public function setUp()
{
self::$em->clear();
self::$kernel->resetDatabase([self::$em->getClassMetadata('BackBee\\Security\\Group'), self::$em->getClassMetadata('BackBee\\Site\\Site')], true);
self::$kernel->resetAclSchema();
$group = new Group();
$group->setName('Super Admin');
self::$em->persist($group);
self::$em->flush();
}
protected function setUp()
{
$this->bbapp = $this->getBBApp();
$this->initDb($this->bbapp);
$this->initAcl();
$superAdminGroup = new Group();
$superAdminGroup->setName('Super Admin');
$this->bbapp->getEntityManager()->persist($superAdminGroup);
$adminGroup = new Group();
$adminGroup->setName('Super Admin');
$this->bbapp->getEntityManager()->persist($adminGroup);
$this->siteDefault = new Site();
$this->siteDefault->setLabel('default');
$this->getBBApp()->getEntityManager()->persist($this->siteDefault);
$this->getBBApp()->getEntityManager()->flush();
$loader = new YmlLoader();
$loader->setContainer($this->getBBApp()->getContainer());
$loader->load(file_get_contents(__DIR__ . '/acl.yml'));
}
protected function setUp()
{
$this->initAutoload();
$bbapp = $this->getBBApp();
$this->initDb($bbapp);
$this->initAcl();
$this->getBBApp()->setIsStarted(true);
// save user
$group = new Group();
$group->setName('groupName');
$bbapp->getEntityManager()->persist($group);
// valid user
$this->user = new User();
$this->user->addGroup($group);
$this->user->setLogin('user123');
$this->user->setEmail('*****@*****.**');
$this->user->setPassword('password123');
$this->user->setActivated(true);
$bbapp->getEntityManager()->persist($this->user);
// inactive user
$user = new User();
$user->addGroup($group);
$user->setLogin('user123inactive');
$user->setEmail('*****@*****.**');
$user->setPassword('password123');
$user->setActivated(false);
$bbapp->getEntityManager()->persist($user);
$bbapp->getEntityManager()->flush();
// login user
$created = date('Y-m-d H:i:s');
$token = new BBUserToken();
$token->setUser($this->user);
$token->setCreated($created);
$token->setNonce(md5(uniqid('', true)));
$token->setDigest(md5($token->getNonce() . $created . md5($this->user->getPassword())));
$this->getSecurityContext()->setToken($token);
// set up permissions
$aclManager = $this->getBBApp()->getContainer()->get('security.acl_manager');
$aclManager->insertOrUpdateClassAce(new ObjectIdentity('all', get_class($this->user)), UserSecurityIdentity::fromAccount($this->user), MaskBuilder::MASK_IDDQD);
}
/**
* Create.
*
* @Rest\RequestParam(name = "name", requirements = {
* @Assert\NotBlank(message="Name is required"),
* @Assert\Length(max=50, minMessage="Maximum length of name is 50 characters")
* })
* @Rest\Security("is_fully_authenticated() & has_role('ROLE_API_USER') & is_granted('CREATE', 'BackBee\\Security\\Group')")
*/
public function postAction(Request $request)
{
$group = new Group();
$site = $this->getSite($request);
if ($this->isDuplicated($request->request->get('name'), $site)) {
return new JsonResponse(['errors' => ['name' => 'Group already exists.']], 400);
}
$group->setName($request->request->get('name'));
$group->setSite($site);
$group = $this->deserializeEntity($request->request->all(), $group);
$this->getEntityManager()->persist($group);
$this->getEntityManager()->flush();
return new Response($this->formatItem($group), 200, ['Content-Type' => 'application/json']);
}
/**
* Creates a user for the specified group, and authenticates a BBUserToken.
*
* @param string $groupId
*
* @return \BackBee\Security\Token\BBUserToken
*/
protected function createAuthUser($groupId, $roles = array('ROLE_API_USER'))
{
$token = new BBUserToken($roles);
$user = new User();
$user->setEmail('*****@*****.**')->setLogin('admin')->setPassword('pass')->setApiKeyPrivate(uniqid("PRIVATE", true))->setApiKeyPublic(uniqid("PUBLIC", true))->setApiKeyEnabled(true);
$group = $this->getBBApp()->getEntityManager()->getRepository('BackBee\\Security\\Group')->findOneBy(array('_name' => $groupId));
if (!$group) {
$group = new Group();
$group->setName($groupId);
$this->getBBApp()->getEntityManager()->persist($group);
$this->getBBApp()->getEntityManager()->flush($group);
}
$user->addGroup($group);
$token->setAuthenticated(true);
$token->setUser($user)->setCreated(new \DateTime())->setLifetime(300);
$this->getSecurityContext()->setToken($token);
return $user;
}
/**
* Update de la table group
*/
private function updateRights($usersRights)
{
if (true === is_array($usersRights)) {
$this->writeln('<info>- Updating groups: </info>' . "\n");
$this->em->getConnection()->executeQuery('DELETE FROM `acl_classes` WHERE 1=1');
$this->em->getConnection()->executeQuery('DELETE FROM `acl_entries` WHERE 1=1');
$this->em->getConnection()->executeQuery('DELETE FROM `acl_object_identities` WHERE 1=1');
$this->em->getConnection()->executeQuery('DELETE FROM `acl_object_identity_ancestors` WHERE 1=1');
$this->em->getConnection()->executeQuery('DELETE FROM `acl_security_identities` WHERE 1=1');
// First create all groups
foreach ($usersRights as $group_identifier => $rights) {
$this->writeln(sprintf('Checking group: %s', $group_identifier));
// Création du group si introuvable
if (null === ($group = $this->em->getRepository('BackBee\\Security\\Group')->findOneBy(array('_name' => $group_identifier)))) {
// ensure group exists
$group = new Group();
$group->setDescription(isset($rights['description']) ? $rights['description'] : $group_identifier)->setName($group_identifier);
$this->em->persist($group);
$this->em->flush($group);
$this->writeln(sprintf("\t- New group created: `%s`", $group_identifier));
}
}
// Then apply rights
foreach ($usersRights as $group_identifier => $rights) {
$this->writeln(sprintf('Treating group: %s', $group_identifier));
$securityIdentity = new UserSecurityIdentity($group->getObjectIdentifier(), 'BackBee\\Security\\Group');
// Sites
if (true === array_key_exists('sites', $rights)) {
$sites = $this->addSiteRights($rights['sites'], $this->aclProvider, $securityIdentity);
// Layouts
if (true === array_key_exists('layouts', $rights)) {
$this->addLayoutRights($rights['layouts'], $sites, $this->aclProvider, $securityIdentity);
$this->writeln("\t- Rights set on sites and layouts for group");
}
// Pages
if (true === array_key_exists('pages', $rights)) {
$this->addPageRights($rights['pages'], $this->aclProvider, $securityIdentity);
$this->writeln("\t- Rights set on pages for group");
}
// Mediafolders
if (true === array_key_exists('mediafolders', $rights)) {
$this->addFolderRights($rights['mediafolders'], $this->aclProvider, $securityIdentity);
$this->writeln("\t- Rights set on library folders for group");
}
// Contents
if (true === array_key_exists('contents', $rights)) {
$this->addContentRights($rights['contents'], $this->aclProvider, $securityIdentity);
$this->writeln("\t- Rights set on contents for group");
}
// Bundles
if (true === array_key_exists('bundles', $rights)) {
$this->addBundleRights($rights['bundles'], $this->aclProvider, $securityIdentity);
$this->writeln("\t- Rights set on bundles for group");
}
// Groups
if (true === array_key_exists('groups', $rights)) {
$this->addGroupRights($rights['groups'], $this->aclProvider, $securityIdentity);
$this->writeln("\t- Rights set on groups for group");
}
// Users
if (true === array_key_exists('users', $rights)) {
$this->addUserRights($rights['users'], $this->aclProvider, $securityIdentity);
$this->writeln("\t- Rights set on users for group");
}
} else {
$this->writeln(sprintf("\t- No site rights defined for %s group, skip", $group_identifier));
}
}
}
}