The closure sandbox will do a catch all on exceptions and rethrow after
re-setting the sudo flag.
Example use:
$location = $repository->sudo(
function ( Repository $repo ) use ( $locationId )
{
return $repo->getLocationService()->loadLocation( $locationId )
}
);
public function updateUserContext(UserContext $context)
{
$user = $this->repository->getCurrentUser();
/** @var \eZ\Publish\API\Repository\Values\User\RoleAssignment[] $roleAssignments */
$roleAssignments = $this->repository->sudo(function (Repository $repository) use($user) {
return $repository->getRoleService()->getRoleAssignmentsForUser($user, true);
});
$roleIds = array();
$limitationValues = array();
/** @var UserRoleAssignment $roleAssignment */
foreach ($roleAssignments as $roleAssignment) {
$roleId = $roleAssignment->getRole()->id;
$roleIds[] = $roleId;
$limitation = $roleAssignment->getRoleLimitation();
// If a limitation is present, store the limitation values by roleId
if ($limitation !== null) {
$limitationValuesKey = sprintf('%s-%s', $roleId, $limitation->getIdentifier());
$limitationValues[$limitationValuesKey] = array();
foreach ($limitation->limitationValues as $value) {
$limitationValues[$limitationValuesKey][] = $value;
}
}
}
$context->addParameter('roleIdList', $roleIds);
$context->addParameter('roleLimitationList', $limitationValues);
}
public function setIdentity(Identity $identity)
{
$user = $this->repository->getCurrentUser();
$roleAssignments = $this->repository->sudo(function ($repository) use($user) {
return $repository->getRoleService()->getRoleAssignmentsForUser($user, true);
});
$roleIds = array();
$limitationValues = array();
/** @var UserRoleAssignment $roleAssignment */
foreach ($roleAssignments as $roleAssignment) {
$roleIds[] = $roleAssignment->role->id;
// If a limitation is present, store the limitation values by roleId
if ($roleAssignment->limitation !== null) {
$limitationValuesKey = "{$roleAssignment->role->id}-" . $roleAssignment->limitation->getIdentifier();
$limitationValues[$limitationValuesKey] = array();
foreach ($roleAssignment->limitation->limitationValues as $value) {
$limitationValues[$limitationValuesKey][] = $value;
}
}
}
$identity->setInformation('roleIdList', implode('|', $roleIds));
// Flatten each limitation values to a string and then store it as Identity information
$limitationValuesFlattened = array();
foreach ($limitationValues as $roleId => $limitationArray) {
$limitationValuesFlattened[] = "{$roleId}:" . implode('|', $limitationArray);
}
$identity->setInformation('roleLimitationList', implode(',', $limitationValuesFlattened));
}
public function loadLocation(ContentInfo $contentInfo)
{
if (is_null($contentInfo->mainLocationId)) {
throw new NotFoundException('main location of content', $contentInfo->id);
}
try {
return $this->repository->sudo(function (Repository $repository) use($contentInfo) {
return $repository->getLocationService()->loadLocation($contentInfo->mainLocationId);
});
} catch (Exception $e) {
throw new NotFoundException('main location of content', $contentInfo->id);
}
}
public function userIsSubscriber(User $user)
{
$roleService = $this->repository->getRoleService();
return $this->repository->sudo(function (Repository $repository) use($user, $roleService) {
foreach ($repository->getUserService()->loadUserGroupsOfUser($user) as $group) {
foreach ($roleService->getRoleAssignmentsForUserGroup($group) as $role) {
if ($this->isSubscriberRole($role->role)) {
return true;
}
}
}
return false;
});
}
/**
* Loads a location by its locationId, regardless to user limitations since the router is invoked BEFORE security (no user authenticated yet).
* Not to be used for link generation.
*
* @param int $locationId
*
* @return \eZ\Publish\Core\Repository\Values\Content\Location
*/
public function loadLocation($locationId)
{
return $this->repository->sudo(function (Repository $repository) use($locationId) {
/* @var $repository \eZ\Publish\Core\Repository\Repository */
return $repository->getLocationService()->loadLocation($locationId);
});
}
public function onContentCacheClear(ContentCacheClearEvent $event)
{
$contentInfo = $event->getContentInfo();
$versionInfo = $this->contentService->loadVersionInfo($contentInfo);
foreach ($this->contentService->loadRelations($versionInfo) as $relation) {
foreach ($this->locationService->loadLocations($relation->getDestinationContentInfo()) as $relatedLocation) {
$event->addLocationToClear($relatedLocation);
}
}
// Using sudo since loading reverse relations is conditioned to content/reverserelatedlist permission and we don't need this check here.
/** @var \eZ\Publish\API\Repository\Values\Content\Relation[] $reverseRelations */
$reverseRelations = $this->repository->sudo(function () use($contentInfo) {
return $this->contentService->loadReverseRelations($contentInfo);
});
foreach ($reverseRelations as $reverseRelation) {
foreach ($this->locationService->loadLocations($reverseRelation->getSourceContentInfo()) as $relatedLocation) {
$event->addLocationToClear($relatedLocation);
}
}
}
/**
* Checks embed permissions for the given Location $id and returns the Location.
*
* @throws \Symfony\Component\Security\Core\Exception\AccessDeniedException
*
* @param int|string $id
*
* @return \eZ\Publish\API\Repository\Values\Content\Location
*/
protected function checkLocation($id)
{
/** @var \eZ\Publish\API\Repository\Values\Content\Location $location */
$location = $this->repository->sudo(function (Repository $repository) use($id) {
return $repository->getLocationService()->loadLocation($id);
});
// Check both 'content/read' and 'content/view_embed'.
if (!$this->authorizationChecker->isGranted(new AuthorizationAttribute('content', 'read', array('valueObject' => $location->contentInfo, 'targets' => $location))) && !$this->authorizationChecker->isGranted(new AuthorizationAttribute('content', 'view_embed', array('valueObject' => $location->contentInfo, 'targets' => $location)))) {
throw new AccessDeniedException();
}
return $location;
}
