public function testIsProtectedEntity() { $this->cache->expects($this->any())->method('fetch')->with(Provider::ACL_SECURITY_TYPE)->will($this->returnValue(array('SomeClass' => new EntitySecurityMetadata()))); $provider = new Provider($this->securityConfigProvider, $this->entityConfigProvider, $this->cache); $this->assertTrue($provider->isProtectedEntity('SomeClass')); $this->assertFalse($provider->isProtectedEntity('UnknownClass')); }
/** * Get data for query acl access level check * Return null if entity has full access, empty array if user does't have access to the entity * and array with entity field and field values witch user have access. * * @param $entityClassName * @param $permissions * @return null|array */ public function getAclConditionData($entityClassName, $permissions = 'VIEW') { if ($this->aclVoter === null || !$this->getUserId() || !$this->entityMetadataProvider->isProtectedEntity($entityClassName)) { return []; } $condition = null; $observer = new OneShotIsGrantedObserver(); $this->aclVoter->addOneShotIsGrantedObserver($observer); $isGranted = $this->getSecurityContext()->isGranted($permissions, 'entity:' . $entityClassName); if ($isGranted) { $condition = $this->buildConstraintIfAccessIsGranted($entityClassName, $observer->getAccessLevel(), $this->metadataProvider->getMetadata($entityClassName)); } return $condition; }
/** * Get data for query acl access level check * * @param $entityClassName * @param $permissions * * @return array Returns empty array if entity has full access, * array with null values if user does't have access to the entity * and array with entity field and field values which user has access to. * Array structure: * 0 - owner field name * 1 - owner values * 2 - owner association type * 3 - organization field name * 4 - organization values * 5 - should owners be checked * (for example, in case of Organization ownership type, owners should not be checked) */ public function getAclConditionData($entityClassName, $permissions = 'VIEW') { if ($this->aclVoter === null || !$this->getUserId() || !$this->entityMetadataProvider->isProtectedEntity($entityClassName)) { // return full access to the entity return []; } $observer = new OneShotIsGrantedObserver(); $this->aclVoter->addOneShotIsGrantedObserver($observer); $groupedEntityClassName = $entityClassName; if ($this->aclGroupProvider) { $group = $this->aclGroupProvider->getGroup(); if ($group) { $groupedEntityClassName = sprintf('%s@%s', $this->aclGroupProvider->getGroup(), $entityClassName); } } $isGranted = $this->getSecurityContext()->isGranted($permissions, new ObjectIdentity('entity', $groupedEntityClassName)); if ($isGranted) { $condition = $this->buildConstraintIfAccessIsGranted($entityClassName, $observer->getAccessLevel(), $this->metadataProvider->getMetadata($entityClassName)); } else { $condition = $this->getAccessDeniedCondition(); } return $condition; }
/** * Checks whether an entity is protected. * * @param string $entityClass * @return bool */ public function isProtectedEntity($entityClass) { return $this->entitySecurityMetadataProvider->isProtectedEntity($entityClass); }