/** * {@inheritDoc} */ public function getObjectIdentity($domainObject) { try { return $this->objectIdentityFactory->get($domainObject); } catch (InvalidDomainObjectException $failed) { return null; } }
/** * Checks if an access to a resource is granted to the caller * * @param string|string[] $attributes Can be a role name(s), permission name(s), an ACL annotation id * or something else, it depends on registered security voters * @param mixed $object A domain object, object identity or object identity descriptor (id:type) * @return bool */ public function isGranted($attributes, $object = null) { if ($object === null && is_string($attributes) && ($annotation = $this->annotationProvider->findAnnotationById($attributes))) { $this->logger->debug(sprintf('Check an access using "%s" ACL annotation.', $annotation->getId())); $isGranted = $this->authorizationChecker->isGranted($annotation->getPermission(), $this->objectIdentityFactory->get($annotation)); } elseif (is_string($object)) { $isGranted = $this->authorizationChecker->isGranted($attributes, $this->objectIdentityFactory->get($object)); } else { $isGranted = $this->authorizationChecker->isGranted($attributes, $object); } return $isGranted; }
public function testFromActionAclAnnotation() { $obj = new AclAnnotation(array('id' => 'test_action', 'type' => 'action')); $id = $this->factory->get($obj); $this->assertEquals('action', $id->getIdentifier()); $this->assertEquals('test_action', $id->getType()); }
/** * {@inheritdoc} */ public function findAcl(ObjectIdentityInterface $oid, array $sids = array()) { $rootOid = $this->objectIdentityFactory->root($oid); try { $acl = $this->getAcl($oid, $sids, $rootOid); } catch (AclNotFoundException $noAcl) { try { // Try to get ACL for underlying object $underlyingOid = $this->objectIdentityFactory->underlying($oid); $acl = $this->getAcl($underlyingOid, $sids, $rootOid); } catch (\Exception $noUnderlyingAcl) { // Try to get ACL for root object try { $this->baseAclProvider->cacheEmptyAcl($oid); return $this->baseAclProvider->findAcl($rootOid, $sids); } catch (AclNotFoundException $noRootAcl) { throw new AclNotFoundException(sprintf('There is no ACL for %s. The root ACL %s was not found as well.', $oid, $rootOid), 0, $noAcl); } } } return $acl; }
/** * Get Acl based on given OID and Parent OID * * @param ObjectIdentityInterface $oid * @param array $sids * @param ObjectIdentityInterface $rootOid * @return RootBasedAclWrapper|\Symfony\Component\Security\Acl\Model\AclInterface */ protected function getAcl(ObjectIdentityInterface $oid, array $sids, ObjectIdentityInterface $rootOid) { $acl = $this->baseAclProvider->findAcl($oid, $sids); if ($this->baseAclProvider->isReplaceWithUnderlyingAcl($acl)) { $underlyingOid = $this->objectIdentityFactory->underlying($oid); return $this->getAcl($underlyingOid, $sids, $rootOid); } try { $rootAcl = $this->baseAclProvider->findAcl($rootOid, $sids); if ($this->baseAclProvider->isEmptyAcl($acl)) { return $rootAcl; } else { return new RootBasedAclWrapper($acl, $rootAcl); } } catch (AclNotFoundException $noRootAcl) { return $acl; } }
/** * Checks if an access to a resource is granted to the caller * * @param string|string[] $attributes Can be a role name(s), permission name(s), an ACL annotation id, * string in format "permission;descriptor" * (VIEW;entity:AcmeDemoBundle:AcmeEntity, EDIT;action:acme_action) * or something else, it depends on registered security voters * @param mixed $object A domain object, object identity or object identity descriptor (id:type) * (entity:Acme/DemoBundle/Entity/AcmeEntity, action:some_action) * * @return bool */ public function isGranted($attributes, $object = null) { if (is_string($attributes) && ($annotation = $this->annotationProvider->findAnnotationById($attributes))) { if ($object === null) { $this->logger->debug(sprintf('Check class based an access using "%s" ACL annotation.', $annotation->getId())); $isGranted = $this->securityContext->isGranted($annotation->getPermission(), $this->objectIdentityFactory->get($annotation)); } else { $this->logger->debug(sprintf('Check object based an access using "%s" ACL annotation.', $annotation->getId())); $isGranted = $this->securityContext->isGranted($annotation->getPermission(), $object); } } elseif (is_string($object)) { $isGranted = $this->securityContext->isGranted($attributes, $this->objectIdentityFactory->get($object)); } else { if (is_string($attributes) && $object == null) { $delimiter = strpos($attributes, ';'); if ($delimiter) { $object = substr($attributes, $delimiter + 1); $attributes = substr($attributes, 0, $delimiter); } } $isGranted = $this->securityContext->isGranted($attributes, $object); } return $isGranted; }
/** * Constructs an ObjectIdentity is used for grant default permissions * if more appropriate permissions are not specified * * @param string $extensionKey The ACL extension key * @return OID */ public function getRootOid($extensionKey) { return $this->objectIdentityFactory->root($extensionKey); }