/**
* @param string $group
* @return int
*/
protected function checkAclGroup($group)
{
if ($group === null || !$this->groupProvider || !$this->object) {
return self::ACCESS_ABSTAIN;
}
return $group === $this->groupProvider->getGroup() ? self::ACCESS_ABSTAIN : self::ACCESS_DENIED;
}
/**
* Get data for query acl access level check
* Return empty array if entity has full access, null if user does't have access to the entity
* and array with entity field and field values which user have access.
*
* @param $entityClassName
* @param $permissions
*
* @return null|array
*/
public function getAclConditionData($entityClassName, $permissions = 'VIEW')
{
if ($this->aclVoter === null || !$this->getUserId() || !$this->entityMetadataProvider->isProtectedEntity($entityClassName)) {
// return full access to the entity
return [];
}
$observer = new OneShotIsGrantedObserver();
$this->aclVoter->addOneShotIsGrantedObserver($observer);
$groupedEntityClassName = $entityClassName;
if ($this->aclGroupProvider) {
$group = $this->aclGroupProvider->getGroup();
if ($group) {
$groupedEntityClassName = sprintf('%s@%s', $this->aclGroupProvider->getGroup(), $entityClassName);
}
}
$isGranted = $this->getSecurityContext()->isGranted($permissions, new ObjectIdentity('entity', $groupedEntityClassName));
if ($isGranted) {
$condition = $this->buildConstraintIfAccessIsGranted($entityClassName, $observer->getAccessLevel(), $this->metadataProvider->getMetadata($entityClassName));
} else {
$condition = $this->getAccessDeniedCondition();
}
return $condition;
}
