/** * Loads an ACE collection from the ACL and updates the permissions (creating if no appropriate ACE exists) * * @todo refactor this code to transactionalize ACL updating * @param MutableAclInterface $acl * @param PermissionContextInterface $context * @return void */ protected function doApplyPermission(MutableAclInterface $acl, PermissionContextInterface $context, $replace_existing = false) { $type = $context->getPermissionType(); $field = $context->getField(); if (is_null($field)) { $aceCollection = $this->getAceCollection($acl, $type); } else { $aceCollection = $this->getFieldAceCollection($acl, $type, $field); } $size = count($aceCollection) - 1; reset($aceCollection); for ($i = $size; $i >= 0; $i--) { if ($replace_existing) { // Replace all existing permissions with the new one if ($context->hasDifferentPermission($aceCollection[$i])) { // The ACE was found but with a different permission. Update it. if (is_null($field)) { $acl->{"update{$type}Ace"}($i, $context->getMask()); } else { $acl->{"update{$type}FieldAce"}($id, $field, $context - getMask()); } //No need to proceed further because the acl is updated return; } else { if ($context->equals($aceCollection[$i])) { // The exact same ACE was found. Nothing to do. return; } } } else { if ($context->equals($aceCollection[$i])) { // The exact same ACE was found. Nothing to do. return; } } } //If we come this far means we have to insert ace if (is_null($field)) { $acl->{"insert{$type}Ace"}($context->getSecurityIdentity(), $context->getMask(), 0, $context->isGranting()); } else { $acl->{"insert{$type}FieldAce"}($field, $context->getSecurityIdentity(), $context->getMask(), 0, $context->isGranting()); } }
/** * @param int $size * @param bool $replaceExisting * @param array $aceCollection * @param PermissionContextInterface $context * @param string $acl * @param string $field * @param string $type */ protected function doUpdatePermission($size, $replaceExisting, $aceCollection, PermissionContextInterface $context, $acl, $field, $type) { for ($i = $size; $i >= 0; $i--) { if (true === $replaceExisting) { // Replace all existing permissions with the new one if ($context->hasDifferentPermission($aceCollection[$i])) { // The ACE was found but with a different permission. Update it. if (is_null($field)) { $acl->{"update{$type}Ace"}($i, $context->getMask()); } else { $acl->{"update{$type}FieldAce"}($i, $field, $context->getMask()); } //No need to proceed further because the acl is updated return; } else { if ($context->equals($aceCollection[$i])) { // The exact same ACE was found. Nothing to do. return; } } } else { if ($context->equals($aceCollection[$i])) { // The exact same ACE was found. Nothing to do. return; } } } //If we come this far means we have to insert ace if (is_null($field)) { $acl->{"insert{$type}Ace"}($context->getSecurityIdentity(), $context->getMask(), 0, $context->isGranting()); } else { $acl->{"insert{$type}FieldAce"}($field, $context->getSecurityIdentity(), $context->getMask(), 0, $context->isGranting()); } }