/** * Setup permission by role * * @param \Venne\Security\Authorizator $permission * @param string $role * @return \Venne\Security\Authorizator */ private function setPermissionsByRole(Authorizator $permission, $role) { // add role if (!$permission->hasRole($role)) { $permission->addRole($role); } // add resources $resources = $this->permissionRepository->createQueryBuilder('a')->select('a.resource')->andWhere('a.role = :role')->setParameter('role', $role)->groupBy('a.resource')->getQuery()->getResult(); foreach ($resources as $resource) { if (!$permission->hasResource($resource)) { $permission->addResource($resource); } } // set allow/deny $roleEntity = $this->roleRepository->findOneByName($role); if ($roleEntity) { if ($roleEntity->parent) { $this->setPermissionsByRole($permission, $roleEntity->parent->name); } if ($roleEntity && !$permission->hasRole($role)) { $permission->addRole($role, $roleEntity->parent ? $roleEntity->parent->name : null); } foreach ($roleEntity->permissions as $perm) { if ($perm->resource === $permission::ALL || $permission->hasResource($perm->resource)) { if ($perm->allow) { $permission->allow($role, $perm->resource, $perm->privilege ? $perm->privilege : null); } else { $permission->deny($role, $perm->resource, $perm->privilege ? $perm->privilege : null); } } } } return $permission; }