protected function initOrm()
{
$this->purgeDatabase();
$contact = new Contact();
$contact->setFirstName('Max');
$contact->setLastName('Mustermann');
$this->em->persist($contact);
$this->em->flush();
$emailType = new EmailType();
$emailType->setName('Private');
$this->em->persist($emailType);
$this->em->flush();
$email = new Email();
$email->setEmail('*****@*****.**');
$email->setEmailType($emailType);
$this->em->persist($email);
$this->em->flush();
$role1 = new Role();
$role1->setName('Role1');
$role1->setSystem('Sulu');
$this->em->persist($role1);
$this->em->flush();
$user = new User();
$user->setUsername('admin');
$user->setPassword('securepassword');
$user->setSalt('salt');
$user->setLocale('de');
$user->setContact($contact);
$this->em->persist($user);
$this->em->flush();
$userRole1 = new UserRole();
$userRole1->setRole($role1);
$userRole1->setUser($user);
$userRole1->setLocale(json_encode(['de', 'en']));
$this->em->persist($userRole1);
$this->em->flush();
$permission1 = new Permission();
$permission1->setPermissions(122);
$permission1->setRole($role1);
$permission1->setContext('Context 1');
$this->em->persist($permission1);
$this->em->flush();
$tag1 = new Tag();
$tag1->setName('tag1');
$this->em->persist($tag1);
$this->em->flush();
$tag2 = new Tag();
$tag2->setName('tag2');
$this->em->persist($tag2);
$this->em->flush();
$tag3 = new Tag();
$tag3->setName('tag3');
$this->em->persist($tag3);
$this->em->flush();
$tag4 = new Tag();
$tag4->setName('tag4');
$this->em->persist($tag4);
$this->em->flush();
}
public function setUp()
{
$roleIdReflection = new \ReflectionProperty(BaseRole::class, 'id');
$roleIdReflection->setAccessible(true);
$this->user = new User();
$this->userRole = new UserRole();
$this->role = new Role();
$roleIdReflection->setValue($this->role, 1);
$this->role->setName('role1');
$this->permission = new Permission();
$this->permission->setPermissions(122);
$this->permission->setContext('sulu.security.roles');
$this->role->addPermission($this->permission);
$this->userRole->setRole($this->role);
$this->user->addUserRole($this->userRole);
$this->token = $this->prophesize(TokenInterface::class);
$this->token->getUser()->willReturn($this->user);
$this->accessControlManager = $this->prophesize(AccessControlManagerInterface::class);
$this->voter = new SecurityContextVoter($this->accessControlManager->reveal(), $this->permissions);
}
public function setUp()
{
$this->em = $this->db('ORM')->getOm();
$this->purgeDatabase();
$emailType = new EmailType();
$emailType->setName('Private');
$this->em->persist($emailType);
$email1 = new Email();
$email1->setEmail('*****@*****.**');
$email1->setEmailType($emailType);
$this->em->persist($email1);
// Contact
$contact1 = new Contact();
$contact1->setFirstName('Max');
$contact1->setLastName('Mustermann');
$contact1->addEmail($email1);
$this->em->persist($contact1);
$this->contact1 = $contact1;
$email = new Email();
$email->setEmail('*****@*****.**');
$email->setEmailType($emailType);
$this->em->persist($email);
$contact2 = new Contact();
$contact2->setFirstName('Max');
$contact2->setLastName('Muster');
$contact2->addEmail($email);
$this->em->persist($contact2);
$this->contact2 = $contact2;
$contact3 = new Contact();
$contact3->setFirstName('Disabled');
$contact3->setLastName('User');
$contact3->addEmail($email);
$this->em->persist($contact3);
$this->contact3 = $contact3;
$this->em->flush();
$role1 = new Role();
$role1->setName('Role1');
$role1->setSystem('Sulu');
$this->em->persist($role1);
$this->role1 = $role1;
$role2 = new Role();
$role2->setName('Role2');
$role2->setSystem('Sulu');
$this->em->persist($role2);
$this->role2 = $role2;
// User 1
$user = new User();
$user->setUsername('admin');
$user->setEmail('*****@*****.**');
$user->setPassword('securepassword');
$user->setSalt('salt');
$user->setLocale('de');
$user->setContact($contact2);
$this->em->persist($user);
$this->user1 = $user;
// User 2
$user1 = new User();
$user1->setUsername('disabled');
$user1->setEmail('*****@*****.**');
$user1->setPassword('securepassword');
$user1->setSalt('salt');
$user1->setLocale('de');
$user1->setContact($contact3);
$user1->setEnabled(false);
$this->em->persist($user1);
$this->user2 = $user1;
$this->em->flush();
$userRole1 = new UserRole();
$userRole1->setRole($role1);
$userRole1->setUser($user);
$userRole1->setLocale(json_encode(['de', 'en']));
$this->em->persist($userRole1);
$userRole2 = new UserRole();
$userRole2->setRole($role2);
$userRole2->setUser($user);
$userRole2->setLocale(json_encode(['de', 'en']));
$this->em->persist($userRole2);
$userRole3 = new UserRole();
$userRole3->setRole($role2);
$userRole3->setUser($user);
$userRole3->setLocale(json_encode(['de', 'en']));
$this->em->persist($userRole3);
$permission1 = new Permission();
$permission1->setPermissions(122);
$permission1->setRole($role1);
$permission1->setContext('Context 1');
$this->em->persist($permission1);
$permission2 = new Permission();
$permission2->setPermissions(122);
$permission2->setRole($role2);
$permission2->setContext('Context 2');
$this->em->persist($permission2);
// user groups
$group1 = new Group();
$group1->setName('Group1');
$group1->setLft(0);
$group1->setRgt(0);
$group1->setDepth(0);
$this->em->persist($group1);
$this->group1 = $group1;
$group2 = new Group();
$group2->setName('Group2');
$group2->setLft(0);
$group2->setRgt(0);
$group2->setDepth(0);
$this->em->persist($group2);
$this->group2 = $group2;
$this->em->flush();
}
/**
* @see Command
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$localizations = $this->getContainer()->get('sulu.core.localization_manager')->getLocalizations();
$locales = [];
$userLocales = $this->getContainer()->getParameter('sulu_core.locales');
foreach ($localizations as $localization) {
/* @var Localization $localization */
$locales[] = $localization->getLocalization();
}
$username = $input->getArgument('username');
$firstName = $input->getArgument('firstName');
$lastName = $input->getArgument('lastName');
$email = $input->getArgument('email');
$locale = $input->getArgument('locale');
$roleName = $input->getArgument('role');
$password = $input->getArgument('password');
$doctrine = $this->getDoctrine();
$em = $doctrine->getManager();
$user = $this->getUser();
$existing = $doctrine->getRepository(get_class($user))->findOneBy(['username' => $username]);
if ($existing) {
$output->writeln(sprintf('<error>User "%s" already exists</error>', $username));
return 1;
}
if (!in_array($locale, $userLocales)) {
$output->writeln(sprintf('Given locale "%s" is invalid, must be one of "%s"', $locale, implode('", "', $userLocales)));
return 1;
}
/** @var RepositoryInterface $contactRepository */
$contactRepository = $this->getContainer()->get('sulu.repository.contact');
/** @var ContactInterface $contact */
$contact = $contactRepository->createNew();
$contact->setFirstName($firstName);
$contact->setLastName($lastName);
$em->persist($contact);
$em->flush();
$user->setContact($contact);
$user->setUsername($username);
$user->setSalt($this->generateSalt());
$user->setPassword($this->encodePassword($user, $password, $user->getSalt()));
$user->setLocale($locale);
$user->setEmail($email);
/* @var RoleRepositoryInterface $contactRepository */
$roleRepository = $this->getContainer()->get('sulu.repository.role');
/** @var RoleInterface $role */
$role = $roleRepository->findOneBy(['name' => $roleName]);
if (!$role) {
$output->writeln(sprintf('<error>Role "%s" not found. The following roles are available: "%s"</error>', $roleName, implode('", "', $this->getRoleNames())));
return 1;
}
$userRole = new UserRole();
$userRole->setRole($role);
$userRole->setUser($user);
$userRole->setLocale(json_encode($locales));
// set all locales
$em->persist($userRole);
$em->persist($user);
$em->flush();
$output->writeln(sprintf('Created user "<comment>%s</comment>" in role "<comment>%s</comment>"', $username, $roleName));
}
public function testNegativeWhenAclExistsVote()
{
$this->userRole->setLocale('["en"]');
$access = $this->voter->vote($this->token->reveal(), new SecurityCondition('sulu.security.roles', 'de', 'Sulu\\Bundle\\SecurityBundle\\Group', '1'), ['view']);
$this->assertSame(VoterInterface::ACCESS_DENIED, $access);
}
/**
* Adds a new UserRole to the given user.
*
* @param UserInterface $user
* @param $userRoleData
*
* @throws \Sulu\Component\Rest\Exception\EntityNotFoundException
*
* @return bool
*/
private function addUserRole(UserInterface $user, $userRoleData)
{
$alreadyContains = false;
$role = $this->roleRepository->findRoleById($userRoleData['role']['id']);
if (!$role) {
throw new EntityNotFoundException($this->roleRepository->getClassName(), $userRoleData['role']['id']);
}
if ($user->getUserRoles()) {
foreach ($user->getUserRoles() as $containedRole) {
if ($containedRole->getRole()->getId() === $role->getId()) {
$alreadyContains = true;
}
}
}
if ($alreadyContains === false) {
$userRole = new UserRole();
$userRole->setUser($user);
$userRole->setRole($role);
$userRole->setLocale(json_encode($userRoleData['locales']));
$this->em->persist($userRole);
$user->addUserRole($userRole);
}
return true;
}
/**
* Returns the permissions for the given security context for the given user role.
*
* @param string $locale
* @param string $securityContext
* @param UserRole $userRole The user role for which the security is checked
* @param bool $checkPermissionType Flag to show if the permission type should also be checked
*
* @return array
*/
private function getUserRoleSecurityContextPermission($locale, $securityContext, UserRole $userRole, $checkPermissionType)
{
$userPermission = $this->maskConverter->convertPermissionsToArray(0);
foreach ($userRole->getRole()->getPermissions() as $permission) {
$hasContext = $permission->getContext() == $securityContext;
if (!$hasContext) {
continue;
}
$hasLocale = $locale == null || in_array($locale, $userRole->getLocales());
if (!$hasLocale) {
continue;
}
if ($checkPermissionType) {
$userPermission = $this->maskConverter->convertPermissionsToArray($permission->getPermissions());
} else {
array_walk($userPermission, function (&$permission) {
$permission = true;
});
}
}
return $userPermission;
}
/**
* @param $user
* @param $system
* @param $roleName
* @param $locales
*
* @return mixed
*/
private function addUserRole(UserInterface $user, $system, $roleName, $locales)
{
$role = $this->roleRepository->findOneBy(['system' => $system, 'name' => $roleName]);
// create role when not exists
if (!$role) {
/** @var Role $role */
$role = $this->roleRepository->createNew();
$role->setSystem($system);
$role->setName($roleName);
$this->entityManager->persist($role);
}
// create new user roles
$userRole = new UserRole();
$userRole->setRole($role);
$userRole->setUser($user);
$locales = json_encode(array_values($locales));
$userRole->setLocale($locales);
$this->entityManager->persist($userRole);
}
private function prepareUser($username, $password, $enabled = true, $locked = false)
{
$emailType = new EmailType();
$emailType->setName('Private');
$this->em->persist($emailType);
$email = new Email();
$email->setEmail('*****@*****.**');
$email->setEmailType($emailType);
$this->em->persist($email);
$contact1 = new Contact();
$contact1->setFirstName('Max');
$contact1->setLastName('Muster');
$contact1->addEmail($email);
$this->em->persist($contact1);
$user = new User();
$user->setUsername($username);
$user->setPassword($password);
$user->setSalt('salt');
$user->setLocale('de');
$user->setContact($contact1);
$user->setEnabled($enabled);
$user->setLocked($locked);
$this->em->persist($user);
$role = new Role();
$role->setName('Sulu');
$role->setSystem('Sulu');
$this->em->persist($role);
$userRole = new UserRole();
$userRole->setRole($role);
$userRole->setUser($user);
$userRole->setLocale('');
$this->em->persist($userRole);
$this->em->flush();
return $user;
}