/** * @see Command */ protected function execute(InputInterface $input, OutputInterface $output) { $doctrine = $this->getContainer()->get('doctrine'); $em = $doctrine->getManager(); $name = $input->getArgument('name'); $system = $input->getArgument('system'); /* @var RepositoryInterface $roleRepository */ $repository = $this->getContainer()->get('sulu.repository.role'); $role = $repository->findOneByName($name); if ($role) { $output->writeln(sprintf('<error>Role "%s" already exists.</error>', $name)); return 1; } /** @var RoleInterface $role */ $role = $repository->createNew(); $role->setName($name); $role->setSystem($system); $pool = $this->getContainer()->get('sulu_admin.admin_pool'); $securityContexts = $pool->getSecurityContexts(); // flatten contexts $securityContextsFlat = []; array_walk_recursive($securityContexts['Sulu'], function ($value) use(&$securityContextsFlat) { $securityContextsFlat[] = $value; }); foreach ($securityContextsFlat as $securityContext) { $permission = new Permission(); $permission->setRole($role); $permission->setContext($securityContext); $permission->setPermissions(127); $role->addPermission($permission); } $em->persist($role); $em->flush(); $output->writeln(sprintf('Created role "<comment>%s</comment>" in system "<comment>%s</comment>".', $role->getName(), $role->getSystem())); }
public function setUp() { $this->user = new User(); $this->userRole = new UserRole(); $this->role = new Role(); $this->permission = new Permission(); $this->permission->setPermissions(122); $this->permission->setContext('sulu.security.roles'); $this->role->addPermission($this->permission); $this->userRole->setRole($this->role); $this->user->addUserRole($this->userRole); $this->userGroup = new UserGroup(); $this->group = new Group(); $this->role = new Role(); $this->permission = new Permission(); $this->permission->setPermissions(122); $this->permission->setContext('sulu.security.groups'); $this->role->addPermission($this->permission); $this->group->addRole($this->role); $this->userGroup->setGroup($this->group); $this->nestedGroup = new Group(); $this->role = new Role(); $this->permission = new Permission(); $this->permission->setPermissions(122); $this->permission->setContext('sulu.security.groups.nested'); $this->role->addPermission($this->permission); $this->nestedGroup->addRole($this->role); $this->group->addChildren($this->nestedGroup); $this->user->addUserGroup($this->userGroup); $this->token = $this->prophesize(TokenInterface::class); $this->token->getUser()->willReturn($this->user); $this->aclProvider = $this->prophesize(AclProviderInterface::class); $this->aclProvider->findAcl(Argument::any())->willReturn(true); $this->voter = new SecurityContextVoter($this->permissions, $this->aclProvider->reveal()); }
public function setUp() { $this->em = $this->db('ORM')->getOm(); $this->purgeDatabase(); $this->securityType1 = new SecurityType(); $this->securityType1->setName('Security Type 1'); $this->em->persist($this->securityType1); $this->securityType2 = new SecurityType(); $this->securityType2->setName('Security Type 2'); $this->em->persist($this->securityType2); $role = new Role(); $role->setName('Sulu Administrator'); $role->setSystem('Sulu'); $role->setSecurityType($this->securityType1); $this->em->persist($role); $this->role1 = $role; $role2 = new Role(); $role2->setName('Sulu Editor'); $role2->setSystem('Sulu'); $this->em->persist($role2); $this->role2 = $role2; $this->em->flush(); $permission1 = new Permission(); $permission1->setRole($role); $permission1->setContext('context1'); $permission1->setPermissions(15); $this->em->persist($permission1); $this->permission1 = $permission1; $permission2 = new Permission(); $permission2->setRole($role); $permission2->setContext('context2'); $permission2->setPermissions(17); $this->em->persist($permission2); $this->permission2 = $permission2; $permission3 = new Permission(); $permission3->setRole($role2); $permission3->setContext('context1'); $permission3->setPermissions(64); $this->em->persist($permission3); $permission4 = new Permission(); $permission4->setRole($role2); $permission4->setContext('context2'); $permission4->setPermissions(35); $this->em->persist($permission4); $this->em->flush(); }
/** * @see Command */ protected function execute(InputInterface $input, OutputInterface $output) { $doctrine = $this->getContainer()->get('doctrine'); $em = $doctrine->getManager(); $name = $input->getArgument('name'); $system = $input->getArgument('system'); /* @var RepositoryInterface $roleRepository */ $repository = $this->getContainer()->get('sulu.repository.role'); $role = $repository->findOneByName($name); if ($role) { $output->writeln(sprintf('<error>Role "%s" already exists.</error>', $name)); return 1; } /** @var RoleInterface $role */ $role = $repository->createNew(); $role->setName($name); $role->setSystem($system); $pool = $this->getContainer()->get('sulu_admin.admin_pool'); $securityContexts = $pool->getSecurityContexts(); // flatten contexts $securityContextsFlat = []; foreach ($securityContexts['Sulu'] as $section => $contexts) { foreach ($contexts as $context => $permissionTypes) { if (is_array($permissionTypes)) { $securityContextsFlat[] = $context; } else { // FIXME here for BC reasons, because the array used to only contain values without permission types $securityContextsFlat[] = $permissionTypes; } } } foreach ($securityContextsFlat as $securityContext) { $permission = new Permission(); $permission->setRole($role); $permission->setContext($securityContext); $permission->setPermissions(127); $role->addPermission($permission); } $em->persist($role); $em->flush(); $output->writeln(sprintf('Created role "<comment>%s</comment>" in system "<comment>%s</comment>".', $role->getName(), $role->getSystem())); }
public function setUp() { $roleIdReflection = new \ReflectionProperty(BaseRole::class, 'id'); $roleIdReflection->setAccessible(true); $this->user = new User(); $this->userRole = new UserRole(); $this->role = new Role(); $roleIdReflection->setValue($this->role, 1); $this->role->setName('role1'); $this->permission = new Permission(); $this->permission->setPermissions(122); $this->permission->setContext('sulu.security.roles'); $this->role->addPermission($this->permission); $this->userRole->setRole($this->role); $this->user->addUserRole($this->userRole); $this->token = $this->prophesize(TokenInterface::class); $this->token->getUser()->willReturn($this->user); $this->accessControlManager = $this->prophesize(AccessControlManagerInterface::class); $this->voter = new SecurityContextVoter($this->accessControlManager->reveal(), $this->permissions); }
protected function initOrm() { $this->em = $this->getContainer()->get('doctrine')->getManager(); $contact = new Contact(); $contact->setFirstName('Max'); $contact->setLastName('Mustermann'); $this->em->persist($contact); $emailType = new EmailType(); $emailType->setName('Private'); $this->em->persist($emailType); $this->em->flush(); $email = new Email(); $email->setEmail('*****@*****.**'); $email->setEmailType($emailType); $this->em->persist($email); $this->em->flush(); $role1 = new Role(); $role1->setName('Role1'); $role1->setSystem('Sulu'); $this->em->persist($role1); $user = new User(); $user->setUsername('admin'); $user->setPassword('securepassword'); $user->setSalt('salt'); $user->setLocale('de'); $user->setContact($contact); $this->em->persist($user); $this->em->flush(); $userRole1 = new UserRole(); $userRole1->setRole($role1); $userRole1->setUser($user); $userRole1->setLocale(json_encode(['de', 'en'])); $this->em->persist($userRole1); $this->em->flush(); $permission1 = new Permission(); $permission1->setPermissions(122); $permission1->setRole($role1); $permission1->setContext('Context 1'); $this->em->persist($permission1); $this->em->flush(); }
public function setUp() { $this->em = $this->db('ORM')->getOm(); $this->purgeDatabase(); $emailType = new EmailType(); $emailType->setName('Private'); $this->em->persist($emailType); $email1 = new Email(); $email1->setEmail('*****@*****.**'); $email1->setEmailType($emailType); $this->em->persist($email1); // Contact $contact1 = new Contact(); $contact1->setFirstName('Max'); $contact1->setLastName('Mustermann'); $contact1->addEmail($email1); $this->em->persist($contact1); $this->contact1 = $contact1; $email = new Email(); $email->setEmail('*****@*****.**'); $email->setEmailType($emailType); $this->em->persist($email); $contact2 = new Contact(); $contact2->setFirstName('Max'); $contact2->setLastName('Muster'); $contact2->addEmail($email); $this->em->persist($contact2); $this->contact2 = $contact2; $contact3 = new Contact(); $contact3->setFirstName('Disabled'); $contact3->setLastName('User'); $contact3->addEmail($email); $this->em->persist($contact3); $this->contact3 = $contact3; $this->em->flush(); $role1 = new Role(); $role1->setName('Role1'); $role1->setSystem('Sulu'); $this->em->persist($role1); $this->role1 = $role1; $role2 = new Role(); $role2->setName('Role2'); $role2->setSystem('Sulu'); $this->em->persist($role2); $this->role2 = $role2; // User 1 $user = new User(); $user->setUsername('admin'); $user->setEmail('*****@*****.**'); $user->setPassword('securepassword'); $user->setSalt('salt'); $user->setLocale('de'); $user->setContact($contact2); $this->em->persist($user); $this->user1 = $user; // User 2 $user1 = new User(); $user1->setUsername('disabled'); $user1->setEmail('*****@*****.**'); $user1->setPassword('securepassword'); $user1->setSalt('salt'); $user1->setLocale('de'); $user1->setContact($contact3); $user1->setEnabled(false); $this->em->persist($user1); $this->user2 = $user1; $this->em->flush(); $userRole1 = new UserRole(); $userRole1->setRole($role1); $userRole1->setUser($user); $userRole1->setLocale(json_encode(['de', 'en'])); $this->em->persist($userRole1); $userRole2 = new UserRole(); $userRole2->setRole($role2); $userRole2->setUser($user); $userRole2->setLocale(json_encode(['de', 'en'])); $this->em->persist($userRole2); $userRole3 = new UserRole(); $userRole3->setRole($role2); $userRole3->setUser($user); $userRole3->setLocale(json_encode(['de', 'en'])); $this->em->persist($userRole3); $permission1 = new Permission(); $permission1->setPermissions(122); $permission1->setRole($role1); $permission1->setContext('Context 1'); $this->em->persist($permission1); $permission2 = new Permission(); $permission2->setPermissions(122); $permission2->setRole($role2); $permission2->setContext('Context 2'); $this->em->persist($permission2); // user groups $group1 = new Group(); $group1->setName('Group1'); $group1->setLft(0); $group1->setRgt(0); $group1->setDepth(0); $this->em->persist($group1); $this->group1 = $group1; $group2 = new Group(); $group2->setName('Group2'); $group2->setLft(0); $group2->setRgt(0); $group2->setDepth(0); $this->em->persist($group2); $this->group2 = $group2; $this->em->flush(); }
/** * Updates an already existing permission. * * @param Permission $permission * @param $permissionData * * @return bool */ private function updatePermission(Permission $permission, $permissionData) { $permission->setContext($permissionData['context']); $permission->setPermissions($this->get('sulu_security.mask_converter')->convertPermissionsToNumber($permissionData['permissions'])); return true; }
/** * Checks if the combination of permission and userrole is allowed for the given attributes. * * @param SecurityCondition $object * @param int $attribute * @param Permission $permission * @param array|null $locales * * @return bool */ private function isGranted($object, $attribute, Permission $permission, $locales) { if (!is_array($locales)) { $locales = []; } $hasContext = $permission->getContext() == $object->getSecurityContext(); $hasLocale = $object->getLocale() == null || in_array($object->getLocale(), $locales); // if there is a concrete object we only have to check for the locale and context if ($object->getObjectId() || $object->getObjectType()) { return $hasContext && $hasLocale; } $hasPermission = $permission->getPermissions() & $this->permissions[$attribute]; return $hasContext && $hasPermission && $hasLocale; }
public function setUp() { $this->em = $this->db('ORM')->getOm(); $this->purgeDatabase(); // email $emailType = new EmailType(); $emailType->setName('Private'); $this->em->persist($emailType); $email = new Email(); $email->setEmail('*****@*****.**'); $email->setEmailType($emailType); $this->em->persist($email); $email2 = new Email(); $email2->setEmail('*****@*****.**'); $email2->setEmailType($emailType); $this->em->persist($email2); // Contact $contact1 = new Contact(); $contact1->setFirstName('Max'); $contact1->setLastName('Muster'); $contact1->addEmail($email); $this->em->persist($contact1); $contact2 = new Contact(); $contact2->setFirstName('Maria'); $contact2->setLastName('Musterfrau'); $contact2->addEmail($email2); $this->em->persist($contact2); $this->em->flush(); $role1 = new Role(); $role1->setName('Role1'); $role1->setSystem('Sulu'); $this->em->persist($role1); $role2 = new Role(); $role2->setName('Role2'); $role2->setSystem('Test'); $this->em->persist($role2); // User 1 $user = new User(); $user->setUsername('admin'); $user->setEmail('*****@*****.**'); $user->setPassword('securepassword'); $user->setPasswordResetToken('mySuperSecretToken'); $user->setSalt('salt'); $user->setLocale('de'); $user->setContact($contact1); $this->em->persist($user); // User 2 $user2 = new User(); $user2->setUsername('test'); $user2->setEmail('*****@*****.**'); $user2->setPassword('securepassword'); $user2->setSalt('salt'); $user2->setLocale('de'); $user2->setContact($contact2); $this->em->persist($user2); $this->em->flush(); $userRole1 = new UserRole(); $userRole1->setRole($role1); $userRole1->setUser($user); $userRole1->setLocale(json_encode(['de', 'en'])); $this->em->persist($userRole1); $userRole2 = new UserRole(); $userRole2->setRole($role2); $userRole2->setUser($user2); $userRole2->setLocale(json_encode(['de', 'en'])); $this->em->persist($userRole2); $permission1 = new Permission(); $permission1->setPermissions(122); $permission1->setRole($role1); $permission1->setContext('Context 1'); $this->em->persist($permission1); $permission2 = new Permission(); $permission2->setPermissions(122); $permission2->setRole($role2); $permission2->setContext('Context 2'); $this->em->persist($permission2); // user groups $group1 = new Group(); $group1->setName('Group1'); $group1->setLft(0); $group1->setRgt(0); $group1->setDepth(0); $this->em->persist($group1); $group2 = new Group(); $group2->setName('Group2'); $group2->setLft(0); $group2->setRgt(0); $group2->setDepth(0); $this->em->persist($group2); $this->em->flush(); }
private function getOrCreateRole($name, $system) { $role = $this->getEntityManager()->getRepository('Sulu\\Bundle\\SecurityBundle\\Entity\\Role')->findOneByName($name); if ($role) { return $role; } $role = new Role(); $role->setName($name); $role->setSystem($system); $pool = $this->getContainer()->get('sulu_admin.admin_pool'); $securityContexts = $pool->getSecurityContexts(); $securityContextsFlat = []; array_walk_recursive($securityContexts['Sulu'], function ($value) use(&$securityContextsFlat) { $securityContextsFlat[] = $value; }); foreach ($securityContextsFlat as $securityContext) { $permission = new Permission(); $permission->setRole($role); $permission->setContext($securityContext); $permission->setPermissions(120); $role->addPermission($permission); } $this->getEntityManager()->persist($role); $this->getEntityManager()->flush(); return $role; }