protected function updateManagerRole(AclManager $manager)
{
$sid = $manager->getSid($this->getReference('manager_role'));
// grant to view other user's calendar for the same business unit
$oid = $manager->getOid('entity:Oro\\Bundle\\CalendarBundle\\Entity\\CalendarConnection');
$maskBuilder = $manager->getMaskBuilder($oid)->add('VIEW_SYSTEM');
$manager->setPermission($sid, $oid, $maskBuilder->get());
// grant to manage own calendar events
$oid = $manager->getOid('entity:Oro\\Bundle\\CalendarBundle\\Entity\\CalendarEvent');
$maskBuilder = $manager->getMaskBuilder($oid)->add('VIEW_SYSTEM')->add('CREATE_SYSTEM')->add('EDIT_SYSTEM')->add('DELETE_SYSTEM');
$manager->setPermission($sid, $oid, $maskBuilder->get());
}
protected function updateUserRole(AclManager $manager)
{
$sid = $manager->getSid($this->getRole(LoadRolesData::ROLE_ADMINISTRATOR));
$oid = $manager->getOid('entity:Oro\\Bundle\\EmailBundle\\Entity\\Email');
$maskBuilder = $manager->getMaskBuilder($oid)->add('VIEW_SYSTEM')->add('CREATE_SYSTEM')->add('EDIT_SYSTEM');
$manager->setPermission($sid, $oid, $maskBuilder->get());
}
/**
* @param AclManager $aclManager
* @return AccountUserRole
*/
protected function createAdministratorRole(AclManager $aclManager)
{
$chainMetadataProvider = $this->container->get('oro_security.owner.metadata_provider.chain');
$allowedEntities = $this->getFrontendOwnedEntities();
$allowedAcls = ['VIEW_LOCAL', 'CREATE_LOCAL', 'EDIT_LOCAL', 'DELETE_LOCAL', 'ASSIGN_LOCAL'];
$role = $this->createEntity(self::ADMINISTRATOR, $this->defaultRoles[self::ADMINISTRATOR]);
if ($aclManager->isAclEnabled()) {
$sid = $aclManager->getSid($role);
foreach ($aclManager->getAllExtensions() as $extension) {
if ($extension instanceof EntityAclExtension) {
$chainMetadataProvider->startProviderEmulation(FrontendOwnershipMetadataProvider::ALIAS);
foreach ($allowedEntities as $className) {
$oid = $aclManager->getOid('entity:' . $className);
$builder = $aclManager->getMaskBuilder($oid);
$mask = $builder->reset()->get();
foreach ($allowedAcls as $acl) {
$mask = $builder->add($acl)->get();
}
$aclManager->setPermission($sid, $oid, $mask);
}
$chainMetadataProvider->stopProviderEmulation();
} else {
$this->setPermissionGroup($aclManager, $extension, $sid, 'GROUP_ALL');
}
}
}
return $role;
}
protected function updateManagerRole(AclManager $manager)
{
$sid = $manager->getSid($this->getRole(LoadRolesData::ROLE_MANAGER));
// grant to manage own calendar events
$oid = $manager->getOid('entity:Oro\\Bundle\\CalendarBundle\\Entity\\CalendarEvent');
$maskBuilder = $manager->getMaskBuilder($oid)->add('VIEW_SYSTEM')->add('CREATE_SYSTEM')->add('EDIT_SYSTEM')->add('DELETE_SYSTEM');
$manager->setPermission($sid, $oid, $maskBuilder->get());
}
/**
* @param string $class
* @param int $mask
* @return boolean
*/
protected function isGrantedEntityMask($class, $mask)
{
if (!$class) {
return false;
}
$descriptor = sprintf('entity:%s', ClassUtils::getRealClass($class));
$oid = $this->aclManager->getOid($descriptor);
return $this->isGrantedOidMask($oid, $class, $mask);
}
protected function updateUserRole(AclManager $manager)
{
$roles = ['ROLE_ONLINE_SALES_REP', 'ROLE_MARKETING_MANAGER', 'ROLE_LEADS_DEVELOPMENT_REP'];
foreach ($roles as $roleName) {
$sid = $manager->getSid($this->getRole($roleName));
$oid = $manager->getOid('entity:Oro\\Bundle\\EmailBundle\\Entity\\EmailUser');
$maskBuilder = $manager->getMaskBuilder($oid)->add('VIEW_BASIC')->add('CREATE_BASIC')->add('EDIT_BASIC');
$manager->setPermission($sid, $oid, $maskBuilder->get());
}
}
protected function updateUserRole(AclManager $manager)
{
$roles = [LoadRolesData::ROLE_USER, LoadRolesData::ROLE_MANAGER];
foreach ($roles as $roleName) {
$sid = $manager->getSid($this->getRole($roleName));
$oid = $manager->getOid('entity:Oro\\Bundle\\EmailBundle\\Entity\\EmailUser');
$maskBuilder = $manager->getMaskBuilder($oid)->add('VIEW_BASIC')->add('CREATE_BASIC')->add('EDIT_BASIC');
$manager->setPermission($sid, $oid, $maskBuilder->get());
}
}
/**
* @param AclManager $aclManager
* @param SecurityIdentityInterface $sid
* @param array $permissions
*/
protected function setPermissions(AclManager $aclManager, SecurityIdentityInterface $sid, array $permissions)
{
foreach ($permissions as $permission => $acls) {
$oid = $aclManager->getOid(str_replace('|', ':', $permission));
$builder = $aclManager->getMaskBuilder($oid);
$builder->reset();
if ($acls) {
foreach ($acls as $acl) {
$builder->add($acl);
}
}
$mask = $builder->get();
$aclManager->setPermission($sid, $oid, $mask);
}
}
/**
* @param ObjectManager $manager
* @param AclManager $aclManager
*/
protected function setBuyerShoppingListPermissions(ObjectManager $manager, AclManager $aclManager)
{
$chainMetadataProvider = $this->container->get('oro_security.owner.metadata_provider.chain');
$allowedAcls = ['VIEW_BASIC', 'CREATE_BASIC', 'EDIT_BASIC', 'DELETE_BASIC'];
$role = $this->getBuyerRole($manager);
if ($aclManager->isAclEnabled()) {
$sid = $aclManager->getSid($role);
$className = $this->container->getParameter('orob2b_shopping_list.entity.shopping_list.class');
foreach ($aclManager->getAllExtensions() as $extension) {
if ($extension instanceof EntityAclExtension) {
$chainMetadataProvider->startProviderEmulation(FrontendOwnershipMetadataProvider::ALIAS);
$oid = $aclManager->getOid('entity:' . $className);
$builder = $aclManager->getMaskBuilder($oid);
$mask = $builder->reset()->get();
foreach ($allowedAcls as $acl) {
$mask = $builder->add($acl)->get();
}
$aclManager->setPermission($sid, $oid, $mask);
$chainMetadataProvider->stopProviderEmulation();
}
}
}
}
public function testGetOid()
{
$oid = new ObjectIdentity('test', 'test');
$this->objectIdentityFactory->expects($this->once())->method('get')->with($this->equalTo('test'))->will($this->returnValue($oid));
$this->assertTrue($oid === $this->manager->getOid('test'));
}
/**
* @param AclManager $aclManager
* @param AccountUserRole $role
* @param string $className
* @param array $allowedAcls
*/
protected function setRolePermissions(AclManager $aclManager, AccountUserRole $role, $className, array $allowedAcls)
{
/* @var $chainMetadataProvider ChainMetadataProvider */
$chainMetadataProvider = $this->container->get('oro_security.owner.metadata_provider.chain');
if ($aclManager->isAclEnabled()) {
$sid = $aclManager->getSid($role);
foreach ($aclManager->getAllExtensions() as $extension) {
if ($extension instanceof EntityAclExtension) {
$chainMetadataProvider->startProviderEmulation(FrontendOwnershipMetadataProvider::ALIAS);
$oid = $aclManager->getOid('entity:' . $className);
$builder = $aclManager->getMaskBuilder($oid);
$mask = $builder->reset()->get();
foreach ($allowedAcls as $acl) {
$mask = $builder->add($acl)->get();
}
$aclManager->setPermission($sid, $oid, $mask);
$chainMetadataProvider->stopProviderEmulation();
}
}
}
}
