Esempio n. 1
0
 /**
  * Creates the ACE for a user.
  *
  * @param UserInterface $user
  */
 public function createUserAce(UserInterface $user)
 {
     if (!$this->aclProvider) {
         return;
     }
     $oid = ObjectIdentity::fromDomainObject($user);
     $acl = $this->aclProvider->createAcl($oid);
     $acl->insertObjectAce(UserSecurityIdentity::fromAccount($user), MaskBuilder::MASK_OWNER);
     $this->aclProvider->updateAcl($acl);
 }
Esempio n. 2
0
 /**
  * {@inheritdoc}
  */
 public function getPermissions($type, $identifier)
 {
     $oid = new ObjectIdentity($identifier, $type);
     try {
         $acl = $this->aclProvider->findAcl($oid);
     } catch (AclNotFoundException $exc) {
         return [];
     }
     $permissions = [];
     foreach ($acl->getObjectAces() as $ace) {
         /* @var EntryInterface $ace */
         $permissions[$ace->getSecurityIdentity()->getRole()] = $this->maskConverter->convertPermissionsToArray($ace->getMask());
     }
     return $permissions;
 }
Esempio n. 3
0
 /**
  * @param ObjectIdentityInterface $objectIdentity
  *
  * @return null|AclInterface
  */
 protected function findAcl(ObjectIdentityInterface $objectIdentity)
 {
     try {
         return $this->aclProvider->findAcl($objectIdentity);
     } catch (AclNotFoundException $e) {
         return;
     }
 }
Esempio n. 4
0
 /**
  * @dataProvider provideObjectIdentifiers
  */
 public function testPermissionUpdateEvent($objectId, $objectType, $objectIdentifier)
 {
     $this->aclProvider->findAcl(new ObjectIdentity($objectIdentifier, $objectType))->willThrow(AclNotFoundException::class);
     $this->aclProvider->createAcl(new ObjectIdentity($objectIdentifier, $objectType))->willReturn($this->acl->reveal())->shouldBeCalled();
     $this->aclProvider->updateAcl($this->acl->reveal())->shouldBeCalled();
     $this->acl->getObjectAces()->willReturn([]);
     $this->acl->insertObjectAce(Argument::cetera())->shouldBeCalled();
     $this->accessControlManager->setPermissions($objectType, $objectId, [$this->securityIdentity->getRole() => ['view']]);
 }
Esempio n. 5
0
 /**
  * @dataProvider providePermissionData
  */
 public function testPostAction($id, $class, $permissions)
 {
     $client = $this->createAuthenticatedClient();
     $client->request('POST', '/api/permissions', ['id' => $id, 'type' => $class, 'permissions' => ['ROLE_SULU_ADMINISTRATOR' => $permissions]]);
     $response = json_decode($client->getResponse()->getContent(), true);
     $this->assertEquals(200, $client->getResponse()->getStatusCode());
     $this->assertEquals(['id' => $id, 'type' => $class, 'permissions' => ['ROLE_SULU_ADMINISTRATOR' => $permissions]], $response);
     $acl = $this->aclProvider->findAcl(new ObjectIdentity($id, $class));
     $sid = new RoleSecurityIdentity('ROLE_SULU_ADMINISTRATOR');
     array_walk($permissions, function (&$permissionLine) {
         $permissionLine = $permissionLine === 'true' || $permissionLine === true;
     });
     foreach ($acl->getObjectAces() as $ace) {
         if ($ace->getSecurityIdentity()->equals($sid)) {
             $this->assertEquals($this->getContainer()->get('sulu_security.mask_converter')->convertPermissionsToNumber($permissions), $ace->getMask());
         }
     }
 }
Esempio n. 6
0
 /**
  * @dataProvider provideObjectIdentifiers
  */
 public function testPermissionUpdateEvent($objectId, $objectType, $locale, $objectIdentifier)
 {
     $this->aclProvider->findAcl(new ObjectIdentity($objectIdentifier, $objectType))->willThrow(AclNotFoundException::class);
     $this->aclProvider->createAcl(new ObjectIdentity($objectIdentifier, $objectType))->willReturn($this->acl->reveal())->shouldBeCalled();
     $this->aclProvider->updateAcl($this->acl->reveal())->shouldBeCalled();
     $this->acl->getObjectAces()->willReturn([]);
     $this->acl->insertObjectAce(Argument::cetera())->shouldBeCalled();
     $this->eventDispatcher->dispatch('sulu.security.permission.update', new PermissionUpdateEvent($objectType, $objectIdentifier, $this->securityIdentity, ['view']))->shouldBeCalled();
     $this->accessControlManager->setPermissions($objectType, $objectId, $this->securityIdentity, ['view'], $locale);
 }
Esempio n. 7
0
 /**
  *
  * @param type $object
  * @return Symfony\Component\Security\Acl\Domain\Acl 
  */
 protected function getAcl($object)
 {
     // creating the ACL
     $objectIdentity = $this->getNoProxyIdentityObject($object);
     try {
         $acl = $this->aclProvider->createAcl($objectIdentity);
     } catch (\Exception $e) {
         $acl = $this->aclProvider->findAcl($objectIdentity);
     }
     return $acl;
 }
Esempio n. 8
0
 /**
  * Apply the specified ACL changeset.
  *
  * @param AbstractEntity $entity    The entity
  * @param array          $changeset The changeset
  * @param bool           $recursive The recursive
  */
 public function applyAclChangeset(AbstractEntity $entity, $changeset, $recursive = true)
 {
     if ($recursive) {
         if (!method_exists($entity, 'getChildren')) {
             return;
         }
         // Iterate over children and apply recursively
         /** @noinspection PhpUndefinedMethodInspection */
         foreach ($entity->getChildren() as $child) {
             $this->applyAclChangeset($child, $changeset);
         }
     }
     // Apply ACL modifications to node
     $objectIdentity = $this->oidRetrievalStrategy->getObjectIdentity($entity);
     try {
         /* @var $acl MutableAclInterface */
         $acl = $this->aclProvider->findAcl($objectIdentity);
     } catch (AclNotFoundException $e) {
         /* @var $acl MutableAclInterface */
         $acl = $this->aclProvider->createAcl($objectIdentity);
     }
     // Process permissions in changeset
     foreach ($changeset as $role => $roleChanges) {
         $index = $this->getObjectAceIndex($acl, $role);
         $mask = 0;
         if (false !== $index) {
             $mask = $this->getMaskAtIndex($acl, $index);
         }
         foreach ($roleChanges as $type => $permissions) {
             $maskChange = new MaskBuilder();
             foreach ($permissions as $permission) {
                 $maskChange->add($permission);
             }
             switch ($type) {
                 case self::ADD:
                     $mask = $mask | $maskChange->get();
                     break;
                 case self::DELETE:
                     $mask = $mask & ~$maskChange->get();
                     break;
             }
         }
         if (false !== $index) {
             $acl->updateObjectAce($index, $mask);
         } else {
             $securityIdentity = new RoleSecurityIdentity($role);
             $acl->insertObjectAce($securityIdentity, $mask);
         }
     }
     $this->aclProvider->updateAcl($acl);
 }
Esempio n. 9
0
 /**
  * Removes fallback Acl entries for the Comment class.
  *
  * This should be run when uninstalling the CommentBundle, or when
  * the Class Acl entry end up corrupted.
  *
  * @return void
  */
 public function uninstallFallbackAcl()
 {
     $oid = new ObjectIdentity('class', $this->commentClass);
     $this->aclProvider->deleteAcl($oid);
 }
Esempio n. 10
0
 /**
  * {@inheritdoc}
  */
 public function deleteAcl(ObjectIdentityInterface $objectIdentity)
 {
     $this->aclProvider->deleteAcl($objectIdentity);
 }
Esempio n. 11
0
 public function testVoteWithoutAcl()
 {
     $this->aclProvider->findAcl(Argument::cetera())->willThrow(AclNotFoundException::class);
     $this->assertEquals(VoterInterface::ACCESS_ABSTAIN, $this->accessControlVoter->vote($this->token->reveal(), new SecurityCondition('acme_example', null, '1', 'Acme\\Example'), []));
 }
Esempio n. 12
0
 /**
  * {@inheritDoc}
  */
 public function uninstallFallBackAcl()
 {
     $this->aclProvider->deleteAcl($this->oid);
 }