/**
* Setup permission by role
*
* @param \Venne\Security\Authorizator $permission
* @param string $role
* @return \Venne\Security\Authorizator
*/
private function setPermissionsByRole(Authorizator $permission, $role)
{
// add role
if (!$permission->hasRole($role)) {
$permission->addRole($role);
}
// add resources
$resources = $this->permissionRepository->createQueryBuilder('a')->select('a.resource')->andWhere('a.role = :role')->setParameter('role', $role)->groupBy('a.resource')->getQuery()->getResult();
foreach ($resources as $resource) {
if (!$permission->hasResource($resource)) {
$permission->addResource($resource);
}
}
// set allow/deny
$roleEntity = $this->roleRepository->findOneByName($role);
if ($roleEntity) {
if ($roleEntity->parent) {
$this->setPermissionsByRole($permission, $roleEntity->parent->name);
}
if ($roleEntity && !$permission->hasRole($role)) {
$permission->addRole($role, $roleEntity->parent ? $roleEntity->parent->name : null);
}
foreach ($roleEntity->permissions as $perm) {
if ($perm->resource === $permission::ALL || $permission->hasResource($perm->resource)) {
if ($perm->allow) {
$permission->allow($role, $perm->resource, $perm->privilege ? $perm->privilege : null);
} else {
$permission->deny($role, $perm->resource, $perm->privilege ? $perm->privilege : null);
}
}
}
}
return $permission;
}
