/** * @param ObjectIdentityInterface $objectIdentity * @param SecurityIdentityInterface $securityIdentity * @param string|string[] $permissions * @param string $type * @param null|string $field */ protected function revoke(ObjectIdentityInterface $objectIdentity, SecurityIdentityInterface $securityIdentity, $permissions, $type, $field = null) { if (null === ($acl = $this->findAcl($objectIdentity))) { return; } $index = false; $oldMask = 0; /** @var Entry $ace */ foreach ($acl->{$this->resolveAceMethod('get', $type, $field)}($field) as $k => $ace) { if ($securityIdentity->equals($ace->getSecurityIdentity())) { $index = $k; $oldMask = $ace->getMask(); continue; } } if (false !== $index) { $maskBuilder = $this->permissionMap->getMaskBuilder(); $maskBuilder->set($oldMask); foreach ((array) $permissions as $permission) { $maskBuilder->remove($permission); } if (null === $field) { $acl->{$this->resolveAceMethod('update', $type)}($index, $maskBuilder->get()); } else { $acl->{$this->resolveAceMethod('update', $type, $field)}($index, $field, $maskBuilder->get()); } } $this->aclProvider->updateAcl($acl); }
/** * @param Connection $connection * @param $permission * * @return string * * @throws \Exception */ private function getAclWhereClause(Connection $connection, $permission) { $sql = 'acl.granting = ' . $connection->getDriver()->getDatabasePlatform()->convertBooleans(true) . ' AND ('; $requiredMasks = $this->permissionMap->getMasks($permission, null); if (empty($requiredMasks)) { throw new \Exception('The required masks can not be resolved'); } $all = $connection->quote(PermissionGrantingStrategy::ALL); $any = $connection->quote(PermissionGrantingStrategy::ANY); $equal = $connection->quote(PermissionGrantingStrategy::EQUAL); $conditions = []; foreach ($requiredMasks as $requiredMask) { $conditions[] = <<<SQL ( (acl.granting_strategy = {$all} AND {$requiredMask} = (acl.mask & {$requiredMask})) OR (acl.granting_strategy = {$any} AND 0 != (acl.mask & {$requiredMask})) OR (acl.granting_strategy = {$equal} AND {$requiredMask} = acl.mask) ) SQL; } return $sql . implode(' OR ', $conditions) . ')'; }