/**
* @dataProvider provideObjectIdentifiers
*/
public function testPermissionUpdateEvent($objectId, $objectType, $objectIdentifier)
{
$this->aclProvider->findAcl(new ObjectIdentity($objectIdentifier, $objectType))->willThrow(AclNotFoundException::class);
$this->aclProvider->createAcl(new ObjectIdentity($objectIdentifier, $objectType))->willReturn($this->acl->reveal())->shouldBeCalled();
$this->aclProvider->updateAcl($this->acl->reveal())->shouldBeCalled();
$this->acl->getObjectAces()->willReturn([]);
$this->acl->insertObjectAce(Argument::cetera())->shouldBeCalled();
$this->accessControlManager->setPermissions($objectType, $objectId, [$this->securityIdentity->getRole() => ['view']]);
}
/**
* @dataProvider provideObjectIdentifiers
*/
public function testPermissionUpdateEvent($objectId, $objectType, $locale, $objectIdentifier)
{
$this->aclProvider->findAcl(new ObjectIdentity($objectIdentifier, $objectType))->willThrow(AclNotFoundException::class);
$this->aclProvider->createAcl(new ObjectIdentity($objectIdentifier, $objectType))->willReturn($this->acl->reveal())->shouldBeCalled();
$this->aclProvider->updateAcl($this->acl->reveal())->shouldBeCalled();
$this->acl->getObjectAces()->willReturn([]);
$this->acl->insertObjectAce(Argument::cetera())->shouldBeCalled();
$this->eventDispatcher->dispatch('sulu.security.permission.update', new PermissionUpdateEvent($objectType, $objectIdentifier, $this->securityIdentity, ['view']))->shouldBeCalled();
$this->accessControlManager->setPermissions($objectType, $objectId, $this->securityIdentity, ['view'], $locale);
}
/**
* {@inheritdoc}
*
* @SuppressWarnings(PHPMD.ExcessiveParameterList)
*/
protected function getInsertAccessControlEntrySql($classId, $objectIdentityId, $field, $aceOrder, $securityIdentityId, $strategy, $mask, $granting, $auditSuccess, $auditFailure)
{
$recordId = $this->updatedAcl && $this->updatedAcl->getObjectIdentity() ? $this->updatedAcl->getObjectIdentity()->getIdentifier() : null;
$query = <<<QUERY
INSERT INTO %s (
class_id,
object_identity_id,
field_name,
ace_order,
security_identity_id,
mask,
granting,
granting_strategy,
audit_success,
audit_failure,
record_id
)
VALUES (%d, %s, %s, %d, %d, %d, %s, %s, %s, %s, %s)
QUERY;
return sprintf($query, $this->options['entry_table_name'], $classId, null === $objectIdentityId ? 'NULL' : (int) $objectIdentityId, null === $field ? 'NULL' : $this->connection->quote($field), $aceOrder, $securityIdentityId, $mask, $this->connection->getDatabasePlatform()->convertBooleans($granting), $this->connection->quote($strategy), $this->connection->getDatabasePlatform()->convertBooleans($auditSuccess), $this->connection->getDatabasePlatform()->convertBooleans($auditFailure), null === $recordId ? 'NULL' : (int) $recordId);
}
/**
* Persists any changes which were made to the ACL, or any associated access control entries.
*
* Changes to parent ACLs are not persisted.
*
* @throws \Symfony\Component\Security\Acl\Exception\Exception
*
* @param \Symfony\Component\Security\Acl\Model\MutableAclInterface $acl
*
* @return bool
*/
public function updateAcl(MutableAclInterface $acl)
{
if (!$acl instanceof MutableAcl) {
throw new \InvalidArgumentException('The given ACL is not tracked by this provider. Please provide \\Propel\\Bundle\\PropelBundle\\Security\\Acl\\Domain\\MutableAcl only.');
}
try {
$modelEntries = EntryQuery::create()->findByAclIdentity($acl->getObjectIdentity(), array(), $this->connection);
$objectIdentity = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($acl->getObjectIdentity(), $this->connection);
$this->connection->beginTransaction();
$keepEntries = array_merge($this->persistAcl($acl->getClassAces(), $objectIdentity), $this->persistAcl($acl->getObjectAces(), $objectIdentity, true));
foreach ($acl->getFields() as $eachField) {
$keepEntries = array_merge($keepEntries, $this->persistAcl($acl->getClassFieldAces($eachField), $objectIdentity), $this->persistAcl($acl->getObjectFieldAces($eachField), $objectIdentity, true));
}
foreach ($modelEntries as $eachEntry) {
if (!in_array($eachEntry->getId(), $keepEntries)) {
$eachEntry->delete($this->connection);
}
}
if (null === $acl->getParentAcl()) {
$objectIdentity->setParentObjectIdentityId(null)->save($this->connection);
} else {
$objectIdentity->setParentObjectIdentityId($acl->getParentAcl()->getId())->save($this->connection);
}
$this->connection->commit();
// After successfully committing the transaction, we are good to update the cache.
if (null !== $this->cache) {
$this->cache->evictFromCacheById($objectIdentity->getId());
$this->cache->putInCache($acl);
}
return true;
// @codeCoverageIgnoreStart
} catch (Exception $e) {
$this->connection->rollBack();
throw new AclException('An error occurred while updating the ACL.', 0, $e);
}
// @codeCoverageIgnoreEnd
}
protected function doInstallFallbackAcl(MutableAclInterface $acl, MaskBuilder $builder)
{
$builder->add('iddqd');
$acl->insertClassAce(new RoleSecurityIdentity('ROLE_SUPER_ADMIN'), $builder->get());
$builder->reset()->add('view');
$acl->insertClassAce(new RoleSecurityIdentity('IS_AUTHENTICATED_ANONYMOUSLY'), $builder->get());
$builder->reset()->add('create')->add('view');
$acl->insertClassAce(new RoleSecurityIdentity('ROLE_USER'), $builder->get());
}
/**
* Insert ACL entries
*
* @param MutableAclInterface $acl
* @param array $insert
*/
protected function insertAclEntries(MutableAclInterface $acl, array $insert)
{
foreach ($insert as $entry) {
$identity = $entry['identity'];
$permission = $entry['permission'];
if ($identity instanceof UserInterface) {
$identity = UserSecurityIdentity::fromAccount($identity);
} elseif (is_string($identity)) {
$identity = new RoleSecurityIdentity($identity);
}
$acl->insertObjectAce($identity, $permission);
}
}
