESS_DENIED, $this->aclVoter->vote($this->token, new ObjectIdentity('all', get_class($this->user)), ['EDIT']));
     $this->assertEquals(BBAclVoter::ACCESS_DENIED, $this->aclVoter->vote($this->token, new ObjectIdentity(23545866754, get_class($this->user)), ['EDIT']));
 }
Ejemplo n.º 16
0
 /**
  * This method is here to make your life better, so overwrite  it
  *
  * @param \Symfony\Component\Form\Form $form the valid form
  * @param \Taskeet\MainBundle\Entity\Ticket $Ticket your \Taskeet\MainBundle\Entity\Ticket object
  */
 public function postSave(\Symfony\Component\Form\Form $form, \Taskeet\MainBundle\Entity\Ticket $Ticket)
 {
     $proveedor = $this->container->get('security.acl.provider');
     $idObjeto = ObjectIdentity::fromDomainObject($Ticket);
     //si la tarea tiene asignado un empleado se le asigna el perm operator
     if ($assignedTo = $Ticket->getAssignedTo()) {
         $this->setPermissions($proveedor, $idObjeto, $assignedTo, MaskBuilder::MASK_EDIT);
     }
 }
Ejemplo n.º 17
0
 /**
  * This method is here to make your life better, so overwrite  it
  *
  * @param \Symfony\Component\Form\Form $form the valid form
  * @param \Taskeet\MainBundle\Entity\Project $Project your \Taskeet\MainBundle\Entity\Project object
  */
 public function postSave(\Symfony\Component\Form\Form $form, \Taskeet\MainBundle\Entity\Project $Project)
 {
     $proveedor = $this->container->get('security.acl.provider');
     $idObjeto = ObjectIdentity::fromDomainObject($Project);
     //asignando permisos para ver a los miembros
     $users = $Project->getMembers();
     foreach ($users as $user) {
         $this->setPermissions($proveedor, $idObjeto, $user, MaskBuilder::MASK_VIEW);
     }
 }
Ejemplo n.º 18
0
 /**
  * Creates the ACE for a user.
  *
  * @param UserInterface $user
  */
 public function createUserAce(UserInterface $user)
 {
     if (!$this->aclProvider) {
         return;
     }
     $oid = ObjectIdentity::fromDomainObject($user);
     $acl = $this->aclProvider->createAcl($oid);
     $acl->insertObjectAce(UserSecurityIdentity::fromAccount($user), MaskBuilder::MASK_OWNER);
     $this->aclProvider->updateAcl($acl);
 }
Ejemplo n.º 19
0
 /**
  * {@inheritDoc}
  */
 public function load(ObjectManager $manager)
 {
     $refs = $this->referenceRepository->getReferences();
     $orgRefNames = [];
     $deptRefNames = [];
     $linkRefNames = [];
     foreach ($refs as $ref) {
         $refNames = $this->referenceRepository->getReferenceNames($ref);
         if (is_a($ref, 'AppBundle\\Entity\\Department')) {
             $deptRefNames[] = $refNames[0];
         }
         if (is_a($ref, 'AppBundle\\Entity\\MenuLink')) {
             $linkRefNames[] = $refNames[0];
         }
     }
     $items = [];
     foreach ($deptRefNames as $deptRefName) {
         $i = 1;
         $department = $this->getReference($deptRefName);
         foreach ($linkRefNames as $linkRefName) {
             $item = new MenuItem();
             $item->isActive(true);
             $item->setPosition($i);
             $item->setMenuLink($this->getReference($linkRefName));
             $item->setOrganization($department->getOffice()->getOrganization());
             if (in_array($linkRefName, ['inventoryAuditLink', 'inventoryActionLink', 'inventoryLogLink'])) {
                 $item->setParent($items[$deptRefName]['mainLink']);
             } else {
                 if (in_array($linkRefName, ['adminInventoryLink', 'adminAccountingLink'])) {
                     $item->setParent($items[$deptRefName]['adminLink']);
                 } else {
                     $item->setDepartment($department);
                 }
             }
             $manager->persist($item);
             $items[$deptRefName][$linkRefName] = $item;
             $i++;
         }
     }
     $manager->flush();
     $aclProvider = $this->container->get('security.acl.provider');
     $devRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_DEV');
     $adminRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_ADMIN');
     $leadRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_LEAD');
     $userRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_USER');
     foreach ($items as $deptItems) {
         foreach ($deptItems as $item) {
             $objectIdentity = ObjectIdentity::fromDomainObject($item);
             $acl = $aclProvider->createAcl($objectIdentity);
             $acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW);
             $acl->insertObjectAce($adminRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR);
             $aclProvider->updateAcl($acl);
         }
     }
 }
Ejemplo n.º 20
0
 /**
  * {@inheritDoc}
  */
 public function load(ObjectManager $manager)
 {
     $userRole = new Role();
     $userRole->setName('User');
     $userRole->setRole('ROLE_USER');
     $userRole->setIsAllowedToSwitch(false);
     $manager->persist($userRole);
     $leadRole = new Role();
     $leadRole->setName('Lead');
     $leadRole->setRole('ROLE_LEAD');
     $leadRole->setIsAllowedToSwitch(false);
     $leadRole->addRoleToHierarchy($userRole);
     $manager->persist($leadRole);
     $adminRole = new Role();
     $adminRole->setName('Admin');
     $adminRole->setRole('ROLE_ADMIN');
     $adminRole->setIsAllowedToSwitch(false);
     $adminRole->addRoleToHierarchy($leadRole);
     $manager->persist($adminRole);
     $devRole = new Role();
     $devRole->setName('Dev');
     $devRole->setRole('ROLE_DEV');
     $devRole->setIsAllowedToSwitch(true);
     $devRole->addRoleToHierarchy($adminRole);
     $manager->persist($devRole);
     $manager->flush();
     $this->addReference('ROLE_USER', $userRole);
     $this->addReference('ROLE_LEAD', $leadRole);
     $this->addReference('ROLE_ADMIN', $adminRole);
     $this->addReference('ROLE_DEV', $devRole);
     $aclProvider = $this->container->get('security.acl.provider');
     $devRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_DEV');
     $adminRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_ADMIN');
     $leadRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_LEAD');
     $userRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_USER');
     $objectIdentity = ObjectIdentity::fromDomainObject($userRole);
     $acl = $aclProvider->createAcl($objectIdentity);
     $acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW);
     $acl->insertObjectAce($devRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR);
     $aclProvider->updateAcl($acl);
     $objectIdentity = ObjectIdentity::fromDomainObject($leadRole);
     $acl = $aclProvider->createAcl($objectIdentity);
     $acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW);
     $acl->insertObjectAce($devRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR);
     $aclProvider->updateAcl($acl);
     $objectIdentity = ObjectIdentity::fromDomainObject($adminRole);
     $acl = $aclProvider->createAcl($objectIdentity);
     $acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW);
     $acl->insertObjectAce($devRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR);
     $aclProvider->updateAcl($acl);
     $objectIdentity = ObjectIdentity::fromDomainObject($devRole);
     $acl = $aclProvider->createAcl($objectIdentity);
     $acl->insertObjectAce($devRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR);
     $aclProvider->updateAcl($acl);
 }
Ejemplo n.º 21
0
 /**
  * Save acl for new object
  * 
  * @param Object $object
  * @param Integer $mask
  */
 public function saveObjectAcl($object, $mask = MaskBuilder::MASK_OWNER)
 {
     // creating the ACL
     $objectIdentity = ObjectIdentity::fromDomainObject($object);
     $acl = $this->container->get('security.acl.provider')->createAcl($objectIdentity);
     // retrieving the security identity of the currently logged-in user
     $user = $this->container->get('security.context')->getToken()->getUser();
     $securityIdentity = UserSecurityIdentity::fromAccount($user);
     // grant owner access
     $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
     $this->container->get('security.acl.provider')->updateAcl($acl);
 }
Ejemplo n.º 22
0
 public function setOwner(Project $project, User $user, $save = true)
 {
     $project->setOwner($user);
     $objectIdentity = ObjectIdentity::fromDomainObject($project);
     $entry = $this->acl->createAcl($objectIdentity);
     $securityIdentity = UserSecurityIdentity::fromAccount($user);
     $entry->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
     $this->acl->updateAcl($entry);
     if ($save) {
         $this->saveProject($project);
     }
 }
Ejemplo n.º 23
0
 public function grantDefaultPrivileges($dbObject)
 {
     // creating the ACL
     $objectIdentity = ObjectIdentity::fromDomainObject($dbObject);
     $acl = $this->aclProvider->createAcl($objectIdentity);
     $user = $this->tokenStorage->getToken()->getUser();
     $securityIdentity = UserSecurityIdentity::fromAccount($user);
     $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
     $securityIdentity = new RoleSecurityIdentity("ROLE_MODO");
     $acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OPERATOR);
     $securityIdentity = new RoleSecurityIdentity("ROLE_ADMIN");
     $acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER);
     $this->aclProvider->updateAcl($acl);
 }
 /**
  * {@inheritdoc}
  */
 public function getObjectIdentity($domainObject)
 {
     try {
         if ($domainObject instanceof ObjectIdentityInterface) {
             return $domainObject;
         }
         if (method_exists($domainObject, 'getId') && is_null($domainObject->getId())) {
             return new ObjectIdentity('CLASS', ClassUtils::getRealClass($domainObject));
         }
         return ObjectIdentity::fromDomainObject($domainObject);
     } catch (InvalidDomainObjectException $failed) {
         return;
     }
 }
Ejemplo n.º 25
0
 /**
  * This method is here to make your life better, so overwrite  it
  *
  * @param \Symfony\Component\Form\Form $form the valid form
  * @param \Taskeet\MainBundle\Entity\Department $Department your \Taskeet\MainBundle\Entity\Department object
  */
 public function postSave(\Symfony\Component\Form\Form $form, \Taskeet\MainBundle\Entity\Department $Department)
 {
     $proveedor = $this->container->get('security.acl.provider');
     $idObjeto = ObjectIdentity::fromDomainObject($Department);
     //si el departamento tiene asignado un encargado se le asigna el perm owner
     if ($owner = $Department->getOwner()) {
         $this->setPermissions($proveedor, $idObjeto, $owner, MaskBuilder::MASK_OWNER);
     }
     //asignando permisos para ver a los miembros
     $users = $Department->getUsers();
     foreach ($users as $user) {
         $this->setPermissions($proveedor, $idObjeto, $user, MaskBuilder::MASK_VIEW);
     }
 }
Ejemplo n.º 26
0
 public function countOtherUserInTheSamePage($controller, $action, $entity)
 {
     $date = new \DateTime('@' . strtotime('-30 minutes'));
     $from = 'SELECT owner, entity FROM admin_log ' . 'WHERE created_at > "' . $date->format('Y-m-d H:i:s') . '" ' . 'AND controller = "\\\\' . str_replace('\\', '\\\\', $controller) . '" ' . 'AND action = "' . $action . '" ' . 'AND entity = "' . str_replace('\\', '\\\\', (string) ObjectIdentity::fromDomainObject($entity)) . '" ' . 'ORDER BY created_at DESC';
     $sql = 'SELECT owner, entity FROM :from_result AS orderer_log GROUP BY owner';
     $result = $this->getEntityManager()->getConnection()->executeQuery($sql, array('form_result' => $from));
     $verif = $this->_getActualAdminEdition();
     $return = $result->fetchAll(\PDO::FETCH_ASSOC);
     foreach ($return as $key => $result) {
         if (array_key_exists($result['owner'], $verif) && $verif[$result['owner']] != $result['entity']) {
             unset($return[$key]);
         }
     }
     return count($return);
 }
Ejemplo n.º 27
0
 public function postPersist(LifecycleEventArgs $args)
 {
     $entity = $args->getEntity();
     if ($entity instanceof Product) {
         // creating the ACL
         $aclProvider = $this->container->get('security.acl.provider');
         $objectIdentity = ObjectIdentity::fromDomainObject($entity);
         $acl = $aclProvider->createAcl($objectIdentity);
         // retrieving the security identity of the currently logged-in user
         $securityIdentity = UserSecurityIdentity::fromAccount($entity->getUser());
         // grant owner access
         $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
         $aclProvider->updateAcl($acl);
     }
 }
Ejemplo n.º 28
0
 /**
  * execute
  *
  * @param  InputInterface  $input
  * @param  OutputInterface $output
  * @access protected
  * @return void
  */
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     // creating the ACL
     $objectClass = $input->getArgument('objectClass');
     $objectId = $input->getArgument('objectId');
     $doctrine = $input->getOption('doctrine');
     $entityManager = $input->getOption('entity-manager');
     if (!$doctrine) {
         $doctrine = 'doctrine';
     }
     if ($doctrine != 'doctrine' && $doctrine != 'doctrine_mongodb') {
         $output->writeln('<error>You have to choose between "doctrine" and "doctrine_mongodb"</error>');
         return 1;
     }
     $object = $this->get($doctrine)->getManager($entityManager ?: null)->getRepository($objectClass)->find($objectId);
     if (!$object) {
         $output->writeln('<error>Unable to find the ' . $objectClass . ':' . $objectId . '</error>');
         return 1;
     }
     $aclProvider = $this->get('security.acl.provider');
     $objectIdentity = ObjectIdentity::fromDomainObject($object);
     try {
         $acl = $aclProvider->findAcl($objectIdentity);
     } catch (\Symfony\Component\Security\Acl\Exception\AclNotFoundException $e) {
         $output->writeln('<error>No previous acl found for ' . $objectClass . ':' . $objectId . '</error>');
         return 1;
     }
     // retrieving the security identity of the currently logged-in user
     $username = $input->getArgument('username');
     $user = $this->get('fos_user.user_manager')->findUserByUsernameOrEmail($username);
     if (!$user) {
         $output->writeln('<error>User ' . $username . ' not found.</error>');
         return 1;
     }
     $securityIdentity = UserSecurityIdentity::fromAccount($user);
     $aceList = $acl->getObjectAces();
     $i = 0;
     foreach ($aceList as $ace) {
         if ($ace->getSecurityIdentity() == $securityIdentity) {
             // Got it! Let's remove it!
             $output->writeln('got one');
             $acl->deleteObjectAce($i);
         }
         $i++;
     }
     $aclProvider->updateAcl($acl);
     $output->writeln('<info>ACL successfully updated.</info>');
 }
 /**
  * {@inheritdoc}
  */
 public function batchConfigureAcls(OutputInterface $output, AdminInterface $admin, UserSecurityIdentity $securityIdentity = null)
 {
     $securityHandler = $admin->getSecurityHandler();
     if (!$securityHandler instanceof AclSecurityHandlerInterface) {
         $output->writeln('Admin class is not configured to use ACL : <info>ignoring</info>');
         return;
     }
     $output->writeln(sprintf(' > generate ACLs for %s', $admin->getCode()));
     $objectOwnersMsg = is_null($securityIdentity) ? '' : ' and set the object owner';
     /** @var DocumentManager $om */
     $om = $admin->getModelManager()->getDocumentManager();
     $qb = $om->createQueryBuilder($admin->getClass());
     $count = 0;
     $countUpdated = 0;
     $countAdded = 0;
     try {
         $batchSize = 20;
         $batchSizeOutput = 200;
         $objectIds = array();
         foreach ($qb->getQuery()->iterate() as $row) {
             $objectIds[] = ObjectIdentity::fromDomainObject($row);
             $objectIdIterator = new \ArrayIterator($objectIds);
             // detach from Doctrine, so that it can be Garbage-Collected immediately
             $om->detach($row);
             ++$count;
             if ($count % $batchSize == 0) {
                 list($batchAdded, $batchUpdated) = $this->configureAcls($output, $admin, $objectIdIterator, $securityIdentity);
                 $countAdded += $batchAdded;
                 $countUpdated += $batchUpdated;
                 $objectIds = array();
             }
             if ($count % $batchSizeOutput == 0) {
                 $output->writeln(sprintf('   - generated class ACEs%s for %s objects (added %s, updated %s)', $objectOwnersMsg, $count, $countAdded, $countUpdated));
             }
         }
         if (count($objectIds) > 0) {
             list($batchAdded, $batchUpdated) = $this->configureAcls($output, $admin, $objectIdIterator, $securityIdentity);
             $countAdded += $batchAdded;
             $countUpdated += $batchUpdated;
         }
     } catch (\BadMethodCallException $e) {
         throw new ModelManagerException('', 0, $e);
     }
     $output->writeln(sprintf('   - [TOTAL] generated class ACEs%s for %s objects (added %s, updated %s)', $objectOwnersMsg, $count, $countAdded, $countUpdated));
 }
Ejemplo n.º 30
0
 /**
  * Determines if object is shared for specified security identities.
  *
  * @param object $object
  * @param SecurityIdentityInterface[] $sids
  *
  * @return bool
  */
 public function isObjectSharedWithSids($object, array $sids)
 {
     $objectIdentity = ObjectIdentity::fromDomainObject($object);
     try {
         $acl = $this->aclProvider->findAcl($objectIdentity);
     } catch (AclNotFoundException $e) {
         return false;
     }
     foreach ($acl->getObjectAces() as $ace) {
         /** @var Entry $ace */
         foreach ($sids as $sid) {
             if ($sid->equals($ace->getSecurityIdentity())) {
                 return true;
             }
         }
     }
     return false;
 }