/**
* @param Role $role
*/
protected function setRolePrivileges(Role $role)
{
/** @var ArrayCollection $privileges */
$privileges = $this->privilegeRepository->getPrivileges($this->aclManager->getSid($role));
foreach ($this->privilegeConfig as $fieldName => $config) {
$sortedPrivileges = $this->filterPrivileges($privileges, $config['types']);
if ($config['fix_values'] || !$config['show_default']) {
foreach ($sortedPrivileges as $sortedPrivilege) {
if (!$config['show_default'] && $sortedPrivilege->getIdentity()->getName() == AclPrivilegeRepository::ROOT_PRIVILEGE_NAME) {
$sortedPrivileges->removeElement($sortedPrivilege);
continue;
}
if ($config['fix_values']) {
foreach ($sortedPrivilege->getPermissions() as $permission) {
$permission->setAccessLevel((bool) $permission->getAccessLevel());
}
}
}
}
$this->form->get($fieldName)->setData($sortedPrivileges);
}
}
/**
* @param AbstractRole $role
* @return ArrayCollection|AclPrivilege[]
*/
protected function getRolePrivileges(AbstractRole $role)
{
return $this->privilegeRepository->getPrivileges($this->aclManager->getSid($role));
}
/**
* @SuppressWarnings(PHPMD.ExcessiveMethodLength)
*/
public function testGetPrivileges()
{
$thisLink = $this;
$sid = $this->getMock('Symfony\\Component\\Security\\Acl\\Model\\SecurityIdentityInterface');
$sid->expects($this->any())->method('equals')->will($this->returnValue(true));
$extensionKey = 'test';
$classes = array('Acme\\Class1', 'Acme\\Class2');
$class1 = $this->getMock('Oro\\Bundle\\SecurityBundle\\Acl\\Extension\\AclClassInfo');
$class1->expects($this->once())->method('getClassName')->will($this->returnValue($classes[0]));
$class1->expects($this->once())->method('getGroup')->will($this->returnValue('SomeGroup'));
$class1->expects($this->once())->method('getLabel')->will($this->returnValue('Class 1'));
$class2 = $this->getMock('Oro\\Bundle\\SecurityBundle\\Acl\\Extension\\AclClassInfo');
$class2->expects($this->once())->method('getClassName')->will($this->returnValue($classes[1]));
$class2->expects($this->once())->method('getGroup')->will($this->returnValue('SomeGroup'));
$class2->expects($this->once())->method('getLabel')->will($this->returnValue('Class 2'));
$rootOid = new ObjectIdentity($extensionKey, ObjectIdentityFactory::ROOT_IDENTITY_TYPE);
$rootAcl = $this->getMock('Symfony\\Component\\Security\\Acl\\Model\\AclInterface');
$oid1 = new ObjectIdentity($extensionKey, $classes[0]);
$oid1Acl = $this->getMock('Symfony\\Component\\Security\\Acl\\Model\\AclInterface');
$oid2 = new ObjectIdentity($extensionKey, $classes[1]);
$oidsWithRoot = array($rootOid, $oid2, $oid1);
$aclsSrc = array(array('oid' => $rootOid, 'acl' => $rootAcl), array('oid' => $oid1, 'acl' => $oid1Acl), array('oid' => $oid2, 'acl' => null));
$allowedPermissions = array();
$allowedPermissions[(string) $rootOid] = array('VIEW', 'CREATE', 'EDIT');
$allowedPermissions[(string) $oid1] = array('VIEW', 'CREATE', 'EDIT');
$allowedPermissions[(string) $oid2] = array('VIEW', 'CREATE');
$rootAce = $this->getAce('root', $sid);
$rootAcl->expects($this->any())->method('getObjectAces')->will($this->returnValue(array($rootAce)));
$rootAcl->expects($this->never())->method('getClassAces');
$oid1Ace = $this->getAce('oid1', $sid);
$oid1Acl->expects($this->any())->method('getClassAces')->will($this->returnValue(array($oid1Ace)));
$oid1Acl->expects($this->once())->method('getObjectAces')->will($this->returnValue(array()));
$this->extension->expects($this->once())->method('getExtensionKey')->will($this->returnValue($extensionKey));
$this->extension->expects($this->once())->method('getClasses')->will($this->returnValue(array($class2, $class1)));
$this->extension->expects($this->any())->method('getAllowedPermissions')->will($this->returnCallback(function ($oid) use(&$allowedPermissions) {
return $allowedPermissions[(string) $oid];
}));
$this->extension->expects($this->any())->method('adaptRootMask')->will($this->returnCallback(function ($mask, $object) {
if ($mask === 'root' && $object === 'test:Acme\\Class2') {
return 'adaptedRoot';
}
return $mask;
}));
$this->extension->expects($this->any())->method('getPermissions')->will($this->returnValue(array('VIEW', 'CREATE', 'EDIT')));
$this->extension->expects($this->any())->method('getAccessLevel')->will($this->returnCallback(function ($mask, $permission) {
switch ($permission) {
case 'VIEW':
if ($mask === 'root') {
return AccessLevel::GLOBAL_LEVEL;
} elseif ($mask === 'oid1') {
return AccessLevel::BASIC_LEVEL;
}
break;
case 'CREATE':
if ($mask === 'root') {
return AccessLevel::DEEP_LEVEL;
} elseif ($mask === 'oid1') {
return AccessLevel::BASIC_LEVEL;
}
break;
case 'EDIT':
if ($mask === 'root') {
return AccessLevel::LOCAL_LEVEL;
} elseif ($mask === 'oid1') {
return AccessLevel::NONE_LEVEL;
}
break;
}
if ($mask === 'adaptedRoot') {
return AccessLevel::SYSTEM_LEVEL;
}
return AccessLevel::NONE_LEVEL;
}));
$this->manager->expects($this->once())->method('getRootOid')->with($this->equalTo($extensionKey))->will($this->returnValue($rootOid));
$this->manager->expects($this->once())->method('findAcls')->with($this->identicalTo($sid), $this->equalTo($oidsWithRoot))->will($this->returnCallback(function () use(&$thisLink, &$aclsSrc) {
return $thisLink->getAcls($aclsSrc);
}));
$this->aceProvider->expects($this->any())->method('getAces')->will($this->returnCallback(function ($acl, $type, $field) use(&$rootAcl, &$oid1Acl) {
if ($acl === $oid1Acl) {
$a = $oid1Acl;
} else {
$a = $rootAcl;
}
return $a->{"get{$type}Aces"}();
}));
$result = $this->repository->getPrivileges($sid);
$this->assertCount(count($classes) + 1, $result);
$this->assertEquals('test:(root)', $result[0]->getIdentity()->getId());
$this->assertEquals(AclPrivilegeRepository::ROOT_PRIVILEGE_NAME, $result[0]->getIdentity()->getName());
$this->assertEquals('', $result[0]->getGroup());
$this->assertEquals($extensionKey, $result[0]->getExtensionKey());
$this->assertEquals('test:Acme\\Class1', $result[1]->getIdentity()->getId());
$this->assertEquals('Class 1', $result[1]->getIdentity()->getName());
$this->assertEquals('SomeGroup', $result[1]->getGroup());
$this->assertEquals($extensionKey, $result[1]->getExtensionKey());
$this->assertEquals('test:Acme\\Class2', $result[2]->getIdentity()->getId());
$this->assertEquals('Class 2', $result[2]->getIdentity()->getName());
$this->assertEquals('SomeGroup', $result[2]->getGroup());
$this->assertEquals($extensionKey, $result[2]->getExtensionKey());
$this->assertEquals(3, $result[0]->getPermissionCount());
$this->assertEquals(3, $result[1]->getPermissionCount());
$this->assertEquals(2, $result[2]->getPermissionCount());
$p = $result[0]->getPermissions();
$this->assertEquals(AccessLevel::GLOBAL_LEVEL, $p['VIEW']->getAccessLevel());
$this->assertEquals(AccessLevel::DEEP_LEVEL, $p['CREATE']->getAccessLevel());
$this->assertEquals(AccessLevel::LOCAL_LEVEL, $p['EDIT']->getAccessLevel());
$p = $result[1]->getPermissions();
$this->assertEquals(AccessLevel::BASIC_LEVEL, $p['VIEW']->getAccessLevel());
$this->assertEquals(AccessLevel::BASIC_LEVEL, $p['CREATE']->getAccessLevel());
$this->assertEquals(AccessLevel::NONE_LEVEL, $p['EDIT']->getAccessLevel());
$p = $result[2]->getPermissions();
$this->assertEquals(AccessLevel::SYSTEM_LEVEL, $p['VIEW']->getAccessLevel());
$this->assertEquals(AccessLevel::SYSTEM_LEVEL, $p['CREATE']->getAccessLevel());
$this->assertFalse($p->containsKey('EDIT'));
}
