Esempio n. 1
0
 /**
  * @param string $group
  * @return int
  */
 protected function checkAclGroup($group)
 {
     if ($group === null || !$this->groupProvider || !$this->object) {
         return self::ACCESS_ABSTAIN;
     }
     return $group === $this->groupProvider->getGroup() ? self::ACCESS_ABSTAIN : self::ACCESS_DENIED;
 }
 /**
  * Get data for query acl access level check
  * Return empty array if entity has full access, null if user does't have access to the entity
  *  and array with entity field and field values which user have access.
  *
  * @param $entityClassName
  * @param $permissions
  *
  * @return null|array
  */
 public function getAclConditionData($entityClassName, $permissions = 'VIEW')
 {
     if ($this->aclVoter === null || !$this->getUserId() || !$this->entityMetadataProvider->isProtectedEntity($entityClassName)) {
         // return full access to the entity
         return [];
     }
     $observer = new OneShotIsGrantedObserver();
     $this->aclVoter->addOneShotIsGrantedObserver($observer);
     $groupedEntityClassName = $entityClassName;
     if ($this->aclGroupProvider) {
         $group = $this->aclGroupProvider->getGroup();
         if ($group) {
             $groupedEntityClassName = sprintf('%s@%s', $this->aclGroupProvider->getGroup(), $entityClassName);
         }
     }
     $isGranted = $this->getSecurityContext()->isGranted($permissions, new ObjectIdentity('entity', $groupedEntityClassName));
     if ($isGranted) {
         $condition = $this->buildConstraintIfAccessIsGranted($entityClassName, $observer->getAccessLevel(), $this->metadataProvider->getMetadata($entityClassName));
     } else {
         $condition = $this->getAccessDeniedCondition();
     }
     return $condition;
 }