Returns all the roles the user has assigned.
public getRoleObjects ( ) : Sulu\Component\Security\Authentication\RoleInterface[] | ||
리턴 | Sulu\Component\Security\Authentication\RoleInterface[] |
/** * Adds joins and conditions to the QueryBuilder in order to only return entities the given user is allowed to see. * * @param QueryBuilder $queryBuilder The instance of the QueryBuilder to adjust * @param UserInterface $user The user for which the access control is checked * @param int $permission The permission mask for which is checked * @param string $entityClass The class of the entity of which the access control is checked * @param string $entityAlias The alias of the entity used in the query builder */ protected function addAccessControl(QueryBuilder $queryBuilder, UserInterface $user, $permission, $entityClass, $entityAlias) { $queryBuilder->leftJoin(AccessControl::class, 'accessControl', 'WITH', 'accessControl.entityClass = :entityClass AND accessControl.entityId = ' . $entityAlias . '.id'); $queryBuilder->leftJoin('accessControl.role', 'role'); $queryBuilder->andWhere('BIT_AND(accessControl.permissions, :permission) = :permission OR accessControl.permissions IS NULL'); $roleIds = []; foreach ($user->getRoleObjects() as $role) { $roleIds[] = $role->getId(); } $queryBuilder->andWhere('role.id IN(:roleIds) OR role.id IS NULL'); $queryBuilder->setParameter('roleIds', $roleIds); $queryBuilder->setParameter('entityClass', $entityClass); $queryBuilder->setParameter('permission', $permission); }
/** * Resolves permissions for given user. * * @param Row $row * @param UserInterface $user * * @return array */ private function resolvePermissions(Row $row, UserInterface $user = null) { $permissions = []; if (null !== $user) { foreach ($user->getRoleObjects() as $role) { foreach (array_filter(explode(' ', $row->getValue(sprintf('role%s', $role->getId())))) as $permission) { $permissions[$role->getId()][$permission] = true; } } } return $permissions; }
/** * Returns the permissions for the given permission array and the given user. * * @param array $permissions Object permissions * @param UserInterface $user The user for the check * * @return array */ private function getUserObjectPermissionByArray($permissions, UserInterface $user) { if (empty($permissions)) { return []; } $userPermission = []; $roles = $user->getRoleObjects(); foreach ($roles as $role) { $roleId = $role->getId(); if (!isset($permissions[$roleId])) { continue; } $userPermission = $this->cumulatePermissions($userPermission, $permissions[$roleId]); } return $userPermission; }