/** * Transforms an ACEType result into an ACE * * @param object $data * @return ace */ public function reverseTransform($data) { $sidParts = explode(':', $data['sid']); if (strtoupper($sidParts[0]) == 'R') { $sid = new RoleSecurityIdentity($sidParts[1]); } else { if (3 == count($sidParts)) { $class = $sidParts[2]; } else { if ($this->isLdapUser($sidParts[1])) { $class = 'FOM\\UserBundle\\Entity\\LdapUser'; } else { $class = 'FOM\\UserBundle\\Entity\\User'; } } $sid = new UserSecurityIdentity($sidParts[1], $class); } $maskBuilder = new MaskBuilder(); foreach ($data['permissions'] as $bit => $permission) { if (true === $permission) { $maskBuilder->add(1 << $bit - 1); } } return array('sid' => $sid, 'mask' => $maskBuilder->get()); }
protected function setUp() { $this->client = static::createClient(); $this->container = $this->client->getContainer(); $this->token = $this->createToken(); $this->container->get('security.context')->setToken($this->token); $this->connection = $this->container->get('database_connection'); if (!class_exists('PDO') || !in_array('sqlite', \PDO::getAvailableDrivers())) { $this->markTestSkipped('This test requires SQLite support in your environment.'); } $options = array('oid_table_name' => 'acl_object_identities', 'oid_ancestors_table_name' => 'acl_object_identity_ancestors', 'class_table_name' => 'acl_classes', 'sid_table_name' => 'acl_security_identities', 'entry_table_name' => 'acl_entries'); $schema = new Schema($options); foreach ($schema->toSql($this->connection->getDatabasePlatform()) as $sql) { $this->connection->exec($sql); } $this->manager = $this->container->get('oneup_acl.manager'); $this->object1 = new SomeObject(1); $this->object2 = new SomeObject(2); $builder1 = new MaskBuilder(); $builder1->add('view')->add('create')->add('edit'); $this->mask1 = $builder1->get(); $builder2 = new MaskBuilder(); $builder2->add('delete')->add('undelete'); $this->mask2 = $builder2->get(); }
/** * * @param array $permissions * @return int */ public function getCustomMask(array $permissions) { $builder = new MaskBuilder(); foreach ($permissions as $permission) { $builder->add($permission); } return $builder->get(); }
/** * Transforms a value into a string. * * @param string $value String value. * * @return string String value. * * @throws UnexpectedTypeException if the given value is not a string */ public function reverseTransform($value) { $maskBuilder = new MaskBuilder(); foreach ($value as $mask => $maskValue) { if ($maskValue) { $maskBuilder->add($mask); } } return $maskBuilder->get(); }
/** * Gives a user the right to edit himself. */ public function giveOwnRights($user) { $aclProvider = $this->container->get('security.acl.provider'); $maskBuilder = new MaskBuilder(); $usid = UserSecurityIdentity::fromAccount($user); $uoid = ObjectIdentity::fromDomainObject($user); foreach ($this->container->getParameter("fom_user.user_own_permissions") as $permission) { $maskBuilder->add($permission); } $umask = $maskBuilder->get(); try { $acl = $aclProvider->findAcl($uoid); } catch (\Exception $e) { $acl = $aclProvider->createAcl($uoid); } $acl->insertObjectAce($usid, $umask); $aclProvider->updateAcl($acl); }
public function updateAclByRoles($entity, $roleMasksMap) { $aclProvider = $this->container->get('security.acl.provider'); $objectIdentity = ObjectIdentity::fromDomainObject($entity); try { $acl = $aclProvider->findAcl($objectIdentity); } catch (\Symfony\Component\Security\Acl\Exception\AclNotFoundException $e) { $acl = $aclProvider->createAcl($objectIdentity); } foreach ($roleMasksMap as $role => $maskNames) { $roleSecurityIdentity = new RoleSecurityIdentity($role); $maskBuilder = new MaskBuilder(); $maskNamesArray = is_array($maskNames) ? $maskNames : [$maskNames]; foreach ($maskNamesArray as $maskName) { $maskBuilder->add($maskName); } $acl->insertObjectAce($roleSecurityIdentity, $maskBuilder->get()); } $aclProvider->updateAcl($acl); }
public function testReset() { $builder = new MaskBuilder(); $this->assertEquals(0, $builder->get()); $builder->add('view'); $this->assertTrue($builder->get() > 0); $builder->reset(); $this->assertEquals(0, $builder->get()); }
/** * @return int */ public static function getEditorMask() { $builder = new MaskBuilder(); $builder->add(self::EDIT); return $builder->get(); }
/** * Installs the default Class Ace entries into the provided $acl object. * * Override this method in a subclass to change what permissions are defined. * Once this method has been overridden you need to run the * `fos_comment:installAces --flush` command * * @param AclInterface $acl * @param MaskBuilder $builder * @return void */ protected function doInstallFallbackAcl(AclInterface $acl, MaskBuilder $builder) { $builder->add('iddqd'); $acl->insertClassAce(new RoleSecurityIdentity('ROLE_SUPER_ADMIN'), $builder->get()); $builder->reset(); $builder->add('create'); $builder->add('view'); $acl->insertClassAce(new RoleSecurityIdentity('IS_AUTHENTICATED_ANONYMOUSLY'), $builder->get()); $builder->reset(); $builder->add('create'); $builder->add('view'); $acl->insertClassAce(new RoleSecurityIdentity('ROLE_USER'), $builder->get()); }
/** * Create an entity * * @param object $entity * @return object */ protected function createEntity($entity) { // Persist $om = $this->objectManager; $om->beginTransaction(); try { $om->persist($entity); $om->flush(); // Acl $aclProvider = $this->aclProvider; $oid = ObjectIdentity::fromDomainObject($entity); try { $acl = $aclProvider->createAcl($oid); // Users shouldn't be able to change there own roles $builder = new MaskBuilder(); $builder->add('view')->add('edit'); $mask = $builder->get(); $acl->insertObjectAce(UserSecurityIdentity::fromAccount($entity), $mask); $builder = new MaskBuilder(); $builder->add('delete'); $mask = $builder->get(); $acl->insertObjectAce(UserSecurityIdentity::fromAccount($entity), $mask, 0, false); $aclProvider->updateAcl($acl); } catch (AclAlreadyExistsException $e) { } $om->commit(); } catch (\Exception $e) { $om->rollback(); throw $e; } return $entity; }
/** * Devuelve entero para la mascara de ACL. * * @param $arrayMask * @return int */ public function getMask($arrayMask) { $builder = new MaskBuilder(); foreach ($arrayMask as $value) { $builder->add(strtolower($value)); } return $builder->get(); }
/** * * @todo index action * * @return Response */ public function aclClassFieldsAction() { $request = $this->getRequest(); $form = $this->createAclForm(); if ($request->getMethod() == 'POST') { $form->bind($request); // Get role from post data $role = $form['role']->getData(); // Get permission value from post data $permission = $this->getRequest()->get('permission', array()); // Exchanges all keys with their associated values in array $aclValue = array_flip($this->_aclValues); $aclData = $this->container->getParameter('acl_class_fields'); foreach ($aclData as $aclItem) { foreach ($aclItem['fields'] as $key => $field) { if (!array_key_exists($aclItem['class'], $permission)) { $permission[$aclItem['class']][$key] = 0; } elseif (isset($permission[$aclItem['class']]) && !array_key_exists($key, $permission[$aclItem['class']])) { $permission[$aclItem['class']][$key] = 0; } } } // Loop to update acl of classes if (sizeof($permission)) { foreach ($permission as $class => $permissionValues) { if (sizeof($permissionValues)) { foreach ($permissionValues as $keyField => $fieldValue) { $builder = new MaskBuilder(); if (is_array($fieldValue) && sizeof($fieldValue) > 0) { foreach ($fieldValue as $value) { if (isset($aclValue[$value])) { $builder->add($aclValue[$value]); } } $this->updateClassFieldsAcl($class, $keyField, $role, $builder->get()); } else { $this->updateClassFieldsAcl($class, $keyField, $role, 0); } } } } // Set flash message $message = $this->get('translator')->trans('update_entity_success'); $this->get('session')->getFlashBag()->add('success', $message); } } return $this->render('AseagleAdminBundle:Acl:class-fields.html.twig', array('form' => $form->createView(), 'rid' => isset($role) ? $role->getId() : null)); }
/** * Returns the code for the passed mask. * * @param int $mask * * @throws \InvalidArgumentException * @throws \RuntimeException * * @return string */ public static function getCode($mask) { MaskBuilder::getCode($mask); }
public function testStrategiesSupportWorks() { $maskBuilder = new MaskBuilder(); $oid = new ObjectIdentity('id', 'type'); $acl = $this->aclProvider->createAcl($oid); $acl->insertObjectAce($this->sid, $maskBuilder->add(MaskBuilder::MASK_VIEW)->add(MaskBuilder::MASK_EDIT)->get(), 0, true, PermissionGrantingStrategy::EQUAL); $this->aclProvider->updateAcl($acl); $this->assertEmpty($this->aclProvider->findObjectIdentities($this->sid, "VIEW")); $this->assertEmpty($this->aclProvider->findAllowedEntries($this->sid, "VIEW")); }
protected function setRights($entity, $record) { $maskBuilder = new MaskBuilder(); if ($this->hasKey('viewRight', $record)) { $entity->setViewRight(true); $maskBuilder->add(MaskBuilder::MASK_VIEW); } else { $entity->setViewRight(false); $maskBuilder->remove(MaskBuilder::MASK_VIEW); } if ($this->hasKey('editRight', $record)) { $entity->setViewRight(true); $entity->setEditRight(true); $maskBuilder->add(MaskBuilder::MASK_VIEW); $maskBuilder->add(MaskBuilder::MASK_EDIT); } else { $entity->setEditRight(false); $maskBuilder->remove(MaskBuilder::MASK_EDIT); } if ($this->hasKey('masterRight', $record)) { $entity->setViewRight(true); $entity->setEditRight(true); $entity->setMasterRight(true); $maskBuilder->add(MaskBuilder::MASK_VIEW); $maskBuilder->add(MaskBuilder::MASK_EDIT); $maskBuilder->add(MaskBuilder::MASK_MASTER); } else { $entity->setMasterRight(false); $maskBuilder->remove(MaskBuilder::MASK_MASTER); } return $maskBuilder; }