/** * {@inheritdoc} * * Expected input format : * { * 'role': 'ROLE_ADMINISTRATOR', * 'name': 'Administrator', * } */ public function update($role, array $data, array $options = []) { if (!$role instanceof Role) { throw new \InvalidArgumentException(sprintf('Expects a "Oro\\Bundle\\UserBundle\\Entity\\Role", "%s" provided.', ClassUtils::getClass($role))); } foreach ($data as $field => $value) { $this->setData($role, $field, $value); } $this->loadAcls($role); $this->aclManager->flush(); return $this; }
public function testFlush() { $oid1 = new ObjectIdentity('Acme\\Test1', 'entity'); $oid2 = new ObjectIdentity('Acme\\Test2', 'entity'); $oid3 = new ObjectIdentity('Acme\\Test3', 'entity'); $oid4 = new ObjectIdentity('Acme\\Test4', 'entity'); $newItemSid = $this->getMock('Symfony\\Component\\Security\\Acl\\Model\\SecurityIdentityInterface'); $newItem = new BatchItem($oid2, BatchItem::STATE_CREATE); $newItem->addAce(AclManager::OBJECT_ACE, 'TestField', $newItemSid, true, 123, 'all', true); $updateItemAcl = $this->getMock('Symfony\\Component\\Security\\Acl\\Model\\MutableAclInterface'); $deleteItemAcl = $this->getMock('Symfony\\Component\\Security\\Acl\\Model\\MutableAclInterface'); $this->setItems(array(new BatchItem($oid1, BatchItem::STATE_NONE), $newItem, new BatchItem($oid3, BatchItem::STATE_UPDATE, $updateItemAcl), new BatchItem($oid4, BatchItem::STATE_DELETE, $deleteItemAcl))); $this->aclProvider->expects($this->once())->method('beginTransaction'); $this->aclProvider->expects($this->once())->method('commit'); $acl = $this->getMock('Symfony\\Component\\Security\\Acl\\Model\\MutableAclInterface'); $this->aclProvider->expects($this->once())->method('createAcl')->with($this->identicalTo($oid2))->will($this->returnValue($acl)); $this->aceProvider->expects($this->once())->method('setPermission')->with($this->identicalTo($acl), $this->identicalTo($this->extension), $this->equalTo(true), $this->equalTo(AclManager::OBJECT_ACE), $this->equalTo('TestField'), $this->identicalTo($newItemSid), $this->equalTo(true), $this->equalTo(123), $this->equalTo('all'))->will($this->returnValue(true)); $this->aclProvider->expects($this->exactly(2))->method('updateAcl'); $this->aclProvider->expects($this->once())->method('deleteAcl')->with($this->identicalTo($oid4)); $this->manager->flush(); }
/** * Associates privileges with the given security identity. * * @param SID $sid * @param ArrayCollection|AclPrivilege[] $privileges * @throws \RuntimeException * * @SuppressWarnings(PHPMD.NPathComplexity) */ public function savePrivileges(SID $sid, ArrayCollection $privileges) { /** * @var $rootKeys * key = ExtensionKey * value = a key in $privilege collection */ $rootKeys = array(); // find all root privileges foreach ($privileges as $key => $privilege) { $identity = $privilege->getIdentity()->getId(); if (strpos($identity, ObjectIdentityFactory::ROOT_IDENTITY_TYPE)) { $extensionKey = substr($identity, 0, strpos($identity, ':')); $rootKeys[$extensionKey] = $key; } } /** * @var $context * key = ExtensionKey * value = array * 'extension' => extension * 'maskBuilders' => array * key = permission name * value = MaskBuilder (the same instance for all permissions supported by the builder) * 'rootMasks' => array of integer */ // init the context $context = array(); $this->initSaveContext($context, $rootKeys, $sid, $privileges); // set permissions for all root objects and remove all root privileges from $privileges collection foreach ($context as $extensionKey => $contextItem) { /** @var AclExtensionInterface $extension */ $extension = $contextItem['extension']; if (isset($rootKeys[$extensionKey])) { $privilegeKey = $rootKeys[$extensionKey]; $privilege = $privileges[$privilegeKey]; unset($privileges[$privilegeKey]); $identity = $privilege->getIdentity()->getId(); $oid = $extension->getObjectIdentity($identity); } else { $oid = $this->manager->getRootOid($extensionKey); } $rootMasks = $context[$extensionKey]['rootMasks']; foreach ($rootMasks as $mask) { $this->manager->setPermission($sid, $oid, $mask); } } // set permissions for other objects foreach ($privileges as $privilege) { $identity = $privilege->getIdentity()->getId(); $extensionKey = substr($identity, 0, strpos($identity, ':')); /** @var AclExtensionInterface $extension */ $extension = $context[$extensionKey]['extension']; $oid = $extension->getObjectIdentity($identity); $maskBuilders = $context[$extensionKey]['maskBuilders']; $masks = $this->getPermissionMasks($privilege->getPermissions(), $extension, $maskBuilders); $rootMasks = $context[$extensionKey]['rootMasks']; foreach ($this->manager->getAces($sid, $oid) as $ace) { if (!$ace->isGranting()) { // denying ACE is not supported continue; } $mask = $this->updateExistingPermissions($sid, $oid, $ace->getMask(), $masks, $rootMasks, $extension); // as we have already processed $mask, remove it from $masks collection if ($mask !== false) { $this->removeMask($masks, $mask); } } // check if we have new masks so far, and process them if any foreach ($masks as $mask) { $rootMask = $this->findSimilarMask($rootMasks, $mask, $extension); if ($rootMask === false || $mask !== $extension->adaptRootMask($rootMask, $oid)) { $this->manager->setPermission($sid, $oid, $mask); } } } $this->manager->flush(); }