/**
* {@inheritDoc}
*/
public function getSecurityIdentities(TokenInterface $token)
{
$sids = array();
// add user security identity
if (!$token instanceof AnonymousToken) {
try {
$sids[] = UserSecurityIdentity::fromToken($token);
} catch (\InvalidArgumentException $invalid) {
// ignore, user has no user security identity
}
}
// add all reachable roles
foreach ($this->roleHierarchy->getReachableRoles($token->getRoles()) as $role) {
$sids[] = new RoleSecurityIdentity($role);
}
// add built-in special roles
if ($this->authenticationTrustResolver->isFullFledged($token)) {
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_FULLY);
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED);
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY);
} else {
if ($this->authenticationTrustResolver->isRememberMe($token)) {
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED);
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY);
} else {
if ($this->authenticationTrustResolver->isAnonymous($token)) {
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY);
}
}
}
return $sids;
}
public function getCompareData()
{
$account = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\User\\UserInterface')->setMockClassName('USI_AccountImpl')->getMock();
$account->expects($this->any())->method('getUsername')->will($this->returnValue('foo'));
$token = $this->getMock('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface');
$token->expects($this->any())->method('getUser')->will($this->returnValue($account));
return array(array(new UserSecurityIdentity('foo', 'Foo'), new UserSecurityIdentity('foo', 'Foo'), true), array(new UserSecurityIdentity('foo', 'Bar'), new UserSecurityIdentity('foo', 'Foo'), false), array(new UserSecurityIdentity('foo', 'Foo'), new UserSecurityIdentity('bar', 'Foo'), false), array(new UserSecurityIdentity('foo', 'Foo'), UserSecurityIdentity::fromAccount($account), false), array(new UserSecurityIdentity('bla', 'Foo'), new UserSecurityIdentity('blub', 'Foo'), false), array(new UserSecurityIdentity('foo', 'Foo'), new RoleSecurityIdentity('foo'), false), array(new UserSecurityIdentity('foo', 'Foo'), UserSecurityIdentity::fromToken($token), false), array(new UserSecurityIdentity('foo', 'USI_AccountImpl'), UserSecurityIdentity::fromToken($token), true));
}
public function __construct($uid = null, $token = null)
{
$this->_uid = is_null($uid) ? md5(uniqid('', true)) : $uid;
$this->_created_at = new \DateTime();
if ($token instanceof TokenInterface) {
$this->_owner = UserSecurityIdentity::fromToken($token);
}
}
/**
* Constructs SID (an object implements SecurityIdentityInterface) based on the given identity
*
* @param string|RoleInterface|UserInterface|TokenInterface $identity
* @throws \InvalidArgumentException
* @return SID
*/
public function getSid($identity)
{
if (is_string($identity)) {
return new RoleSecurityIdentity($identity);
} elseif ($identity instanceof RoleInterface) {
return new RoleSecurityIdentity($identity->getRole());
} elseif ($identity instanceof UserInterface) {
return UserSecurityIdentity::fromAccount($identity);
} elseif ($identity instanceof TokenInterface) {
return UserSecurityIdentity::fromToken($identity);
}
throw new \InvalidArgumentException(sprintf('$identity must be a string or implement one of RoleInterface, UserInterface, TokenInterface' . ' (%s given)', is_object($identity) ? get_class($identity) : gettype($identity)));
}
/**
* {@inheritdoc}
*/
public function getSecurityIdentities(Token\TokenInterface $token)
{
$sids = array();
// add user security identity
if (!$token instanceof Token\AnonymousToken) {
try {
$sids[] = UserSecurityIdentity::fromToken($token);
} catch (\InvalidArgumentException $invalid) {
// ignore, user has no user security identity
}
}
// add all reachable roles
foreach ($this->roleHierarchy->getReachableRoles($token->getRoles()) as $role) {
$sids[] = new RoleSecurityIdentity($role);
}
// add journal roles
$user = $token->getUser();
try {
$selectedJournal = $this->journalService->getSelectedJournal();
} catch (\Exception $e) {
$selectedJournal = false;
}
if ($user instanceof User && $selectedJournal instanceof Journal) {
foreach ($user->getJournalRoles($selectedJournal) as $journalRoles) {
$sids[] = new JournalRoleSecurityIdentity($journalRoles[0], $journalRoles[1]);
}
}
// add built-in special roles
if ($this->authenticationTrustResolver->isFullFledged($token)) {
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_FULLY);
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED);
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY);
} elseif ($this->authenticationTrustResolver->isRememberMe($token)) {
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED);
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY);
} elseif ($this->authenticationTrustResolver->isAnonymous($token)) {
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY);
}
return $sids;
}
/**
* @PreAuthorize("isAuthenticated()")
*/
public function newPostAction()
{
if (!($title = $this->request->request->get('title'))) {
throw new HttpException(400);
}
$this->em->getConnection()->beginTransaction();
try {
$post = new Post($title);
$this->em->persist($post);
$this->em->flush();
$oid = ObjectIdentity::fromDomainObject($post);
$acl = $this->getAclProvider()->createAcl($oid);
$sid = UserSecurityIdentity::fromToken($this->tokenStorage->getToken());
$acl->insertObjectAce($sid, MaskBuilder::MASK_OWNER);
$this->getAclProvider()->updateAcl($acl);
$this->em->getConnection()->commit();
return new Response('', 201, array('Location' => $this->router->generate('post_controller_edit', array('id' => $post->getId()))));
} catch (\Exception $ex) {
$this->em->getConnection()->rollBack();
$this->em->close();
throw $ex;
}
}
/**
* Returns all current drafts for authenticated user.
*
* @param TokenInterface $token
*
* @return array
*/
public function getAllDrafts(TokenInterface $token)
{
$owner = UserSecurityIdentity::fromToken($token);
$states = [Revision::STATE_ADDED, Revision::STATE_MODIFIED];
$result = [];
try {
$result = $this->findBy(['_owner' => $owner, '_state' => $states]);
} catch (ConversionException $e) {
$result = [];
foreach ($this->getAllDraftsUids($owner, $states) as $data) {
try {
$result[] = $this->find($data['_uid']);
} catch (ConversionException $e) {
$this->_em->getConnection()->executeUpdate('DELETE FROM revision WHERE uid = :uid', ['uid' => $data['_uid']]);
}
}
} catch (MappingException $e) {
$result = [];
foreach ($this->getAllDraftsUids($owner, $states) as $data) {
$draft = $this->find($data['_uid']);
if (null !== $draft->getContent()) {
$result[] = $draft;
} else {
$this->_em->getConnection()->executeUpdate('DELETE FROM revision WHERE uid = :uid', ['uid' => $data['_uid']]);
}
}
}
return $result;
}
/**
* Creates a new object instanceof SecurityIdentityInterface from input implementing one of UserInterface, TokenInterface or RoleInterface (or its string representation)
* @param mixed $identity
* @throws InvalidIdentityException
* @return SecurityIdentityInterface
*/
protected function doCreateSecurityIdentity($identity)
{
if (!$identity instanceof UserInterface && !$identity instanceof TokenInterface && !$identity instanceof RoleInterface && !is_string($identity)) {
throw new \InvalidArgumentException(sprintf('$identity must implement one of: UserInterface, TokenInterface, RoleInterface (%s given)', get_class($identity)));
}
$securityIdentity = null;
if ($identity instanceof UserInterface) {
$securityIdentity = UserSecurityIdentity::fromAccount($identity);
} else {
if ($identity instanceof TokenInterface) {
$securityIdentity = UserSecurityIdentity::fromToken($identity);
} else {
if ($identity instanceof RoleInterface || is_string($identity)) {
$securityIdentity = new RoleSecurityIdentity($identity);
}
}
}
if (!$securityIdentity instanceof SecurityIdentityInterface) {
throw new \InvalidArgumentException('Couldn\'t create a valid SecurityIdentity with the provided identity information');
}
return $securityIdentity;
}
/**
* {@inheritdoc}
*/
public function getUserSecurityIdentity(UserInterface $user = null)
{
return null === $user ? UserSecurityIdentity::fromToken($this->tokenStorage->getToken()) : UserSecurityIdentity::fromAccount($user);
}
/**
* Returns all current drafts for authenticated user.
*
* @param TokenInterface $token
*
* @return array
*/
public function getAllDrafts(TokenInterface $token)
{
$owner = UserSecurityIdentity::fromToken($token);
$states = [Revision::STATE_ADDED, Revision::STATE_MODIFIED];
$result = [];
try {
$result = $this->findBy(['_owner' => $owner, '_state' => $states]);
} catch (ConversionException $e) {
$qb = $this->createQueryBuilder('r');
$uids = $qb->select('r._uid')->where('r._owner = :owner')->setParameter('owner', $owner)->andWhere($qb->expr()->in('r._state', $states))->getQuery()->getResult();
$result = [];
foreach ($uids as $data) {
try {
$result[] = $this->find($data['_uid']);
} catch (ConversionException $e) {
$this->_em->getConnection()->executeUpdate('DELETE FROM revision WHERE uid = :uid', ['uid' => $data['_uid']]);
}
}
}
return $result;
}
/**
* Returns all current drafts for authenticated user.
*
* @param TokenInterface $token
*/
public function getAllDrafts(TokenInterface $token)
{
return $this->_em->getRepository('BackBee\\ClassContent\\Revision')->findBy(['_owner' => UserSecurityIdentity::fromToken($token), '_state' => [Revision::STATE_ADDED, Revision::STATE_MODIFIED]]);
}
/**
* Sets options at the construction of a new revision.
*
* @param mixed $options
*
* @return \BackBee\ClassContent\AContent
* @return \BackBee\ClassContent\AbstractClassContent
*/
protected function setOptions($options = null)
{
if ($options instanceof TokenInterface) {
$this->_owner = UserSecurityIdentity::fromToken($options);
}
return $this;
}
/**
* Returns all current drafts for authenticated user.
*
* @param TokenInterface $token
*
* @return array
*/
public function getAllDrafts(TokenInterface $token)
{
return $this->findBy(['_owner' => UserSecurityIdentity::fromToken($token), '_state' => [Revision::STATE_ADDED, Revision::STATE_MODIFIED]]);
}
/**
* getSecurityEntity
*
* @param mixed $identityObject
* @access private
* @return SecurityIdentityInterface
*/
private function getSecurityEntity($identityObject)
{
if ($identityObject instanceof UserInterface) {
return UserSecurityIdentity::fromAccount($identityObject);
} elseif ($identityObject instanceof TokenInterface) {
return UserSecurityIdentity::fromToken($identityObject);
} elseif ($identityObject instanceof RoleInterface) {
return new RoleSecurityIdentity($identityObject->getRole());
}
return null;
}
/**
*
* @param type $identity
* @return SecurityIdentityInterface
* @throws \InvalidArgumentException
*/
protected function getSecurityIdentity($identity)
{
$securityIdentity = null;
if ($identity instanceof UserInterface) {
$securityIdentity = UserSecurityIdentity::fromAccount($identity);
} else {
if ($identity instanceof TokenInterface) {
$securityIdentity = UserSecurityIdentity::fromToken($identity);
} else {
if ($identity instanceof RoleInterface || is_string($identity)) {
$securityIdentity = new RoleSecurityIdentity($identity);
}
}
}
if (!$securityIdentity instanceof SecurityIdentityInterface) {
throw new \Exception('Couldn\'t create a valid SecurityIdentity with the provided identity information');
}
return $securityIdentity;
}
protected function createSecurityIdentity($input)
{
if (is_null($input)) {
$input = $this->getCurrentAuthenticationToken();
}
$identity = null;
if ($input instanceof UserInterface) {
$identity = UserSecurityIdentity::fromAccount($input);
} elseif ($input instanceof TokenInterface) {
$identity = UserSecurityIdentity::fromToken($input);
} elseif ($input instanceof RoleInterface) {
$identity = new RoleSecurityIdentity($input->getRole());
} elseif (is_string($input)) {
$identity = new RoleSecurityIdentity($input);
} elseif ($input instanceof SecurityIdentityInterface) {
$identity = $input;
}
if (!$identity instanceof SecurityIdentityInterface) {
throw new \InvalidArgumentException('Couldn\'t create a valid SecurityIdentity with the provided identity information');
}
return $identity;
}
