private function addAcl(ObjectIdentity $objectIdentity, $aclProvider, $securityIdentity, $rights)
{
try {
// Getting ACL for this object identity
try {
$acl = $aclProvider->createAcl($objectIdentity);
} catch (\Exception $e) {
$acl = $aclProvider->findAcl($objectIdentity);
}
// Calculating mask
$builder = new MaskBuilder();
foreach ($rights as $right) {
$builder->add($right);
}
$mask = $builder->get();
// first revoke existing access for this security identity
foreach ($acl->getObjectAces() as $i => $ace) {
if ($securityIdentity->equals($ace->getSecurityIdentity())) {
$acl->updateObjectAce($i, $ace->getMask() & ~$mask);
}
}
// then grant
if ('all' === $objectIdentity->getIdentifier()) {
$acl->insertClassAce($securityIdentity, $mask);
} else {
$acl->insertObjectAce($securityIdentity, $mask);
}
$aclProvider->updateAcl($acl);
} catch (\Exception $e) {
throw new \Exception($e->getMessage(), 0, $e);
}
}
/**
* @covers ::getCollectionAction
*/
public function testPutCollectionAction()
{
$pages = $this->initializeTestGetCollectionAction();
// change state with Insufficient rigth
$response = $this->sendRequest(self::requestPut('/rest/1/page', [['uid' => $pages['offline']->getUid(), 'state' => 'online']]));
$this->assertEquals(200, $response->getStatusCode());
$res = json_decode($response->getContent(), true);
$this->assertInternalType('array', $res);
$this->assertCount(1, $res);
$this->assertEquals(403, $res[0]['statusCode']);
$builder = new MaskBuilder();
$builder->add('VIEW')->add('PUBLISH')->add('EDIT');
$this->getAclManager()->insertOrUpdateObjectAce($pages['home'], new UserSecurityIdentity($this->group_id, 'BackBee\\Security\\Group'), $builder->get());
// change state to onlinne
$response1 = $this->sendRequest(self::requestPut('/rest/1/page', [['uid' => $pages['offline']->getUid(), 'state' => 'online'], ['uid' => $pages['online']->getUid(), 'state' => 'online']]));
$this->assertEquals(200, $response1->getStatusCode());
$res1 = json_decode($response1->getContent(), true);
$this->assertInternalType('array', $res1);
$this->assertCount(2, $res1);
$this->assertEquals(200, $res1[0]['statusCode']);
$this->assertEquals(304, $res1[1]['statusCode']);
$this->em->refresh($pages['offline']);
$this->assertEquals(Page::STATE_ONLINE, $pages['offline']->getState());
// change state to offline
$response2 = $this->sendRequest(self::requestPut('/rest/1/page', [['uid' => $pages['offline']->getUid(), 'state' => 'offline'], ['uid' => $pages['online']->getUid(), 'state' => 'offline']]));
$this->assertEquals(200, $response2->getStatusCode());
$res2 = json_decode($response2->getContent(), true);
$this->assertInternalType('array', $res2);
$this->assertCount(2, $res2);
$this->assertEquals(200, $res2[0]['statusCode']);
$this->assertEquals(200, $res2[1]['statusCode']);
$this->em->refresh($pages['offline']);
$this->assertEquals(Page::STATE_OFFLINE, $pages['offline']->getState());
$this->assertEquals(Page::STATE_OFFLINE, $pages['online']->getState());
// change parent
$response3 = $this->sendRequest(self::requestPut('/rest/1/page', [['uid' => $pages['offline']->getUid(), 'parent_uid' => $pages['online']->getUid()]]));
$this->assertEquals(200, $response3->getStatusCode());
$res3 = json_decode($response3->getContent(), true);
$this->assertInternalType('array', $res3);
$this->assertCount(1, $res3);
$this->assertEquals(200, $res3[0]['statusCode']);
$this->em->refresh($pages['offline']);
$this->assertEquals($pages['online']->getUid(), $pages['offline']->getParent()->getUid());
// soft delete
$response4 = $this->sendRequest(self::requestPut('/rest/1/page', [['uid' => $pages['offline']->getUid(), 'state' => 'delete']]));
$this->assertEquals(200, $response4->getStatusCode());
$res4 = json_decode($response4->getContent(), true);
$this->assertInternalType('array', $res4);
$this->assertCount(1, $res4);
$this->assertEquals(403, $res4[0]['statusCode']);
// forbidden cause current user has not the right
}
/**
* Calculate mask for a list of permissions.
*
* ['view', 'edit'] => (int) 5
*
* @param array $permissions
*
* @return int
*/
public function getMask(array $permissions)
{
$maskBuilder = new MaskBuilder();
foreach ($permissions as $permission) {
try {
$maskBuilder->add($permission);
} catch (\InvalidArgumentException $e) {
throw new InvalidPermissionException('Invalid permission mask: ' . $permission, $permission, $e);
}
}
return $maskBuilder->get();
}
private function addClassAcl($object, $aclProvider, $securityIdentity, $rights)
{
$objectIdentity = ObjectIdentity::fromDomainObject($object);
try {
$acl = $aclProvider->findAcl($objectIdentity, array($securityIdentity));
} catch (\Exception $e) {
$acl = $aclProvider->createAcl($objectIdentity);
}
foreach ($rights as $right) {
try {
$map = new PermissionMap();
$acl->isGranted($map->getMasks(strtoupper($right), $object), array($securityIdentity));
} catch (\Exception $e) {
$builder = new MaskBuilder();
foreach ($rights as $right) {
$builder->add($right);
}
$mask = $builder->get();
$acl->insertClassAce($securityIdentity, $mask);
$aclProvider->updateAcl($acl);
}
}
}
