public function testFindByAclIdentityOnlyClassEntries()
{
$this->assertEquals(1, EntryQuery::create()->count($this->con));
EntryQuery::create()->findOne($this->con)->setObjectIdentity(null)->save($this->con);
$entries = EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(1), array(), $this->con);
$this->assertCount(1, $entries);
}
/**
* @depends testCreateAcl
*/
public function testUpdatePersistsAuditing()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->find($this->con);
$this->assertCount(1, $entries);
// default values
$this->assertFalse($entries[0]->getAuditSuccess());
$this->assertTrue($entries[0]->getAuditFailure());
$acl->updateObjectAuditing(0, true, true);
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->find($this->con);
$this->assertCount(1, $entries);
$this->assertTrue($entries[0]->getAuditSuccess());
$this->assertTrue($entries[0]->getAuditFailure());
$acl->updateObjectAuditing(0, false, true);
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->find($this->con);
$this->assertCount(1, $entries);
$this->assertFalse($entries[0]->getAuditSuccess());
$this->assertTrue($entries[0]->getAuditFailure());
$acl->updateObjectAuditing(0, true, false);
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->find($this->con);
$this->assertCount(1, $entries);
$this->assertTrue($entries[0]->getAuditSuccess());
$this->assertFalse($entries[0]->getAuditFailure());
$acl->updateObjectAuditing(0, false, false);
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->find($this->con);
$this->assertCount(1, $entries);
$this->assertFalse($entries[0]->getAuditSuccess());
$this->assertFalse($entries[0]->getAuditFailure());
}
/**
* Retrieve the persisted model for the given ACE.
*
* If none is given, null is returned.
*
* @param \Symfony\Component\Security\Acl\Model\EntryInterface $ace
*
* @return \Propel\Bundle\PropelBundle\Model\Acl\Entry|null
*/
protected function getPersistedAce(EntryInterface $ace, ObjectIdentity $objectIdentity, $object = false)
{
if (null !== $ace->getId() and null !== ($entry = EntryQuery::create()->findPk($ace->getId(), $this->connection))) {
$entry->reload(true, $this->connection);
return $entry;
}
/*
* The id is not set, but there may be an ACE in the database.
*
* This happens if the ACL has created new ACEs, but was not reloaded.
* We try to retrieve one by the unique key.
*/
$ukQuery = EntryQuery::create()->filterByAclClass($objectIdentity->getAclClass($this->connection))->filterBySecurityIdentity(SecurityIdentity::fromAclIdentity($ace->getSecurityIdentity(), $this->connection));
if (true === $object) {
$ukQuery->filterByObjectIdentity($objectIdentity);
} else {
$ukQuery->filterByObjectIdentityId(null, Criteria::ISNULL);
}
if ($ace instanceof FieldEntryInterface) {
$ukQuery->filterByFieldName($ace->getField());
} else {
$ukQuery->filterByFieldName(null, Criteria::ISNULL);
}
return $ukQuery->findOne($this->connection);
}
/**
* @depends testDeleteAcl
*/
public function testDeleteAclRemovesClassEntriesIfLastObject()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertClassAce($this->getRoleSecurityIdentity(), 128);
$this->getAclProvider()->updateAcl($acl);
$this->getAclProvider()->deleteAcl($this->getAclObjectIdentity(1));
$this->assertEquals(0, EntryQuery::create()->count($this->con));
}
/**
* @depends testFindAclWithEntries
*/
public function testFindAclReadsFromCache()
{
$this->cache = new AclCache();
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))->setAclClass($obj->getAclClass())->setMask(64);
$obj->addEntry($entry)->save($this->con);
// Read and put into cache
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')));
$this->cache->content[1] = $acl;
// Change database
EntryQuery::create()->update(array(EntryTableMap::translateFieldName(EntryTableMap::COL_MASK, TableMap::TYPE_COLNAME, TableMap::TYPE_PHPNAME) => 128), $this->con);
$this->assertEquals(0, EntryQuery::create()->filterByMask(64)->count($this->con));
// Verify cache has been read
$cachedAcl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')));
$cachedObjectAces = $cachedAcl->getObjectAces();
$this->assertSame($acl, $cachedAcl);
$this->assertEquals(64, $cachedObjectAces[0]->getMask());
}
/**
* Returns the ACL that belongs to the given object identity
*
* @throws \Symfony\Component\Security\Acl\Exception\AclNotFoundException
*
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
* @param array $securityIdentities
*
* @return \Symfony\Component\Security\Acl\Model\AclInterface
*/
public function findAcl(ObjectIdentityInterface $objectIdentity, array $securityIdentities = array())
{
$modelObj = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($objectIdentity, $this->connection);
if (null !== $this->cache and null !== $modelObj) {
$cachedAcl = $this->cache->getFromCacheById($modelObj->getId());
if ($cachedAcl instanceof AclInterface) {
return $cachedAcl;
}
}
$collection = EntryQuery::create()->findByAclIdentity($objectIdentity, $securityIdentities, $this->connection);
if (0 === count($collection)) {
if (empty($securityIdentities)) {
$errorMessage = 'There is no ACL available for this object identity. Please create one using the MutableAclProvider.';
} else {
$errorMessage = 'There is at least no ACL for this object identity and the given security identities. Try retrieving the ACL without security identity filter and add ACEs for the security identities.';
}
throw new AclNotFoundException($errorMessage);
}
$loadedSecurityIdentities = array();
foreach ($collection as $eachEntry) {
if (!isset($loadedSecurityIdentities[$eachEntry->getSecurityIdentity()->getId()])) {
$loadedSecurityIdentities[$eachEntry->getSecurityIdentity()->getId()] = SecurityIdentity::toAclIdentity($eachEntry->getSecurityIdentity());
}
}
$parentAcl = null;
$entriesInherited = true;
if (null !== $modelObj) {
$entriesInherited = $modelObj->getEntriesInheriting();
if (null !== $modelObj->getParentObjectIdentityId()) {
$parentObj = $modelObj->getObjectIdentityRelatedByParentObjectIdentityId($this->connection);
try {
$parentAcl = $this->findAcl(new ObjectIdentity($parentObj->getIdentifier(), $parentObj->getAclClass($this->connection)->getType()));
} catch (AclNotFoundException $e) {
/*
* This happens e.g. if the parent ACL is created, but does not contain any ACE by now.
* The ACEs may be applied later on.
*/
}
}
}
return $this->getAcl($collection, $objectIdentity, $loadedSecurityIdentities, $parentAcl, $entriesInherited);
}
