Example #1
0
 /**
  * {@inheritDoc}
  */
 public function getSecurityIdentities(TokenInterface $token)
 {
     $sids = array();
     // add user security identity
     if (!$token instanceof AnonymousToken) {
         try {
             $sids[] = UserSecurityIdentity::fromToken($token);
         } catch (\InvalidArgumentException $invalid) {
             // ignore, user has no user security identity
         }
     }
     // add all reachable roles
     foreach ($this->roleHierarchy->getReachableRoles($token->getRoles()) as $role) {
         $sids[] = new RoleSecurityIdentity($role);
     }
     // add built-in special roles
     if ($this->authenticationTrustResolver->isFullFledged($token)) {
         $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_FULLY);
         $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED);
         $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY);
     } else {
         if ($this->authenticationTrustResolver->isRememberMe($token)) {
             $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED);
             $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY);
         } else {
             if ($this->authenticationTrustResolver->isAnonymous($token)) {
                 $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY);
             }
         }
     }
     return $sids;
 }
Example #2
0
 /**
  * Muestra el formulario para crear una nueva oferta y se encarga del
  * procesamiento de la información recibida y la creación de las nuevas
  * entidades de tipo Oferta
  */
 public function ofertaNuevaAction()
 {
     $peticion = $this->getRequest();
     $oferta = new Oferta();
     $formulario = $this->createForm(new OfertaType(), $oferta);
     if ($peticion->getMethod() == 'POST') {
         $formulario->bindRequest($peticion);
         if ($formulario->isValid()) {
             // Completar las propiedades de la oferta que una tienda no puede establecer
             $tienda = $this->get('security.context')->getToken()->getUser();
             $oferta->setCompras(0);
             $oferta->setRevisada(false);
             $oferta->setTienda($tienda);
             $oferta->setCiudad($tienda->getCiudad());
             // Copiar la foto subida y guardar la ruta
             $oferta->subirFoto($this->container->getParameter('cupon.directorio.imagenes'));
             $em = $this->getDoctrine()->getEntityManager();
             $em->persist($oferta);
             $em->flush();
             // Asignar el permiso necesario para que la tienda pueda modificar esta oferta
             $idObjeto = ObjectIdentity::fromDomainObject($oferta);
             $idUsuario = UserSecurityIdentity::fromAccount($tienda);
             $acl = $this->get('security.acl.provider')->createAcl($idObjeto);
             $acl->insertObjectAce($idUsuario, MaskBuilder::MASK_OPERATOR);
             $this->get('security.acl.provider')->updateAcl($acl);
             return $this->redirect($this->generateUrl('extranet_portada'));
         }
     }
     return $this->render('TiendaBundle:Extranet:formulario.html.twig', array('accion' => 'crear', 'formulario' => $formulario->createView()));
 }
Example #3
0
 /**
  * {@inheritDoc}
  */
 public function getSecurityIdentities(TokenInterface $token)
 {
     $sids = array();
     // add user security identity
     $user = $token->getUser();
     if ($user instanceof AccountInterface) {
         $sids[] = UserSecurityIdentity::fromAccount($user);
     }
     // add all reachable roles
     foreach ($this->roleHierarchy->getReachableRoles($token->getRoles()) as $role) {
         $sids[] = new RoleSecurityIdentity($role);
     }
     // add built-in special roles
     if ($this->authenticationTrustResolver->isFullFledged($token)) {
         $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_FULLY);
         $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED);
         $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY);
     } else {
         if ($this->authenticationTrustResolver->isRememberMe($token)) {
             $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED);
             $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY);
         } else {
             if ($this->authenticationTrustResolver->isAnonymous($token)) {
                 $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY);
             }
         }
     }
     return $sids;
 }
Example #4
0
 /**
  * New category page
  * @return \Symfony\Component\HttpFoundation\Response
  */
 public function newAction(Request $request)
 {
     $category = new Category();
     $user = $this->getUser();
     $category->setJeweler($user);
     //j'associe mon jeweler 1 à mon produit
     // je crée un formulaire de produit
     $form = $this->createForm(new CategoryType($user), $category, array('validation_groups' => 'new', 'attr' => array('method' => 'post', 'novalidate' => 'novalidate', 'action' => $this->generateUrl('store_backend_category_new'))));
     $form->handleRequest($request);
     if ($form->isValid()) {
         $em = $this->getDoctrine()->getManager();
         //je récupère le manager de Doctrine
         // j'upload mon fichier en faisant appel a la methode upload()
         $category->upload();
         $em->persist($category);
         //j'enregistre mon objet product dans doctrine
         $em->flush();
         //j'envoie ma requete d'insert à ma table product
         // création de l'ACL
         $aclProvider = $this->get('security.acl.provider');
         $objectIdentity = ObjectIdentity::fromDomainObject($category);
         $acl = $aclProvider->createAcl($objectIdentity);
         // retrouve l'identifiant de sécurité de l'utilisateur actuellement connecté
         $tokenStorage = $this->get('security.token_storage');
         $user = $tokenStorage->getToken()->getUser();
         $securityIdentity = UserSecurityIdentity::fromAccount($user);
         // donne accès au propriétaire
         $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
         $aclProvider->updateAcl($acl);
         $this->get('session')->getFlashBag()->add('success', 'Votre catégorie a bien été crée');
         return $this->redirectToRoute('store_backend_category_list');
         //redirection selon la route
     }
     return $this->render('StoreBackendBundle:Category:new.html.twig', array('form' => $form->createView()));
 }
Example #5
0
 /**
  * Creates a new Url entity.
  *
  */
 public function createAction(Request $request)
 {
     $entity = new Url();
     $form = $this->createCreateForm($entity);
     $form->handleRequest($request);
     //        sets the author field to session username
     $entity->setAuthor($this->get('security.token_storage')->getToken()->getUser());
     if ($form->isValid()) {
         $em = $this->getDoctrine()->getManager();
         $em->persist($entity);
         $em->flush();
         //check logged in user for acl creation
         if ($this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
             // creating the ACL
             $aclProvider = $this->get('security.acl.provider');
             $objectIdentity = ObjectIdentity::fromDomainObject($entity);
             $acl = $aclProvider->createAcl($objectIdentity);
             // retrieving the security identity of the currently logged-in user
             $tokenStorage = $this->get('security.token_storage');
             $user = $tokenStorage->getToken()->getUser();
             $securityIdentity = UserSecurityIdentity::fromAccount($user);
             // grant owner access
             $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
             $aclProvider->updateAcl($acl);
         }
         return $this->redirect($this->generateUrl('url_show', array('id' => $entity->getId())));
     }
     return $this->render('SurlUrlBundle:Url:new.html.twig', array('entity' => $entity, 'form' => $form->createView()));
 }
Example #6
0
 /**
  * @Route("/create", name="freedom_objective_dashboard_create", options={"expose"=true})
  * @Template()
  */
 public function createAction()
 {
     $objective = new Objective();
     $form = $this->createForm(new ObjectiveCreateType(), $objective);
     $request = $this->get('request');
     if ($request->getMethod() == 'POST') {
         $form->handleRequest($request);
         if ($form->isValid()) {
             $objective->setUser($this->getUser());
             $objective->setNbsteps(count($objective->getSteps()));
             foreach ($objective->getSteps() as $key => $value) {
                 $value->setObjective($objective);
                 $objective->addStep($value);
             }
             $em = $this->getDoctrine()->getManager();
             $em->persist($objective);
             $em->flush();
             //ACL
             $aclProvider = $this->get('security.acl.provider');
             $objectIdentity = ObjectIdentity::fromDomainObject($objective);
             $acl = $aclProvider->createAcl($objectIdentity);
             $securityContext = $this->get('security.context');
             $user = $securityContext->getToken()->getUser();
             $securityIdentity = UserSecurityIdentity::fromAccount($user);
             $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
             $aclProvider->updateAcl($acl);
             return $this->redirect($this->generateUrl('freedom_objective_dashboard_details', array('id' => $objective->getId())));
         }
     }
     return array('form' => $form->createView());
 }
Example #7
0
 /**
  * @param ResourceInterface $resource
  * @param bool $andFlush
  * @param UserInterface $creator
  * @return ResourceInterface
  */
 public function create(ResourceInterface $resource, $andFlush = true, UserInterface $creator = null)
 {
     $resource = parent::create($resource, $andFlush);
     if (!is_null($creator)) {
         $this->authorizationManager->grantMask($resource, MaskBuilder::MASK_OWNER, UserSecurityIdentity::fromAccount($creator));
     }
     return $resource;
 }
Example #8
0
 public function getCompareData()
 {
     $account = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\User\\UserInterface')->setMockClassName('USI_AccountImpl')->getMock();
     $account->expects($this->any())->method('getUsername')->will($this->returnValue('foo'));
     $token = $this->getMock('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface');
     $token->expects($this->any())->method('getUser')->will($this->returnValue($account));
     return array(array(new UserSecurityIdentity('foo', 'Foo'), new UserSecurityIdentity('foo', 'Foo'), true), array(new UserSecurityIdentity('foo', 'Bar'), new UserSecurityIdentity('foo', 'Foo'), false), array(new UserSecurityIdentity('foo', 'Foo'), new UserSecurityIdentity('bar', 'Foo'), false), array(new UserSecurityIdentity('foo', 'Foo'), UserSecurityIdentity::fromAccount($account), false), array(new UserSecurityIdentity('bla', 'Foo'), new UserSecurityIdentity('blub', 'Foo'), false), array(new UserSecurityIdentity('foo', 'Foo'), new RoleSecurityIdentity('foo'), false), array(new UserSecurityIdentity('foo', 'Foo'), UserSecurityIdentity::fromToken($token), false), array(new UserSecurityIdentity('foo', 'USI_AccountImpl'), UserSecurityIdentity::fromToken($token), true));
 }
Example #9
0
 /**
  * Creates the ACE for a user.
  *
  * @param UserInterface $user
  */
 public function createUserAce(UserInterface $user)
 {
     if (!$this->aclProvider) {
         return;
     }
     $oid = ObjectIdentity::fromDomainObject($user);
     $acl = $this->aclProvider->createAcl($oid);
     $acl->insertObjectAce(UserSecurityIdentity::fromAccount($user), MaskBuilder::MASK_OWNER);
     $this->aclProvider->updateAcl($acl);
 }
Example #10
0
 /**
  * Save acl for new object
  * 
  * @param Object $object
  * @param Integer $mask
  */
 public function saveObjectAcl($object, $mask = MaskBuilder::MASK_OWNER)
 {
     // creating the ACL
     $objectIdentity = ObjectIdentity::fromDomainObject($object);
     $acl = $this->container->get('security.acl.provider')->createAcl($objectIdentity);
     // retrieving the security identity of the currently logged-in user
     $user = $this->container->get('security.context')->getToken()->getUser();
     $securityIdentity = UserSecurityIdentity::fromAccount($user);
     // grant owner access
     $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
     $this->container->get('security.acl.provider')->updateAcl($acl);
 }
Example #11
0
 private function setPermissions($proveedor, $object, $user, $mask)
 {
     $idUsuario = UserSecurityIdentity::fromAccount($user);
     try {
         $acl = $proveedor->findAcl($object, array($idUsuario));
     } catch (\Symfony\Component\Security\Acl\Exception\AclNotFoundException $e) {
         $acl = $proveedor->createAcl($object);
     }
     $acl->insertObjectAce($idUsuario, $mask);
     //actualizando todos los permisos asignados
     $this->get('security.acl.provider')->updateAcl($acl);
 }
Example #12
0
 public function setOwner(Project $project, User $user, $save = true)
 {
     $project->setOwner($user);
     $objectIdentity = ObjectIdentity::fromDomainObject($project);
     $entry = $this->acl->createAcl($objectIdentity);
     $securityIdentity = UserSecurityIdentity::fromAccount($user);
     $entry->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
     $this->acl->updateAcl($entry);
     if ($save) {
         $this->saveProject($project);
     }
 }
Example #13
0
 public function userCreateACL($entity, $user)
 {
     // creating the ACL
     $aclProvider = $this->container->get('security.acl.provider');
     $objectIdentity = ObjectIdentity::fromDomainObject($entity);
     $acl = $aclProvider->createAcl($objectIdentity);
     // retrieving the security identity of the user parameter
     $securityIdentity = UserSecurityIdentity::fromAccount($user);
     // grant owner access
     $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OPERATOR);
     $aclProvider->updateAcl($acl);
 }
Example #14
0
 /**
  * Constructs SID (an object implements SecurityIdentityInterface) based on the given identity
  *
  * @param string|RoleInterface|UserInterface|TokenInterface $identity
  * @throws \InvalidArgumentException
  * @return SID
  */
 public function getSid($identity)
 {
     if (is_string($identity)) {
         return new RoleSecurityIdentity($identity);
     } elseif ($identity instanceof RoleInterface) {
         return new RoleSecurityIdentity($identity->getRole());
     } elseif ($identity instanceof UserInterface) {
         return UserSecurityIdentity::fromAccount($identity);
     } elseif ($identity instanceof TokenInterface) {
         return UserSecurityIdentity::fromToken($identity);
     }
     throw new \InvalidArgumentException(sprintf('$identity must be a string or implement one of RoleInterface, UserInterface, TokenInterface' . ' (%s given)', is_object($identity) ? get_class($identity) : gettype($identity)));
 }
Example #15
0
 public function testCreateACLCollection()
 {
     $user = new FakeUser();
     $entity = new FakeEntity();
     $collection = new ArrayCollection();
     $collection->add($entity);
     $acl = $this->getMock('Symfony\\Component\\Security\\Acl\\Model\\MutableAclInterface');
     $acl->expects($this->at(0))->method('insertObjectAce')->with(UserSecurityIdentity::fromAccount($user), MaskBuilder::MASK_OWNER);
     $acl->expects($this->at(1))->method('insertObjectAce')->with(new RoleSecurityIdentity('ROLE_TEST'), MaskBuilder::MASK_VIEW);
     $this->aclProvider->expects($this->once())->method('createACL')->with($this->isInstanceOf('Symfony\\Component\\Security\\Acl\\Domain\\ObjectIdentity'))->will($this->returnValue($acl));
     $this->aclProvider->expects($this->once())->method('updateAcl')->with($acl);
     $this->om->createACL($collection, array(array('identity' => $user, 'permission' => MaskBuilder::MASK_OWNER), array('identity' => 'ROLE_TEST', 'permission' => MaskBuilder::MASK_VIEW)));
 }
Example #16
0
 public function grantDefaultPrivileges($dbObject)
 {
     // creating the ACL
     $objectIdentity = ObjectIdentity::fromDomainObject($dbObject);
     $acl = $this->aclProvider->createAcl($objectIdentity);
     $user = $this->tokenStorage->getToken()->getUser();
     $securityIdentity = UserSecurityIdentity::fromAccount($user);
     $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
     $securityIdentity = new RoleSecurityIdentity("ROLE_MODO");
     $acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OPERATOR);
     $securityIdentity = new RoleSecurityIdentity("ROLE_ADMIN");
     $acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER);
     $this->aclProvider->updateAcl($acl);
 }
Example #17
0
 protected function setUp()
 {
     if (!class_exists('PDO') || !in_array('sqlite', \PDO::getAvailableDrivers())) {
         self::markTestSkipped('This test requires SQLite support in your environment');
     }
     $this->con = DriverManager::getConnection(['driver' => 'pdo_sqlite', 'memory' => true]);
     // import the schema
     $schema = new Schema($this->getOptions());
     foreach ($schema->toSql($this->con->getDatabasePlatform()) as $sql) {
         $this->con->exec($sql);
     }
     $this->sid = UserSecurityIdentity::fromAccount(new User('jimmy', 'jimmypass'));
     $this->aclProvider = $this->getProvider();
 }
Example #18
0
 public function postPersist(LifecycleEventArgs $args)
 {
     $entity = $args->getEntity();
     if ($entity instanceof Product) {
         // creating the ACL
         $aclProvider = $this->container->get('security.acl.provider');
         $objectIdentity = ObjectIdentity::fromDomainObject($entity);
         $acl = $aclProvider->createAcl($objectIdentity);
         // retrieving the security identity of the currently logged-in user
         $securityIdentity = UserSecurityIdentity::fromAccount($entity->getUser());
         // grant owner access
         $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
         $aclProvider->updateAcl($acl);
     }
 }
Example #19
0
 protected function addAcl(Base $entity, $role = 'ROLE_SUPER', User $user = null)
 {
     $aclProvider = $this->get('security.acl.provider');
     $securityContext = $this->get('security.context');
     $objectIdentity = ObjectIdentity::fromDomainObject($entity);
     $acl = $aclProvider->createAcl($objectIdentity);
     if (!$user) {
         $user = $securityContext->getToken()->getUser();
     }
     $securityIdentity = UserSecurityIdentity::fromAccount($user);
     $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OPERATOR);
     $roleSecurityIdentity = new RoleSecurityIdentity($role);
     $acl->insertObjectAce($roleSecurityIdentity, MaskBuilder::MASK_MASTER);
     $aclProvider->updateAcl($acl);
 }
Example #20
0
 /**
  * execute
  *
  * @param  InputInterface  $input
  * @param  OutputInterface $output
  * @access protected
  * @return void
  */
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     // creating the ACL
     $objectClass = $input->getArgument('objectClass');
     $objectId = $input->getArgument('objectId');
     $doctrine = $input->getOption('doctrine');
     $entityManager = $input->getOption('entity-manager');
     if (!$doctrine) {
         $doctrine = 'doctrine';
     }
     if ($doctrine != 'doctrine' && $doctrine != 'doctrine_mongodb') {
         $output->writeln('<error>You have to choose between "doctrine" and "doctrine_mongodb"</error>');
         return 1;
     }
     $object = $this->get($doctrine)->getManager($entityManager ?: null)->getRepository($objectClass)->find($objectId);
     if (!$object) {
         $output->writeln('<error>Unable to find the ' . $objectClass . ':' . $objectId . '</error>');
         return 1;
     }
     $aclProvider = $this->get('security.acl.provider');
     $objectIdentity = ObjectIdentity::fromDomainObject($object);
     try {
         $acl = $aclProvider->findAcl($objectIdentity);
     } catch (\Symfony\Component\Security\Acl\Exception\AclNotFoundException $e) {
         $output->writeln('<error>No previous acl found for ' . $objectClass . ':' . $objectId . '</error>');
         return 1;
     }
     // retrieving the security identity of the currently logged-in user
     $username = $input->getArgument('username');
     $user = $this->get('fos_user.user_manager')->findUserByUsernameOrEmail($username);
     if (!$user) {
         $output->writeln('<error>User ' . $username . ' not found.</error>');
         return 1;
     }
     $securityIdentity = UserSecurityIdentity::fromAccount($user);
     $aceList = $acl->getObjectAces();
     $i = 0;
     foreach ($aceList as $ace) {
         if ($ace->getSecurityIdentity() == $securityIdentity) {
             // Got it! Let's remove it!
             $output->writeln('got one');
             $acl->deleteObjectAce($i);
         }
         $i++;
     }
     $aclProvider->updateAcl($acl);
     $output->writeln('<info>ACL successfully updated.</info>');
 }
Example #21
0
 /**
  * Gives a user the right to edit himself.
  */
 public function giveOwnRights($user)
 {
     $aclProvider = $this->container->get('security.acl.provider');
     $maskBuilder = new MaskBuilder();
     $usid = UserSecurityIdentity::fromAccount($user);
     $uoid = ObjectIdentity::fromDomainObject($user);
     foreach ($this->container->getParameter("fom_user.user_own_permissions") as $permission) {
         $maskBuilder->add($permission);
     }
     $umask = $maskBuilder->get();
     try {
         $acl = $aclProvider->findAcl($uoid);
     } catch (\Exception $e) {
         $acl = $aclProvider->createAcl($uoid);
     }
     $acl->insertObjectAce($usid, $umask);
     $aclProvider->updateAcl($acl);
 }
Example #22
0
 /**
  * execute
  *
  * @param  InputInterface  $input
  * @param  OutputInterface $output
  * @access protected
  * @return int
  */
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     // creating the ACL
     $objectClass = $input->getArgument('objectClass');
     $objectId = $input->getArgument('objectId');
     $doctrine = $input->getOption('doctrine');
     $entityManager = $input->getOption('entity-manager');
     if (!$doctrine) {
         $doctrine = 'doctrine';
     }
     if ($doctrine != 'doctrine' && $doctrine != 'doctrine_mongodb') {
         $output->writeln('<error>You have to choose between "doctrine" and "doctrine_mongodb"</error>');
         return 1;
     }
     $object = $this->get($doctrine)->getManager($entityManager ?: null)->getRepository($objectClass)->find($objectId);
     if (!$object) {
         $output->writeln('<error>Unable to find the ' . $objectClass . ':' . $objectId . '</error>');
         return 1;
     }
     $aclProvider = $this->get('security.acl.provider');
     $objectIdentity = ObjectIdentity::fromDomainObject($object);
     try {
         $acl = $aclProvider->findAcl($objectIdentity);
     } catch (\Symfony\Component\Security\Acl\Exception\AclNotFoundException $e) {
         $acl = $aclProvider->createAcl($objectIdentity);
     }
     // retrieving the security identity of the currently logged-in user
     $username = $input->getArgument('username');
     $user = $this->get('fos_user.user_manager')->findUserByUsernameOrEmail($username);
     if (!$user) {
         $output->writeln('<error>User ' . $username . ' not found.</error>');
         return 1;
     }
     $securityIdentity = UserSecurityIdentity::fromAccount($user);
     // grant owner access
     $dialog = $this->getHelperSet()->get('dialog');
     $maskList = array('VIEW', 'EDIT', 'CREATE', 'DELETE', 'UNDELETE', 'OPERATOR', 'MASTER', 'OWNER');
     $maskInt = $dialog->select($output, 'Please select the ACL (default: VIEW)', $maskList, 0);
     $mask = constant('Symfony\\Component\\Security\\Acl\\Permission\\MaskBuilder::MASK_' . $maskList[$maskInt]);
     $acl->insertObjectAce($securityIdentity, $mask);
     $aclProvider->updateAcl($acl);
     $output->writeln('<info>ACL successfully updated.</info>');
     return 0;
 }
Example #23
0
 /**
  * @Route("", name="post_todo_list")
  * @Method({"POST"})
  * @Rest\View()
  * @ApiDoc
  */
 public function postTodoListAction()
 {
     $data = $this->getRequest()->request;
     $todoList = new TodoList();
     $todoList->setTitle($data->get('title'));
     $em = $this->get('doctrine')->getManager();
     $em->persist($todoList);
     $em->flush();
     // creating the ACL
     $aclProvider = $this->get('security.acl.provider');
     $acl = $aclProvider->createAcl(ObjectIdentity::fromDomainObject($todoList));
     // retrieving the security identity of the currently logged-in user
     $securityContext = $this->get('security.context');
     $securityIdentity = UserSecurityIdentity::fromAccount($securityContext->getToken()->getUser());
     // grant owner access
     $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
     $aclProvider->updateAcl($acl);
     return RouteRedirectView::create('get_todo', array('id' => $todoList->getId()), HttpCodes::HTTP_CREATED);
 }
Example #24
0
 /**
  * @see Command
  */
 protected function execute(InputInterface $input, OutputInterface $output)
 {
     $this->container->get('security.context')->setToken(new UsernamePasswordToken('command.line', null, $this->container->getParameter('fos_user.provider_key'), array(User::ROLE_SUPERADMIN)));
     $userManager = $this->container->get('fos_user.user_manager');
     $user = $userManager->createUser();
     $user->setUsername($input->getArgument('username'));
     $user->setEmail($input->getArgument('email'));
     $user->setPlainPassword($input->getArgument('password'));
     $user->setEnabled(!$input->getOption('inactive'));
     $user->setSuperAdmin(!!$input->getOption('super-admin'));
     $userManager->updateUser($user);
     if ($this->container->has('security.acl.provider')) {
         $provider = $this->container->get('security.acl.provider');
         $oid = ObjectIdentity::fromDomainObject($user);
         $acl = $provider->createAcl($oid);
         $acl->insertObjectAce(UserSecurityIdentity::fromAccount($user), MaskBuilder::MASK_OWNER);
         $provider->updateAcl($acl);
     }
     $output->writeln(sprintf('Created user <comment>%s</comment>', $user->getUsername()));
 }
Example #25
0
 /**
  * @inheritdoc
  */
 public function buildForm(FormBuilderInterface $builder, array $options)
 {
     try {
         if ($options['class'] && class_exists($options['class'])) {
             $oid = new ObjectIdentity('class', $options['class']);
             $acl = $this->aclProvider->findAcl($oid);
             $aces = $acl->getClassAces();
         } else {
             $oid = ObjectIdentity::fromDomainObject($options['data']);
             $acl = $this->aclProvider->findAcl($oid);
             $aces = $acl->getObjectAces();
         }
         $isMaster = $this->securityContext->isGranted('MASTER');
         $isOwner = $this->securityContext->isGranted('OWNER');
     } catch (\Exception $e) {
         $isMaster = true;
         $isOwner = true;
         $aces = array();
         if (true === $options['create_standard_permissions']) {
             // for unsaved entities, fake three standard permissions:
             // - Owner access for current user
             // - View access for anonymous users
             // - View access for logged in users
             $oid = null;
             $aces = array();
             $owner = $this->securityContext->getToken()->getUser();
             $ownerAccess = array('sid' => UserSecurityIdentity::fromAccount($owner), 'mask' => MaskBuilder::MASK_OWNER);
             $aces[] = $ownerAccess;
             if ($options['standard_anon_access']) {
                 $anon = new RoleSecurityIdentity('IS_AUTHENTICATED_ANONYMOUSLY');
                 $anonAccess = array('sid' => $anon, 'mask' => MaskBuilder::MASK_VIEW);
                 $user = new RoleSecurityIdentity('ROLE_USER');
                 $userAccess = array('sid' => $anon, 'mask' => MaskBuilder::MASK_VIEW);
                 $aces[] = $anonAccess;
             }
         }
     }
     $permissions = is_string($options['permissions']) ? $this->getStandardPermissions($options, $isMaster, $isOwner) : array('show' => $options['permissions']);
     $aceOptions = array('type' => 'ace', 'label' => 'Permissions', 'allow_add' => true, 'allow_delete' => true, 'auto_initialize' => false, 'prototype' => true, 'options' => array('available_permissions' => $permissions['show']), 'mapped' => false, 'data' => $aces);
     $builder->add('ace', 'collection', $aceOptions);
 }
Example #26
0
 /**
  * Aplica y actualiza las reglas de la ACL
  *
  * @param $acl
  * @param $applyTo
  */
 private function applyAcl($acl, $applyTo)
 {
     $aclProviderCallable = $this->aclProviderCallable;
     if (isset($applyTo['users'])) {
         foreach ($applyTo['users'] as $username => $mask) {
             if ($user = $this->findUserByUsername($username)) {
                 $securityIdentity = UserSecurityIdentity::fromAccount($user);
                 $acl->insertObjectAce($securityIdentity, $this->getMask($mask));
             } else {
                 $this->logger->addAlert(sprintf('No es posible adicionar ACL para el usuario \'%s\', el mismo no pudo ser encontrado.', $username));
             }
         }
     }
     if (isset($applyTo['roles'])) {
         foreach ($applyTo['roles'] as $role => $mask) {
             $securityIdentity = new RoleSecurityIdentity($role);
             $acl->insertObjectAce($securityIdentity, $this->getMask($mask));
         }
     }
     $aclProviderCallable($acl, 'update');
 }
Example #27
0
 /**
  * {@inheritdoc}
  */
 public function getSecurityIdentities(Token\TokenInterface $token)
 {
     $sids = array();
     // add user security identity
     if (!$token instanceof Token\AnonymousToken) {
         try {
             $sids[] = UserSecurityIdentity::fromToken($token);
         } catch (\InvalidArgumentException $invalid) {
             // ignore, user has no user security identity
         }
     }
     // add all reachable roles
     foreach ($this->roleHierarchy->getReachableRoles($token->getRoles()) as $role) {
         $sids[] = new RoleSecurityIdentity($role);
     }
     // add journal roles
     $user = $token->getUser();
     try {
         $selectedJournal = $this->journalService->getSelectedJournal();
     } catch (\Exception $e) {
         $selectedJournal = false;
     }
     if ($user instanceof User && $selectedJournal instanceof Journal) {
         foreach ($user->getJournalRoles($selectedJournal) as $journalRoles) {
             $sids[] = new JournalRoleSecurityIdentity($journalRoles[0], $journalRoles[1]);
         }
     }
     // add built-in special roles
     if ($this->authenticationTrustResolver->isFullFledged($token)) {
         $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_FULLY);
         $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED);
         $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY);
     } elseif ($this->authenticationTrustResolver->isRememberMe($token)) {
         $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED);
         $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY);
     } elseif ($this->authenticationTrustResolver->isAnonymous($token)) {
         $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY);
     }
     return $sids;
 }
Example #28
0
 /**
  * @Route("/index")
  * @Template()
  */
 public function indexAction()
 {
     $user = $this->get('fos_user.user_manager')->findUserByEmail('*****@*****.**');
     $post = new Post();
     $post->setTitle('TES ttlekj')->setBody(' kadfj adslkfj adsklfj adslkfj ')->setAuthor($user)->setCreated(new \DateTime());
     $manager = $this->getDoctrine()->getManager();
     $manager->persist($post);
     $manager->flush();
     $comment = new Comment();
     $comment->setPost($post)->setBody('kljdfa adslkfjadslkfj')->setCreated(new \DateTime())->setAuthor($user);
     $manager->persist($comment);
     $manager->flush();
     //        $aclProvider = $this->get('security.acl.provider');
     //        $comments = $this->getDoctrine()->getRepository('TDomainBundle:Comment')->findAll();
     //        foreach ($comments as $comment) {
     //            $oid = ObjectIdentity::fromDomainObject($comment);
     //            $aclProvider->createAcl($oid);
     //        }
     // creating the ACL
     //        $aclProvider = $this->get('security.acl.provider');
     $objectIdentity = new ObjectIdentity('class', 'T\\DomainBundle\\Entity\\Comment');
     //        $acl = $aclProvider->findAcl($objectIdentity);
     // retrieving the security identity of the currently logged-in user
     $securityContext = $this->get('security.context');
     //        $user = $securityContext->getToken()->getUser();
     $securityIdentity = UserSecurityIdentity::fromAccount($user);
     // grant owner access
     //        $acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER);
     //        $aclProvider->updateAcl($acl);
     $entity = $this->getDoctrine()->getManager()->find('TDomainBundle:Comment', 2);
     $token = new UsernamePasswordToken($user, $user->getPassword(), 'public', $user->getRoles());
     //        $securityContext = $this->get('security.context');
     $securityContext->setToken($token);
     // check for edit access
     if (false === $securityContext->isGranted('EDIT', $entity)) {
         throw new AccessDeniedException();
     }
     //        $aces = $acl->getClassAces();
     return array('name' => 'patapam', 'aces' => array());
 }
Example #29
0
 /**
  * Updates ACL
  *
  * @param \Sonata\AdminBundle\Util\AdminObjectAclData $data
  */
 public function updateAcl(AdminObjectAclData $data)
 {
     foreach ($data->getAclUsers() as $aclUser) {
         $securityIdentity = UserSecurityIdentity::fromAccount($aclUser);
         $maskBuilder = new $this->maskBuilderClass();
         foreach ($data->getUserPermissions() as $permission) {
             if ($data->getForm()->get($aclUser->getId() . $permission)->getData()) {
                 $maskBuilder->add($permission);
             }
         }
         $masks = $data->getMasks();
         $acl = $data->getAcl();
         // Restore OWNER and MASTER permissions
         /*if (!$data->isOwner()) {
               foreach ($data->getOwnerPermissions() as $permission) {
                   if ($acl->isGranted(array($masks[$permission]), array($securityIdentity))) {
                       $maskBuilder->add($permission);
                   }
               }
           }*/
         $mask = $maskBuilder->get();
         $index = null;
         $ace = null;
         foreach ($acl->getObjectAces() as $currentIndex => $currentAce) {
             if ($currentAce->getSecurityIdentity()->equals($securityIdentity)) {
                 $index = $currentIndex;
                 $ace = $currentAce;
                 break;
             }
         }
         if ($ace) {
             $acl->updateObjectAce($index, $mask);
         } else {
             $acl->insertObjectAce($securityIdentity, $mask);
         }
     }
     $data->getSecurityHandler()->updateAcl($acl);
 }
Example #30
0
 /**
  * @PreAuthorize("isAuthenticated()")
  */
 public function newPostAction()
 {
     if (!($title = $this->request->request->get('title'))) {
         throw new HttpException(400);
     }
     $this->em->getConnection()->beginTransaction();
     try {
         $post = new Post($title);
         $this->em->persist($post);
         $this->em->flush();
         $oid = ObjectIdentity::fromDomainObject($post);
         $acl = $this->getAclProvider()->createAcl($oid);
         $sid = UserSecurityIdentity::fromToken($this->tokenStorage->getToken());
         $acl->insertObjectAce($sid, MaskBuilder::MASK_OWNER);
         $this->getAclProvider()->updateAcl($acl);
         $this->em->getConnection()->commit();
         return new Response('', 201, array('Location' => $this->router->generate('post_controller_edit', array('id' => $post->getId()))));
     } catch (\Exception $ex) {
         $this->em->getConnection()->rollBack();
         $this->em->close();
         throw $ex;
     }
 }