/** * @param AbstractRole $role */ protected function processPrivileges(AbstractRole $role) { $decodedPrivileges = json_decode($this->form->get('privileges')->getData(), true); $formPrivileges = []; foreach ($this->privilegeConfig as $fieldName => $config) { $privilegesArray = $decodedPrivileges[$fieldName]; $privileges = []; foreach ($privilegesArray as $privilege) { $aclPrivilege = new AclPrivilege(); foreach ($privilege['permissions'] as $name => $permission) { $aclPrivilege->addPermission(new AclPermission($permission['name'], $permission['accessLevel'])); } $aclPrivilegeIdentity = new AclPrivilegeIdentity($privilege['identity']['id'], $privilege['identity']['name']); $aclPrivilege->setIdentity($aclPrivilegeIdentity); $privileges[] = $aclPrivilege; } if ($config['fix_values']) { $this->fxPrivilegeValue($privileges, $config['default_value']); } $formPrivileges = array_merge($formPrivileges, $privileges); } array_walk($formPrivileges, function (AclPrivilege $privilege) { $privilege->setGroup($this->getAclGroup()); }); $this->privilegeRepository->savePrivileges($this->aclManager->getSid($role), new ArrayCollection($formPrivileges)); $this->aclCache->clearCache(); }
/** * @param Role $role */ protected function processPrivileges(Role $role) { $formPrivileges = array(); foreach ($this->privilegeConfig as $fieldName => $config) { $privileges = $this->form->get($fieldName)->getData(); if ($config['fix_values']) { $this->fxPrivilegeValue($privileges, $config['default_value']); } $formPrivileges = array_merge($formPrivileges, $privileges); } $this->privilegeRepository->savePrivileges($this->aclManager->getSid($role), new ArrayCollection($formPrivileges)); }
public function testProcessPrivileges() { $request = new Request(); $request->setMethod('POST'); $role = new AccountUserRole('TEST'); $roleSecurityIdentity = new RoleSecurityIdentity($role); $appendForm = $this->getMock('Symfony\\Component\\Form\\FormInterface'); $appendForm->expects($this->once())->method('getData')->willReturn([]); $removeForm = $this->getMock('Symfony\\Component\\Form\\FormInterface'); $removeForm->expects($this->once())->method('getData')->willReturn([]); $firstEntityPrivilege = $this->createPrivilege('entity', 'entity:FirstClass', 'VIEW'); $secondEntityPrivilege = $this->createPrivilege('entity', 'entity:SecondClass', 'VIEW'); $entityForm = $this->getMock('Symfony\\Component\\Form\\FormInterface'); $entityForm->expects($this->once())->method('getData')->willReturn([$firstEntityPrivilege, $secondEntityPrivilege]); $actionPrivilege = $this->createPrivilege('action', 'action', 'random_action'); $actionForm = $this->getMock('Symfony\\Component\\Form\\FormInterface'); $actionForm->expects($this->once())->method('getData')->willReturn([$actionPrivilege]); $form = $this->getMock('Symfony\\Component\\Form\\FormInterface'); $form->expects($this->once())->method('submit')->with($request); $form->expects($this->once())->method('isValid')->willReturn(true); $form->expects($this->any())->method('get')->willReturnMap([['appendUsers', $appendForm], ['removeUsers', $removeForm], ['entity', $entityForm], ['action', $actionForm]]); $this->formFactory->expects($this->once())->method('create')->willReturn($form); $objectManager = $this->getMock('Doctrine\\Common\\Persistence\\ObjectManager'); $this->managerRegistry->expects($this->any())->method('getManagerForClass')->with(get_class($role))->willReturn($objectManager); $expectedFirstEntityPrivilege = $this->createPrivilege('entity', 'entity:FirstClass', 'VIEW'); $expectedFirstEntityPrivilege->setGroup(AccountUser::SECURITY_GROUP); $expectedSecondEntityPrivilege = $this->createPrivilege('entity', 'entity:SecondClass', 'VIEW'); $expectedSecondEntityPrivilege->setGroup(AccountUser::SECURITY_GROUP); $expectedActionPrivilege = $this->createPrivilege('action', 'action', 'random_action'); $expectedActionPrivilege->setGroup(AccountUser::SECURITY_GROUP); $this->privilegeRepository->expects($this->once())->method('savePrivileges')->with($roleSecurityIdentity, new ArrayCollection([$expectedFirstEntityPrivilege, $expectedSecondEntityPrivilege, $expectedActionPrivilege])); $this->aclManager->expects($this->any())->method('getSid')->with($role)->willReturn($roleSecurityIdentity); $this->chainMetadataProvider->expects($this->once())->method('startProviderEmulation')->with(FrontendOwnershipMetadataProvider::ALIAS); $this->chainMetadataProvider->expects($this->once())->method('stopProviderEmulation'); $handler = new AccountUserRoleHandler($this->formFactory, $this->privilegeConfig); $handler->setManagerRegistry($this->managerRegistry); $handler->setAclPrivilegeRepository($this->privilegeRepository); $handler->setAclManager($this->aclManager); $handler->setChainMetadataProvider($this->chainMetadataProvider); $handler->setRequest($request); $handler->createForm($role); $handler->process($role); }
public function testSavePrivilegesForExistingRole() { $extensionKey = 'test'; $rootOid = new ObjectIdentity($extensionKey, ObjectIdentityFactory::ROOT_IDENTITY_TYPE); $class3Ace = $this->getAce(self::getMask(array('VIEW_BASIC', 'CREATE_BASIC'))); $privileges = new ArrayCollection(); $privileges[] = self::getPrivilege('test:(root)', array('VIEW' => AccessLevel::SYSTEM_LEVEL, 'CREATE' => AccessLevel::BASIC_LEVEL, 'EDIT' => AccessLevel::NONE_LEVEL)); $privileges[] = self::getPrivilege('test:Acme\\Class1', array('VIEW' => AccessLevel::SYSTEM_LEVEL, 'CREATE' => AccessLevel::BASIC_LEVEL, 'EDIT' => AccessLevel::NONE_LEVEL)); $privileges[] = self::getPrivilege('test:Acme\\Class2', array('VIEW' => AccessLevel::SYSTEM_LEVEL, 'CREATE' => AccessLevel::SYSTEM_LEVEL, 'EDIT' => AccessLevel::NONE_LEVEL)); $privileges[] = self::getPrivilege('test:Acme\\Class3', array('VIEW' => AccessLevel::SYSTEM_LEVEL, 'CREATE' => AccessLevel::BASIC_LEVEL, 'EDIT' => AccessLevel::NONE_LEVEL)); $sid = $this->getMock('Symfony\\Component\\Security\\Acl\\Model\\SecurityIdentityInterface'); $this->initSavePrivileges($extensionKey, $rootOid); $this->setExpectationsForGetAces(array('test:Acme\\Class3' => array($class3Ace))); $this->setExpectationsForSetPermission($sid, array('test:(root)' => array('VIEW_SYSTEM', 'CREATE_BASIC'), 'test:Acme\\Class2' => array('VIEW_SYSTEM', 'CREATE_SYSTEM'))); $this->setExpectationsForDeletePermission($sid, array('test:Acme\\Class3' => array('VIEW_BASIC', 'CREATE_BASIC'))); $this->repository->savePrivileges($sid, $privileges); $this->validateExpectationsForGetAces(); $this->validateExpectationsForSetPermission(); $this->validateExpectationsForDeletePermission(); }