/**
* @inheritdoc
*/
public function visit(TreeNodeInterface $node, &$data)
{
$struct = $this->roleService->newRoleCreateStruct('');
$this->fillValueObject($struct, $data);
if (isset($data['policies'])) {
foreach ($data['policies'] as $policyStruct) {
$struct->addPolicy($policyStruct);
}
}
$this->roleService->createRole($struct);
}
/**
* Parse input structure.
*
* @param array $data
* @param \eZ\Publish\Core\REST\Common\Input\ParsingDispatcher $parsingDispatcher
*
* @return \eZ\Publish\API\Repository\Values\User\RoleCreateStruct
*/
public function parse(array $data, ParsingDispatcher $parsingDispatcher)
{
// Since RoleInput is used both for creating and updating role and identifier is not
// required when updating role, we need to rely on PAPI to throw the exception on missing
// identifier when creating a role
// @todo Bring in line with XSD which says that identifier is required always
$roleIdentifier = null;
if (array_key_exists('identifier', $data)) {
$roleIdentifier = $data['identifier'];
}
$roleCreateStruct = $this->roleService->newRoleCreateStruct($roleIdentifier);
return $roleCreateStruct;
}
/**
* Checks if the passed value is valid.
*
* @param mixed $value The value that should be validated
* @param Constraint $constraint The constraint for the validation
*
* @api
*/
public function validate($value, Constraint $constraint)
{
if (!$value instanceof RoleData) {
return;
}
try {
$role = $this->roleService->loadRoleByIdentifier($value->identifier);
// It is of course OK to edit a draft of an existing Role :-)
if ($role->id === $value->roleDraft->id) {
return;
}
$this->context->buildViolation($constraint->message)->atPath('identifier')->setParameter('%identifier%', $value->identifier)->addViolation();
} catch (NotFoundException $e) {
// Do nothing
}
}
public function deletePolicyAction(Request $request, $roleId, $policyId)
{
$role = $this->roleService->loadRole($roleId);
$deleteForm = $this->createForm(new PolicyDeleteType(), ['policyId' => $policyId, 'roleId' => $roleId]);
$deleteForm->handleRequest($request);
if ($deleteForm->isValid()) {
try {
$roleDraft = $this->roleService->loadRoleDraftByRoleId($roleId);
} catch (NotFoundException $e) {
// The draft doesn't exist, let's create one
$roleDraft = $this->roleService->createRoleDraft($role);
}
$foundPolicy = false;
/** @var PolicyDraft $policy */
foreach ($roleDraft->getPolicies() as $policy) {
if ($policy->originalId == $policyId) {
$foundPolicy = true;
break;
}
}
if (!$foundPolicy) {
throw new BadRequestHttpException($this->translator->trans('role.error.policy_not_found', ['%policyId%' => $policyId, '%roleId%' => $roleId], 'role'));
}
$this->roleService->removePolicyByRoleDraft($roleDraft, $policy);
$this->roleService->publishRoleDraft($roleDraft);
$this->notify('role.policy.deleted', ['%roleIdentifier%' => $role->identifier, '%policyId%' => $policyId], 'role');
} elseif ($deleteForm->isSubmitted()) {
$this->notifyError('role.policy.error.delete', ['%roleIdentifier%' => $role->identifier, '%policyId%' => $policyId], 'role');
}
return $this->redirectToRouteAfterFormPost('admin_roleView', ['roleId' => $roleId]);
}
/**
* Parse input structure
*
* @param array $data
* @param \eZ\Publish\Core\REST\Common\Input\ParsingDispatcher $parsingDispatcher
*
* @return \eZ\Publish\API\Repository\Values\User\PolicyUpdateStruct
*/
public function parse(array $data, ParsingDispatcher $parsingDispatcher)
{
$policyUpdate = $this->roleService->newPolicyUpdateStruct();
// @todo XSD says that limitations field is mandatory, but
// it needs to be possible to remove limitations from policy
if (array_key_exists('limitations', $data)) {
if (!is_array($data['limitations'])) {
throw new Exceptions\Parser("Invalid format for 'limitations' in PolicyUpdate.");
}
if (!isset($data['limitations']['limitation']) || !is_array($data['limitations']['limitation'])) {
throw new Exceptions\Parser("Invalid format for 'limitations' in PolicyUpdate.");
}
foreach ($data['limitations']['limitation'] as $limitationData) {
$policyUpdate->addLimitation($this->parserTools->parseLimitation($limitationData));
}
}
return $policyUpdate;
}
public function processRemoveDraft(FormActionEvent $event)
{
/** @var \EzSystems\RepositoryForms\Data\Role\PolicyCreateData|\EzSystems\RepositoryForms\Data\Role\PolicyUpdateData $data */
$data = $event->getData();
if (!$data->isNew()) {
$this->roleService->removePolicyByRoleDraft($data->roleDraft, $data->policyDraft);
}
$this->roleService->deleteRoleDraft($data->roleDraft);
}
public function processRemoveDraft(FormActionEvent $event)
{
/** @var RoleDraft $roleDraft */
$roleDraft = $event->getData()->roleDraft;
// Redirect response will be different if we're dealing with an existing Role,
// or a newly created one which has been discarded.
try {
// This will throw a NotFoundException if a published version doesn't exist for this Role.
$this->roleService->loadRole($roleDraft->id);
$response = new FormProcessingDoneResponse($this->router->generate('admin_roleView', ['roleId' => $roleDraft->id]));
} catch (NotFoundException $e) {
// RoleDraft was newly created, but then discarded.
// Redirect to the role list view.
$response = new FormProcessingDoneResponse($this->router->generate('admin_roleList'));
}
$event->setResponse($response);
$this->notify('role.notification.draft_removed', [], 'role');
}
/**
* Deletes a role.
*
* @param Request $request
* @param int $roleId Role ID
*
* @return \Symfony\Component\HttpFoundation\Response
*/
public function deleteRoleAction(Request $request, $roleId)
{
$role = $this->roleService->loadRole($roleId);
$deleteForm = $this->createForm(new RoleDeleteType(), ['roleId' => $roleId]);
$deleteForm->handleRequest($request);
if ($deleteForm->isValid()) {
$this->roleService->deleteRole($role);
$this->notify('role.deleted', ['%roleIdentifier%' => $role->identifier], 'role');
} elseif ($deleteForm->isSubmitted()) {
$this->notifyError('role.error.delete', ['%roleIdentifier%' => $role->identifier], 'role');
}
return $this->redirectToRouteAfterFormPost('admin_roleList');
}
/**
* Deletes a role assignment.
*
* @param Request $request
* @param int $roleAssignmentId Role assignment ID
*
* @return \Symfony\Component\HttpFoundation\Response
*/
public function deleteRoleAssignmentAction(Request $request, $roleAssignmentId)
{
$roleAssignment = $this->roleService->loadRoleAssignment($roleAssignmentId);
$deleteForm = $this->createForm(new RoleAssignmentDeleteType(), ['assignmentId' => $roleAssignmentId]);
$deleteForm->handleRequest($request);
if ($deleteForm->isValid()) {
$this->roleService->removeRoleAssignment($roleAssignment);
$this->notify('role.assignment.deleted', [], 'role');
} elseif ($deleteForm->isSubmitted()) {
$this->notifyError('role.assignment.error.delete', [], 'role');
}
return $this->redirectToRouteAfterFormPost('admin_roleView', ['roleId' => $roleAssignment->role->id]);
}
/**
* Parse input structure
*
* @param array $data
* @param \eZ\Publish\Core\REST\Common\Input\ParsingDispatcher $parsingDispatcher
*
* @return \eZ\Publish\API\Repository\Values\User\PolicyCreateStruct
*/
public function parse(array $data, ParsingDispatcher $parsingDispatcher)
{
if (!array_key_exists('module', $data)) {
throw new Exceptions\Parser("Missing 'module' attribute for PolicyCreate.");
}
if (!array_key_exists('function', $data)) {
throw new Exceptions\Parser("Missing 'function' attribute for PolicyCreate.");
}
$policyCreate = $this->roleService->newPolicyCreateStruct($data['module'], $data['function']);
// @todo XSD says that limitations is mandatory,
// but polices can be created without limitations
if (array_key_exists('limitations', $data)) {
if (!is_array($data['limitations'])) {
throw new Exceptions\Parser("Invalid format for 'limitations' in PolicyCreate.");
}
if (!isset($data['limitations']['limitation']) || !is_array($data['limitations']['limitation'])) {
throw new Exceptions\Parser("Invalid format for 'limitations' in PolicyCreate.");
}
foreach ($data['limitations']['limitation'] as $limitationData) {
$policyCreate->addLimitation($this->parserTools->parseLimitation($limitationData));
}
}
return $policyCreate;
}
/**
* Loads a list of user groups assigned to role
*
* @return \eZ\Publish\Core\REST\Server\Values\RestUserGroup[]
*/
public function loadUserGroupsAssignedToRole()
{
$role = $this->roleService->loadRole($this->requestParser->parseHref($this->request->query->get('roleId'), 'roleId'));
$roleAssignments = $this->roleService->getRoleAssignments($role);
$restUserGroups = array();
foreach ($roleAssignments as $roleAssignment) {
if ($roleAssignment instanceof UserGroupRoleAssignment) {
$userGroup = $roleAssignment->getUserGroup();
$userGroupContentInfo = $userGroup->getVersionInfo()->getContentInfo();
$userGroupLocation = $this->locationService->loadLocation($userGroupContentInfo->mainLocationId);
$contentType = $this->contentTypeService->loadContentType($userGroupContentInfo->contentTypeId);
$restUserGroups[] = new Values\RestUserGroup($userGroup, $contentType, $userGroupContentInfo, $userGroupLocation, $this->contentService->loadRelations($userGroup->getVersionInfo()));
}
}
return $restUserGroups;
}
/**
* Lets you select a section which will be used as limitation when assigning the role.
*
* @param Request $request
* @param int $roleId Role ID
*
* @return \Symfony\Component\HttpFoundation\Response
*/
public function assignRoleBySectionLimitationAction(Request $request, $roleId)
{
return $this->render('eZPlatformUIBundle:Role:assign_role_by_section.html.twig', ['role' => $this->roleService->loadRole($roleId), 'sections' => $this->sectionService->loadSections(), 'can_assign' => $this->isGranted(new Attribute('role', 'assign'))]);
}
/**
* Search all policies which are applied to a given user
*
* @return \eZ\Publish\Core\REST\Server\Values\PolicyList
*/
public function listPoliciesForUser()
{
return new Values\PolicyList($this->roleService->loadPoliciesByUserId($this->request->query->get('userId')), $this->request->getPathInfo());
}
public function processRemoveDraft(FormActionEvent $event)
{
/** @var RoleDraft $roleDraft */
$roleDraft = $event->getData()->roleDraft;
$this->roleService->deleteRoleDraft($roleDraft);
}
/**
* Add new policies to the $role Role.
*
* @param \eZ\Publish\API\Repository\Values\User\Role $role
* @param \eZ\Publish\API\Repository\RoleService $roleService
* @param array $policy
*/
private function addPolicy(Role $role, RoleService $roleService, array $policy)
{
$policyCreateStruct = $roleService->newPolicyCreateStruct($policy['module'], $policy['function']);
if (array_key_exists('limitations', $policy)) {
foreach ($policy['limitations'] as $limitation) {
$limitationObject = $this->createLimitation($roleService, $limitation);
$policyCreateStruct->addLimitation($limitationObject);
}
}
$roleService->addPolicy($role, $policyCreateStruct);
}
/**
* Returns the LimitationType's assigned to a given module/function.
*
* Typically used for:
* - Internal validation limitation value use on Policies
* - Role admin gui for editing policy limitations incl list limitation options via valueSchema()
*
* @param string $module Legacy name of "controller", it's a unique identifier like "content"
* @param string $function Legacy name of a controller "action", it's a unique within the controller like "read"
*
* @return \eZ\Publish\SPI\Limitation\Type[]
*
* @throws \eZ\Publish\API\Repository\Exceptions\BadStateException If module/function to limitation type mapping
* refers to a non existing identifier.
*/
public function getLimitationTypesByModuleFunction($module, $function)
{
return $this->service->getLimitationTypesByModuleFunction($module, $function);
}
public function processRemoveDraft(FormActionEvent $event)
{
$this->roleService->deleteRoleDraft($this->getRoleDraft($event));
}
