/** * Delete any pending access tokens given to this user, and grant access to * those resources in turn. */ public function postPersist(User $user, LifecycleEventArgs $event) { $pending_aces = $this->entityManager->getRepository('ActsCamdramSecurityBundle:PendingAccess')->findByEmail($user->getEmail()); foreach ($pending_aces as $pending) { $ace = new AccessControlEntry(); $ace->setUser($user)->setEntityId($pending->getRid())->setCreatedAt(new \DateTime())->setGrantedBy($pending->getIssuer())->setGrantedAt(new \DateTime())->setType($pending->getType()); $this->entityManager->persist($ace); $this->entityManager->remove($pending); } $this->entityManager->flush(); }
/** * @Given /^the administrator "([^"]*)" with the email "([^"]*)" and the password "([^"]*)"$/ */ public function createAdminUser($name, $email, $password) { $em = $this->getEntityManager(); $user = $this->createUser($name, $email, $password); $ace = new AccessControlEntry(); $ace->setUser($user); $ace->setEntityId(AccessControlEntry::LEVEL_FULL_ADMIN); $ace->setType('security'); $ace->setGrantedBy($user); $ace->setCreatedAt(new \DateTime()); $em->persist($ace); $em->flush(); }
/** * {@inheritDoc} */ public function load(ObjectManager $manager) { //Make the admin user an admin $e = new AccessControlEntry(); $e->setUser($this->getReference('adminuser')); $e->setGrantedBy($this->getReference('testuser1')); $e->setEntityId('-2'); $e->setCreatedAt(new \DateTime('2001-01-01')); $e->setType('security'); $manager->persist($e); //Make user2 owner of all shows $shows = $manager->getRepository('ActsCamdramBundle:Show')->findAll(); foreach ($shows as $show) { $e = new AccessControlEntry(); $e->setUser($this->getReference('testuser2')); $e->setGrantedBy($this->getReference('adminuser')); $e->setEntityId($show->getId()); $e->setCreatedAt(new \DateTime('2001-01-01')); $e->setType('show'); $manager->persist($e); } $manager->flush(); }
/** * Grant access to a resource. * * Immediately grant access to a resoure. Creates a new ACE in the * database, and dispatches a Camdram-specific event that is used * to trigger sending of emails. */ public function grantAccess(OwnableInterface $entity, User $user, User $granter) { $ace = new AccessControlEntry(); $ace->setUser($user); $ace->setEntityId($entity->getId())->setCreatedAt(new \DateTime())->setGrantedBy($granter)->setGrantedAt(new \DateTime())->setType($entity->getAceType()); $this->entityManager->persist($ace); $this->entityManager->flush(); /* Send a Camdram-specific event that should trigger an email * notification. */ $this->eventDispatcher->dispatch(CamdramSecurityEvents::ACE_CREATED, new AccessControlEntryEvent($ace)); }
/** * Request to be an admin associated with this show. * * * @param $identifier */ public function requestAdminAction($identifier) { $this->get('camdram.security.acl.helper')->ensureGranted('ROLE_USER'); $show = $this->getEntity($identifier); if ($this->get('camdram.security.acl.helper')->isGranted('EDIT', $show)) { // TODO add a no-action return code. return $this->routeRedirectView('get_show', array('identifier' => $show->getSlug())); } else { // Check if there's already a matching request. $em = $this->getDoctrine()->getManager(); $ace_repo = $em->getRepository('ActsCamdramSecurityBundle:AccessControlEntry'); $user = $this->getUser(); $em = $this->getDoctrine()->getManager(); $request = $ace_repo->findAceRequest($user, $show); if ($request != null) { // A pre-existing request exists. Don't create another one. return $this->routeRedirectView('get_show', array('identifier' => $show->getSlug())); } $ace = new AccessControlEntry(); $ace->setUser($this->getUser())->setEntityId($show->getId())->setCreatedAt(new \DateTime())->setType('request-show'); $em->persist($ace); $em->flush(); $this->get('event_dispatcher')->dispatch(CamdramSecurityEvents::ACE_CREATED, new AccessControlEntryEvent($ace)); return $this->render('ActsCamdramBundle:Show:access_requested.html.twig'); } }