/** * @test */ public function setParentRolesMakesSureThatParentRolesDontContainDuplicates() { $role = new Role('Acme.Demo:Test'); $role->initializeObject(); $parentRole1 = new Role('Acme.Demo:Parent1'); $parentRole2 = new Role('Acme.Demo:Parent2'); $parentRole2->addParentRole($parentRole1); $role->setParentRoles(array($parentRole1, $parentRole2, $parentRole2, $parentRole1)); $expectedParentRoles = array('Acme.Demo:Parent1' => $parentRole1, 'Acme.Demo:Parent2' => $parentRole2); // Internally, parentRoles might contain duplicates which Doctrine will try // to persist - even though getParentRoles() will return an array which // does not contain duplicates: $internalParentRolesCollection = ObjectAccess::getProperty($role, 'parentRoles', TRUE); $this->assertEquals(2, count($internalParentRolesCollection->toArray())); $this->assertEquals($expectedParentRoles, $role->getParentRoles()); }
/** * Parses the global policy configuration and initializes roles and privileges accordingly * * @return void * @throws SecurityException */ protected function initialize() { if ($this->initialized) { return; } $this->policyConfiguration = $this->configurationManager->getConfiguration(ConfigurationManager::CONFIGURATION_TYPE_POLICY); $this->emitConfigurationLoaded($this->policyConfiguration); $this->initializePrivilegeTargets(); $privilegeTargetsForEverybody = $this->privilegeTargets; $this->roles = array(); $everybodyRole = new Role('TYPO3.Flow:Everybody'); $everybodyRole->setAbstract(true); if (isset($this->policyConfiguration['roles'])) { foreach ($this->policyConfiguration['roles'] as $roleIdentifier => $roleConfiguration) { if ($roleIdentifier === 'TYPO3.Flow:Everybody') { $role = $everybodyRole; } else { $role = new Role($roleIdentifier); if (isset($roleConfiguration['abstract'])) { $role->setAbstract((bool) $roleConfiguration['abstract']); } } if (isset($roleConfiguration['privileges'])) { foreach ($roleConfiguration['privileges'] as $privilegeConfiguration) { $privilegeTargetIdentifier = $privilegeConfiguration['privilegeTarget']; if (!isset($this->privilegeTargets[$privilegeTargetIdentifier])) { throw new SecurityException(sprintf('privilege target "%s", referenced in role configuration "%s" is not defined!', $privilegeTargetIdentifier, $roleIdentifier), 1395869320); } $privilegeTarget = $this->privilegeTargets[$privilegeTargetIdentifier]; if (!isset($privilegeConfiguration['permission'])) { throw new SecurityException(sprintf('No permission set for privilegeTarget "%s" in Role "%s"', $privilegeTargetIdentifier, $roleIdentifier), 1395869331); } $privilegeParameters = isset($privilegeConfiguration['parameters']) ? $privilegeConfiguration['parameters'] : array(); try { $privilege = $privilegeTarget->createPrivilege($privilegeConfiguration['permission'], $privilegeParameters); } catch (\Exception $exception) { throw new SecurityException(sprintf('Error for privilegeTarget "%s" in Role "%s": %s', $privilegeTargetIdentifier, $roleIdentifier, $exception->getMessage()), 1401886654, $exception); } $role->addPrivilege($privilege); if ($roleIdentifier === 'TYPO3.Flow:Everybody') { unset($privilegeTargetsForEverybody[$privilegeTargetIdentifier]); } } } $this->roles[$roleIdentifier] = $role; } } // create ABSTAIN privilege for all uncovered privilegeTargets /** @var PrivilegeTarget $privilegeTarget */ foreach ($privilegeTargetsForEverybody as $privilegeTarget) { if ($privilegeTarget->hasParameters()) { continue; } $everybodyRole->addPrivilege($privilegeTarget->createPrivilege(PrivilegeInterface::ABSTAIN)); } $this->roles['TYPO3.Flow:Everybody'] = $everybodyRole; // Set parent roles /** @var Role $role */ foreach ($this->roles as $role) { if (isset($this->policyConfiguration['roles'][$role->getIdentifier()]['parentRoles'])) { foreach ($this->policyConfiguration['roles'][$role->getIdentifier()]['parentRoles'] as $parentRoleIdentifier) { $role->addParentRole($this->roles[$parentRoleIdentifier]); } } } $this->emitRolesInitialized($this->roles); $this->initialized = true; }