/**
  * @dataProvider provideObjectIdentifiers
  */
 public function testGetPermissions($objectId, $objectType, $objectIdentifier)
 {
     $ace1 = $this->prophesize(EntryInterface::class);
     $ace1->getSecurityIdentity()->willReturn($this->securityIdentity);
     $ace1->getMask()->willReturn(64);
     $this->acl->getObjectAces()->willReturn([$ace1->reveal()]);
     $this->maskConverter->convertPermissionsToArray(64)->willReturn(['view' => true]);
     $this->aclProvider->findAcl(new ObjectIdentity($objectIdentifier, $objectType))->willReturn($this->acl->reveal());
     $permissions = $this->accessControlManager->getPermissions($objectType, $objectId);
     $this->assertEquals(true, $permissions['ROLE_SULU_ADMINISTRATOR']['view']);
 }
 /**
  * Returns the permissions for all security identities.
  *
  * @param string $type The type of the protected object
  * @param string $identifier The identifier of the protected object
  *
  * @return array
  */
 public function getPermissions($type, $identifier)
 {
     $accessControls = $this->accessControlRepository->findByTypeAndId($type, $identifier);
     $permissions = [];
     foreach ($accessControls as $accessControl) {
         $permissions[$accessControl->getRole()->getId()] = $this->maskConverter->convertPermissionsToArray($accessControl->getPermissions());
     }
     return $permissions;
 }
Esempio n. 3
0
 /**
  * @dataProvider provideUserPermission
  */
 public function testGetUserPermissions($rolePermissions, $securityContextPermissions, $userLocales, $locale, $result)
 {
     $this->maskConverter->convertPermissionsToArray(0)->willReturn(['view' => false, 'edit' => false]);
     $this->maskConverter->convertPermissionsToArray(64)->willReturn(['view' => true, 'edit' => false]);
     /** @var AccessControlProviderInterface $accessControlProvider */
     $accessControlProvider = $this->prophesize(AccessControlProviderInterface::class);
     $accessControlProvider->supports(\stdClass::class)->willReturn(true);
     $accessControlProvider->getPermissions(\stdClass::class, '1')->willReturn($rolePermissions);
     $this->accessControlManager->addAccessControlProvider($accessControlProvider->reveal());
     // create role for given role permissions from data provider
     /** @var Permission $permission1 */
     $permission1 = $this->prophesize(Permission::class);
     $permission1->getPermissions()->willReturn($securityContextPermissions);
     $permission1->getContext()->willReturn('example');
     /** @var Role $role1 */
     $role1 = $this->prophesize(Role::class);
     $role1->getPermissions()->willReturn([$permission1->reveal()]);
     $role1->getId()->willReturn(1);
     /** @var UserRole $userRole1 */
     $userRole1 = $this->prophesize(UserRole::class);
     $userRole1->getRole()->willReturn($role1->reveal());
     $userRole1->getLocales()->willReturn($userLocales);
     // add a role which should not influence the security context check
     /** @var Permission $permission */
     $permission2 = $this->prophesize(Permission::class);
     $permission2->getPermissions()->willReturn(127);
     $permission2->getContext()->willReturn('not-important');
     /** @var Role $role */
     $role2 = $this->prophesize(Role::class);
     $role2->getPermissions()->willReturn([$permission2->reveal()]);
     $role2->getId()->willReturn(2);
     /** @var UserRole $userRole */
     $userRole2 = $this->prophesize(UserRole::class);
     $userRole2->getRole()->willReturn($role2->reveal());
     $userRole2->getLocales()->willReturn($userLocales);
     // return the user with the above definitions
     /** @var User $user */
     $user = $this->prophesize(User::class);
     $user->getUserRoles()->willReturn([$userRole1->reveal(), $userRole2->reveal()]);
     $user->getRoleObjects()->willReturn([$role1->reveal(), $role2->reveal()]);
     $permissions = $this->accessControlManager->getUserPermissions(new SecurityCondition('example', $locale, \stdClass::class, '1'), $user->reveal());
     $this->assertEquals($result, $permissions);
 }
Esempio n. 4
0
 /**
  * {@inheritdoc}
  */
 public function getPermissions($type, $identifier)
 {
     $oid = new ObjectIdentity($identifier, $type);
     try {
         $acl = $this->aclProvider->findAcl($oid);
     } catch (AclNotFoundException $exc) {
         return [];
     }
     $permissions = [];
     foreach ($acl->getObjectAces() as $ace) {
         /* @var EntryInterface $ace */
         $permissions[$ace->getSecurityIdentity()->getRole()] = $this->maskConverter->convertPermissionsToArray($ace->getMask());
     }
     return $permissions;
 }
 public function testGetPermissions()
 {
     $roleIdReflection = new \ReflectionProperty(BaseRole::class, 'id');
     $roleIdReflection->setAccessible(true);
     $role1 = new Role();
     $roleIdReflection->setValue($role1, 1);
     $role2 = new Role();
     $roleIdReflection->setValue($role2, 2);
     $this->maskConverter->convertPermissionsToArray(64)->willReturn(['view' => true, 'edit' => false]);
     $this->maskConverter->convertPermissionsToArray(96)->willReturn(['view' => true, 'edit' => true]);
     $accessControl1 = new AccessControl();
     $accessControl1->setPermissions(64);
     $accessControl1->setRole($role1);
     $accessControl2 = new AccessControl();
     $accessControl2->setPermissions(96);
     $accessControl2->setRole($role2);
     $accessControls = [$accessControl1, $accessControl2];
     $this->accessControlRepository->findByTypeAndId('AcmeBundle\\Example', 1)->willReturn($accessControls);
     $this->assertEquals($this->doctrineAccessControlProvider->getPermissions('AcmeBundle\\Example', 1), [1 => ['view' => true, 'edit' => false], 2 => ['view' => true, 'edit' => true]]);
 }
Esempio n. 6
0
 /**
  * Returns the permissions for the given security context for the given user role.
  *
  * @param string $locale
  * @param string $securityContext
  * @param UserRole $userRole The user role for which the security is checked
  * @param bool $checkPermissionType Flag to show if the permission type should also be checked
  *
  * @return array
  */
 private function getUserRoleSecurityContextPermission($locale, $securityContext, UserRole $userRole, $checkPermissionType)
 {
     $userPermission = $this->maskConverter->convertPermissionsToArray(0);
     foreach ($userRole->getRole()->getPermissions() as $permission) {
         $hasContext = $permission->getContext() == $securityContext;
         if (!$hasContext) {
             continue;
         }
         $hasLocale = $locale == null || in_array($locale, $userRole->getLocales());
         if (!$hasLocale) {
             continue;
         }
         if ($checkPermissionType) {
             $userPermission = $this->maskConverter->convertPermissionsToArray($permission->getPermissions());
         } else {
             array_walk($userPermission, function (&$permission) {
                 $permission = true;
             });
         }
     }
     return $userPermission;
 }