/** * @param Role $role */ protected function setRolePrivileges(Role $role) { /** @var ArrayCollection $privileges */ $privileges = $this->privilegeRepository->getPrivileges($this->aclManager->getSid($role)); foreach ($this->privilegeConfig as $fieldName => $config) { $sortedPrivileges = $this->filterPrivileges($privileges, $config['types']); if ($config['fix_values'] || !$config['show_default']) { foreach ($sortedPrivileges as $sortedPrivilege) { if (!$config['show_default'] && $sortedPrivilege->getIdentity()->getName() == AclPrivilegeRepository::ROOT_PRIVILEGE_NAME) { $sortedPrivileges->removeElement($sortedPrivilege); continue; } if ($config['fix_values']) { foreach ($sortedPrivilege->getPermissions() as $permission) { $permission->setAccessLevel((bool) $permission->getAccessLevel()); } } } } $this->form->get($fieldName)->setData($sortedPrivileges); } }
/** * @param AbstractRole $role * @return ArrayCollection|AclPrivilege[] */ protected function getRolePrivileges(AbstractRole $role) { return $this->privilegeRepository->getPrivileges($this->aclManager->getSid($role)); }
/** * @SuppressWarnings(PHPMD.ExcessiveMethodLength) */ public function testGetPrivileges() { $thisLink = $this; $sid = $this->getMock('Symfony\\Component\\Security\\Acl\\Model\\SecurityIdentityInterface'); $sid->expects($this->any())->method('equals')->will($this->returnValue(true)); $extensionKey = 'test'; $classes = array('Acme\\Class1', 'Acme\\Class2'); $class1 = $this->getMock('Oro\\Bundle\\SecurityBundle\\Acl\\Extension\\AclClassInfo'); $class1->expects($this->once())->method('getClassName')->will($this->returnValue($classes[0])); $class1->expects($this->once())->method('getGroup')->will($this->returnValue('SomeGroup')); $class1->expects($this->once())->method('getLabel')->will($this->returnValue('Class 1')); $class2 = $this->getMock('Oro\\Bundle\\SecurityBundle\\Acl\\Extension\\AclClassInfo'); $class2->expects($this->once())->method('getClassName')->will($this->returnValue($classes[1])); $class2->expects($this->once())->method('getGroup')->will($this->returnValue('SomeGroup')); $class2->expects($this->once())->method('getLabel')->will($this->returnValue('Class 2')); $rootOid = new ObjectIdentity($extensionKey, ObjectIdentityFactory::ROOT_IDENTITY_TYPE); $rootAcl = $this->getMock('Symfony\\Component\\Security\\Acl\\Model\\AclInterface'); $oid1 = new ObjectIdentity($extensionKey, $classes[0]); $oid1Acl = $this->getMock('Symfony\\Component\\Security\\Acl\\Model\\AclInterface'); $oid2 = new ObjectIdentity($extensionKey, $classes[1]); $oidsWithRoot = array($rootOid, $oid2, $oid1); $aclsSrc = array(array('oid' => $rootOid, 'acl' => $rootAcl), array('oid' => $oid1, 'acl' => $oid1Acl), array('oid' => $oid2, 'acl' => null)); $allowedPermissions = array(); $allowedPermissions[(string) $rootOid] = array('VIEW', 'CREATE', 'EDIT'); $allowedPermissions[(string) $oid1] = array('VIEW', 'CREATE', 'EDIT'); $allowedPermissions[(string) $oid2] = array('VIEW', 'CREATE'); $rootAce = $this->getAce('root', $sid); $rootAcl->expects($this->any())->method('getObjectAces')->will($this->returnValue(array($rootAce))); $rootAcl->expects($this->never())->method('getClassAces'); $oid1Ace = $this->getAce('oid1', $sid); $oid1Acl->expects($this->any())->method('getClassAces')->will($this->returnValue(array($oid1Ace))); $oid1Acl->expects($this->once())->method('getObjectAces')->will($this->returnValue(array())); $this->extension->expects($this->once())->method('getExtensionKey')->will($this->returnValue($extensionKey)); $this->extension->expects($this->once())->method('getClasses')->will($this->returnValue(array($class2, $class1))); $this->extension->expects($this->any())->method('getAllowedPermissions')->will($this->returnCallback(function ($oid) use(&$allowedPermissions) { return $allowedPermissions[(string) $oid]; })); $this->extension->expects($this->any())->method('adaptRootMask')->will($this->returnCallback(function ($mask, $object) { if ($mask === 'root' && $object === 'test:Acme\\Class2') { return 'adaptedRoot'; } return $mask; })); $this->extension->expects($this->any())->method('getPermissions')->will($this->returnValue(array('VIEW', 'CREATE', 'EDIT'))); $this->extension->expects($this->any())->method('getAccessLevel')->will($this->returnCallback(function ($mask, $permission) { switch ($permission) { case 'VIEW': if ($mask === 'root') { return AccessLevel::GLOBAL_LEVEL; } elseif ($mask === 'oid1') { return AccessLevel::BASIC_LEVEL; } break; case 'CREATE': if ($mask === 'root') { return AccessLevel::DEEP_LEVEL; } elseif ($mask === 'oid1') { return AccessLevel::BASIC_LEVEL; } break; case 'EDIT': if ($mask === 'root') { return AccessLevel::LOCAL_LEVEL; } elseif ($mask === 'oid1') { return AccessLevel::NONE_LEVEL; } break; } if ($mask === 'adaptedRoot') { return AccessLevel::SYSTEM_LEVEL; } return AccessLevel::NONE_LEVEL; })); $this->manager->expects($this->once())->method('getRootOid')->with($this->equalTo($extensionKey))->will($this->returnValue($rootOid)); $this->manager->expects($this->once())->method('findAcls')->with($this->identicalTo($sid), $this->equalTo($oidsWithRoot))->will($this->returnCallback(function () use(&$thisLink, &$aclsSrc) { return $thisLink->getAcls($aclsSrc); })); $this->aceProvider->expects($this->any())->method('getAces')->will($this->returnCallback(function ($acl, $type, $field) use(&$rootAcl, &$oid1Acl) { if ($acl === $oid1Acl) { $a = $oid1Acl; } else { $a = $rootAcl; } return $a->{"get{$type}Aces"}(); })); $result = $this->repository->getPrivileges($sid); $this->assertCount(count($classes) + 1, $result); $this->assertEquals('test:(root)', $result[0]->getIdentity()->getId()); $this->assertEquals(AclPrivilegeRepository::ROOT_PRIVILEGE_NAME, $result[0]->getIdentity()->getName()); $this->assertEquals('', $result[0]->getGroup()); $this->assertEquals($extensionKey, $result[0]->getExtensionKey()); $this->assertEquals('test:Acme\\Class1', $result[1]->getIdentity()->getId()); $this->assertEquals('Class 1', $result[1]->getIdentity()->getName()); $this->assertEquals('SomeGroup', $result[1]->getGroup()); $this->assertEquals($extensionKey, $result[1]->getExtensionKey()); $this->assertEquals('test:Acme\\Class2', $result[2]->getIdentity()->getId()); $this->assertEquals('Class 2', $result[2]->getIdentity()->getName()); $this->assertEquals('SomeGroup', $result[2]->getGroup()); $this->assertEquals($extensionKey, $result[2]->getExtensionKey()); $this->assertEquals(3, $result[0]->getPermissionCount()); $this->assertEquals(3, $result[1]->getPermissionCount()); $this->assertEquals(2, $result[2]->getPermissionCount()); $p = $result[0]->getPermissions(); $this->assertEquals(AccessLevel::GLOBAL_LEVEL, $p['VIEW']->getAccessLevel()); $this->assertEquals(AccessLevel::DEEP_LEVEL, $p['CREATE']->getAccessLevel()); $this->assertEquals(AccessLevel::LOCAL_LEVEL, $p['EDIT']->getAccessLevel()); $p = $result[1]->getPermissions(); $this->assertEquals(AccessLevel::BASIC_LEVEL, $p['VIEW']->getAccessLevel()); $this->assertEquals(AccessLevel::BASIC_LEVEL, $p['CREATE']->getAccessLevel()); $this->assertEquals(AccessLevel::NONE_LEVEL, $p['EDIT']->getAccessLevel()); $p = $result[2]->getPermissions(); $this->assertEquals(AccessLevel::SYSTEM_LEVEL, $p['VIEW']->getAccessLevel()); $this->assertEquals(AccessLevel::SYSTEM_LEVEL, $p['CREATE']->getAccessLevel()); $this->assertFalse($p->containsKey('EDIT')); }