/** * Makes necessary modifications for existing ACE * * @param SID $sid * @param OID $oid * @param int $existingMask * @param int[] $masks [input/output] * @param int[] $rootMasks * @param AclExtensionInterface $extension * @return bool|int The mask if it was processed, otherwise, false */ protected function updateExistingPermissions(SID $sid, OID $oid, $existingMask, $masks, $rootMasks, AclExtensionInterface $extension) { $mask = $this->findSimilarMask($masks, $existingMask, $extension); $rootMask = $this->findSimilarMask($rootMasks, $existingMask, $extension); if ($mask === false && $rootMask === false) { // keep existing ACE as is, because both $mask and $rootMask were not found } elseif ($rootMask === false) { // if $rootMask was not found, just update existing ACE using $mask $this->manager->setPermission($sid, $oid, $mask); } elseif ($mask === false) { // if $mask was not found, use $rootMask to check // whether existing ACE need to be removed or keep as is if ($existingMask === $extension->adaptRootMask($rootMask, $oid)) { // remove existing ACE because it provides the same permissions as the root ACE $this->manager->deletePermission($sid, $oid, $existingMask); } } else { // both $mask and $rootMask were found if ($mask === $extension->adaptRootMask($rootMask, $oid)) { // remove existing ACE, if $mask provides the same permissions as $rootMask $this->manager->deletePermission($sid, $oid, $existingMask); } else { // update existing ACE using $mask, if permissions provide by $mask and $rootMask are different $this->manager->setPermission($sid, $oid, $mask); } } return $mask; }
public function testDeletePermissionForEntityClassNoAcl() { $sid = $this->getMock('Symfony\\Component\\Security\\Acl\\Model\\SecurityIdentityInterface'); $oid = new ObjectIdentity('entity', 'Acme\\Test'); $granting = true; $mask = 123; $strategy = 'any'; $this->setItem($oid, BatchItem::STATE_CREATE); $this->aclProvider->expects($this->never())->method('findAcl'); $this->aceProvider->expects($this->never())->method('deletePermission'); $this->manager->deletePermission($sid, $oid, $mask, $granting, $strategy); }