Returns the permissions regarding an object and its security context for a given user.
|
public getUserPermissions ( |
||
| $securityCondition | The condition to check | |
| $user | Sulu\Component\Security\Authentication\UserInterface | The user for which the security is returned |
| 리턴 | array | |
/**
* {@inheritdoc}
*/
public function getParameters()
{
$parameters = [];
foreach ($this->adminPool->getSecurityContexts() as $system => $sections) {
foreach ($sections as $section => $contexts) {
foreach ($contexts as $context => $permissionTypes) {
$parameters[$context] = $this->accessControlManager->getUserPermissions(new SecurityCondition($context), $this->tokenStorage->getToken()->getUser());
}
}
}
return $parameters;
}
public function onPostSerialize(ObjectEvent $event)
{
$object = $event->getObject();
// FIXME This should be removed, once all entities are restructured not using the ApiWrapper, possible BC break
if ($object instanceof ApiWrapper) {
$object = $object->getEntity();
}
if (!$object instanceof SecuredEntityInterface) {
return;
}
$event->getVisitor()->addData('_permissions', $this->accessControlManager->getUserPermissions(new SecurityCondition($object->getSecurityContext(), null, get_class($object), $object->getId()), $this->tokenStorage->getToken()->getUser()));
}
public function testNegativeVoteWithMultipleAttributes()
{
$securityCondition = new SecurityCondition('sulu.security.roles', null);
$this->accessControlManager->getUserPermissions($securityCondition, $this->user)->willReturn(['view' => true, 'add' => true, 'security' => false]);
$access = $this->voter->vote($this->token->reveal(), $securityCondition, ['view', 'security']);
$this->assertSame(VoterInterface::ACCESS_DENIED, $access);
}
/**
* {@inheritdoc}
*/
public function vote(TokenInterface $token, $object, array $attributes)
{
/** @var User $user */
$user = $token->getUser();
if (!is_object($object) || !$this->supportsClass(get_class($object))) {
return VoterInterface::ACCESS_ABSTAIN;
}
$userPermissions = $this->accessControlManager->getUserPermissions($object, $user);
// only if all attributes are granted the access is granted
foreach ($attributes as $attribute) {
if (isset($userPermissions[$attribute]) && !$userPermissions[$attribute]) {
return VoterInterface::ACCESS_DENIED;
}
}
return VoterInterface::ACCESS_GRANTED;
}
public function testOnPostSerializeWithApiWrapper()
{
$apiWrapper = $this->prophesize(ApiWrapper::class);
$entity = $this->prophesize(SecuredEntityInterface::class);
$entity->getId()->willReturn(7);
$entity->getSecurityContext()->willReturn('sulu.example');
$apiWrapper->getEntity()->willReturn($entity);
$this->objectEvent->getObject()->willReturn($apiWrapper);
$securityCondition = new SecurityCondition('sulu.example', null, get_class($entity->reveal()), 7);
$permission = ['_permissions' => ['permission' => 'value']];
$this->accessControlManager->getUserPermissions($securityCondition, $this->user->reveal())->willReturn($permission);
$this->visitor->addData('_permissions', $permission)->shouldBeCalled();
$this->securedEntitySubscriber->onPostSerialize($this->objectEvent->reveal());
}
/**
* {@inheritdoc}
*/
public function getNodesTree($uuid, $webspaceKey, $languageCode, $excludeGhosts = false, $excludeShadows = false, $appendWebspaceNode = false)
{
$nodes = $this->loadNodeAndAncestors($uuid, $webspaceKey, $languageCode, $excludeGhosts, $excludeShadows, true);
if ($appendWebspaceNode) {
$webspace = $this->webspaceManager->getWebspaceCollection()->getWebspace($webspaceKey);
$result = ['_embedded' => ['nodes' => [['id' => $this->sessionManager->getContentNode($webspace->getKey())->getIdentifier(), 'path' => '/', 'title' => $webspace->getName(), 'publishedState' => true, 'hasSub' => true, '_embedded' => ['nodes' => $nodes], '_links' => ['children' => ['href' => $this->apiBasePath . '?depth=1&webspace=' . $webspaceKey . '&language=' . $languageCode . ($excludeGhosts === true ? '&exclude-ghosts=true' : '')]]]]]];
} else {
$result = ['_embedded' => ['nodes' => $nodes]];
}
if ($this->tokenStorage && ($token = $this->tokenStorage->getToken())) {
$result['_permissions'] = $this->accessControlManager->getUserPermissions(new SecurityCondition('sulu.webspaces.' . $webspaceKey), $token->getUser());
}
// add api links
$result['_links'] = ['self' => ['href' => $this->apiBasePath . '/tree?uuid=' . $uuid . '&webspace=' . $webspaceKey . '&language=' . $languageCode . ($excludeGhosts === true ? '&exclude-ghosts=true' : '') . ($appendWebspaceNode === true ? '&webspace-node=true' : '')]];
return $result;
}
