/**
* Instantiates a policy create struct.
*
* @param string $module
* @param string $function
*/
public function __construct($module, $function)
{
parent::__construct(array('module' => $module, 'function' => $function));
}
/**
* Adds a new policy to the role
*
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to add a policy
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException if limitation of the same type is repeated in policy create
* struct or if limitation is not allowed on module/function
* @throws \eZ\Publish\API\Repository\Exceptions\LimitationValidationException if a limitation in the $policyCreateStruct is not valid
*
* @param \eZ\Publish\API\Repository\Values\User\Role $role
* @param \eZ\Publish\API\Repository\Values\User\PolicyCreateStruct $policyCreateStruct
*
* @return \eZ\Publish\API\Repository\Values\User\Role
*/
public function addPolicy(APIRole $role, APIPolicyCreateStruct $policyCreateStruct)
{
if (!is_string($policyCreateStruct->module) || empty($policyCreateStruct->module)) {
throw new InvalidArgumentValue("module", $policyCreateStruct->module, "PolicyCreateStruct");
}
if (!is_string($policyCreateStruct->function) || empty($policyCreateStruct->function)) {
throw new InvalidArgumentValue("function", $policyCreateStruct->function, "PolicyCreateStruct");
}
if ($policyCreateStruct->module === '*' && $policyCreateStruct->function !== '*') {
throw new InvalidArgumentValue("module", $policyCreateStruct->module, "PolicyCreateStruct");
}
if ($this->repository->hasAccess('role', 'update') !== true) {
throw new UnauthorizedException('role', 'update');
}
$loadedRole = $this->loadRole($role->id);
$limitations = $policyCreateStruct->getLimitations();
$limitationValidationErrors = $this->validatePolicy($policyCreateStruct->module, $policyCreateStruct->function, $limitations);
if (!empty($limitationValidationErrors)) {
throw new LimitationValidationException($limitationValidationErrors);
}
$spiPolicy = $this->buildPersistencePolicyObject($policyCreateStruct->module, $policyCreateStruct->function, $limitations);
$this->repository->beginTransaction();
try {
$this->userHandler->addPolicy($loadedRole->id, $spiPolicy);
$this->repository->commit();
} catch (Exception $e) {
$this->repository->rollback();
throw $e;
}
return $this->loadRole($loadedRole->id);
}
/**
* Adds a new policy to the role
*
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to add a policy
*
* @param \eZ\Publish\API\Repository\Values\User\Role $role
* @param \eZ\Publish\API\Repository\Values\User\PolicyCreateStruct $policyCreateStruct
*
* @return \eZ\Publish\API\Repository\Values\User\Role
*/
public function addPolicy(Role $role, PolicyCreateStruct $policyCreateStruct)
{
if (false === $this->repository->hasAccess('role', '*')) {
throw new UnauthorizedExceptionStub('What error code should be used?');
}
$this->policies[++$this->policyNextId] = new PolicyStub(array('id' => $this->policyNextId, 'roleId' => $role->id, 'module' => $policyCreateStruct->module, 'function' => $policyCreateStruct->function, 'limitations' => $policyCreateStruct->getLimitations()));
$policies = $role->getPolicies();
$policies[] = $this->policies[$this->policyNextId];
$this->roles[$role->id] = new RoleStub(array('id' => $role->id, 'identifier' => $role->identifier), $policies);
$this->role2policy[$role->id][$this->policyNextId] = $this->policyNextId;
return $this->roles[$role->id];
}
