/** * @covers Kunstmaan\AdminBundle\Helper\Security\Acl\Permission\MaskBuilder::has * @covers Kunstmaan\AdminBundle\Helper\Security\Acl\Permission\MaskBuilder::add * @expectedException \InvalidArgumentException */ public function testHasWithInvalidMask() { $builder = new MaskBuilder(); $builder->add('edit')->add('view'); $builder->has(null); }
/** * Apply the specified ACL changeset. * * @param AbstractEntity $entity The entity * @param array $changeset The changeset * @param bool $recursive The recursive */ public function applyAclChangeset(AbstractEntity $entity, $changeset, $recursive = true) { if ($recursive) { if (!method_exists($entity, 'getChildren')) { return; } // Iterate over children and apply recursively /** @noinspection PhpUndefinedMethodInspection */ foreach ($entity->getChildren() as $child) { $this->applyAclChangeset($child, $changeset); } } // Apply ACL modifications to node $objectIdentity = $this->oidRetrievalStrategy->getObjectIdentity($entity); try { /* @var $acl MutableAclInterface */ $acl = $this->aclProvider->findAcl($objectIdentity); } catch (AclNotFoundException $e) { /* @var $acl MutableAclInterface */ $acl = $this->aclProvider->createAcl($objectIdentity); } // Process permissions in changeset foreach ($changeset as $role => $roleChanges) { $index = $this->getObjectAceIndex($acl, $role); $mask = 0; if (false !== $index) { $mask = $this->getMaskAtIndex($acl, $index); } foreach ($roleChanges as $type => $permissions) { $maskChange = new MaskBuilder(); foreach ($permissions as $permission) { $maskChange->add($permission); } switch ($type) { case self::ADD: $mask = $mask | $maskChange->get(); break; case self::DELETE: $mask = $mask & ~$maskChange->get(); break; } } if (false !== $index) { $acl->updateObjectAce($index, $mask); } else { $securityIdentity = new RoleSecurityIdentity($role); $acl->insertObjectAce($securityIdentity, $mask); } } $this->aclProvider->updateAcl($acl); }