/** * @dataProvider aclDataProvider * @param array $protectedMap * @param array $grantedMap * @param array $expectedAllowedEntities */ public function testApplyAcl($protectedMap, $grantedMap, $expectedAllowedEntities) { $entities = array(array('entityName' => '\\stdClass'), array('entityName' => '\\DateTime')); $tableAlias = 'alias'; $qb = $this->getMockBuilder('Doctrine\\ORM\\QueryBuilder')->disableOriginalConstructor()->getMock(); $query = $this->getMockBuilder('Doctrine\\ORM\\AbstractQuery')->disableOriginalConstructor()->setMethods(array('getArrayResult'))->getMockForAbstractClass(); $query->expects($this->once())->method('getArrayResult')->will($this->returnValue($entities)); $searchQb = $this->getMockBuilder('Doctrine\\ORM\\QueryBuilder')->disableOriginalConstructor()->getMock(); $searchQb->expects($this->once())->method('getQuery')->will($this->returnValue($query)); $searchQb->expects($this->any())->method($this->anything())->will($this->returnSelf()); $em = $this->getMockBuilder('Doctrine\\ORM\\EntityManager')->disableOriginalConstructor()->getMock(); $em->expects($this->once())->method('createQueryBuilder')->will($this->returnValue($searchQb)); $qb->expects($this->once())->method('getEntityManager')->will($this->returnValue($em)); if ($expectedAllowedEntities) { if (count($expectedAllowedEntities) != count($entities)) { $qb->expects($this->once())->method('andWhere')->with($tableAlias . '.entityName IN(:allowedEntities)')->will($this->returnSelf()); $qb->expects($this->once())->method('setParameter')->with('allowedEntities', $expectedAllowedEntities)->will($this->returnSelf()); } } else { $qb->expects($this->once())->method('andWhere')->with('1 = 0')->will($this->returnSelf()); } $searchSecurityProvider = $this->getMockBuilder('Oro\\Bundle\\SearchBundle\\Security\\SecurityProvider')->disableOriginalConstructor()->getMock(); $searchSecurityProvider->expects($this->exactly(count($entities)))->method('isProtectedEntity')->will($this->returnValueMap($protectedMap)); if ($grantedMap) { $searchSecurityProvider->expects($this->exactly(count($grantedMap)))->method('isGranted')->will($this->returnValueMap($grantedMap)); } else { $searchSecurityProvider->expects($this->never())->method('isGranted'); } $provider = new SecurityProvider($searchSecurityProvider); $provider->applyAcl($qb, $tableAlias); }
/** * {@inheritdoc} */ public function getResults($tagId) { $queryBuilder = $this->em->createQueryBuilder()->select('t.entityName', 't.recordId')->from('Oro\\Bundle\\TagBundle\\Entity\\Tagging', 't')->where('t.tag = :tag')->setParameter('tag', $tagId)->addGroupBy('t.entityName')->addGroupBy('t.recordId'); $this->securityProvider->applyAcl($queryBuilder, 't'); $originResults = $queryBuilder->getQuery()->getResult(); $results = []; /** @var Tagging $item */ foreach ($originResults as $item) { $entityName = $item['entityName']; $results[] = new Item($this->em, $entityName, $item['recordId'], null, null, $this->mapper->getEntityConfig($entityName)); } return new Result(new Query(), $results, count($results)); }
/** * Adjust query for tag-results-grid (tag search result grid) * after datasource has been built * * @param BuildAfter $event */ public function onBuildAfter(BuildAfter $event) { $datagrid = $event->getDatagrid(); $datasource = $datagrid->getDatasource(); if ($datasource instanceof OrmDatasource) { $parameters = $datagrid->getParameters(); $queryBuilder = $datasource->getQueryBuilder(); $this->securityProvider->applyAcl($queryBuilder, 'tt'); $queryBuilder->setParameter('tag', $parameters->get('tag_id', 0)); $searchEntity = $parameters->get('from', '*'); if ($searchEntity != '*' && !empty($searchEntity)) { $queryBuilder->andWhere('tt.alias = :alias')->setParameter('alias', $searchEntity); } } }
/** * Adjust query for tag-results-grid (tag search result grid) * after datasource has been built * * @param BuildAfter $event */ public function onBuildAfter(BuildAfter $event) { $datagrid = $event->getDatagrid(); $datasource = $datagrid->getDatasource(); if ($datasource instanceof OrmDatasource) { $parameters = $datagrid->getParameters(); $queryBuilder = $datasource->getQueryBuilder(); $this->securityProvider->applyAcl($queryBuilder, 'tt'); $queryBuilder->setParameter('tag', $parameters->get('tag_id', 0)); $from = $parameters->get('from', ''); if (strlen($from) > 0) { try { $entityClass = $this->entityAliasResolver->getClassByAlias($from); $queryBuilder->andWhere('tt.entityName = :entityClass')->setParameter('entityClass', $entityClass); } catch (EntityAliasNotFoundException $e) { $queryBuilder->andWhere('1 = 0'); } } } }
/** * @param Tag $tag * * @return array [[cnt, entityClass]] */ protected function getGroupedTagEntities(Tag $tag) { $queryBuilder = $this->em->createQueryBuilder()->select('COUNT(t.id) AS cnt, t.entityName AS entityClass')->from('Oro\\Bundle\\TagBundle\\Entity\\Tagging', 't')->where('t.tag = :tag')->setParameter('tag', $tag)->addGroupBy('t.entityName'); $this->securityProvider->applyAcl($queryBuilder, 't'); return $queryBuilder->getQuery()->getResult(); }
protected function assertAclCall($qb) { $this->securityProvider->expects($this->once())->method('applyAcl')->with($qb, 'tt'); }