/**
* @param $entity
* @param $mask
* @param SecurityIdentityInterface $securityIdentity
* @return $this
*/
public function revokeMask($entity, $mask, SecurityIdentityInterface $securityIdentity)
{
$acl = $this->getAcl($entity);
$aces = $acl->getObjectAces();
foreach ($aces as $index => $ace) {
if ($securityIdentity->equals($ace->getSecurityIdentity())) {
$this->removeMask($index, $acl, $ace, $mask);
}
}
$this->aclProvider->updateAcl($acl);
return $this;
}
/**
* Gets all ACEs associated with given ACL and the given security identity
*
* @param SID $sid
* @param AclInterface $acl
* @param string $type The ACE type. Can be one of AclManager::*_ACE constants
* @param string|null $field The name of a field.
* Set to null for class-based or object-based ACE
* Set to not null class-field-based or object-field-based ACE
* @return EntryInterface[]
*/
protected function getAces(SID $sid, AclInterface $acl, $type, $field)
{
return array_filter($this->manager->getAceProvider()->getAces($acl, $type, $field), function ($ace) use(&$sid) {
/** @var EntryInterface $ace */
return $sid->equals($ace->getSecurityIdentity());
});
}
/**
* Gets all ACEs associated with given ACL and the given security identity
*
* @param SID $sid
* @param OID $oid
* @param string $type The ACE type. Can be one of self::*_ACE constants
* @param string|null $field The name of a field.
* Set to null for class-based or object-based ACE
* Set to not null class-field-based or object-field-based ACE
* @return EntryInterface[]
*/
protected function doGetAces(SID $sid, OID $oid, $type, $field)
{
$acl = $this->getAcl($oid);
if (!$acl) {
return array();
}
return array_filter($this->aceProvider->getAces($acl, $type, $field), function ($ace) use(&$sid) {
/** @var EntryInterface $ace */
return $sid->equals($ace->getSecurityIdentity());
});
}
/**
* Deletes all ACEs for the given security identity from the given ACL
*
* @param ACL $acl
* @param string $type The ACE type. Can be one of AclManager::*_ACE constants
* @param string|null $field The name of a field.
* Set to null for class-based or object-based ACE
* Set to not null class-field-based or object-field-based ACE
* @param SID $sid
* @return bool True if at least one permission was deleted
*/
public function deleteAllPermissions(ACL $acl, $type, $field, SID $sid)
{
$hasChanges = false;
$aces = $this->getAces($acl, $type, $field);
foreach ($aces as $index => $ace) {
if ($sid->equals($ace->getSecurityIdentity())) {
$this->deleteAce($acl, $type, $field, $index);
$hasChanges = true;
}
}
return $hasChanges;
}
/**
* Deletes all ACEs the given type and security identity from the list of ACEs associated with this item
*
* @param string $type The ACE type. Can be one of AclManager::*_ACE constants
* @param string|null $field The name of a field.
* Set to null for class-based or object-based ACE
* Set to not null class-field-based or object-field-based ACE
* @param SID $sid
*/
public function removeAces($type, $field, SID $sid)
{
if ($this->aces !== null) {
$toRemoveKeys = [];
foreach ($this->aces as $key => $val) {
if ($sid->equals($val->getSecurityIdentity()) && $type === $val->getType() && $field === $val->getField()) {
$toRemoveKeys[] = $key;
break;
}
}
if (!empty($toRemoveKeys)) {
foreach ($toRemoveKeys as $key) {
$this->aces->remove($key);
}
}
}
}
/**
* @param ObjectIdentityInterface $objectIdentity
* @param SecurityIdentityInterface $securityIdentity
* @param string|string[] $permissions
* @param string $type
* @param null|string $field
*/
protected function revoke(ObjectIdentityInterface $objectIdentity, SecurityIdentityInterface $securityIdentity, $permissions, $type, $field = null)
{
if (null === ($acl = $this->findAcl($objectIdentity))) {
return;
}
$index = false;
$oldMask = 0;
/** @var Entry $ace */
foreach ($acl->{$this->resolveAceMethod('get', $type, $field)}($field) as $k => $ace) {
if ($securityIdentity->equals($ace->getSecurityIdentity())) {
$index = $k;
$oldMask = $ace->getMask();
continue;
}
}
if (false !== $index) {
$maskBuilder = $this->permissionMap->getMaskBuilder();
$maskBuilder->set($oldMask);
foreach ((array) $permissions as $permission) {
$maskBuilder->remove($permission);
}
if (null === $field) {
$acl->{$this->resolveAceMethod('update', $type)}($index, $maskBuilder->get());
} else {
$acl->{$this->resolveAceMethod('update', $type, $field)}($index, $field, $maskBuilder->get());
}
}
$this->aclProvider->updateAcl($acl);
}
