/**
* @see Command
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$doctrine = $this->getContainer()->get('doctrine');
$em = $doctrine->getManager();
$name = $input->getArgument('name');
$system = $input->getArgument('system');
/* @var RepositoryInterface $roleRepository */
$repository = $this->getContainer()->get('sulu.repository.role');
$role = $repository->findOneByName($name);
if ($role) {
$output->writeln(sprintf('<error>Role "%s" already exists.</error>', $name));
return 1;
}
/** @var RoleInterface $role */
$role = $repository->createNew();
$role->setName($name);
$role->setSystem($system);
$pool = $this->getContainer()->get('sulu_admin.admin_pool');
$securityContexts = $pool->getSecurityContexts();
// flatten contexts
$securityContextsFlat = [];
array_walk_recursive($securityContexts['Sulu'], function ($value) use(&$securityContextsFlat) {
$securityContextsFlat[] = $value;
});
foreach ($securityContextsFlat as $securityContext) {
$permission = new Permission();
$permission->setRole($role);
$permission->setContext($securityContext);
$permission->setPermissions(127);
$role->addPermission($permission);
}
$em->persist($role);
$em->flush();
$output->writeln(sprintf('Created role "<comment>%s</comment>" in system "<comment>%s</comment>".', $role->getName(), $role->getSystem()));
}
public function setUp()
{
$this->user = new User();
$this->userRole = new UserRole();
$this->role = new Role();
$this->permission = new Permission();
$this->permission->setPermissions(122);
$this->permission->setContext('sulu.security.roles');
$this->role->addPermission($this->permission);
$this->userRole->setRole($this->role);
$this->user->addUserRole($this->userRole);
$this->userGroup = new UserGroup();
$this->group = new Group();
$this->role = new Role();
$this->permission = new Permission();
$this->permission->setPermissions(122);
$this->permission->setContext('sulu.security.groups');
$this->role->addPermission($this->permission);
$this->group->addRole($this->role);
$this->userGroup->setGroup($this->group);
$this->nestedGroup = new Group();
$this->role = new Role();
$this->permission = new Permission();
$this->permission->setPermissions(122);
$this->permission->setContext('sulu.security.groups.nested');
$this->role->addPermission($this->permission);
$this->nestedGroup->addRole($this->role);
$this->group->addChildren($this->nestedGroup);
$this->user->addUserGroup($this->userGroup);
$this->token = $this->prophesize(TokenInterface::class);
$this->token->getUser()->willReturn($this->user);
$this->aclProvider = $this->prophesize(AclProviderInterface::class);
$this->aclProvider->findAcl(Argument::any())->willReturn(true);
$this->voter = new SecurityContextVoter($this->permissions, $this->aclProvider->reveal());
}
public function setUp()
{
$this->em = $this->db('ORM')->getOm();
$this->purgeDatabase();
$this->securityType1 = new SecurityType();
$this->securityType1->setName('Security Type 1');
$this->em->persist($this->securityType1);
$this->securityType2 = new SecurityType();
$this->securityType2->setName('Security Type 2');
$this->em->persist($this->securityType2);
$role = new Role();
$role->setName('Sulu Administrator');
$role->setSystem('Sulu');
$role->setSecurityType($this->securityType1);
$this->em->persist($role);
$this->role1 = $role;
$role2 = new Role();
$role2->setName('Sulu Editor');
$role2->setSystem('Sulu');
$this->em->persist($role2);
$this->role2 = $role2;
$this->em->flush();
$permission1 = new Permission();
$permission1->setRole($role);
$permission1->setContext('context1');
$permission1->setPermissions(15);
$this->em->persist($permission1);
$this->permission1 = $permission1;
$permission2 = new Permission();
$permission2->setRole($role);
$permission2->setContext('context2');
$permission2->setPermissions(17);
$this->em->persist($permission2);
$this->permission2 = $permission2;
$permission3 = new Permission();
$permission3->setRole($role2);
$permission3->setContext('context1');
$permission3->setPermissions(64);
$this->em->persist($permission3);
$permission4 = new Permission();
$permission4->setRole($role2);
$permission4->setContext('context2');
$permission4->setPermissions(35);
$this->em->persist($permission4);
$this->em->flush();
}
/**
* @see Command
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$doctrine = $this->getContainer()->get('doctrine');
$em = $doctrine->getManager();
$name = $input->getArgument('name');
$system = $input->getArgument('system');
/* @var RepositoryInterface $roleRepository */
$repository = $this->getContainer()->get('sulu.repository.role');
$role = $repository->findOneByName($name);
if ($role) {
$output->writeln(sprintf('<error>Role "%s" already exists.</error>', $name));
return 1;
}
/** @var RoleInterface $role */
$role = $repository->createNew();
$role->setName($name);
$role->setSystem($system);
$pool = $this->getContainer()->get('sulu_admin.admin_pool');
$securityContexts = $pool->getSecurityContexts();
// flatten contexts
$securityContextsFlat = [];
foreach ($securityContexts['Sulu'] as $section => $contexts) {
foreach ($contexts as $context => $permissionTypes) {
if (is_array($permissionTypes)) {
$securityContextsFlat[] = $context;
} else {
// FIXME here for BC reasons, because the array used to only contain values without permission types
$securityContextsFlat[] = $permissionTypes;
}
}
}
foreach ($securityContextsFlat as $securityContext) {
$permission = new Permission();
$permission->setRole($role);
$permission->setContext($securityContext);
$permission->setPermissions(127);
$role->addPermission($permission);
}
$em->persist($role);
$em->flush();
$output->writeln(sprintf('Created role "<comment>%s</comment>" in system "<comment>%s</comment>".', $role->getName(), $role->getSystem()));
}
public function setUp()
{
$roleIdReflection = new \ReflectionProperty(BaseRole::class, 'id');
$roleIdReflection->setAccessible(true);
$this->user = new User();
$this->userRole = new UserRole();
$this->role = new Role();
$roleIdReflection->setValue($this->role, 1);
$this->role->setName('role1');
$this->permission = new Permission();
$this->permission->setPermissions(122);
$this->permission->setContext('sulu.security.roles');
$this->role->addPermission($this->permission);
$this->userRole->setRole($this->role);
$this->user->addUserRole($this->userRole);
$this->token = $this->prophesize(TokenInterface::class);
$this->token->getUser()->willReturn($this->user);
$this->accessControlManager = $this->prophesize(AccessControlManagerInterface::class);
$this->voter = new SecurityContextVoter($this->accessControlManager->reveal(), $this->permissions);
}
protected function initOrm()
{
$this->em = $this->getContainer()->get('doctrine')->getManager();
$contact = new Contact();
$contact->setFirstName('Max');
$contact->setLastName('Mustermann');
$this->em->persist($contact);
$emailType = new EmailType();
$emailType->setName('Private');
$this->em->persist($emailType);
$this->em->flush();
$email = new Email();
$email->setEmail('*****@*****.**');
$email->setEmailType($emailType);
$this->em->persist($email);
$this->em->flush();
$role1 = new Role();
$role1->setName('Role1');
$role1->setSystem('Sulu');
$this->em->persist($role1);
$user = new User();
$user->setUsername('admin');
$user->setPassword('securepassword');
$user->setSalt('salt');
$user->setLocale('de');
$user->setContact($contact);
$this->em->persist($user);
$this->em->flush();
$userRole1 = new UserRole();
$userRole1->setRole($role1);
$userRole1->setUser($user);
$userRole1->setLocale(json_encode(['de', 'en']));
$this->em->persist($userRole1);
$this->em->flush();
$permission1 = new Permission();
$permission1->setPermissions(122);
$permission1->setRole($role1);
$permission1->setContext('Context 1');
$this->em->persist($permission1);
$this->em->flush();
}
public function setUp()
{
$this->em = $this->db('ORM')->getOm();
$this->purgeDatabase();
$emailType = new EmailType();
$emailType->setName('Private');
$this->em->persist($emailType);
$email1 = new Email();
$email1->setEmail('*****@*****.**');
$email1->setEmailType($emailType);
$this->em->persist($email1);
// Contact
$contact1 = new Contact();
$contact1->setFirstName('Max');
$contact1->setLastName('Mustermann');
$contact1->addEmail($email1);
$this->em->persist($contact1);
$this->contact1 = $contact1;
$email = new Email();
$email->setEmail('*****@*****.**');
$email->setEmailType($emailType);
$this->em->persist($email);
$contact2 = new Contact();
$contact2->setFirstName('Max');
$contact2->setLastName('Muster');
$contact2->addEmail($email);
$this->em->persist($contact2);
$this->contact2 = $contact2;
$contact3 = new Contact();
$contact3->setFirstName('Disabled');
$contact3->setLastName('User');
$contact3->addEmail($email);
$this->em->persist($contact3);
$this->contact3 = $contact3;
$this->em->flush();
$role1 = new Role();
$role1->setName('Role1');
$role1->setSystem('Sulu');
$this->em->persist($role1);
$this->role1 = $role1;
$role2 = new Role();
$role2->setName('Role2');
$role2->setSystem('Sulu');
$this->em->persist($role2);
$this->role2 = $role2;
// User 1
$user = new User();
$user->setUsername('admin');
$user->setEmail('*****@*****.**');
$user->setPassword('securepassword');
$user->setSalt('salt');
$user->setLocale('de');
$user->setContact($contact2);
$this->em->persist($user);
$this->user1 = $user;
// User 2
$user1 = new User();
$user1->setUsername('disabled');
$user1->setEmail('*****@*****.**');
$user1->setPassword('securepassword');
$user1->setSalt('salt');
$user1->setLocale('de');
$user1->setContact($contact3);
$user1->setEnabled(false);
$this->em->persist($user1);
$this->user2 = $user1;
$this->em->flush();
$userRole1 = new UserRole();
$userRole1->setRole($role1);
$userRole1->setUser($user);
$userRole1->setLocale(json_encode(['de', 'en']));
$this->em->persist($userRole1);
$userRole2 = new UserRole();
$userRole2->setRole($role2);
$userRole2->setUser($user);
$userRole2->setLocale(json_encode(['de', 'en']));
$this->em->persist($userRole2);
$userRole3 = new UserRole();
$userRole3->setRole($role2);
$userRole3->setUser($user);
$userRole3->setLocale(json_encode(['de', 'en']));
$this->em->persist($userRole3);
$permission1 = new Permission();
$permission1->setPermissions(122);
$permission1->setRole($role1);
$permission1->setContext('Context 1');
$this->em->persist($permission1);
$permission2 = new Permission();
$permission2->setPermissions(122);
$permission2->setRole($role2);
$permission2->setContext('Context 2');
$this->em->persist($permission2);
// user groups
$group1 = new Group();
$group1->setName('Group1');
$group1->setLft(0);
$group1->setRgt(0);
$group1->setDepth(0);
$this->em->persist($group1);
$this->group1 = $group1;
$group2 = new Group();
$group2->setName('Group2');
$group2->setLft(0);
$group2->setRgt(0);
$group2->setDepth(0);
$this->em->persist($group2);
$this->group2 = $group2;
$this->em->flush();
}
/**
* Updates an already existing permission.
*
* @param Permission $permission
* @param $permissionData
*
* @return bool
*/
private function updatePermission(Permission $permission, $permissionData)
{
$permission->setContext($permissionData['context']);
$permission->setPermissions($this->get('sulu_security.mask_converter')->convertPermissionsToNumber($permissionData['permissions']));
return true;
}
/**
* Checks if the combination of permission and userrole is allowed for the given attributes.
*
* @param SecurityCondition $object
* @param int $attribute
* @param Permission $permission
* @param array|null $locales
*
* @return bool
*/
private function isGranted($object, $attribute, Permission $permission, $locales)
{
if (!is_array($locales)) {
$locales = [];
}
$hasContext = $permission->getContext() == $object->getSecurityContext();
$hasLocale = $object->getLocale() == null || in_array($object->getLocale(), $locales);
// if there is a concrete object we only have to check for the locale and context
if ($object->getObjectId() || $object->getObjectType()) {
return $hasContext && $hasLocale;
}
$hasPermission = $permission->getPermissions() & $this->permissions[$attribute];
return $hasContext && $hasPermission && $hasLocale;
}
public function setUp()
{
$this->em = $this->db('ORM')->getOm();
$this->purgeDatabase();
// email
$emailType = new EmailType();
$emailType->setName('Private');
$this->em->persist($emailType);
$email = new Email();
$email->setEmail('*****@*****.**');
$email->setEmailType($emailType);
$this->em->persist($email);
$email2 = new Email();
$email2->setEmail('*****@*****.**');
$email2->setEmailType($emailType);
$this->em->persist($email2);
// Contact
$contact1 = new Contact();
$contact1->setFirstName('Max');
$contact1->setLastName('Muster');
$contact1->addEmail($email);
$this->em->persist($contact1);
$contact2 = new Contact();
$contact2->setFirstName('Maria');
$contact2->setLastName('Musterfrau');
$contact2->addEmail($email2);
$this->em->persist($contact2);
$this->em->flush();
$role1 = new Role();
$role1->setName('Role1');
$role1->setSystem('Sulu');
$this->em->persist($role1);
$role2 = new Role();
$role2->setName('Role2');
$role2->setSystem('Test');
$this->em->persist($role2);
// User 1
$user = new User();
$user->setUsername('admin');
$user->setEmail('*****@*****.**');
$user->setPassword('securepassword');
$user->setPasswordResetToken('mySuperSecretToken');
$user->setSalt('salt');
$user->setLocale('de');
$user->setContact($contact1);
$this->em->persist($user);
// User 2
$user2 = new User();
$user2->setUsername('test');
$user2->setEmail('*****@*****.**');
$user2->setPassword('securepassword');
$user2->setSalt('salt');
$user2->setLocale('de');
$user2->setContact($contact2);
$this->em->persist($user2);
$this->em->flush();
$userRole1 = new UserRole();
$userRole1->setRole($role1);
$userRole1->setUser($user);
$userRole1->setLocale(json_encode(['de', 'en']));
$this->em->persist($userRole1);
$userRole2 = new UserRole();
$userRole2->setRole($role2);
$userRole2->setUser($user2);
$userRole2->setLocale(json_encode(['de', 'en']));
$this->em->persist($userRole2);
$permission1 = new Permission();
$permission1->setPermissions(122);
$permission1->setRole($role1);
$permission1->setContext('Context 1');
$this->em->persist($permission1);
$permission2 = new Permission();
$permission2->setPermissions(122);
$permission2->setRole($role2);
$permission2->setContext('Context 2');
$this->em->persist($permission2);
// user groups
$group1 = new Group();
$group1->setName('Group1');
$group1->setLft(0);
$group1->setRgt(0);
$group1->setDepth(0);
$this->em->persist($group1);
$group2 = new Group();
$group2->setName('Group2');
$group2->setLft(0);
$group2->setRgt(0);
$group2->setDepth(0);
$this->em->persist($group2);
$this->em->flush();
}
private function getOrCreateRole($name, $system)
{
$role = $this->getEntityManager()->getRepository('Sulu\\Bundle\\SecurityBundle\\Entity\\Role')->findOneByName($name);
if ($role) {
return $role;
}
$role = new Role();
$role->setName($name);
$role->setSystem($system);
$pool = $this->getContainer()->get('sulu_admin.admin_pool');
$securityContexts = $pool->getSecurityContexts();
$securityContextsFlat = [];
array_walk_recursive($securityContexts['Sulu'], function ($value) use(&$securityContextsFlat) {
$securityContextsFlat[] = $value;
});
foreach ($securityContextsFlat as $securityContext) {
$permission = new Permission();
$permission->setRole($role);
$permission->setContext($securityContext);
$permission->setPermissions(120);
$role->addPermission($permission);
}
$this->getEntityManager()->persist($role);
$this->getEntityManager()->flush();
return $role;
}
