Esempio n. 1
0
 /**
  * Transforms an ACEType result into an ACE
  *
  * @param object $data
  * @return ace
  */
 public function reverseTransform($data)
 {
     $sidParts = explode(':', $data['sid']);
     if (strtoupper($sidParts[0]) == 'R') {
         $sid = new RoleSecurityIdentity($sidParts[1]);
     } else {
         if (3 == count($sidParts)) {
             $class = $sidParts[2];
         } else {
             if ($this->isLdapUser($sidParts[1])) {
                 $class = 'FOM\\UserBundle\\Entity\\LdapUser';
             } else {
                 $class = 'FOM\\UserBundle\\Entity\\User';
             }
         }
         $sid = new UserSecurityIdentity($sidParts[1], $class);
     }
     $maskBuilder = new MaskBuilder();
     foreach ($data['permissions'] as $bit => $permission) {
         if (true === $permission) {
             $maskBuilder->add(1 << $bit - 1);
         }
     }
     return array('sid' => $sid, 'mask' => $maskBuilder->get());
 }
 protected function setUp()
 {
     $this->client = static::createClient();
     $this->container = $this->client->getContainer();
     $this->token = $this->createToken();
     $this->container->get('security.context')->setToken($this->token);
     $this->connection = $this->container->get('database_connection');
     if (!class_exists('PDO') || !in_array('sqlite', \PDO::getAvailableDrivers())) {
         $this->markTestSkipped('This test requires SQLite support in your environment.');
     }
     $options = array('oid_table_name' => 'acl_object_identities', 'oid_ancestors_table_name' => 'acl_object_identity_ancestors', 'class_table_name' => 'acl_classes', 'sid_table_name' => 'acl_security_identities', 'entry_table_name' => 'acl_entries');
     $schema = new Schema($options);
     foreach ($schema->toSql($this->connection->getDatabasePlatform()) as $sql) {
         $this->connection->exec($sql);
     }
     $this->manager = $this->container->get('oneup_acl.manager');
     $this->object1 = new SomeObject(1);
     $this->object2 = new SomeObject(2);
     $builder1 = new MaskBuilder();
     $builder1->add('view')->add('create')->add('edit');
     $this->mask1 = $builder1->get();
     $builder2 = new MaskBuilder();
     $builder2->add('delete')->add('undelete');
     $this->mask2 = $builder2->get();
 }
Esempio n. 3
0
 /**
  *
  * @param array $permissions
  * @return int 
  */
 public function getCustomMask(array $permissions)
 {
     $builder = new MaskBuilder();
     foreach ($permissions as $permission) {
         $builder->add($permission);
     }
     return $builder->get();
 }
 /**
  * Transforms a value into a string.
  *
  * @param  string $value  String value.
  *
  * @return string         String value.
  *
  * @throws UnexpectedTypeException if the given value is not a string
  */
 public function reverseTransform($value)
 {
     $maskBuilder = new MaskBuilder();
     foreach ($value as $mask => $maskValue) {
         if ($maskValue) {
             $maskBuilder->add($mask);
         }
     }
     return $maskBuilder->get();
 }
Esempio n. 5
0
 /**
  * Gives a user the right to edit himself.
  */
 public function giveOwnRights($user)
 {
     $aclProvider = $this->container->get('security.acl.provider');
     $maskBuilder = new MaskBuilder();
     $usid = UserSecurityIdentity::fromAccount($user);
     $uoid = ObjectIdentity::fromDomainObject($user);
     foreach ($this->container->getParameter("fom_user.user_own_permissions") as $permission) {
         $maskBuilder->add($permission);
     }
     $umask = $maskBuilder->get();
     try {
         $acl = $aclProvider->findAcl($uoid);
     } catch (\Exception $e) {
         $acl = $aclProvider->createAcl($uoid);
     }
     $acl->insertObjectAce($usid, $umask);
     $aclProvider->updateAcl($acl);
 }
 public function updateAclByRoles($entity, $roleMasksMap)
 {
     $aclProvider = $this->container->get('security.acl.provider');
     $objectIdentity = ObjectIdentity::fromDomainObject($entity);
     try {
         $acl = $aclProvider->findAcl($objectIdentity);
     } catch (\Symfony\Component\Security\Acl\Exception\AclNotFoundException $e) {
         $acl = $aclProvider->createAcl($objectIdentity);
     }
     foreach ($roleMasksMap as $role => $maskNames) {
         $roleSecurityIdentity = new RoleSecurityIdentity($role);
         $maskBuilder = new MaskBuilder();
         $maskNamesArray = is_array($maskNames) ? $maskNames : [$maskNames];
         foreach ($maskNamesArray as $maskName) {
             $maskBuilder->add($maskName);
         }
         $acl->insertObjectAce($roleSecurityIdentity, $maskBuilder->get());
     }
     $aclProvider->updateAcl($acl);
 }
Esempio n. 7
0
 public function testReset()
 {
     $builder = new MaskBuilder();
     $this->assertEquals(0, $builder->get());
     $builder->add('view');
     $this->assertTrue($builder->get() > 0);
     $builder->reset();
     $this->assertEquals(0, $builder->get());
 }
Esempio n. 8
0
 /**
  * @return int
  */
 public static function getEditorMask()
 {
     $builder = new MaskBuilder();
     $builder->add(self::EDIT);
     return $builder->get();
 }
 /**
  * Installs the default Class Ace entries into the provided $acl object.
  *
  * Override this method in a subclass to change what permissions are defined.
  * Once this method has been overridden you need to run the
  * `fos_comment:installAces --flush` command
  *
  * @param AclInterface $acl
  * @param MaskBuilder $builder
  * @return void
  */
 protected function doInstallFallbackAcl(AclInterface $acl, MaskBuilder $builder)
 {
     $builder->add('iddqd');
     $acl->insertClassAce(new RoleSecurityIdentity('ROLE_SUPER_ADMIN'), $builder->get());
     $builder->reset();
     $builder->add('create');
     $builder->add('view');
     $acl->insertClassAce(new RoleSecurityIdentity('IS_AUTHENTICATED_ANONYMOUSLY'), $builder->get());
     $builder->reset();
     $builder->add('create');
     $builder->add('view');
     $acl->insertClassAce(new RoleSecurityIdentity('ROLE_USER'), $builder->get());
 }
Esempio n. 10
0
 /**
  * Create an entity
  *
  * @param object $entity
  * @return object
  */
 protected function createEntity($entity)
 {
     // Persist
     $om = $this->objectManager;
     $om->beginTransaction();
     try {
         $om->persist($entity);
         $om->flush();
         // Acl
         $aclProvider = $this->aclProvider;
         $oid = ObjectIdentity::fromDomainObject($entity);
         try {
             $acl = $aclProvider->createAcl($oid);
             // Users shouldn't be able to change there own roles
             $builder = new MaskBuilder();
             $builder->add('view')->add('edit');
             $mask = $builder->get();
             $acl->insertObjectAce(UserSecurityIdentity::fromAccount($entity), $mask);
             $builder = new MaskBuilder();
             $builder->add('delete');
             $mask = $builder->get();
             $acl->insertObjectAce(UserSecurityIdentity::fromAccount($entity), $mask, 0, false);
             $aclProvider->updateAcl($acl);
         } catch (AclAlreadyExistsException $e) {
         }
         $om->commit();
     } catch (\Exception $e) {
         $om->rollback();
         throw $e;
     }
     return $entity;
 }
Esempio n. 11
0
 /**
  * Devuelve entero para la mascara de ACL.
  *
  * @param $arrayMask
  * @return int
  */
 public function getMask($arrayMask)
 {
     $builder = new MaskBuilder();
     foreach ($arrayMask as $value) {
         $builder->add(strtolower($value));
     }
     return $builder->get();
 }
Esempio n. 12
0
 /**
  *
  * @todo index action
  *      
  * @return Response
  */
 public function aclClassFieldsAction()
 {
     $request = $this->getRequest();
     $form = $this->createAclForm();
     if ($request->getMethod() == 'POST') {
         $form->bind($request);
         // Get role from post data
         $role = $form['role']->getData();
         // Get permission value from post data
         $permission = $this->getRequest()->get('permission', array());
         // Exchanges all keys with their associated values in array
         $aclValue = array_flip($this->_aclValues);
         $aclData = $this->container->getParameter('acl_class_fields');
         foreach ($aclData as $aclItem) {
             foreach ($aclItem['fields'] as $key => $field) {
                 if (!array_key_exists($aclItem['class'], $permission)) {
                     $permission[$aclItem['class']][$key] = 0;
                 } elseif (isset($permission[$aclItem['class']]) && !array_key_exists($key, $permission[$aclItem['class']])) {
                     $permission[$aclItem['class']][$key] = 0;
                 }
             }
         }
         // Loop to update acl of classes
         if (sizeof($permission)) {
             foreach ($permission as $class => $permissionValues) {
                 if (sizeof($permissionValues)) {
                     foreach ($permissionValues as $keyField => $fieldValue) {
                         $builder = new MaskBuilder();
                         if (is_array($fieldValue) && sizeof($fieldValue) > 0) {
                             foreach ($fieldValue as $value) {
                                 if (isset($aclValue[$value])) {
                                     $builder->add($aclValue[$value]);
                                 }
                             }
                             $this->updateClassFieldsAcl($class, $keyField, $role, $builder->get());
                         } else {
                             $this->updateClassFieldsAcl($class, $keyField, $role, 0);
                         }
                     }
                 }
             }
             // Set flash message
             $message = $this->get('translator')->trans('update_entity_success');
             $this->get('session')->getFlashBag()->add('success', $message);
         }
     }
     return $this->render('AseagleAdminBundle:Acl:class-fields.html.twig', array('form' => $form->createView(), 'rid' => isset($role) ? $role->getId() : null));
 }
Esempio n. 13
0
 /**
  * Returns the code for the passed mask.
  *
  * @param int $mask
  *
  * @throws \InvalidArgumentException
  * @throws \RuntimeException
  *
  * @return string
  */
 public static function getCode($mask)
 {
     MaskBuilder::getCode($mask);
 }
 public function testStrategiesSupportWorks()
 {
     $maskBuilder = new MaskBuilder();
     $oid = new ObjectIdentity('id', 'type');
     $acl = $this->aclProvider->createAcl($oid);
     $acl->insertObjectAce($this->sid, $maskBuilder->add(MaskBuilder::MASK_VIEW)->add(MaskBuilder::MASK_EDIT)->get(), 0, true, PermissionGrantingStrategy::EQUAL);
     $this->aclProvider->updateAcl($acl);
     $this->assertEmpty($this->aclProvider->findObjectIdentities($this->sid, "VIEW"));
     $this->assertEmpty($this->aclProvider->findAllowedEntries($this->sid, "VIEW"));
 }
Esempio n. 15
0
 protected function setRights($entity, $record)
 {
     $maskBuilder = new MaskBuilder();
     if ($this->hasKey('viewRight', $record)) {
         $entity->setViewRight(true);
         $maskBuilder->add(MaskBuilder::MASK_VIEW);
     } else {
         $entity->setViewRight(false);
         $maskBuilder->remove(MaskBuilder::MASK_VIEW);
     }
     if ($this->hasKey('editRight', $record)) {
         $entity->setViewRight(true);
         $entity->setEditRight(true);
         $maskBuilder->add(MaskBuilder::MASK_VIEW);
         $maskBuilder->add(MaskBuilder::MASK_EDIT);
     } else {
         $entity->setEditRight(false);
         $maskBuilder->remove(MaskBuilder::MASK_EDIT);
     }
     if ($this->hasKey('masterRight', $record)) {
         $entity->setViewRight(true);
         $entity->setEditRight(true);
         $entity->setMasterRight(true);
         $maskBuilder->add(MaskBuilder::MASK_VIEW);
         $maskBuilder->add(MaskBuilder::MASK_EDIT);
         $maskBuilder->add(MaskBuilder::MASK_MASTER);
     } else {
         $entity->setMasterRight(false);
         $maskBuilder->remove(MaskBuilder::MASK_MASTER);
     }
     return $maskBuilder;
 }