/**
* @dataProvider provideObjectIdentifiers
*/
public function testPermissionUpdateEvent($objectId, $objectType, $objectIdentifier)
{
$this->aclProvider->findAcl(new ObjectIdentity($objectIdentifier, $objectType))->willThrow(AclNotFoundException::class);
$this->aclProvider->createAcl(new ObjectIdentity($objectIdentifier, $objectType))->willReturn($this->acl->reveal())->shouldBeCalled();
$this->aclProvider->updateAcl($this->acl->reveal())->shouldBeCalled();
$this->acl->getObjectAces()->willReturn([]);
$this->acl->insertObjectAce(Argument::cetera())->shouldBeCalled();
$this->accessControlManager->setPermissions($objectType, $objectId, [$this->securityIdentity->getRole() => ['view']]);
}
/**
* @dataProvider provideObjectIdentifiers
*/
public function testPermissionUpdateEvent($objectId, $objectType, $locale, $objectIdentifier)
{
$this->aclProvider->findAcl(new ObjectIdentity($objectIdentifier, $objectType))->willThrow(AclNotFoundException::class);
$this->aclProvider->createAcl(new ObjectIdentity($objectIdentifier, $objectType))->willReturn($this->acl->reveal())->shouldBeCalled();
$this->aclProvider->updateAcl($this->acl->reveal())->shouldBeCalled();
$this->acl->getObjectAces()->willReturn([]);
$this->acl->insertObjectAce(Argument::cetera())->shouldBeCalled();
$this->eventDispatcher->dispatch('sulu.security.permission.update', new PermissionUpdateEvent($objectType, $objectIdentifier, $this->securityIdentity, ['view']))->shouldBeCalled();
$this->accessControlManager->setPermissions($objectType, $objectId, $this->securityIdentity, ['view'], $locale);
}
/**
* Persists any changes which were made to the ACL, or any associated access control entries.
*
* Changes to parent ACLs are not persisted.
*
* @throws \Symfony\Component\Security\Acl\Exception\Exception
*
* @param \Symfony\Component\Security\Acl\Model\MutableAclInterface $acl
*
* @return bool
*/
public function updateAcl(MutableAclInterface $acl)
{
if (!$acl instanceof MutableAcl) {
throw new \InvalidArgumentException('The given ACL is not tracked by this provider. Please provide \\Propel\\Bundle\\PropelBundle\\Security\\Acl\\Domain\\MutableAcl only.');
}
try {
$modelEntries = EntryQuery::create()->findByAclIdentity($acl->getObjectIdentity(), array(), $this->connection);
$objectIdentity = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($acl->getObjectIdentity(), $this->connection);
$this->connection->beginTransaction();
$keepEntries = array_merge($this->persistAcl($acl->getClassAces(), $objectIdentity), $this->persistAcl($acl->getObjectAces(), $objectIdentity, true));
foreach ($acl->getFields() as $eachField) {
$keepEntries = array_merge($keepEntries, $this->persistAcl($acl->getClassFieldAces($eachField), $objectIdentity), $this->persistAcl($acl->getObjectFieldAces($eachField), $objectIdentity, true));
}
foreach ($modelEntries as $eachEntry) {
if (!in_array($eachEntry->getId(), $keepEntries)) {
$eachEntry->delete($this->connection);
}
}
if (null === $acl->getParentAcl()) {
$objectIdentity->setParentObjectIdentityId(null)->save($this->connection);
} else {
$objectIdentity->setParentObjectIdentityId($acl->getParentAcl()->getId())->save($this->connection);
}
$this->connection->commit();
// After successfully committing the transaction, we are good to update the cache.
if (null !== $this->cache) {
$this->cache->evictFromCacheById($objectIdentity->getId());
$this->cache->putInCache($acl);
}
return true;
// @codeCoverageIgnoreStart
} catch (Exception $e) {
$this->connection->rollBack();
throw new AclException('An error occurred while updating the ACL.', 0, $e);
}
// @codeCoverageIgnoreEnd
}
/**
* Compare ACLs
*
* @param MutableAclInterface $acl
* @param array $acl_array
* @return array
*/
protected function diffACL(MutableAclInterface $acl, array $acl_array)
{
$insert = $acl_array;
$update = array();
$delete = array();
/**
* @var integer $index
* @var EntryInterface $ace
*/
foreach ($acl->getObjectAces() as $index => $ace) {
$identity = $this->resolveIdentity($ace);
$mask = $ace->getMask();
$found = false;
foreach ($acl_array as $key => $acl_entry) {
if ($acl_entry['identity'] == $identity) {
$found = true;
if ($acl_entry['permission'] != $mask) {
$update[$index] = $acl_entry;
}
unset($insert[$key]);
}
}
if (!$found) {
$delete[$index] = array('identity' => $identity, 'permission' => $mask);
}
}
return array('insert' => $insert, 'update' => $update, 'delete' => $delete);
}
