/**
* {@inheritdoc}
*/
protected function executeAction($context)
{
$aclClass = $this->manager->getRepository('OroSecurityBundle:AclClass')->findOneBy(['classType' => $context->data->getClassName()]);
$removeScopes = array_diff($context->old['security']['share_scopes'], $context->new['security']['share_scopes']);
if (!$aclClass || empty($removeScopes)) {
return;
}
$qb = $this->qbManager->getRemoveAceQueryBuilder($aclClass, $removeScopes);
$qb->getQuery()->execute();
$this->aclCache->clearCache();
}
/**
* @param AbstractRole $role
*/
protected function processPrivileges(AbstractRole $role)
{
$decodedPrivileges = json_decode($this->form->get('privileges')->getData(), true);
$formPrivileges = [];
foreach ($this->privilegeConfig as $fieldName => $config) {
$privilegesArray = $decodedPrivileges[$fieldName];
$privileges = [];
foreach ($privilegesArray as $privilege) {
$aclPrivilege = new AclPrivilege();
foreach ($privilege['permissions'] as $name => $permission) {
$aclPrivilege->addPermission(new AclPermission($permission['name'], $permission['accessLevel']));
}
$aclPrivilegeIdentity = new AclPrivilegeIdentity($privilege['identity']['id'], $privilege['identity']['name']);
$aclPrivilege->setIdentity($aclPrivilegeIdentity);
$privileges[] = $aclPrivilege;
}
if ($config['fix_values']) {
$this->fxPrivilegeValue($privileges, $config['default_value']);
}
$formPrivileges = array_merge($formPrivileges, $privileges);
}
array_walk($formPrivileges, function (AclPrivilege $privilege) {
$privilege->setGroup($this->getAclGroup());
});
$this->privilegeRepository->savePrivileges($this->aclManager->getSid($role), new ArrayCollection($formPrivileges));
$this->aclCache->clearCache();
}
/**
* Removes ACEs if share scope was removed from entity config
*
* @param PostFlushConfigEvent $event
*/
public function postFlushConfig(PostFlushConfigEvent $event)
{
$configManager = $event->getConfigManager();
foreach ($event->getModels() as $model) {
/** @var EntityConfigModel $model */
if ($model instanceof EntityConfigModel) {
$aclClass = $this->registry->getRepository('OroSecurityBundle:AclClass')->findOneBy(['classType' => $model->getClassName()]);
if (!$aclClass) {
continue;
}
$changeSet = $configManager->getConfigChangeSet($configManager->getProvider('security')->getConfig($model->getClassName()));
$removeScopes = [];
if ($changeSet) {
$removeScopes = array_diff($changeSet['share_scopes'][0], $changeSet['share_scopes'][1]);
}
if (empty($removeScopes)) {
continue;
}
$qb = $this->qbManager->getRemoveAceQueryBuilder($aclClass, $removeScopes);
$qb->getQuery()->execute();
$this->aclCache->clearCache();
}
}
}
