/**
* Determines if object is shared for specified security identities.
*
* @param object $object
* @param SecurityIdentityInterface[] $sids
*
* @return bool
*/
public function isObjectSharedWithSids($object, array $sids)
{
$objectIdentity = ObjectIdentity::fromDomainObject($object);
try {
$acl = $this->aclProvider->findAcl($objectIdentity);
} catch (AclNotFoundException $e) {
return false;
}
foreach ($acl->getObjectAces() as $ace) {
/** @var Entry $ace */
foreach ($sids as $sid) {
if ($sid->equals($ace->getSecurityIdentity())) {
return true;
}
}
}
return false;
}
/**
* {@inheritdoc}
*/
public function updateUserSecurityIdentity($oldUsername, UserInterface $user = null)
{
// $this->aclProvider->updateUserSecurityIdentity() is only available in symfony/security-acl >= 2.5
if (method_exists($this->aclProvider, 'updateUserSecurityIdentity')) {
$this->aclProvider->updateUserSecurityIdentity($this->getUserSecurityIdentity($user), $oldUsername);
} else {
// only for symfony/security-acl < 2.5
$usid = $this->getUserSecurityIdentity($user);
if ($usid->getUsername() == $oldUsername) {
throw new \InvalidArgumentException('There are no changes.');
}
$oldIdentifier = $usid->getClass() . '-' . $oldUsername;
$newIdentifier = $usid->getClass() . '-' . $usid->getUsername();
$query = sprintf('UPDATE %s SET identifier = %s WHERE identifier = %s AND username = %s', $this->aclTables['sid'], $this->connection->quote($newIdentifier), $this->connection->quote($oldIdentifier), $this->connection->getDatabasePlatform()->convertBooleans(true));
$this->connection->executeQuery($query);
}
}
/**
* @param $entity
* @param User $user
* @return int
*/
public function getPermission($entity, User $user)
{
$securityIdentity = UserSecurityIdentity::fromAccount($user);
$objectIdentity = ObjectIdentity::fromDomainObject($entity);
try {
$acl = $this->aclProvider->findAcl($objectIdentity);
$objectAce = $acl->getObjectAces();
foreach ($objectAce as $key => $ace) {
if ($ace->getSecurityIdentity() == $securityIdentity) {
return $ace->getMask();
}
}
return self::MASK_UNDEFINED;
} catch (\Exception $e) {
return self::MASK_UNDEFINED;
}
return self::MASK_UNDEFINED;
}
/**
* Returns objects extracted from objectIdentity
*
* @return array
*/
protected function getObjects()
{
$objects = [];
$objectIdentity = ObjectIdentity::fromDomainObject($this->object);
try {
$acl = $this->aclProvider->findAcl($objectIdentity);
} catch (AclNotFoundException $e) {
// no ACL found, do nothing
$acl = null;
}
if (!$acl) {
return $objects;
}
$buIds = [];
$usernames = [];
foreach ($acl->getObjectAces() as $ace) {
/** @var $ace Entry */
$securityIdentity = $ace->getSecurityIdentity();
if ($securityIdentity instanceof UserSecurityIdentity) {
$usernames[] = $securityIdentity->getUsername();
} elseif ($securityIdentity instanceof BusinessUnitSecurityIdentity) {
$buIds[] = $securityIdentity->getId();
}
}
if ($buIds) {
/** @var $repo BusinessUnitRepository */
$repo = $this->objectManager->getRepository('OroOrganizationBundle:BusinessUnit');
$businessUnits = $repo->getBusinessUnits($buIds);
$objects = array_merge($objects, $businessUnits);
}
if ($usernames) {
/** @var $repo UserRepository */
$repo = $this->objectManager->getRepository('OroUserBundle:User');
$users = $repo->findUsersByUsernames($usernames);
$objects = array_merge($objects, $users);
}
return $objects;
}
/**
* @param Share $model
* @param object $entity
*/
protected function onSuccess($model, $entity)
{
$objectIdentity = ObjectIdentity::fromDomainObject($entity);
try {
$acl = $this->aclProvider->findAcl($objectIdentity);
} catch (AclNotFoundException $e) {
$acl = $this->aclProvider->createAcl($objectIdentity);
}
$oldSids = $this->extractSids($acl);
// saves original value of old sids to extract new added elements
$oldSidsCopy = $oldSids;
$newSids = $this->generateSids($model);
// $oldSids - $newSids: to delete
foreach (array_diff($oldSids, $newSids) as $sid) {
$acl->deleteObjectAce(array_search($sid, $oldSids, true));
// fills array again because index was recalculated
$oldSids = $this->extractSids($acl);
}
// $newSids - $oldSids: to insert
foreach (array_diff($newSids, $oldSidsCopy) as $sid) {
$acl->insertObjectAce($sid, $this->getMaskBySid($sid));
}
$this->aclProvider->updateAcl($acl);
}
/**
* Constructor.
*
* @param Connection $connection
* @param PermissionGrantingStrategyInterface $permissionGrantingStrategy
* @param array $options
* @param AclCacheInterface $cache
*/
public function __construct(Connection $connection, PermissionGrantingStrategyInterface $permissionGrantingStrategy, array $options, AclCacheInterface $cache = null)
{
$this->permissionStrategy = $permissionGrantingStrategy;
parent::__construct($connection, $permissionGrantingStrategy, $options, $cache);
}
/**
* {@inheritdoc}
*/
public function findAcls(array $oids, array $sids = array())
{
$sids = $this->hydrateSecurityIdentities($sids);
return parent::findAcls($oids, $sids);
}