/** * @dataProvider provideObjectIdentifiers */ public function testPermissionUpdateEvent($objectId, $objectType, $objectIdentifier) { $this->aclProvider->findAcl(new ObjectIdentity($objectIdentifier, $objectType))->willThrow(AclNotFoundException::class); $this->aclProvider->createAcl(new ObjectIdentity($objectIdentifier, $objectType))->willReturn($this->acl->reveal())->shouldBeCalled(); $this->aclProvider->updateAcl($this->acl->reveal())->shouldBeCalled(); $this->acl->getObjectAces()->willReturn([]); $this->acl->insertObjectAce(Argument::cetera())->shouldBeCalled(); $this->accessControlManager->setPermissions($objectType, $objectId, [$this->securityIdentity->getRole() => ['view']]); }
/** * @dataProvider provideObjectIdentifiers */ public function testPermissionUpdateEvent($objectId, $objectType, $locale, $objectIdentifier) { $this->aclProvider->findAcl(new ObjectIdentity($objectIdentifier, $objectType))->willThrow(AclNotFoundException::class); $this->aclProvider->createAcl(new ObjectIdentity($objectIdentifier, $objectType))->willReturn($this->acl->reveal())->shouldBeCalled(); $this->aclProvider->updateAcl($this->acl->reveal())->shouldBeCalled(); $this->acl->getObjectAces()->willReturn([]); $this->acl->insertObjectAce(Argument::cetera())->shouldBeCalled(); $this->eventDispatcher->dispatch('sulu.security.permission.update', new PermissionUpdateEvent($objectType, $objectIdentifier, $this->securityIdentity, ['view']))->shouldBeCalled(); $this->accessControlManager->setPermissions($objectType, $objectId, $this->securityIdentity, ['view'], $locale); }
/** * {@inheritdoc} * * @SuppressWarnings(PHPMD.ExcessiveParameterList) */ protected function getInsertAccessControlEntrySql($classId, $objectIdentityId, $field, $aceOrder, $securityIdentityId, $strategy, $mask, $granting, $auditSuccess, $auditFailure) { $recordId = $this->updatedAcl && $this->updatedAcl->getObjectIdentity() ? $this->updatedAcl->getObjectIdentity()->getIdentifier() : null; $query = <<<QUERY INSERT INTO %s ( class_id, object_identity_id, field_name, ace_order, security_identity_id, mask, granting, granting_strategy, audit_success, audit_failure, record_id ) VALUES (%d, %s, %s, %d, %d, %d, %s, %s, %s, %s, %s) QUERY; return sprintf($query, $this->options['entry_table_name'], $classId, null === $objectIdentityId ? 'NULL' : (int) $objectIdentityId, null === $field ? 'NULL' : $this->connection->quote($field), $aceOrder, $securityIdentityId, $mask, $this->connection->getDatabasePlatform()->convertBooleans($granting), $this->connection->quote($strategy), $this->connection->getDatabasePlatform()->convertBooleans($auditSuccess), $this->connection->getDatabasePlatform()->convertBooleans($auditFailure), null === $recordId ? 'NULL' : (int) $recordId); }
/** * Persists any changes which were made to the ACL, or any associated access control entries. * * Changes to parent ACLs are not persisted. * * @throws \Symfony\Component\Security\Acl\Exception\Exception * * @param \Symfony\Component\Security\Acl\Model\MutableAclInterface $acl * * @return bool */ public function updateAcl(MutableAclInterface $acl) { if (!$acl instanceof MutableAcl) { throw new \InvalidArgumentException('The given ACL is not tracked by this provider. Please provide \\Propel\\Bundle\\PropelBundle\\Security\\Acl\\Domain\\MutableAcl only.'); } try { $modelEntries = EntryQuery::create()->findByAclIdentity($acl->getObjectIdentity(), array(), $this->connection); $objectIdentity = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($acl->getObjectIdentity(), $this->connection); $this->connection->beginTransaction(); $keepEntries = array_merge($this->persistAcl($acl->getClassAces(), $objectIdentity), $this->persistAcl($acl->getObjectAces(), $objectIdentity, true)); foreach ($acl->getFields() as $eachField) { $keepEntries = array_merge($keepEntries, $this->persistAcl($acl->getClassFieldAces($eachField), $objectIdentity), $this->persistAcl($acl->getObjectFieldAces($eachField), $objectIdentity, true)); } foreach ($modelEntries as $eachEntry) { if (!in_array($eachEntry->getId(), $keepEntries)) { $eachEntry->delete($this->connection); } } if (null === $acl->getParentAcl()) { $objectIdentity->setParentObjectIdentityId(null)->save($this->connection); } else { $objectIdentity->setParentObjectIdentityId($acl->getParentAcl()->getId())->save($this->connection); } $this->connection->commit(); // After successfully committing the transaction, we are good to update the cache. if (null !== $this->cache) { $this->cache->evictFromCacheById($objectIdentity->getId()); $this->cache->putInCache($acl); } return true; // @codeCoverageIgnoreStart } catch (Exception $e) { $this->connection->rollBack(); throw new AclException('An error occurred while updating the ACL.', 0, $e); } // @codeCoverageIgnoreEnd }
protected function doInstallFallbackAcl(MutableAclInterface $acl, MaskBuilder $builder) { $builder->add('iddqd'); $acl->insertClassAce(new RoleSecurityIdentity('ROLE_SUPER_ADMIN'), $builder->get()); $builder->reset()->add('view'); $acl->insertClassAce(new RoleSecurityIdentity('IS_AUTHENTICATED_ANONYMOUSLY'), $builder->get()); $builder->reset()->add('create')->add('view'); $acl->insertClassAce(new RoleSecurityIdentity('ROLE_USER'), $builder->get()); }
/** * Insert ACL entries * * @param MutableAclInterface $acl * @param array $insert */ protected function insertAclEntries(MutableAclInterface $acl, array $insert) { foreach ($insert as $entry) { $identity = $entry['identity']; $permission = $entry['permission']; if ($identity instanceof UserInterface) { $identity = UserSecurityIdentity::fromAccount($identity); } elseif (is_string($identity)) { $identity = new RoleSecurityIdentity($identity); } $acl->insertObjectAce($identity, $permission); } }