/** * Instantiates a policy create struct. * * @param string $module * @param string $function */ public function __construct($module, $function) { parent::__construct(array('module' => $module, 'function' => $function)); }
/** * Adds a new policy to the role * * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to add a policy * @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException if limitation of the same type is repeated in policy create * struct or if limitation is not allowed on module/function * @throws \eZ\Publish\API\Repository\Exceptions\LimitationValidationException if a limitation in the $policyCreateStruct is not valid * * @param \eZ\Publish\API\Repository\Values\User\Role $role * @param \eZ\Publish\API\Repository\Values\User\PolicyCreateStruct $policyCreateStruct * * @return \eZ\Publish\API\Repository\Values\User\Role */ public function addPolicy(APIRole $role, APIPolicyCreateStruct $policyCreateStruct) { if (!is_string($policyCreateStruct->module) || empty($policyCreateStruct->module)) { throw new InvalidArgumentValue("module", $policyCreateStruct->module, "PolicyCreateStruct"); } if (!is_string($policyCreateStruct->function) || empty($policyCreateStruct->function)) { throw new InvalidArgumentValue("function", $policyCreateStruct->function, "PolicyCreateStruct"); } if ($policyCreateStruct->module === '*' && $policyCreateStruct->function !== '*') { throw new InvalidArgumentValue("module", $policyCreateStruct->module, "PolicyCreateStruct"); } if ($this->repository->hasAccess('role', 'update') !== true) { throw new UnauthorizedException('role', 'update'); } $loadedRole = $this->loadRole($role->id); $limitations = $policyCreateStruct->getLimitations(); $limitationValidationErrors = $this->validatePolicy($policyCreateStruct->module, $policyCreateStruct->function, $limitations); if (!empty($limitationValidationErrors)) { throw new LimitationValidationException($limitationValidationErrors); } $spiPolicy = $this->buildPersistencePolicyObject($policyCreateStruct->module, $policyCreateStruct->function, $limitations); $this->repository->beginTransaction(); try { $this->userHandler->addPolicy($loadedRole->id, $spiPolicy); $this->repository->commit(); } catch (Exception $e) { $this->repository->rollback(); throw $e; } return $this->loadRole($loadedRole->id); }
/** * Adds a new policy to the role * * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to add a policy * * @param \eZ\Publish\API\Repository\Values\User\Role $role * @param \eZ\Publish\API\Repository\Values\User\PolicyCreateStruct $policyCreateStruct * * @return \eZ\Publish\API\Repository\Values\User\Role */ public function addPolicy(Role $role, PolicyCreateStruct $policyCreateStruct) { if (false === $this->repository->hasAccess('role', '*')) { throw new UnauthorizedExceptionStub('What error code should be used?'); } $this->policies[++$this->policyNextId] = new PolicyStub(array('id' => $this->policyNextId, 'roleId' => $role->id, 'module' => $policyCreateStruct->module, 'function' => $policyCreateStruct->function, 'limitations' => $policyCreateStruct->getLimitations())); $policies = $role->getPolicies(); $policies[] = $this->policies[$this->policyNextId]; $this->roles[$role->id] = new RoleStub(array('id' => $role->id, 'identifier' => $role->identifier), $policies); $this->role2policy[$role->id][$this->policyNextId] = $this->policyNextId; return $this->roles[$role->id]; }