/** * Configure the object ACL for the passed object identities * * @param OutputInterface $output * @param AdminInterface $admin * @param array $oids an array of ObjectIdentityInterface implementations * @param UserSecurityIdentity $securityIdentity * * @throws \Exception * * @return array [countAdded, countUpdated] */ public function configureAcls(OutputInterface $output, AdminInterface $admin, array $oids, UserSecurityIdentity $securityIdentity = null) { $countAdded = 0; $countUpdated = 0; $securityHandler = $admin->getSecurityHandler(); if (!$securityHandler instanceof AclSecurityHandlerInterface) { $output->writeln(sprintf('Admin `%s` is not configured to use ACL : <info>ignoring</info>', $admin->getCode())); return array(0, 0); } $acls = $securityHandler->findObjectAcls($oids); foreach ($oids as $oid) { if ($acls->contains($oid)) { $acl = $acls->offsetGet($oid); $countUpdated++; } else { $acl = $securityHandler->createAcl($oid); $countAdded++; } if (!is_null($securityIdentity)) { // add object owner $securityHandler->addObjectOwner($acl, $securityIdentity); } $securityHandler->addObjectClassAces($acl, $securityHandler->buildSecurityInformation($admin)); try { $securityHandler->updateAcl($acl); } catch (\Exception $e) { $output->writeln(sprintf('Error saving ObjectIdentity (%s, %s) ACL : %s <info>ignoring</info>', $oid->getIdentifier(), $oid->getType(), $e->getMessage())); } } return array($countAdded, $countUpdated); }
/** * {@inheritdoc} */ public function batchConfigureAcls(OutputInterface $output, AdminInterface $admin, UserSecurityIdentity $securityIdentity = null) { $securityHandler = $admin->getSecurityHandler(); if (!$securityHandler instanceof AclSecurityHandlerInterface) { $output->writeln('Admin class is not configured to use ACL : <info>ignoring</info>'); return; } $output->writeln(sprintf(' > generate ACLs for %s', $admin->getCode())); $objectOwnersMsg = is_null($securityIdentity) ? '' : ' and set the object owner'; /** @var DocumentManager $om */ $om = $admin->getModelManager()->getDocumentManager(); $qb = $om->createQueryBuilder($admin->getClass()); $count = 0; $countUpdated = 0; $countAdded = 0; try { $batchSize = 20; $batchSizeOutput = 200; $objectIds = array(); foreach ($qb->getQuery()->iterate() as $row) { $objectIds[] = ObjectIdentity::fromDomainObject($row); $objectIdIterator = new \ArrayIterator($objectIds); // detach from Doctrine, so that it can be Garbage-Collected immediately $om->detach($row); ++$count; if ($count % $batchSize == 0) { list($batchAdded, $batchUpdated) = $this->configureAcls($output, $admin, $objectIdIterator, $securityIdentity); $countAdded += $batchAdded; $countUpdated += $batchUpdated; $objectIds = array(); } if ($count % $batchSizeOutput == 0) { $output->writeln(sprintf(' - generated class ACEs%s for %s objects (added %s, updated %s)', $objectOwnersMsg, $count, $countAdded, $countUpdated)); } } if (count($objectIds) > 0) { list($batchAdded, $batchUpdated) = $this->configureAcls($output, $admin, $objectIdIterator, $securityIdentity); $countAdded += $batchAdded; $countUpdated += $batchUpdated; } } catch (\BadMethodCallException $e) { throw new ModelManagerException('', 0, $e); } $output->writeln(sprintf(' - [TOTAL] generated class ACEs%s for %s objects (added %s, updated %s)', $objectOwnersMsg, $count, $countAdded, $countUpdated)); }
/** * {@inheritDoc} */ public function configureAcls(OutputInterface $output, AdminInterface $admin) { $securityHandler = $admin->getSecurityHandler(); if (!$securityHandler instanceof AclSecurityHandlerInterface) { $output->writeln(sprintf('Admin `%s` is not configured to use ACL : <info>ignoring</info>', $admin->getCode())); return; } $objectIdentity = ObjectIdentity::fromDomainObject($admin); $newAcl = false; if (is_null($acl = $securityHandler->getObjectAcl($objectIdentity))) { $acl = $securityHandler->createAcl($objectIdentity); $newAcl = true; } // create admin ACL $output->writeln(sprintf(' > install ACL for %s', $admin->getCode())); $configResult = $this->addAdminClassAces($output, $acl, $securityHandler, $securityHandler->buildSecurityInformation($admin)); if ($configResult) { $securityHandler->updateAcl($acl); } else { $output->writeln(sprintf(' - %s , no roles and permissions found', $newAcl ? 'skip' : 'removed')); $securityHandler->deleteAcl($objectIdentity); } }
/** * @return array */ public function getSecurityInformation() { return $this->admin->getSecurityHandler()->buildSecurityInformation($this->admin); }
/** * Gets security handler. * * @return \Sonata\AdminBundle\Security\Handler\SecurityHandlerInterface */ public function getSecurityHandler() { return $this->admin->getSecurityHandler(); }