/**
* Validate configs nad fill default values
*
* @param DatagridConfiguration $config
*/
public function processConfigs(DatagridConfiguration $config)
{
$configItems = $config->offsetGetOr(Configuration::BASE_CONFIG_KEY, []);
$configuration = new Configuration(Configuration::BASE_CONFIG_KEY);
$normalizedConfigItems = $this->validateConfiguration($configuration, [Configuration::BASE_CONFIG_KEY => $configItems]);
$isGranted = $this->securityFacade->isGranted('EDIT', 'entity:' . $configItems['entity_name']);
//according to ACL disable inline editing for the whole grid
if (!$isGranted) {
$normalizedConfigItems[Configuration::CONFIG_KEY_ENABLE] = false;
}
// replace config values by normalized, extra keys passed directly
$resultConfigItems = array_replace_recursive($configItems, $normalizedConfigItems);
if (is_null($resultConfigItems['save_api_accessor']['default_route_parameters']['className'])) {
$resultConfigItems['save_api_accessor']['default_route_parameters']['className'] = $this->entityClassNameHelper->getUrlSafeClassName($configItems['entity_name']);
}
$config->offsetSet(Configuration::BASE_CONFIG_KEY, $resultConfigItems);
//add inline editing where it is possible, do not use ACL, because additional parameters for columns needed
$columns = $config->offsetGetOr(FormatterConfiguration::COLUMNS_KEY, []);
$blackList = $configuration->getBlackList();
foreach ($columns as $columnName => &$column) {
if (!in_array($columnName, $blackList)) {
$newColumn = $this->guesser->getColumnOptions($columnName, $configItems['entity_name'], $column);
//frontend type key must not be replaced with default value
$typeKey = PropertyInterface::FRONTEND_TYPE_KEY;
if (!empty($newColumn[$typeKey])) {
$column[$typeKey] = $newColumn[$typeKey];
}
$column = array_replace_recursive($newColumn, $column);
}
}
$config->offsetSet(FormatterConfiguration::COLUMNS_KEY, $columns);
}
/**
* @param object $object
* @param int $depth
* @param bool $ignoreAcl
* @param Organization|null $organization
*
* @return Recipient[]
*/
public function getRecipients($object, $depth = 1, $ignoreAcl = false, Organization $organization = null)
{
$recipients = [];
if ($this->isAccessDenyForOrganization($object, $ignoreAcl, $organization)) {
return $recipients;
}
if (!$depth || ($ignoreAcl || !$this->securityFacade->isGranted('VIEW', $object))) {
if (!$depth || $this->securityFacade->getLoggedUser() !== $object) {
return $recipients;
}
}
$className = ClassUtils::getClass($object);
$metadata = $this->getMetadata($className);
$attributes = $this->initAttributes($className, $metadata);
foreach ($metadata->associationMappings as $name => $assoc) {
if (in_array('Oro\\Bundle\\EmailBundle\\Entity\\EmailInterface', class_implements($assoc['targetEntity']), true)) {
$attributes[] = new EmailAttribute($name, true);
} else {
if ($depth > 1) {
$assocObject = $this->getPropertyAccessor()->getValue($object, $name);
if (!$assocObject instanceof \Traversable && !is_array($assocObject)) {
if ($assocObject) {
$assocObject = [$assocObject];
} else {
$assocObject = [];
}
}
foreach ($assocObject as $obj) {
$recipients = array_merge($recipients, $this->getRecipients($obj, $depth - 1, false, $organization));
}
}
}
}
return array_merge($recipients, $this->createRecipientsFromEmails($this->createEmailsFromAttributes($attributes, $object), $object, $metadata));
}
/**
* {@inheritdoc}
*/
public function isVisible(array $config = [], array $context = [])
{
if (!isset($config['acl'])) {
throw new \InvalidArgumentException('The "acl" should be provided in the configuration.');
}
return $this->securityFacade->isGranted($config['acl']);
}
/**
* {@inheritdoc}
*/
public function isAllowed()
{
if (!$this->acl) {
return true;
}
return $this->securityFacade->hasLoggedUser() && $this->securityFacade->isGranted($this->acl);
}
/**
* {@inheritdoc}
*/
public function getCalendarDefaultValues($organizationId, $userId, $calendarId, array $calendarIds)
{
$result = [];
if (!$this->calendarConfig->isPublicCalendarEnabled()) {
foreach ($calendarIds as $id) {
$result[$id] = null;
}
return $result;
}
/** @var SystemCalendarRepository $repo */
$repo = $this->doctrineHelper->getEntityRepository('OroCalendarBundle:SystemCalendar');
$qb = $repo->getPublicCalendarsQueryBuilder();
/** @var SystemCalendar[] $calendars */
$calendars = $qb->getQuery()->getResult();
$isEventManagementGranted = $this->securityFacade->isGranted('oro_public_calendar_event_management');
foreach ($calendars as $calendar) {
$resultItem = ['calendarName' => $calendar->getName(), 'backgroundColor' => $calendar->getBackgroundColor(), 'removable' => false, 'position' => -80];
if ($isEventManagementGranted) {
$resultItem['canAddEvent'] = true;
$resultItem['canEditEvent'] = true;
$resultItem['canDeleteEvent'] = true;
}
$result[$calendar->getId()] = $resultItem;
}
return $result;
}
/**
* Options:
* - grid_name - name of grid that will be used for entity selection
* - grid_parameters - parameters need to be passed to grid request
* - grid_render_parameters - render parameters need to be set for grid rendering
* - existing_entity_grid_id - grid row field name used as entity identifier
* - create_enabled - enables new entity creation
* - create_acl - ACL resource used to determine that create is allowed, by default CREATE for entity used
* - create_form_route - route name for creation form
* - create_form_route_parameters - route parameters for create_form_route_parameters
*
* {@inheritDoc}
*/
public function setDefaultOptions(OptionsResolverInterface $resolver)
{
$resolver->setDefaults(['existing_entity_grid_id' => 'id', 'create_enabled' => true, 'create_acl' => null, 'create_form_route' => null, 'create_form_route_parameters' => [], 'grid_name' => null, 'grid_parameters' => [], 'grid_render_parameters' => []]);
$resolver->setNormalizers(['create_enabled' => function (Options $options, $createEnabled) {
$createRouteName = $options->get('create_form_route');
$createEnabled = $createEnabled && !empty($createRouteName);
if ($createEnabled) {
$aclName = $options->get('create_acl');
if (empty($aclName)) {
$aclObjectName = 'Entity:' . $options->get('entity_class');
$createEnabled = $this->securityFacade->isGranted('CREATE', $aclObjectName);
} else {
$createEnabled = $this->securityFacade->isGranted($aclName);
}
}
return $createEnabled;
}, 'grid_name' => function (Options $options, $gridName) {
if (!empty($gridName)) {
return $gridName;
}
$formConfig = $this->configManager->getProvider('form')->getConfig($options->get('entity_class'));
if ($formConfig->has('grid_name')) {
return $formConfig->get('grid_name');
}
throw new InvalidConfigurationException('The option "grid_name" must be set.');
}]);
}
/**
* {@inheritdoc}
*/
public function addEntityFields(FormBuilderInterface $builder)
{
// user fields
$builder->addEventSubscriber(new UserSubscriber($builder->getFormFactory(), $this->security));
$this->setDefaultUserFields($builder);
if ($this->securityFacade->isGranted('oro_user_role_view')) {
$builder->add('roles', 'entity', ['property_path' => 'rolesCollection', 'label' => 'oro.user.roles.label', 'class' => 'OroUserBundle:Role', 'property' => 'label', 'query_builder' => function (EntityRepository $er) {
return $er->createQueryBuilder('r')->where('r.role <> :anon')->setParameter('anon', User::ROLE_ANONYMOUS)->orderBy('r.label');
}, 'multiple' => true, 'expanded' => true, 'required' => !$this->isMyProfilePage, 'read_only' => $this->isMyProfilePage, 'disabled' => $this->isMyProfilePage, 'translatable_options' => false]);
}
if ($this->securityFacade->isGranted('oro_user_group_view')) {
$builder->add('groups', 'entity', ['label' => 'oro.user.groups.label', 'class' => 'OroUserBundle:Group', 'property' => 'name', 'multiple' => true, 'expanded' => true, 'required' => false, 'read_only' => $this->isMyProfilePage, 'disabled' => $this->isMyProfilePage, 'translatable_options' => false]);
}
if ($this->securityFacade->isGranted('oro_organization_view') && $this->securityFacade->isGranted('oro_business_unit_view')) {
$builder->add('organizations', 'oro_organizations_select', ['required' => false, 'label' => 'oro.user.form.access_settings.label']);
}
$builder->add('plainPassword', 'repeated', ['label' => 'oro.user.password.label', 'type' => 'password', 'required' => true, 'first_options' => ['label' => 'oro.user.password.label'], 'second_options' => ['label' => 'oro.user.password_re.label']])->add('emails', 'collection', ['label' => 'oro.user.emails.label', 'type' => 'oro_user_email', 'allow_add' => true, 'allow_delete' => true, 'by_reference' => false, 'prototype' => true, 'prototype_name' => 'tag__name__']);
if ($this->userConfigManager->get('oro_imap.enable_google_imap')) {
$builder->add('imapAccountType', 'oro_imap_choice_account_type', ['label' => 'oro.user.imap_configuration.label']);
} else {
$builder->add('imapConfiguration', 'oro_imap_configuration', ['label' => 'oro.user.imap_configuration.label']);
}
$builder->add('change_password', ChangePasswordType::NAME)->add('avatar', 'oro_image', ['label' => 'oro.user.avatar.label', 'required' => false]);
$this->addInviteUserField($builder);
}
/**
* @return bool
*/
protected function isUnsubscribeGranted()
{
if ($this->unsubscribeGranted === null) {
$this->unsubscribeGranted = $this->securityFacade->isGranted('orocrm_magento_newsletter_subscriber_unsubscribe_customer');
}
return $this->unsubscribeGranted;
}
/**
* Checks if the entity can have comments
*
* @param object|null $entity
*
* @return bool
*/
public function isApplicable($entity)
{
if (!is_object($entity) || !$this->doctrineHelper->isManageableEntity($entity) || !$this->securityFacade->isGranted('oro_comment_view')) {
return false;
}
return $this->commentAssociationHelper->isCommentAssociationEnabled(ClassUtils::getClass($entity));
}
/**
* Process form
*
* @param mixed $entity
*
* @return mixed|null The instance of saved entity on successful processing; otherwise, null
*/
public function process($entity)
{
if ($this->securityFacade->isGranted('EDIT', $entity)) {
return parent::process($entity);
}
return null;
}
/**
* @param GridViewsLoadEvent $event
*/
public function onViewsLoad(GridViewsLoadEvent $event)
{
$gridName = $event->getGridName();
$currentUser = $this->getCurrentUser();
if (!$currentUser) {
return;
}
$gridViews = $this->getGridViewRepository()->findGridViews($this->aclHelper, $currentUser, $gridName);
if (!$gridViews) {
return;
}
$choices = [];
$views = [];
foreach ($gridViews as $gridView) {
$view = $gridView->createView();
$view->setEditable($this->securityFacade->isGranted('EDIT', $gridView));
$view->setDeletable($this->securityFacade->isGranted('DELETE', $gridView));
$views[] = $view->getMetadata();
$choices[] = ['label' => $this->createGridViewLabel($currentUser, $gridView), 'value' => $gridView->getId()];
}
$newGridViews = $event->getGridViews();
$newGridViews['choices'] = array_merge($newGridViews['choices'], $choices);
$newGridViews['views'] = array_merge($newGridViews['views'], $views);
$event->setGridViews($newGridViews);
}
/**
* {@inheritdoc}
*/
public function beforeProcess($entity)
{
//check owner (Contact) entity with 'edit' permission
if (!$this->securityFacade->isGranted('EDIT', $entity->getOwner())) {
throw new AccessDeniedException();
}
}
/**
* {@inheritdoc}
*/
protected function applyPermissions(&$item, $calendarId)
{
if (!$this->securityFacade->isGranted('oro_public_calendar_event_management')) {
$item['editable'] = false;
$item['removable'] = false;
}
}
/**
* @param ConfigureMenuEvent $event
*/
public function onNavigationConfigure(ConfigureMenuEvent $event)
{
$menu = $event->getMenu();
$children = array();
$entitiesMenuItem = $menu->getChild('system_tab')->getChild('entities_list');
if ($entitiesMenuItem) {
/** @var ConfigProvider $entityConfigProvider */
$entityConfigProvider = $this->configManager->getProvider('entity');
/** @var ConfigProvider $entityExtendProvider */
$entityExtendProvider = $this->configManager->getProvider('extend');
$extendConfigs = $entityExtendProvider->getConfigs();
foreach ($extendConfigs as $extendConfig) {
if ($this->checkAvailability($extendConfig)) {
$config = $entityConfigProvider->getConfig($extendConfig->getId()->getClassname());
if (!class_exists($config->getId()->getClassName()) || !$this->securityFacade->hasLoggedUser() || !$this->securityFacade->isGranted('VIEW', 'entity:' . $config->getId()->getClassName())) {
continue;
}
$children[$config->get('label')] = array('label' => $this->translator->trans($config->get('label')), 'options' => array('route' => 'oro_entity_index', 'routeParameters' => array('entityName' => str_replace('\\', '_', $config->getId()->getClassName())), 'extras' => array('safe_label' => true, 'routes' => array('oro_entity_*'))));
}
}
sort($children);
foreach ($children as $child) {
$entitiesMenuItem->addChild($child['label'], $child['options']);
}
}
}
/**
* Get last operations data
*
* @param array $types
*
* @return array
*/
public function getLastOperationsData(array $types)
{
$types = array_filter($types, function ($type) {
return $this->securityFacade->isGranted(sprintf('pim_importexport_%s_execution_show', $type));
});
return $this->repository->getLastOperationsData($types);
}
/**
* @param Router $router
* @param EntityNameResolver $entityNameResolver
* @param SecurityFacade $securityFacade
*/
public function __construct(Router $router, EntityNameResolver $entityNameResolver, SecurityFacade $securityFacade)
{
$this->entityNameResolver = $entityNameResolver;
$this->router = $router;
$this->securityFacade = $securityFacade;
$this->canViewContact = $this->securityFacade->isGranted('orocrm_contact_view');
}
/**
* @param Router $router
* @param NameFormatter $nameFormatter
* @param SecurityFacade $securityFacade
*/
public function __construct(Router $router, NameFormatter $nameFormatter, SecurityFacade $securityFacade)
{
$this->nameFormatter = $nameFormatter;
$this->router = $router;
$this->securityFacade = $securityFacade;
$this->canViewContact = $this->securityFacade->isGranted('orocrm_contact_view');
}
/**
* PRE_SET_DATA event handler
*
* @param FormEvent $event
*/
public function preSetData(FormEvent $event)
{
$form = $event->getForm();
if ($this->calendarConfig->isPublicCalendarEnabled() && $this->calendarConfig->isSystemCalendarEnabled()) {
$options = ['required' => false, 'label' => 'oro.calendar.systemcalendar.public.label', 'empty_value' => false, 'choices' => [false => 'oro.calendar.systemcalendar.scope.organization', true => 'oro.calendar.systemcalendar.scope.system']];
/** @var SystemCalendar|null $data */
$data = $event->getData();
if ($data) {
$isPublicGranted = $this->securityFacade->isGranted('oro_public_calendar_management');
$isSystemGranted = $this->securityFacade->isGranted($data->getId() ? 'oro_system_calendar_update' : 'oro_system_calendar_create');
if (!$isPublicGranted || !$isSystemGranted) {
$options['read_only'] = true;
if (!$data->getId() && !$isSystemGranted) {
$options['data'] = true;
}
unset($options['choices'][$isSystemGranted]);
}
}
$form->add('public', 'choice', $options);
} elseif ($this->calendarConfig->isPublicCalendarEnabled()) {
$form->add('public', 'hidden', ['data' => true]);
} elseif ($this->calendarConfig->isSystemCalendarEnabled()) {
$form->add('public', 'hidden', ['data' => false]);
}
}
/**
* {@inheritdoc}
*/
public function getCalendarEvents($organizationId, $userId, $calendarId, $start, $end, $connections, $extraFields = [])
{
if (!$this->calendarConfig->isSystemCalendarEnabled() || !$this->securityFacade->isGranted('oro_system_calendar_view')) {
return [];
}
//@TODO: temporary return all system calendars until BAP-6566 implemented
///** @var CalendarEventRepository $repo */
//$repo = $this->doctrineHelper->getEntityRepository('OroCalendarBundle:CalendarEvent');
//$qb = $repo->getSystemEventListByTimeIntervalQueryBuilder(
// $calendarId,
// $start,
// $end,
// []
//);
$extraFields = $this->filterSupportedFields($extraFields, 'Oro\\Bundle\\CalendarBundle\\Entity\\CalendarEvent');
/** @var CalendarEventRepository $repo */
$repo = $this->doctrineHelper->getEntityRepository('OroCalendarBundle:CalendarEvent');
$qb = $repo->getSystemEventListByTimeIntervalQueryBuilder($start, $end, [], $extraFields)->andWhere('c.organization = :organizationId')->setParameter('organizationId', $organizationId);
$invisibleIds = [];
foreach ($connections as $id => $visible) {
if (!$visible) {
$invisibleIds[] = $id;
}
}
if ($invisibleIds) {
$qb->andWhere('c.id NOT IN (:invisibleIds)')->setParameter('invisibleIds', $invisibleIds);
}
return $this->calendarEventNormalizer->getCalendarEvents($calendarId, $qb->getQuery());
}
/**
* @param FormEvent $event
*/
public function addAttributeAsLabelField(FormEvent $event)
{
$data = $event->getData();
if ($data instanceof FamilyInterface && $data->getId()) {
$form = $event->getForm();
$form->add($this->factory->createNamed('attributeAsLabel', 'entity', $data->getAttributeAsLabel(), ['required' => true, 'label' => 'Attribute used as label', 'class' => $this->attributeClass, 'choices' => $data->getAttributeAsLabelChoices(), 'auto_initialize' => false, 'select2' => true, 'disabled' => !$this->securityFacade->isGranted('pim_enrich_family_edit_properties')]));
}
}
/**
* @param $name
* @return boolean
*/
public function isAutocompleteGranted($name)
{
$aclResource = $this->getAutocompleteAclResource($name);
if ($aclResource) {
return $this->securityFacade->isGranted($aclResource);
}
return true;
}
/**
* Checks if the entity can have comments
*
* @param object|null $entity
*
* @return bool
*/
public function isApplicable($entity)
{
if (!is_object($entity) || !$this->doctrineHelper->isManageableEntity($entity) || !$this->securityFacade->isGranted('oro_comment_view')) {
return false;
}
$className = ClassUtils::getClass($entity);
return $this->commentConfigProvider->hasConfig($className) && $this->commentConfigProvider->getConfig($className)->is('enabled') && $this->entityConfigProvider->hasConfig(Comment::ENTITY_NAME, ExtendHelper::buildAssociationName($className));
}
/**
* @param Attachment $entity
*
* @throws AccessDeniedException
*/
protected function checkFoundEntity($entity)
{
parent::checkFoundEntity($entity);
$attachmentTarget = $entity->getTarget();
if ($attachmentTarget && !$this->securityFacade->isGranted('VIEW', $attachmentTarget)) {
throw new AccessDeniedException();
}
}
/**
* {@inheritdoc}
*/
public function serializeOne($id)
{
list($fileId, $ownerEntityClass, $ownerEntityId) = $this->attachmentManager->parseFileKey($id);
if (!$this->securityFacade->isGranted('VIEW', new ObjectIdentity($ownerEntityId, $ownerEntityClass))) {
throw new AccessDeniedException();
}
return parent::serializeOne($fileId);
}
/**
* Checks if the entity can be shared
*
* @param object $entity
* @return bool
*/
public function isShareEnabled($entity)
{
if (null === $entity || !is_object($entity)) {
return false;
}
$className = ClassUtils::getClass($entity);
return $this->securityFacade->isGranted('SHARE', $entity) && $this->configProvider->hasConfig($className) && $this->configProvider->getConfig($className)->get('share_scopes');
}
/**
* Gets definition for tag column.
*
* @param DatagridConfiguration $config
*
* @return array
*/
protected function getColumnDefinition(DatagridConfiguration $config)
{
$className = $this->getEntityClassName($config);
$urlSafeClassName = $this->entityRoutingHelper->getUrlSafeClassName($className);
$permissions = ['oro_tag_create' => $this->securityFacade->isGranted(TagManager::ACL_RESOURCE_CREATE_ID_KEY), 'oro_tag_unassign_global' => $this->securityFacade->isGranted(TagManager::ACL_RESOURCE_REMOVE_ID_KEY)];
return ['label' => 'oro.tag.tags_label', 'type' => 'callback', 'frontend_type' => 'tags', 'callable' => function (ResultRecordInterface $record) {
return $record->getValue(self::COLUMN_NAME);
}, 'editable' => false, 'translatable' => true, 'renderable' => $this->taggableHelper->isEnableGridColumn($className), 'inline_editing' => ['enable' => $this->securityFacade->isGranted(TagManager::ACL_RESOURCE_ASSIGN_ID_KEY), 'editor' => ['view' => 'orotag/js/app/views/editor/tags-editor-view', 'view_options' => ['permissions' => $permissions]], 'save_api_accessor' => ['route' => 'oro_api_post_taggable', 'http_method' => 'POST', 'default_route_parameters' => ['entity' => $urlSafeClassName], 'route_parameters_rename_map' => ['id' => 'entityId']], 'autocomplete_api_accessor' => ['class' => 'oroui/js/tools/search-api-accessor', 'search_handler_name' => 'tags', 'label_field_name' => 'name']]];
}
/**
* @param ResultRecordInterface $record
*
* @return array
*/
public function getAccountUserRolePermission(ResultRecordInterface $record)
{
$isGranted = true;
$delete = true;
if ($record->getValue('isRolePredefined')) {
$isGranted = $this->securityFacade->isGranted('orob2b_account_frontend_account_user_role_create');
$delete = false;
}
return ['view' => true, 'update' => $isGranted, 'delete' => $delete];
}
/**
* Returns callback for configuration of grid/actions visibility per row
*
* @return callable
*/
public function getSystemActionConfigurationClosure()
{
return function (ResultRecordInterface $record) {
if ($this->securityFacade->isGranted('oro_system_calendar_event_management')) {
return [];
} else {
return ['update' => false, 'delete' => false];
}
};
}
/**
* @param ShoppingList|null $shoppingList
* @return bool
*/
public function isAllowed(ShoppingList $shoppingList = null)
{
if (!$this->securityFacade->hasLoggedUser()) {
return false;
}
$isAllowed = $this->securityFacade->isGranted('orob2b_shopping_list_line_item_frontend_add');
if (!$shoppingList) {
return $isAllowed;
}
return $isAllowed && $this->securityFacade->isGranted('EDIT', $shoppingList);
}
/**
* {@inheritdoc}
*/
public function isVisible(array $config = [], array $context = [])
{
if (!isset($config['attribute'])) {
throw new \InvalidArgumentException('The "attribute" should be provided in the configuration.');
}
if (!isset($config['object'])) {
throw new \InvalidArgumentException('The "object" should be provided in the configuration.');
}
$object = $this->getObject($config['object'], $context);
return $this->securityFacade->isGranted(constant($config['attribute']), $object);
}
