Esempio n. 1
0
 public function createTskAcl(Contact $contact)
 {
     $aclProvider = $this->getContainer()->get('security.acl.provider');
     $objectIdentity = ObjectIdentity::fromDomainObject($contact);
     $orgIdentity = 'ROLE_ORG_' . $contact->getOrganization()->getId();
     $orgSecurityIdentity = new RoleSecurityIdentity($orgIdentity);
     $builder = new MaskBuilder();
     $builder->add('VIEW');
     $builder->add('EDIT');
     $builder->add('CREATE');
     $builder->add('MASTER');
     try {
         try {
             $acl = $aclProvider->createAcl($objectIdentity);
             $acl->insertObjectAce($orgSecurityIdentity, $builder->get());
             foreach ($contact->getSchools() as $school) {
                 $schoolIdentity = 'ROLE_SCHOOL_' . $school->getId();
                 $schoolSecurityIdentity = new RoleSecurityIdentity($schoolIdentity);
                 $acl->insertObjectAce($schoolSecurityIdentity, $builder->get());
             }
             $aclProvider->updateAcl($acl);
         } catch (AclAlreadyExistsException $e) {
             // keep going ...
         }
     } catch (AclException $e) {
         throw $e;
     }
 }
    public function configureACL(OutputInterface $output, AclInterface $acl, MaskBuilder $builder, array $aclInformations = array())
    {
        foreach ($aclInformations as $name => $masks) {
            foreach ($masks as $mask) {
                $builder->add($mask);
            }

            $acl->insertClassAce(new RoleSecurityIdentity($name), $builder->get());

            $output->writeln(sprintf('   - add role: %s, ACL: %s', $name, json_encode($masks)));

            $builder->reset();
        }
    }
 public function postPersist(LifecycleEventArgs $args)
 {
     $org = $this->session->get($this->orgSessionKey);
     if (!$org) {
         return false;
     }
     $entity = $args->getEntity();
     $className = get_class($entity);
     if ($className == 'TSK\\UserBundle\\Entity\\Contact') {
         $org = $this->session->get($this->orgSessionKey);
         $school = $this->session->get($this->schoolSessionKey);
         $orgRole = sprintf('ROLE_TSK_ORG_%d', $org);
         $schoolRole = sprintf('ROLE_TSK_SCHOOL_%d', $school);
         $conn = $args->getEntityManager()->getConnection();
         $builder = new MaskBuilder();
         $builder->add('OWNER');
         // $builder->add('EDIT');
         // $builder->add('LIST');
         // $builder->add('LIST');
         $mask = $builder->get();
         try {
             $conn->beginTransaction();
             $this->saveAcl($conn, $entity, $orgRole, $className, $mask, 0);
             $this->saveAcl($conn, $entity, $schoolRole, $className, $mask, 1);
             // $securityIdentityID = $this->createSecurityIdentity($conn, $schoolRole);
             // $classID = $this->createClassEntry($conn, $className);
             // $objectIdentityID = $this->createObjectIdentity($conn, $classID, $entity->getId());
             // $this->createAclEntry($conn, $classID, $objectIdentityID, $securityIdentityID, $mask);
             // $this->createObjectIdentityAncestor($conn, $objectIdentityID, $objectIdentityID);
             $conn->commit();
         } catch (\Exception $e) {
             $conn->rollback();
             throw $e;
         }
     }
 }
 /**
  * savePermissionsForIdentity 
  * 
  * @param mixed $identity 
  * @param mixed $identityType 
  * @param mixed $permissions 
  * @access public
  * @return void
  */
 public function savePermissionsForIdentity($identity, $identityType, $permissions)
 {
     // delete all permissions for identity
     switch (strtolower($identityType)) {
         case 'users':
             $securityIdentity = new UserSecurityIdentity($identity, 'TSK\\UserBundle\\Entity\\User');
             break;
         case 'roles':
             $securityIdentity = new RoleSecurityIdentity($identity);
             break;
         default:
             throw new \Exception("Invalid identity_type {$identity_type}");
             break;
     }
     $aclProvider = $this->aclProvider;
     foreach ($permissions as $idx => $perm) {
         $objectIdentity = new ObjectIdentity($perm->getClassName(), $perm->getClassType());
         $builder = new MaskBuilder();
         $builder->add(0);
         foreach ($perm->getBits() as $idx => $permission) {
             if ($permission) {
                 $builder->add($permission);
             }
         }
         try {
             $acl = $aclProvider->findAcl($objectIdentity);
         } catch (AclException $e) {
             $acl = $aclProvider->createAcl($objectIdentity);
         }
         // If we already have Access Control Entries for this object AND user
         // We do an update, otherwise insert.
         $classAces = $acl->getClassAces();
         $classAces = $acl->getObjectAces();
         if (count($classAces)) {
             $doClassUpdate = 0;
             foreach ($classAces as $idx => $ca) {
                 if ($ca->getSecurityIdentity() instanceof UserSecurityIdentity && $ca->getSecurityIdentity()->getUsername() === $identity && $ca->getAcl()->getObjectIdentity()->getIdentifier() == $acl->getObjectIdentity()->getIdentifier()) {
                     $doClassUpdate = 1;
                     break;
                 }
                 if ($ca->getSecurityIdentity() instanceof RoleSecurityIdentity && $ca->getSecurityIdentity()->getRole() === $identity && $ca->getAcl()->getObjectIdentity()->getIdentifier() == $acl->getObjectIdentity()->getIdentifier()) {
                     $doClassUpdate = 1;
                     break;
                 }
             }
             if ($doClassUpdate) {
                 $acl->updateObjectAce($idx, $builder->get());
             } else {
                 $acl->insertObjectAce($securityIdentity, $builder->get());
             }
         } else {
             $acl->insertObjectAce($securityIdentity, $builder->get());
         }
         $aclProvider->updateAcl($acl);
     }
 }