/** * Bulk permissions create/update. * * * @Rest\Security("is_fully_authenticated() & has_role('ROLE_API_USER')") */ public function postPermissionMapAction(Request $request) { $permissionMap = $request->request->all(); $aclManager = $this->getContainer()->get("security.acl_manager"); $violations = new ConstraintViolationList(); foreach ($permissionMap as $i => $objectMap) { $permissions = $objectMap['permissions']; if (!isset($objectMap['object_class'])) { $violations->add(new ConstraintViolation("Object class not supllied", "Object class not supllied", [], sprintf('%s[object_class]', $i), sprintf('%s[object_class]', $i), null)); continue; } $objectClass = $objectMap['object_class']; $objectId = null; if (!class_exists($objectClass)) { $violations->add(new ConstraintViolation("Class {$objectClass} doesn't exist", "Class {$objectClass} doesn't exist", [], sprintf('%s[object_class]', $i), sprintf('%s[object_class]', $i), $objectClass)); continue; } $objectIdentity = null; if (isset($objectMap['object_id'])) { $objectId = $objectMap['object_id']; // object scope $objectIdentity = new ObjectIdentity($objectId, $objectClass); } else { // class scope $objectIdentity = new ObjectIdentity('class', $objectClass); } if (!isset($objectMap['sid'])) { $violations->add(new ConstraintViolation("Security ID not supllied", "Security ID not supllied", [], sprintf('%s[sid]', $i), sprintf('%s[sid]', $i), null)); continue; } $sid = $objectMap['sid']; $securityIdentity = new UserSecurityIdentity($sid, 'BackBee\\Security\\Group'); // convert values to booleans $permissions = array_map(function ($val) { return \BackBee\Utils\StringUtils::toBoolean((string) $val); }, $permissions); // remove false values $permissions = array_filter($permissions); $permissions = array_keys($permissions); $permissions = array_unique($permissions); try { $mask = $aclManager->getMask($permissions); } catch (\BackBee\Security\Acl\Permission\InvalidPermissionException $e) { $violations->add(new ConstraintViolation($e->getMessage(), $e->getMessage(), [], sprintf('%s[permissions]', $i), sprintf('%s[permissions]', $i), $e->getPermission())); continue; } if ($objectId) { $aclManager->insertOrUpdateObjectAce($objectIdentity, $securityIdentity, $mask); } else { $aclManager->insertOrUpdateClassAce($objectIdentity, $securityIdentity, $mask); } } if (count($violations) > 0) { throw new ValidationException($violations); } return new Response('', 204); }
/** * @expectedException \BackBee\Utils\Exception\InvalidArgumentException */ public function testToBooleanWithIntegerValues() { StringUtils::toBoolean(1); }