/** * Updates the limitations of a policy. The module and function cannot be changed and * the limitations are replaced by the ones in $roleUpdateStruct * * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to update a policy * @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException if limitation of the same type is repeated in policy update * struct or if limitation is not allowed on module/function * @throws \eZ\Publish\API\Repository\Exceptions\LimitationValidationException if a limitation in the $policyUpdateStruct is not valid * * @param \eZ\Publish\API\Repository\Values\User\PolicyUpdateStruct $policyUpdateStruct * @param \eZ\Publish\API\Repository\Values\User\Policy $policy * * @return \eZ\Publish\API\Repository\Values\User\Policy */ public function updatePolicy(APIPolicy $policy, APIPolicyUpdateStruct $policyUpdateStruct) { if (!is_string($policy->module)) { throw new InvalidArgumentValue("module", $policy->module, "Policy"); } if (!is_string($policy->function)) { throw new InvalidArgumentValue("function", $policy->function, "Policy"); } if ($this->repository->hasAccess('role', 'update') !== true) { throw new UnauthorizedException('role', 'update'); } $limitations = $policyUpdateStruct->getLimitations(); $limitationValidationErrors = $this->validatePolicy($policy->module, $policy->function, $limitations); if (!empty($limitationValidationErrors)) { throw new LimitationValidationException($limitationValidationErrors); } $spiPolicy = $this->buildPersistencePolicyObject($policy->module, $policy->function, $limitations); $spiPolicy->id = $policy->id; $spiPolicy->roleId = $policy->roleId; $this->repository->beginTransaction(); try { $this->userHandler->updatePolicy($spiPolicy); $this->repository->commit(); } catch (Exception $e) { $this->repository->rollback(); throw $e; } return $this->buildDomainPolicyObject($spiPolicy); }
/** * Updates the limitations of a policy. The module and function cannot be changed and * the limitations are replaced by the ones in $roleUpdateStruct * * @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to u�date a policy * * @param \eZ\Publish\API\Repository\Values\User\PolicyUpdateStruct $policyUpdateStruct * @param \eZ\Publish\API\Repository\Values\User\Policy $policy * * @return \eZ\Publish\API\Repository\Values\User\Policy */ public function updatePolicy(Policy $policy, PolicyUpdateStruct $policyUpdateStruct) { if (false === $this->repository->hasAccess('role', '*')) { throw new UnauthorizedExceptionStub('What error code should be used?'); } $newPolicy = new PolicyStub(array('id' => $policy->id, 'roleId' => $policy->roleId, 'module' => $policy->module, 'function' => $policy->function, 'limitations' => $policyUpdateStruct->getLimitations())); $this->policies[$newPolicy->id] = $newPolicy; $policies = $this->roles[$policy->roleId]->getPolicies(); foreach ($policies as $i => $rolePolicy) { if ($rolePolicy->id !== $policy->id) { continue; } $policies[$i] = $newPolicy; break; } $this->roles[$policy->roleId] = new RoleStub(array('id' => $this->roles[$policy->roleId]->id, 'identifier' => $this->roles[$policy->roleId]->identifier), $policies); return $newPolicy; }