/**
* @ApiDoc(
* section="ACL Management",
* description="Saves the given rules"
* )
*
* @Rest\RequestParam(name="targetId", requirements=".+", strict=true, description="Target id")
* @Rest\RequestParam(name="targetType", requirements=".+", strict=true, description="Target type")
* @Rest\RequestParam(name="rules", strict=false, description="ACL rules array")
*
* @Rest\Post("/user/acl")
*
* @param int $targetId
* @param int $targetType
* @param array $rules
*
* @return bool
*/
public function saveAcl($targetId, $targetType, $rules = null)
{
$targetId += 0;
$targetType += 0;
AclQuery::create()->filterByTargetId($targetId)->filterByTargetType($targetType)->delete();
if (0 < count($rules)) {
$i = 1;
if (is_array($rules)) {
foreach ($rules as $rule) {
$ruleObject = new Acl();
$ruleObject->setPrio($i);
$ruleObject->setTargetType($targetType);
$ruleObject->setTargetId($targetId);
$ruleObject->setTargetId($targetId);
$ruleObject->setObject(Objects::normalizeObjectKey(@$rule['object']));
$ruleObject->setSub(filter_var(@$rule['sub'], FILTER_VALIDATE_BOOLEAN));
$ruleObject->setAccess(filter_var(@$rule['access'], FILTER_VALIDATE_BOOLEAN));
$ruleObject->setFields(@$rule['fields']);
$ruleObject->setConstraintType(@$rule['constraintType']);
$ruleObject->setConstraintCode(@$rule['constraintCode']);
$ruleObject->setMode(@$rule['mode'] + 0);
$ruleObject->save();
$i++;
}
}
}
$this->cacher->invalidateCache('core/acl');
return true;
}
public function setObject($mode, $objectKey, $constraintType, $constraintCode, $withSub = false, $targetType, $targetId, $access, $fields = null)
{
$objectKey = Objects::normalizeObjectKey($objectKey);
$acl = new AclObject();
$acl->setMode($mode);
$acl->setTargetType($targetType);
$acl->setTargetId($targetId);
$acl->setSub($withSub);
$acl->setAccess($access);
if ($fields) {
$acl->setFields(json_encode($fields));
}
$acl->setObject($objectKey);
$acl->setConstraintCode(is_array($constraintCode) ? json_encode($constraintCode) : $constraintCode);
$acl->setConstraintType($constraintType);
$query = new \Jarves\Model\AclQuery();
$query->select('Prio');
$query->filterByObject($objectKey);
$query->filterByMode($mode);
$query->orderByPrio(Criteria::DESC);
$highestPrio = (int) $query->findOne();
$acl->setPrio($highestPrio + 1);
$this->cache[$objectKey . '_' . $mode] = null;
$acl->save();
return $acl;
}
public function testRuleCustom()
{
ItemCategoryQuery::create()->deleteAll();
ItemQuery::create()->deleteAll();
TestQuery::create()->deleteAll();
$this->getACL()->setCaching(true);
$this->getACL()->removeObjectRules('test/item');
$user = new User();
$user->setUsername('testuser');
$user->save();
$item1 = new Item();
$item1->setTitle('Item 1');
$item1->save();
$item2 = new Item();
$item2->setTitle('Item test');
$item2->save();
$rule = new Acl();
$rule->setAccess(true);
$rule->setObject('test/item');
$rule->setTargetType(\Jarves\ACL::TARGET_TYPE_USER);
$rule->setTargetId($user->getId());
$rule->setMode(\Jarves\ACL::MODE_ALL);
$rule->setConstraintType(\Jarves\ACL::CONSTRAINT_ALL);
$rule->setPrio(2);
$rule->save();
$rule = new Acl();
$rule->setAccess(false);
$rule->setObject('test/item');
$rule->setTargetType(\Jarves\ACL::TARGET_TYPE_USER);
$rule->setTargetId($user->getId());
$rule->setMode(\Jarves\ACL::MODE_ALL);
$rule->setConstraintType(\Jarves\ACL::CONSTRAINT_CONDITION);
$rule->setConstraintCode(json_encode([['title', 'LIKE', '%test']]));
$rule->setPrio(3);
$rule->save();
$item1ListingRequest = ACLRequest::create('test/item', $item1->getId())->onlyListingMode()->targetUser($user->getId());
$item2ListingRequest = ACLRequest::create('test/item', $item2->getId())->onlyListingMode()->targetUser($user->getId());
$access1 = $this->getACL()->check($item1ListingRequest);
$access2 = $this->getACL()->check($item2ListingRequest);
$this->assertTrue($access1, 'item1 has access as the second rule doesnt grab and first rule says all access=true');
$this->assertFalse($access2, 'no access to item2 as we have defined access=false in second rule.');
$user->delete();
$this->getACL()->setCaching(true);
$this->getACL()->removeObjectRules('test/item');
}