public function testGettersAndSetters() { $obj = new AclPrivilege(); $id = new AclPrivilegeIdentity('TestId', 'TestName'); $obj->setIdentity($id); $obj->setExtensionKey('TestKey'); $obj->setGroup('TestGroup'); $this->assertTrue($id === $obj->getIdentity()); $this->assertEquals('TestKey', $obj->getExtensionKey()); $this->assertEquals('TestGroup', $obj->getGroup()); }
/** * Gets all privileges associated with the given security identity. * * @param SID $sid * @return ArrayCollection|AclPrivilege[] */ public function getPrivileges(SID $sid) { $privileges = new ArrayCollection(); foreach ($this->manager->getAllExtensions() as $extension) { $extensionKey = $extension->getExtensionKey(); // fill a list of object identities; // the root object identity is added to the top of the list (for performance reasons) /** @var OID[] $oids */ $classes = array(); $oids = array(); foreach ($extension->getClasses() as $class) { $className = $class->getClassName(); $oids[] = new OID($extensionKey, $className); $classes[$className] = $class; } $rootOid = $this->manager->getRootOid($extensionKey); array_unshift($oids, $rootOid); // load ACLs for all object identities $acls = $this->findAcls($sid, $oids); // find ACL for the root object identity $rootAcl = $this->findAclByOid($acls, $rootOid); foreach ($oids as $oid) { if ($oid->getType() === ObjectIdentityFactory::ROOT_IDENTITY_TYPE) { $name = self::ROOT_PRIVILEGE_NAME; $group = ''; } else { /** @var AclClassInfo $class */ $class = $classes[$oid->getType()]; $name = $class->getLabel(); if (empty($name)) { $name = substr($class->getClassName(), strpos($class->getClassName(), '\\')); } $group = $class->getGroup(); } $privilege = new AclPrivilege(); $privilege->setIdentity(new AclPrivilegeIdentity($oid->getIdentifier() . ':' . $oid->getType(), $name))->setGroup($group)->setExtensionKey($extensionKey); $this->addPermissions($sid, $privilege, $oid, $acls, $extension, $rootAcl); $privileges->add($privilege); } } $this->sortPrivileges($privileges); return $privileges; }
/** * @param string $id * @param array $permissions * @return AclPrivilege */ public static function getPrivilege($id, array $permissions) { $privilege = new AclPrivilege(); $privilege->setIdentity(new AclPrivilegeIdentity($id)); foreach ($permissions as $name => $accessLevel) { $privilege->addPermission(new AclPermission($name, $accessLevel)); } return $privilege; }
/** * @param AbstractRole $role */ protected function processPrivileges(AbstractRole $role) { $decodedPrivileges = json_decode($this->form->get('privileges')->getData(), true); $formPrivileges = []; foreach ($this->privilegeConfig as $fieldName => $config) { $privilegesArray = $decodedPrivileges[$fieldName]; $privileges = []; foreach ($privilegesArray as $privilege) { $aclPrivilege = new AclPrivilege(); foreach ($privilege['permissions'] as $name => $permission) { $aclPrivilege->addPermission(new AclPermission($permission['name'], $permission['accessLevel'])); } $aclPrivilegeIdentity = new AclPrivilegeIdentity($privilege['identity']['id'], $privilege['identity']['name']); $aclPrivilege->setIdentity($aclPrivilegeIdentity); $privileges[] = $aclPrivilege; } if ($config['fix_values']) { $this->fxPrivilegeValue($privileges, $config['default_value']); } $formPrivileges = array_merge($formPrivileges, $privileges); } array_walk($formPrivileges, function (AclPrivilege $privilege) { $privilege->setGroup($this->getAclGroup()); }); $this->privilegeRepository->savePrivileges($this->aclManager->getSid($role), new ArrayCollection($formPrivileges)); $this->aclCache->clearCache(); }
/** * @param int $level */ protected function setRolePermissions($level) { $chainMetadataProvider = $this->getContainer()->get('oro_security.owner.metadata_provider.chain'); $chainMetadataProvider->startProviderEmulation(FrontendOwnershipMetadataProvider::ALIAS); $role = $this->getContainer()->get('doctrine')->getManagerForClass('OroB2BCustomerBundle:AccountUserRole')->getRepository('OroB2BCustomerBundle:AccountUserRole')->findOneBy(['role' => LoadAccountUsersData::BUYER]); $aclPrivilege = new AclPrivilege(); $identity = new AclPrivilegeIdentity('entity:OroB2B\\Bundle\\RFPBundle\\Entity\\Request', 'orob2b.rfp.request.entity_label'); $aclPrivilege->setIdentity($identity); $permissions = [new AclPermission('VIEW', $level), new AclPermission('CREATE', $level), new AclPermission('EDIT', $level), new AclPermission('DELETE', $level), new AclPermission('ASSIGN', $level)]; foreach ($permissions as $permission) { $aclPrivilege->addPermission($permission); } $this->getContainer()->get('oro_security.acl.privilege_repository')->savePrivileges($this->getContainer()->get('oro_security.acl.manager')->getSid($role), new ArrayCollection([$aclPrivilege])); $chainMetadataProvider->stopProviderEmulation(); }
/** * @param string $extensionKey * @param string $id * @param string $name * @return AclPrivilege */ protected function createPrivilege($extensionKey, $id, $name) { $privilege = new AclPrivilege(); $privilege->setExtensionKey($extensionKey); $privilege->setIdentity(new AclPrivilegeIdentity($id, $name)); return $privilege; }
/** * @param int $level * @param AclPrivilegeIdentity $identity */ protected function setRolePermissions($level, AclPrivilegeIdentity $identity) { $aclPrivilege = new AclPrivilege(); $aclPrivilege->setIdentity($identity); $permissions = [new AclPermission('VIEW', $level)]; foreach ($permissions as $permission) { $aclPrivilege->addPermission($permission); } $this->getContainer()->get('oro_security.acl.privilege_repository')->savePrivileges($this->getContainer()->get('oro_security.acl.manager')->getSid($this->role), new ArrayCollection([$aclPrivilege])); }