protected function setUp()
{
$this->client = static::createClient();
$this->container = $this->client->getContainer();
$this->token = $this->createToken();
$this->container->get('security.context')->setToken($this->token);
$this->connection = $this->container->get('database_connection');
if (!class_exists('PDO') || !in_array('sqlite', \PDO::getAvailableDrivers())) {
$this->markTestSkipped('This test requires SQLite support in your environment.');
}
$options = array('oid_table_name' => 'acl_object_identities', 'oid_ancestors_table_name' => 'acl_object_identity_ancestors', 'class_table_name' => 'acl_classes', 'sid_table_name' => 'acl_security_identities', 'entry_table_name' => 'acl_entries');
$schema = new Schema($options);
foreach ($schema->toSql($this->connection->getDatabasePlatform()) as $sql) {
$this->connection->exec($sql);
}
$this->manager = $this->container->get('oneup_acl.manager');
$this->object1 = new SomeObject(1);
$this->object2 = new SomeObject(2);
$builder1 = new MaskBuilder();
$builder1->add('view')->add('create')->add('edit');
$this->mask1 = $builder1->get();
$builder2 = new MaskBuilder();
$builder2->add('delete')->add('undelete');
$this->mask2 = $builder2->get();
}
/**
* Transforms an ACEType result into an ACE
*
* @param object $data
* @return ace
*/
public function reverseTransform($data)
{
$sidParts = explode(':', $data['sid']);
if (strtoupper($sidParts[0]) == 'R') {
$sid = new RoleSecurityIdentity($sidParts[1]);
} else {
if (3 == count($sidParts)) {
$class = $sidParts[2];
} else {
if ($this->isLdapUser($sidParts[1])) {
$class = 'FOM\\UserBundle\\Entity\\LdapUser';
} else {
$class = 'FOM\\UserBundle\\Entity\\User';
}
}
$sid = new UserSecurityIdentity($sidParts[1], $class);
}
$maskBuilder = new MaskBuilder();
foreach ($data['permissions'] as $bit => $permission) {
if (true === $permission) {
$maskBuilder->add(1 << $bit - 1);
}
}
return array('sid' => $sid, 'mask' => $maskBuilder->get());
}
/**
*
* @param array $permissions
* @return int
*/
public function getCustomMask(array $permissions)
{
$builder = new MaskBuilder();
foreach ($permissions as $permission) {
$builder->add($permission);
}
return $builder->get();
}
public function testReset()
{
$builder = new MaskBuilder();
$this->assertEquals(0, $builder->get());
$builder->add('view');
$this->assertTrue($builder->get() > 0);
$builder->reset();
$this->assertEquals(0, $builder->get());
}
/**
* Transforms a value into a string.
*
* @param string $value String value.
*
* @return string String value.
*
* @throws UnexpectedTypeException if the given value is not a string
*/
public function reverseTransform($value)
{
$maskBuilder = new MaskBuilder();
foreach ($value as $mask => $maskValue) {
if ($maskValue) {
$maskBuilder->add($mask);
}
}
return $maskBuilder->get();
}
/**
* Gives a user the right to edit himself.
*/
public function giveOwnRights($user)
{
$aclProvider = $this->container->get('security.acl.provider');
$maskBuilder = new MaskBuilder();
$usid = UserSecurityIdentity::fromAccount($user);
$uoid = ObjectIdentity::fromDomainObject($user);
foreach ($this->container->getParameter("fom_user.user_own_permissions") as $permission) {
$maskBuilder->add($permission);
}
$umask = $maskBuilder->get();
try {
$acl = $aclProvider->findAcl($uoid);
} catch (\Exception $e) {
$acl = $aclProvider->createAcl($uoid);
}
$acl->insertObjectAce($usid, $umask);
$aclProvider->updateAcl($acl);
}
public function updateAclByRoles($entity, $roleMasksMap)
{
$aclProvider = $this->container->get('security.acl.provider');
$objectIdentity = ObjectIdentity::fromDomainObject($entity);
try {
$acl = $aclProvider->findAcl($objectIdentity);
} catch (\Symfony\Component\Security\Acl\Exception\AclNotFoundException $e) {
$acl = $aclProvider->createAcl($objectIdentity);
}
foreach ($roleMasksMap as $role => $maskNames) {
$roleSecurityIdentity = new RoleSecurityIdentity($role);
$maskBuilder = new MaskBuilder();
$maskNamesArray = is_array($maskNames) ? $maskNames : [$maskNames];
foreach ($maskNamesArray as $maskName) {
$maskBuilder->add($maskName);
}
$acl->insertObjectAce($roleSecurityIdentity, $maskBuilder->get());
}
$aclProvider->updateAcl($acl);
}
/**
* @return int
*/
public static function getEditorMask()
{
$builder = new MaskBuilder();
$builder->add(self::EDIT);
return $builder->get();
}
/**
* Installs the default Class Ace entries into the provided $acl object.
*
* Override this method in a subclass to change what permissions are defined.
* Once this method has been overridden you need to run the
* `fos_comment:installAces --flush` command
*
* @param AclInterface $acl
* @param MaskBuilder $builder
* @return void
*/
protected function doInstallFallbackAcl(AclInterface $acl, MaskBuilder $builder)
{
$builder->add('iddqd');
$acl->insertClassAce(new RoleSecurityIdentity('ROLE_SUPER_ADMIN'), $builder->get());
$builder->reset();
$builder->add('create');
$builder->add('view');
$acl->insertClassAce(new RoleSecurityIdentity('IS_AUTHENTICATED_ANONYMOUSLY'), $builder->get());
$builder->reset();
$builder->add('create');
$builder->add('view');
$acl->insertClassAce(new RoleSecurityIdentity('ROLE_USER'), $builder->get());
}
/**
* Create an entity
*
* @param object $entity
* @return object
*/
protected function createEntity($entity)
{
// Persist
$om = $this->objectManager;
$om->beginTransaction();
try {
$om->persist($entity);
$om->flush();
// Acl
$aclProvider = $this->aclProvider;
$oid = ObjectIdentity::fromDomainObject($entity);
try {
$acl = $aclProvider->createAcl($oid);
// Users shouldn't be able to change there own roles
$builder = new MaskBuilder();
$builder->add('view')->add('edit');
$mask = $builder->get();
$acl->insertObjectAce(UserSecurityIdentity::fromAccount($entity), $mask);
$builder = new MaskBuilder();
$builder->add('delete');
$mask = $builder->get();
$acl->insertObjectAce(UserSecurityIdentity::fromAccount($entity), $mask, 0, false);
$aclProvider->updateAcl($acl);
} catch (AclAlreadyExistsException $e) {
}
$om->commit();
} catch (\Exception $e) {
$om->rollback();
throw $e;
}
return $entity;
}
/**
* Devuelve entero para la mascara de ACL.
*
* @param $arrayMask
* @return int
*/
public function getMask($arrayMask)
{
$builder = new MaskBuilder();
foreach ($arrayMask as $value) {
$builder->add(strtolower($value));
}
return $builder->get();
}
/**
*
* @todo index action
*
* @return Response
*/
public function aclClassFieldsAction()
{
$request = $this->getRequest();
$form = $this->createAclForm();
if ($request->getMethod() == 'POST') {
$form->bind($request);
// Get role from post data
$role = $form['role']->getData();
// Get permission value from post data
$permission = $this->getRequest()->get('permission', array());
// Exchanges all keys with their associated values in array
$aclValue = array_flip($this->_aclValues);
$aclData = $this->container->getParameter('acl_class_fields');
foreach ($aclData as $aclItem) {
foreach ($aclItem['fields'] as $key => $field) {
if (!array_key_exists($aclItem['class'], $permission)) {
$permission[$aclItem['class']][$key] = 0;
} elseif (isset($permission[$aclItem['class']]) && !array_key_exists($key, $permission[$aclItem['class']])) {
$permission[$aclItem['class']][$key] = 0;
}
}
}
// Loop to update acl of classes
if (sizeof($permission)) {
foreach ($permission as $class => $permissionValues) {
if (sizeof($permissionValues)) {
foreach ($permissionValues as $keyField => $fieldValue) {
$builder = new MaskBuilder();
if (is_array($fieldValue) && sizeof($fieldValue) > 0) {
foreach ($fieldValue as $value) {
if (isset($aclValue[$value])) {
$builder->add($aclValue[$value]);
}
}
$this->updateClassFieldsAcl($class, $keyField, $role, $builder->get());
} else {
$this->updateClassFieldsAcl($class, $keyField, $role, 0);
}
}
}
}
// Set flash message
$message = $this->get('translator')->trans('update_entity_success');
$this->get('session')->getFlashBag()->add('success', $message);
}
}
return $this->render('AseagleAdminBundle:Acl:class-fields.html.twig', array('form' => $form->createView(), 'rid' => isset($role) ? $role->getId() : null));
}
public function testStrategiesSupportWorks()
{
$maskBuilder = new MaskBuilder();
$oid = new ObjectIdentity('id', 'type');
$acl = $this->aclProvider->createAcl($oid);
$acl->insertObjectAce($this->sid, $maskBuilder->add(MaskBuilder::MASK_VIEW)->add(MaskBuilder::MASK_EDIT)->get(), 0, true, PermissionGrantingStrategy::EQUAL);
$this->aclProvider->updateAcl($acl);
$this->assertEmpty($this->aclProvider->findObjectIdentities($this->sid, "VIEW"));
$this->assertEmpty($this->aclProvider->findAllowedEntries($this->sid, "VIEW"));
}
protected function setRights($entity, $record)
{
$maskBuilder = new MaskBuilder();
if ($this->hasKey('viewRight', $record)) {
$entity->setViewRight(true);
$maskBuilder->add(MaskBuilder::MASK_VIEW);
} else {
$entity->setViewRight(false);
$maskBuilder->remove(MaskBuilder::MASK_VIEW);
}
if ($this->hasKey('editRight', $record)) {
$entity->setViewRight(true);
$entity->setEditRight(true);
$maskBuilder->add(MaskBuilder::MASK_VIEW);
$maskBuilder->add(MaskBuilder::MASK_EDIT);
} else {
$entity->setEditRight(false);
$maskBuilder->remove(MaskBuilder::MASK_EDIT);
}
if ($this->hasKey('masterRight', $record)) {
$entity->setViewRight(true);
$entity->setEditRight(true);
$entity->setMasterRight(true);
$maskBuilder->add(MaskBuilder::MASK_VIEW);
$maskBuilder->add(MaskBuilder::MASK_EDIT);
$maskBuilder->add(MaskBuilder::MASK_MASTER);
} else {
$entity->setMasterRight(false);
$maskBuilder->remove(MaskBuilder::MASK_MASTER);
}
return $maskBuilder;
}