/** * Return AclPermission object for given permission, ACL mask and ACL privilege * * @param AclExtensionInterface $extension * @param string $permission * @param string $mask * @param AclPrivilege $privilege * @return AclPermission */ protected function getAclPermission(AclExtensionInterface $extension, $permission, $mask, AclPrivilege $privilege) { return new AclPermission($permission, $extension->getAccessLevel($mask, $permission, $privilege->getIdentity()->getId())); }
/** * @param AbstractRole $role */ protected function processPrivileges(AbstractRole $role) { $decodedPrivileges = json_decode($this->form->get('privileges')->getData(), true); $formPrivileges = []; foreach ($this->privilegeConfig as $fieldName => $config) { $privilegesArray = $decodedPrivileges[$fieldName]; $privileges = []; foreach ($privilegesArray as $privilege) { $aclPrivilege = new AclPrivilege(); foreach ($privilege['permissions'] as $name => $permission) { $aclPrivilege->addPermission(new AclPermission($permission['name'], $permission['accessLevel'])); } $aclPrivilegeIdentity = new AclPrivilegeIdentity($privilege['identity']['id'], $privilege['identity']['name']); $aclPrivilege->setIdentity($aclPrivilegeIdentity); $privileges[] = $aclPrivilege; } if ($config['fix_values']) { $this->fxPrivilegeValue($privileges, $config['default_value']); } $formPrivileges = array_merge($formPrivileges, $privileges); } array_walk($formPrivileges, function (AclPrivilege $privilege) { $privilege->setGroup($this->getAclGroup()); }); $this->privilegeRepository->savePrivileges($this->aclManager->getSid($role), new ArrayCollection($formPrivileges)); $this->aclCache->clearCache(); }
/** * @param string $id * @param array $permissions * @return AclPrivilege */ public static function getPrivilege($id, array $permissions) { $privilege = new AclPrivilege(); $privilege->setIdentity(new AclPrivilegeIdentity($id)); foreach ($permissions as $name => $accessLevel) { $privilege->addPermission(new AclPermission($name, $accessLevel)); } return $privilege; }
/** * @param int $level */ protected function setRolePermissions($level) { $chainMetadataProvider = $this->getContainer()->get('oro_security.owner.metadata_provider.chain'); $chainMetadataProvider->startProviderEmulation(FrontendOwnershipMetadataProvider::ALIAS); $role = $this->getContainer()->get('doctrine')->getManagerForClass('OroB2BCustomerBundle:AccountUserRole')->getRepository('OroB2BCustomerBundle:AccountUserRole')->findOneBy(['role' => LoadAccountUsersData::BUYER]); $aclPrivilege = new AclPrivilege(); $identity = new AclPrivilegeIdentity('entity:OroB2B\\Bundle\\RFPBundle\\Entity\\Request', 'orob2b.rfp.request.entity_label'); $aclPrivilege->setIdentity($identity); $permissions = [new AclPermission('VIEW', $level), new AclPermission('CREATE', $level), new AclPermission('EDIT', $level), new AclPermission('DELETE', $level), new AclPermission('ASSIGN', $level)]; foreach ($permissions as $permission) { $aclPrivilege->addPermission($permission); } $this->getContainer()->get('oro_security.acl.privilege_repository')->savePrivileges($this->getContainer()->get('oro_security.acl.manager')->getSid($role), new ArrayCollection([$aclPrivilege])); $chainMetadataProvider->stopProviderEmulation(); }
/** * Adds permissions to the given $privilege based on the given ACEs. * The $permissions argument is used to filter privileges for the given permissions only. * * @param AclPrivilege $privilege * @param string[] $permissions * @param EntryInterface[] $aces * @param AclExtensionInterface $extension * @param bool $itIsRootAcl */ protected function addAcesPermissions(AclPrivilege $privilege, array $permissions, array $aces, AclExtensionInterface $extension, $itIsRootAcl = false) { if (empty($aces)) { return; } foreach ($aces as $ace) { if (!$ace->isGranting()) { // denying ACE is not supported continue; } $mask = $ace->getMask(); if ($itIsRootAcl) { $mask = $extension->adaptRootMask($mask, $privilege->getIdentity()->getId()); } if ($extension->removeServiceBits($mask) === 0) { foreach ($permissions as $permission) { if (!$privilege->hasPermission($permission)) { $privilege->addPermission(new AclPermission($permission, AccessLevel::NONE_LEVEL)); } } } else { foreach ($extension->getPermissions($mask) as $permission) { if (!$privilege->hasPermission($permission) && in_array($permission, $permissions)) { $privilege->addPermission(new AclPermission($permission, $extension->getAccessLevel($mask, $permission))); } } } } }
/** * @param string $extensionKey * @param string $id * @param string $name * @return AclPrivilege */ protected function createPrivilege($extensionKey, $id, $name) { $privilege = new AclPrivilege(); $privilege->setExtensionKey($extensionKey); $privilege->setIdentity(new AclPrivilegeIdentity($id, $name)); return $privilege; }
/** * @param int $level * @param AclPrivilegeIdentity $identity */ protected function setRolePermissions($level, AclPrivilegeIdentity $identity) { $aclPrivilege = new AclPrivilege(); $aclPrivilege->setIdentity($identity); $permissions = [new AclPermission('VIEW', $level)]; foreach ($permissions as $permission) { $aclPrivilege->addPermission($permission); } $this->getContainer()->get('oro_security.acl.privilege_repository')->savePrivileges($this->getContainer()->get('oro_security.acl.manager')->getSid($this->role), new ArrayCollection([$aclPrivilege])); }
public function testPermissions() { $obj = new AclPrivilege(); $this->assertFalse($obj->hasPermissions()); $this->assertFalse($obj->hasPermission('VIEW')); $this->assertEquals(0, $obj->getPermissionCount()); $permission = new AclPermission('VIEW', AccessLevel::BASIC_LEVEL); $obj->addPermission($permission); $this->assertTrue($obj->hasPermissions()); $this->assertTrue($obj->hasPermission('VIEW')); $this->assertFalse($obj->hasPermission('Another')); $this->assertEquals(1, $obj->getPermissionCount()); $obj->removePermission($permission); $this->assertFalse($obj->hasPermissions()); $this->assertFalse($obj->hasPermission('VIEW')); $this->assertEquals(0, $obj->getPermissionCount()); }