/**
* Updates ACL
*
* @param \Sonata\AdminBundle\Util\AdminObjectAclData $data
*/
public function updateAcl(AdminObjectAclData $data)
{
foreach ($data->getAclUsers() as $aclUser) {
$securityIdentity = UserSecurityIdentity::fromAccount($aclUser);
$maskBuilder = new $this->maskBuilderClass();
foreach ($data->getUserPermissions() as $permission) {
if ($data->getForm()->get($aclUser->getId() . $permission)->getData()) {
$maskBuilder->add($permission);
}
}
$masks = $data->getMasks();
$acl = $data->getAcl();
// Restore OWNER and MASTER permissions
/*if (!$data->isOwner()) {
foreach ($data->getOwnerPermissions() as $permission) {
if ($acl->isGranted(array($masks[$permission]), array($securityIdentity))) {
$maskBuilder->add($permission);
}
}
}*/
$mask = $maskBuilder->get();
$index = null;
$ace = null;
foreach ($acl->getObjectAces() as $currentIndex => $currentAce) {
if ($currentAce->getSecurityIdentity()->equals($securityIdentity)) {
$index = $currentIndex;
$ace = $currentAce;
break;
}
}
if ($ace) {
$acl->updateObjectAce($index, $mask);
} else {
$acl->insertObjectAce($securityIdentity, $mask);
}
}
$data->getSecurityHandler()->updateAcl($acl);
}
/**
* Builds the form.
*
* @param \Sonata\AdminBundle\Util\AdminObjectAclData $data
* @param \Symfony\Component\Form\FormBuilderInterface $formBuilder
* @param \Traversable $aclValues
*
* @return \Symfony\Component\Form\Form
*/
protected function buildForm(AdminObjectAclData $data, FormBuilderInterface $formBuilder, \Traversable $aclValues)
{
// Retrieve object identity
$objectIdentity = ObjectIdentity::fromDomainObject($data->getObject());
$acl = $data->getSecurityHandler()->getObjectAcl($objectIdentity);
if (!$acl) {
$acl = $data->getSecurityHandler()->createAcl($objectIdentity);
}
$data->setAcl($acl);
$masks = $data->getMasks();
$securityInformation = $data->getSecurityInformation();
foreach ($aclValues as $key => $aclValue) {
$securityIdentity = $this->getSecurityIdentity($aclValue);
$permissions = array();
foreach ($data->getUserPermissions() as $permission) {
try {
$checked = $acl->isGranted(array($masks[$permission]), array($securityIdentity));
} catch (NoAceFoundException $e) {
$checked = false;
}
$attr = array();
if (self::ACL_ROLES_FORM_NAME === $formBuilder->getName() && isset($securityInformation[$aclValue]) && array_search($permission, $securityInformation[$aclValue]) !== false) {
$attr['disabled'] = 'disabled';
}
$permissions[$permission] = array('required' => false, 'data' => $checked, 'disabled' => array_key_exists('disabled', $attr), 'attr' => $attr);
}
$formBuilder->add($key, new AclMatrixType(), array('permissions' => $permissions, 'acl_value' => $aclValue));
}
return $formBuilder->getForm();
}