/** * @param $entity * @param User $user * @param array $roles * @return bool * @throws \Exception */ public function setAcl($entity, User $user, array $roles = array()) { if (!is_array($roles)) { throw new \Exception('Role Undefined'); } $securityIdentity = UserSecurityIdentity::fromAccount($user); $objectIdentity = ObjectIdentity::fromDomainObject($entity); $mask = 0; foreach ($roles as $role) { if (!in_array($role, $this->getMaskList())) { throw new \Exception('Role submit not exist'); } if ($role > $mask) { $mask = $role; } } try { $acl = $this->aclProvider->findAcl($objectIdentity); $objectAce = $acl->getObjectAces(); foreach ($objectAce as $key => $ace) { if ($ace->getSecurityIdentity() == $securityIdentity) { if ($ace->getMask() < MaskBuilder::MASK_OWNER) { // don't remove OWNER ROLE $acl->deleteObjectAce($key); $this->aclProvider->updateAcl($acl); return true; } else { return false; } } } } catch (\Exception $e) { $acl = $this->aclProvider->createAcl($objectIdentity); } $acl->insertObjectAce($securityIdentity, $mask); $this->aclProvider->updateAcl($acl); return true; }
/** * @param Share $model * @param object $entity */ protected function onSuccess($model, $entity) { $objectIdentity = ObjectIdentity::fromDomainObject($entity); try { $acl = $this->aclProvider->findAcl($objectIdentity); } catch (AclNotFoundException $e) { $acl = $this->aclProvider->createAcl($objectIdentity); } $oldSids = $this->extractSids($acl); // saves original value of old sids to extract new added elements $oldSidsCopy = $oldSids; $newSids = $this->generateSids($model); // $oldSids - $newSids: to delete foreach (array_diff($oldSids, $newSids) as $sid) { $acl->deleteObjectAce(array_search($sid, $oldSids, true)); // fills array again because index was recalculated $oldSids = $this->extractSids($acl); } // $newSids - $oldSids: to insert foreach (array_diff($newSids, $oldSidsCopy) as $sid) { $acl->insertObjectAce($sid, $this->getMaskBySid($sid)); } $this->aclProvider->updateAcl($acl); }
/** * {@inheritdoc} * * Inject shared record id to acl SQL queries (such as InsertAccessControlEntrySql) via property updatedAcl. */ public function updateAcl(MutableAclInterface $acl) { $this->updatedAcl = $acl; $this->connection->beginTransaction(); try { $event = new UpdateAcl($acl); if ($this->eventDispatcher) { $this->eventDispatcher->dispatch(UpdateAcl::NAME_BEFORE, $event); } parent::updateAcl($acl); if ($this->eventDispatcher) { $this->eventDispatcher->dispatch(UpdateAcl::NAME_AFTER, $event); } $this->connection->commit(); } catch (\Exception $e) { $this->updatedAcl = null; $this->connection->rollBack(); throw $e; } $this->updatedAcl = null; }