/**
* @param AbstractRole $role
*/
protected function processPrivileges(AbstractRole $role)
{
$decodedPrivileges = json_decode($this->form->get('privileges')->getData(), true);
$formPrivileges = [];
foreach ($this->privilegeConfig as $fieldName => $config) {
$privilegesArray = $decodedPrivileges[$fieldName];
$privileges = [];
foreach ($privilegesArray as $privilege) {
$aclPrivilege = new AclPrivilege();
foreach ($privilege['permissions'] as $name => $permission) {
$aclPrivilege->addPermission(new AclPermission($permission['name'], $permission['accessLevel']));
}
$aclPrivilegeIdentity = new AclPrivilegeIdentity($privilege['identity']['id'], $privilege['identity']['name']);
$aclPrivilege->setIdentity($aclPrivilegeIdentity);
$privileges[] = $aclPrivilege;
}
if ($config['fix_values']) {
$this->fxPrivilegeValue($privileges, $config['default_value']);
}
$formPrivileges = array_merge($formPrivileges, $privileges);
}
array_walk($formPrivileges, function (AclPrivilege $privilege) {
$privilege->setGroup($this->getAclGroup());
});
$this->privilegeRepository->savePrivileges($this->aclManager->getSid($role), new ArrayCollection($formPrivileges));
$this->aclCache->clearCache();
}
/**
* @param Role $role
*/
protected function processPrivileges(Role $role)
{
$formPrivileges = array();
foreach ($this->privilegeConfig as $fieldName => $config) {
$privileges = $this->form->get($fieldName)->getData();
if ($config['fix_values']) {
$this->fxPrivilegeValue($privileges, $config['default_value']);
}
$formPrivileges = array_merge($formPrivileges, $privileges);
}
$this->privilegeRepository->savePrivileges($this->aclManager->getSid($role), new ArrayCollection($formPrivileges));
}
public function testProcessPrivileges()
{
$request = new Request();
$request->setMethod('POST');
$role = new AccountUserRole('TEST');
$roleSecurityIdentity = new RoleSecurityIdentity($role);
$appendForm = $this->getMock('Symfony\\Component\\Form\\FormInterface');
$appendForm->expects($this->once())->method('getData')->willReturn([]);
$removeForm = $this->getMock('Symfony\\Component\\Form\\FormInterface');
$removeForm->expects($this->once())->method('getData')->willReturn([]);
$firstEntityPrivilege = $this->createPrivilege('entity', 'entity:FirstClass', 'VIEW');
$secondEntityPrivilege = $this->createPrivilege('entity', 'entity:SecondClass', 'VIEW');
$entityForm = $this->getMock('Symfony\\Component\\Form\\FormInterface');
$entityForm->expects($this->once())->method('getData')->willReturn([$firstEntityPrivilege, $secondEntityPrivilege]);
$actionPrivilege = $this->createPrivilege('action', 'action', 'random_action');
$actionForm = $this->getMock('Symfony\\Component\\Form\\FormInterface');
$actionForm->expects($this->once())->method('getData')->willReturn([$actionPrivilege]);
$form = $this->getMock('Symfony\\Component\\Form\\FormInterface');
$form->expects($this->once())->method('submit')->with($request);
$form->expects($this->once())->method('isValid')->willReturn(true);
$form->expects($this->any())->method('get')->willReturnMap([['appendUsers', $appendForm], ['removeUsers', $removeForm], ['entity', $entityForm], ['action', $actionForm]]);
$this->formFactory->expects($this->once())->method('create')->willReturn($form);
$objectManager = $this->getMock('Doctrine\\Common\\Persistence\\ObjectManager');
$this->managerRegistry->expects($this->any())->method('getManagerForClass')->with(get_class($role))->willReturn($objectManager);
$expectedFirstEntityPrivilege = $this->createPrivilege('entity', 'entity:FirstClass', 'VIEW');
$expectedFirstEntityPrivilege->setGroup(AccountUser::SECURITY_GROUP);
$expectedSecondEntityPrivilege = $this->createPrivilege('entity', 'entity:SecondClass', 'VIEW');
$expectedSecondEntityPrivilege->setGroup(AccountUser::SECURITY_GROUP);
$expectedActionPrivilege = $this->createPrivilege('action', 'action', 'random_action');
$expectedActionPrivilege->setGroup(AccountUser::SECURITY_GROUP);
$this->privilegeRepository->expects($this->once())->method('savePrivileges')->with($roleSecurityIdentity, new ArrayCollection([$expectedFirstEntityPrivilege, $expectedSecondEntityPrivilege, $expectedActionPrivilege]));
$this->aclManager->expects($this->any())->method('getSid')->with($role)->willReturn($roleSecurityIdentity);
$this->chainMetadataProvider->expects($this->once())->method('startProviderEmulation')->with(FrontendOwnershipMetadataProvider::ALIAS);
$this->chainMetadataProvider->expects($this->once())->method('stopProviderEmulation');
$handler = new AccountUserRoleHandler($this->formFactory, $this->privilegeConfig);
$handler->setManagerRegistry($this->managerRegistry);
$handler->setAclPrivilegeRepository($this->privilegeRepository);
$handler->setAclManager($this->aclManager);
$handler->setChainMetadataProvider($this->chainMetadataProvider);
$handler->setRequest($request);
$handler->createForm($role);
$handler->process($role);
}
public function testSavePrivilegesForExistingRole()
{
$extensionKey = 'test';
$rootOid = new ObjectIdentity($extensionKey, ObjectIdentityFactory::ROOT_IDENTITY_TYPE);
$class3Ace = $this->getAce(self::getMask(array('VIEW_BASIC', 'CREATE_BASIC')));
$privileges = new ArrayCollection();
$privileges[] = self::getPrivilege('test:(root)', array('VIEW' => AccessLevel::SYSTEM_LEVEL, 'CREATE' => AccessLevel::BASIC_LEVEL, 'EDIT' => AccessLevel::NONE_LEVEL));
$privileges[] = self::getPrivilege('test:Acme\\Class1', array('VIEW' => AccessLevel::SYSTEM_LEVEL, 'CREATE' => AccessLevel::BASIC_LEVEL, 'EDIT' => AccessLevel::NONE_LEVEL));
$privileges[] = self::getPrivilege('test:Acme\\Class2', array('VIEW' => AccessLevel::SYSTEM_LEVEL, 'CREATE' => AccessLevel::SYSTEM_LEVEL, 'EDIT' => AccessLevel::NONE_LEVEL));
$privileges[] = self::getPrivilege('test:Acme\\Class3', array('VIEW' => AccessLevel::SYSTEM_LEVEL, 'CREATE' => AccessLevel::BASIC_LEVEL, 'EDIT' => AccessLevel::NONE_LEVEL));
$sid = $this->getMock('Symfony\\Component\\Security\\Acl\\Model\\SecurityIdentityInterface');
$this->initSavePrivileges($extensionKey, $rootOid);
$this->setExpectationsForGetAces(array('test:Acme\\Class3' => array($class3Ace)));
$this->setExpectationsForSetPermission($sid, array('test:(root)' => array('VIEW_SYSTEM', 'CREATE_BASIC'), 'test:Acme\\Class2' => array('VIEW_SYSTEM', 'CREATE_SYSTEM')));
$this->setExpectationsForDeletePermission($sid, array('test:Acme\\Class3' => array('VIEW_BASIC', 'CREATE_BASIC')));
$this->repository->savePrivileges($sid, $privileges);
$this->validateExpectationsForGetAces();
$this->validateExpectationsForSetPermission();
$this->validateExpectationsForDeletePermission();
}
