/** * Constructs an underlying ObjectIdentity for given ObjectIdentity * Underlying is class level ObjectIdentity for given object level ObjectIdentity. * * @param ObjectIdentity $oid * @return ObjectIdentity * @throws InvalidAclException */ public function underlying(ObjectIdentity $oid) { if ($oid->getIdentifier() === self::ROOT_IDENTITY_TYPE || $oid->getIdentifier() === ($extensionKey = $this->extensionSelector->select($oid)->getExtensionKey())) { throw new InvalidAclException(sprintf('Cannot get underlying ACL for %s', $oid)); } return new ObjectIdentity($extensionKey, $oid->getType()); }
public function createTskAcl(Contact $contact) { $aclProvider = $this->getContainer()->get('security.acl.provider'); $objectIdentity = ObjectIdentity::fromDomainObject($contact); $orgIdentity = 'ROLE_ORG_' . $contact->getOrganization()->getId(); $orgSecurityIdentity = new RoleSecurityIdentity($orgIdentity); $builder = new MaskBuilder(); $builder->add('VIEW'); $builder->add('EDIT'); $builder->add('CREATE'); $builder->add('MASTER'); try { try { $acl = $aclProvider->createAcl($objectIdentity); $acl->insertObjectAce($orgSecurityIdentity, $builder->get()); foreach ($contact->getSchools() as $school) { $schoolIdentity = 'ROLE_SCHOOL_' . $school->getId(); $schoolSecurityIdentity = new RoleSecurityIdentity($schoolIdentity); $acl->insertObjectAce($schoolSecurityIdentity, $builder->get()); } $aclProvider->updateAcl($acl); } catch (AclAlreadyExistsException $e) { // keep going ... } } catch (AclException $e) { throw $e; } }
/** * This method is here to make your life better, so overwrite it * * @param \Symfony\Component\Form\Form $form the valid form * @param \Taskeet\MainBundle\Entity\Event $Ticket your \Taskeet\MainBundle\Entity\Event object */ public function postSave(\Symfony\Component\Form\Form $form, \Taskeet\MainBundle\Entity\Event $Event) { $proveedor = $this->container->get('security.acl.provider'); $idObjeto = ObjectIdentity::fromDomainObject($Event); //poniendo al usuario logueado como owner $this->setPermissions($proveedor, $idObjeto, $this->getUser(), MaskBuilder::MASK_OWNER); if ($data = $form->get('repeat')->getData()) { $start = clone $form->get('startDate')->getData(); $end = clone $form->get('dueDate')->getData(); $ocurrences = $form->get('ocurrences')->getData(); $interval = new DateInterval($form->get('repeat')->getData()); $periodo = new \DatePeriod($start, $interval, $ocurrences, \DatePeriod::EXCLUDE_START_DATE); foreach ($periodo as $key => $fecha) { $event = clone $Event; $event->setStartDate($fecha); $event->setDueDate($end->add($interval)); $event->setTitle(sprintf('%s-%s', $Event->getTitle(), $key)); // $event->setSlug(sprintf('%s-%s', $Event->getSlug(), $key)); $this->preSave($form, $event); $this->saveObject($event); $idObjeto = ObjectIdentity::fromDomainObject($event); $this->setPermissions($proveedor, $idObjeto, $this->getUser(), MaskBuilder::MASK_OWNER); } } }
/** * Gets the form * * @param \Sonata\AdminBundle\Util\AdminObjectAclData $data * @return \Symfony\Component\Form\Form */ public function createForm(AdminObjectAclData $data) { // Retrieve object identity $objectIdentity = ObjectIdentity::fromDomainObject($data->getObject()); $acl = $data->getSecurityHandler()->getObjectAcl($objectIdentity); if (!$acl) { $acl = $data->getSecurityHandler()->createAcl($objectIdentity); } $data->setAcl($acl); $masks = $data->getMasks(); // Create a form to set ACL $formBuilder = $this->formFactory->createBuilder('form'); foreach ($data->getAclUsers() as $aclUser) { $securityIdentity = UserSecurityIdentity::fromAccount($aclUser); foreach ($data->getUserPermissions() as $permission) { try { $checked = $acl->isGranted(array($masks[$permission]), array($securityIdentity)); } catch (NoAceFoundException $e) { $checked = false; } $formBuilder->add($aclUser->getId() . $permission, 'checkbox', array('required' => false, 'data' => $checked)); } } $form = $formBuilder->getForm(); $data->setForm($form); return $form; }
/** * Creates a new Url entity. * */ public function createAction(Request $request) { $entity = new Url(); $form = $this->createCreateForm($entity); $form->handleRequest($request); // sets the author field to session username $entity->setAuthor($this->get('security.token_storage')->getToken()->getUser()); if ($form->isValid()) { $em = $this->getDoctrine()->getManager(); $em->persist($entity); $em->flush(); //check logged in user for acl creation if ($this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) { // creating the ACL $aclProvider = $this->get('security.acl.provider'); $objectIdentity = ObjectIdentity::fromDomainObject($entity); $acl = $aclProvider->createAcl($objectIdentity); // retrieving the security identity of the currently logged-in user $tokenStorage = $this->get('security.token_storage'); $user = $tokenStorage->getToken()->getUser(); $securityIdentity = UserSecurityIdentity::fromAccount($user); // grant owner access $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER); $aclProvider->updateAcl($acl); } return $this->redirect($this->generateUrl('url_show', array('id' => $entity->getId()))); } return $this->render('SurlUrlBundle:Url:new.html.twig', array('entity' => $entity, 'form' => $form->createView())); }
protected function setUp() { $this->initAutoload(); $bbapp = $this->getBBApp(); $this->initDb($bbapp); $this->getBBApp()->setIsStarted(true); $this->initAcl(); $this->site = new Site(); $this->site->setLabel('Test Site')->setServerName('test_server'); $this->groupEditor = new Group(); $this->groupEditor->setName('groupName'); $this->groupEditor->setSite($this->site); $bbapp->getEntityManager()->persist($this->site); $bbapp->getEntityManager()->persist($this->groupEditor); $bbapp->getEntityManager()->flush(); // setup ACE for site $aclProvider = $this->getSecurityContext()->getACLProvider(); $objectIdentity = ObjectIdentity::fromDomainObject($this->site); $acl = $aclProvider->createAcl($objectIdentity); // retrieving the security identity of the currently logged-in user $securityIdentity = new UserSecurityIdentity($this->groupEditor->getName(), 'BackBee\\Security\\Group'); // grant owner access $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_EDIT); $aclProvider->updateAcl($acl); // authenticate user , set up permissions $token = $this->createAuthUser('api_user', array('ROLE_API_USER')); }
/** * Muestra el formulario para crear una nueva oferta y se encarga del * procesamiento de la información recibida y la creación de las nuevas * entidades de tipo Oferta */ public function ofertaNuevaAction() { $peticion = $this->getRequest(); $oferta = new Oferta(); $formulario = $this->createForm(new OfertaType(), $oferta); if ($peticion->getMethod() == 'POST') { $formulario->bindRequest($peticion); if ($formulario->isValid()) { // Completar las propiedades de la oferta que una tienda no puede establecer $tienda = $this->get('security.context')->getToken()->getUser(); $oferta->setCompras(0); $oferta->setRevisada(false); $oferta->setTienda($tienda); $oferta->setCiudad($tienda->getCiudad()); // Copiar la foto subida y guardar la ruta $oferta->subirFoto($this->container->getParameter('cupon.directorio.imagenes')); $em = $this->getDoctrine()->getEntityManager(); $em->persist($oferta); $em->flush(); // Asignar el permiso necesario para que la tienda pueda modificar esta oferta $idObjeto = ObjectIdentity::fromDomainObject($oferta); $idUsuario = UserSecurityIdentity::fromAccount($tienda); $acl = $this->get('security.acl.provider')->createAcl($idObjeto); $acl->insertObjectAce($idUsuario, MaskBuilder::MASK_OPERATOR); $this->get('security.acl.provider')->updateAcl($acl); return $this->redirect($this->generateUrl('extranet_portada')); } } return $this->render('TiendaBundle:Extranet:formulario.html.twig', array('accion' => 'crear', 'formulario' => $formulario->createView())); }
/** * @Route("/create", name="freedom_objective_dashboard_create", options={"expose"=true}) * @Template() */ public function createAction() { $objective = new Objective(); $form = $this->createForm(new ObjectiveCreateType(), $objective); $request = $this->get('request'); if ($request->getMethod() == 'POST') { $form->handleRequest($request); if ($form->isValid()) { $objective->setUser($this->getUser()); $objective->setNbsteps(count($objective->getSteps())); foreach ($objective->getSteps() as $key => $value) { $value->setObjective($objective); $objective->addStep($value); } $em = $this->getDoctrine()->getManager(); $em->persist($objective); $em->flush(); //ACL $aclProvider = $this->get('security.acl.provider'); $objectIdentity = ObjectIdentity::fromDomainObject($objective); $acl = $aclProvider->createAcl($objectIdentity); $securityContext = $this->get('security.context'); $user = $securityContext->getToken()->getUser(); $securityIdentity = UserSecurityIdentity::fromAccount($user); $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER); $aclProvider->updateAcl($acl); return $this->redirect($this->generateUrl('freedom_objective_dashboard_details', array('id' => $objective->getId()))); } } return array('form' => $form->createView()); }
/** * This method is here to make your life better, so overwrite it * * @param \Symfony\Component\Form\Form $form the valid form * @param \Taskeet\MainBundle\Entity\Ticket $Ticket your \Taskeet\MainBundle\Entity\Ticket object */ public function postSave(\Symfony\Component\Form\Form $form, \Taskeet\MainBundle\Entity\Ticket $Ticket) { $proveedor = $this->container->get('security.acl.provider'); $idObjeto = ObjectIdentity::fromDomainObject($Ticket); //poniendo al usuario logueado como owner $this->setPermissions($proveedor, $idObjeto, $this->getUser(), MaskBuilder::MASK_OWNER); //si la tarea tiene asignado un empleado se le asigna el perm operator if ($assignedTo = $Ticket->getAssignedTo()) { $this->setPermissions($proveedor, $idObjeto, $assignedTo, MaskBuilder::MASK_EDIT); } if ($data = $form->get('repeat')->getData()) { $start = clone $form->get('startDate')->getData(); $end = clone $form->get('dueDate')->getData(); $ocurrences = $form->get('ocurrences')->getData(); $interval = new DateInterval($form->get('repeat')->getData()); $periodo = new \DatePeriod($start, $interval, $ocurrences, \DatePeriod::EXCLUDE_START_DATE); $em = $this->getDoctrine()->getManager(); foreach ($periodo as $key => $fecha) { $ticket = clone $Ticket; $ticket->setStartDate($fecha); $ticket->setDueDate($end->add($interval)); $ticket->setTitle(sprintf('%s-%s', $Ticket->getTitle(), $key)); $ticket->setSlug(sprintf('%s-%s', $Ticket->getSlug(), $key)); $this->saveObject($ticket); $idObjeto = ObjectIdentity::fromDomainObject($ticket); $this->setPermissions($proveedor, $idObjeto, $this->getUser(), MaskBuilder::MASK_OWNER); $this->setPermissions($proveedor, $idObjeto, $ticket->getAssignedTo(), MaskBuilder::MASK_EDIT); } } }
/** * {@inheritDoc} */ public function load(ObjectManager $manager) { $stepOrg = new Organization(); $stepOrg->setName('Step Inventory'); $manager->persist($stepOrg); $demoOrg = new Organization(); $demoOrg->setName('Acme Inc.'); $manager->persist($demoOrg); $manager->flush(); $this->addReference('stepOrg', $stepOrg); $this->addReference('demoOrg', $demoOrg); $aclProvider = $this->container->get('security.acl.provider'); $devRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_DEV'); $adminRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_ADMIN'); $leadRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_LEAD'); $userRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_USER'); $objectIdentity = ObjectIdentity::fromDomainObject($stepOrg); $acl = $aclProvider->createAcl($objectIdentity); $acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW); $acl->insertObjectAce($devRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR); $aclProvider->updateAcl($acl); $objectIdentity = ObjectIdentity::fromDomainObject($demoOrg); $acl = $aclProvider->createAcl($objectIdentity); $acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW); $acl->insertObjectAce($adminRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR); $aclProvider->updateAcl($acl); }
/** * New category page * @return \Symfony\Component\HttpFoundation\Response */ public function newAction(Request $request) { $category = new Category(); $user = $this->getUser(); $category->setJeweler($user); //j'associe mon jeweler 1 à mon produit // je crée un formulaire de produit $form = $this->createForm(new CategoryType($user), $category, array('validation_groups' => 'new', 'attr' => array('method' => 'post', 'novalidate' => 'novalidate', 'action' => $this->generateUrl('store_backend_category_new')))); $form->handleRequest($request); if ($form->isValid()) { $em = $this->getDoctrine()->getManager(); //je récupère le manager de Doctrine // j'upload mon fichier en faisant appel a la methode upload() $category->upload(); $em->persist($category); //j'enregistre mon objet product dans doctrine $em->flush(); //j'envoie ma requete d'insert à ma table product // création de l'ACL $aclProvider = $this->get('security.acl.provider'); $objectIdentity = ObjectIdentity::fromDomainObject($category); $acl = $aclProvider->createAcl($objectIdentity); // retrouve l'identifiant de sécurité de l'utilisateur actuellement connecté $tokenStorage = $this->get('security.token_storage'); $user = $tokenStorage->getToken()->getUser(); $securityIdentity = UserSecurityIdentity::fromAccount($user); // donne accès au propriétaire $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER); $aclProvider->updateAcl($acl); $this->get('session')->getFlashBag()->add('success', 'Votre catégorie a bien été crée'); return $this->redirectToRoute('store_backend_category_list'); //redirection selon la route } return $this->render('StoreBackendBundle:Category:new.html.twig', array('form' => $form->createView())); }
/** * {@inheritDoc} */ public function load(ObjectManager $manager) { $tidLabel = new Label(); $tidLabel->setName('TravelerId Label'); $tidLabel->setDescription('ZPL TID Label'); $tidLabel->setTemplate(' ^XA ^FO50,50^BY3 ^BCN,100,Y,N,N ^FD{{tid}} ^XZ '); $manager->persist($tidLabel); $manager->flush(); //$this->addReference('dfwOffice', $dfwOffice); $aclProvider = $this->container->get('security.acl.provider'); $devRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_DEV'); $adminRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_ADMIN'); $leadRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_LEAD'); $userRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_USER'); $objectIdentity = ObjectIdentity::fromDomainObject($tidLabel); $acl = $aclProvider->createAcl($objectIdentity); $acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW); $acl->insertObjectAce($adminRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR); $aclProvider->updateAcl($acl); }
/** * Actualiza la acl del objeto en cuestión. * * @param $object * @param array $applyTo * @throws \Symfony\Component\Security\Acl\Exception\InvalidDomainObjectException */ public function updateAcl($object, $applyTo = array()) { $objectIdentity = ObjectIdentity::fromDomainObject($object); $aclProviderCallable = $this->aclProviderCallable; $aclProviderCallable($objectIdentity, 'delete'); $acl = $aclProviderCallable($objectIdentity, 'create'); $this->applyAcl($acl, $applyTo); }
/** * {@inheritDoc} */ public function getObjectIdentity($domainObject) { try { return ObjectIdentity::fromDomainObject($domainObject); } catch (InvalidDomainObjectException $failed) { return null; } }
public function testFromDomainObjectWithoutInterfaceAllowsZeroAsIdentifier() { $domainObject = new TestDomainObject(); $domainObject->id = '0'; $id = ObjectIdentity::fromDomainObject($domainObject); $this->assertSame('0', $id->getIdentifier()); $this->assertEquals('Symfony\\Component\\Security\\Acl\\Tests\\Domain\\TestDomainObject', $id->getType()); }
public function test_vote_objectScope() { $aclManager = $this->getBBApp()->getContainer()->get('security.acl_manager'); $aclManager->insertOrUpdateClassAce(ObjectIdentity::fromDomainObject($this->user), new UserSecurityIdentity($this->group->getObjectIdentifier(), get_class($this->group)), MaskBuilder::MASK_EDIT); $this->assertEquals(BBAclVoter::ACCESS_GRANTED, $this->aclVoter->vote($this->token, $this->user, ['EDIT'])); $this->assertEquals(BBAclVoter::ACCESS_DENIED, $this->aclVoter->vote($this->token, new ObjectIdentity('all', get_class($this->user)), ['EDIT'])); $this->assertEquals(BBAclVoter::ACCESS_DENIED, $this->aclVoter->vote($this->token, new ObjectIdentity(23545866754, get_class($this->user)), ['EDIT'])); }
/** * This method is here to make your life better, so overwrite it * * @param \Symfony\Component\Form\Form $form the valid form * @param \Taskeet\MainBundle\Entity\Ticket $Ticket your \Taskeet\MainBundle\Entity\Ticket object */ public function postSave(\Symfony\Component\Form\Form $form, \Taskeet\MainBundle\Entity\Ticket $Ticket) { $proveedor = $this->container->get('security.acl.provider'); $idObjeto = ObjectIdentity::fromDomainObject($Ticket); //si la tarea tiene asignado un empleado se le asigna el perm operator if ($assignedTo = $Ticket->getAssignedTo()) { $this->setPermissions($proveedor, $idObjeto, $assignedTo, MaskBuilder::MASK_EDIT); } }
/** * Creates the ACE for a user. * * @param UserInterface $user */ public function createUserAce(UserInterface $user) { if (!$this->aclProvider) { return; } $oid = ObjectIdentity::fromDomainObject($user); $acl = $this->aclProvider->createAcl($oid); $acl->insertObjectAce(UserSecurityIdentity::fromAccount($user), MaskBuilder::MASK_OWNER); $this->aclProvider->updateAcl($acl); }
/** * This method is here to make your life better, so overwrite it * * @param \Symfony\Component\Form\Form $form the valid form * @param \Taskeet\MainBundle\Entity\Project $Project your \Taskeet\MainBundle\Entity\Project object */ public function postSave(\Symfony\Component\Form\Form $form, \Taskeet\MainBundle\Entity\Project $Project) { $proveedor = $this->container->get('security.acl.provider'); $idObjeto = ObjectIdentity::fromDomainObject($Project); //asignando permisos para ver a los miembros $users = $Project->getMembers(); foreach ($users as $user) { $this->setPermissions($proveedor, $idObjeto, $user, MaskBuilder::MASK_VIEW); } }
/** * {@inheritDoc} */ public function load(ObjectManager $manager) { $userRole = new Role(); $userRole->setName('User'); $userRole->setRole('ROLE_USER'); $userRole->setIsAllowedToSwitch(false); $manager->persist($userRole); $leadRole = new Role(); $leadRole->setName('Lead'); $leadRole->setRole('ROLE_LEAD'); $leadRole->setIsAllowedToSwitch(false); $leadRole->addRoleToHierarchy($userRole); $manager->persist($leadRole); $adminRole = new Role(); $adminRole->setName('Admin'); $adminRole->setRole('ROLE_ADMIN'); $adminRole->setIsAllowedToSwitch(false); $adminRole->addRoleToHierarchy($leadRole); $manager->persist($adminRole); $devRole = new Role(); $devRole->setName('Dev'); $devRole->setRole('ROLE_DEV'); $devRole->setIsAllowedToSwitch(true); $devRole->addRoleToHierarchy($adminRole); $manager->persist($devRole); $manager->flush(); $this->addReference('ROLE_USER', $userRole); $this->addReference('ROLE_LEAD', $leadRole); $this->addReference('ROLE_ADMIN', $adminRole); $this->addReference('ROLE_DEV', $devRole); $aclProvider = $this->container->get('security.acl.provider'); $devRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_DEV'); $adminRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_ADMIN'); $leadRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_LEAD'); $userRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_USER'); $objectIdentity = ObjectIdentity::fromDomainObject($userRole); $acl = $aclProvider->createAcl($objectIdentity); $acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW); $acl->insertObjectAce($devRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR); $aclProvider->updateAcl($acl); $objectIdentity = ObjectIdentity::fromDomainObject($leadRole); $acl = $aclProvider->createAcl($objectIdentity); $acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW); $acl->insertObjectAce($devRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR); $aclProvider->updateAcl($acl); $objectIdentity = ObjectIdentity::fromDomainObject($adminRole); $acl = $aclProvider->createAcl($objectIdentity); $acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW); $acl->insertObjectAce($devRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR); $aclProvider->updateAcl($acl); $objectIdentity = ObjectIdentity::fromDomainObject($devRole); $acl = $aclProvider->createAcl($objectIdentity); $acl->insertObjectAce($devRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR); $aclProvider->updateAcl($acl); }
/** * {@inheritDoc} */ public function load(ObjectManager $manager) { $refs = $this->referenceRepository->getReferences(); $orgRefNames = []; $deptRefNames = []; $linkRefNames = []; foreach ($refs as $ref) { $refNames = $this->referenceRepository->getReferenceNames($ref); if (is_a($ref, 'AppBundle\\Entity\\Department')) { $deptRefNames[] = $refNames[0]; } if (is_a($ref, 'AppBundle\\Entity\\MenuLink')) { $linkRefNames[] = $refNames[0]; } } $items = []; foreach ($deptRefNames as $deptRefName) { $i = 1; $department = $this->getReference($deptRefName); foreach ($linkRefNames as $linkRefName) { $item = new MenuItem(); $item->isActive(true); $item->setPosition($i); $item->setMenuLink($this->getReference($linkRefName)); $item->setOrganization($department->getOffice()->getOrganization()); if (in_array($linkRefName, ['inventoryAuditLink', 'inventoryActionLink', 'inventoryLogLink'])) { $item->setParent($items[$deptRefName]['mainLink']); } else { if (in_array($linkRefName, ['adminInventoryLink', 'adminAccountingLink'])) { $item->setParent($items[$deptRefName]['adminLink']); } else { $item->setDepartment($department); } } $manager->persist($item); $items[$deptRefName][$linkRefName] = $item; $i++; } } $manager->flush(); $aclProvider = $this->container->get('security.acl.provider'); $devRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_DEV'); $adminRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_ADMIN'); $leadRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_LEAD'); $userRoleSecurityIdentity = new RoleSecurityIdentity('ROLE_USER'); foreach ($items as $deptItems) { foreach ($deptItems as $item) { $objectIdentity = ObjectIdentity::fromDomainObject($item); $acl = $aclProvider->createAcl($objectIdentity); $acl->insertObjectAce($userRoleSecurityIdentity, MaskBuilder::MASK_VIEW); $acl->insertObjectAce($adminRoleSecurityIdentity, MaskBuilder::MASK_OPERATOR); $aclProvider->updateAcl($acl); } } }
public function setOwner(Project $project, User $user, $save = true) { $project->setOwner($user); $objectIdentity = ObjectIdentity::fromDomainObject($project); $entry = $this->acl->createAcl($objectIdentity); $securityIdentity = UserSecurityIdentity::fromAccount($user); $entry->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER); $this->acl->updateAcl($entry); if ($save) { $this->saveProject($project); } }
/** * Save acl for new object * * @param Object $object * @param Integer $mask */ public function saveObjectAcl($object, $mask = MaskBuilder::MASK_OWNER) { // creating the ACL $objectIdentity = ObjectIdentity::fromDomainObject($object); $acl = $this->container->get('security.acl.provider')->createAcl($objectIdentity); // retrieving the security identity of the currently logged-in user $user = $this->container->get('security.context')->getToken()->getUser(); $securityIdentity = UserSecurityIdentity::fromAccount($user); // grant owner access $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER); $this->container->get('security.acl.provider')->updateAcl($acl); }
public function grantDefaultPrivileges($dbObject) { // creating the ACL $objectIdentity = ObjectIdentity::fromDomainObject($dbObject); $acl = $this->aclProvider->createAcl($objectIdentity); $user = $this->tokenStorage->getToken()->getUser(); $securityIdentity = UserSecurityIdentity::fromAccount($user); $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER); $securityIdentity = new RoleSecurityIdentity("ROLE_MODO"); $acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OPERATOR); $securityIdentity = new RoleSecurityIdentity("ROLE_ADMIN"); $acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER); $this->aclProvider->updateAcl($acl); }
/** * {@inheritdoc} */ public function getObjectIdentity($domainObject) { try { if ($domainObject instanceof ObjectIdentityInterface) { return $domainObject; } if (method_exists($domainObject, 'getId') && is_null($domainObject->getId())) { return new ObjectIdentity('CLASS', ClassUtils::getRealClass($domainObject)); } return ObjectIdentity::fromDomainObject($domainObject); } catch (InvalidDomainObjectException $failed) { return; } }
/** * This method is here to make your life better, so overwrite it * * @param \Symfony\Component\Form\Form $form the valid form * @param \Taskeet\MainBundle\Entity\Department $Department your \Taskeet\MainBundle\Entity\Department object */ public function postSave(\Symfony\Component\Form\Form $form, \Taskeet\MainBundle\Entity\Department $Department) { $proveedor = $this->container->get('security.acl.provider'); $idObjeto = ObjectIdentity::fromDomainObject($Department); //si el departamento tiene asignado un encargado se le asigna el perm owner if ($owner = $Department->getOwner()) { $this->setPermissions($proveedor, $idObjeto, $owner, MaskBuilder::MASK_OWNER); } //asignando permisos para ver a los miembros $users = $Department->getUsers(); foreach ($users as $user) { $this->setPermissions($proveedor, $idObjeto, $user, MaskBuilder::MASK_VIEW); } }
public function postPersist(LifecycleEventArgs $args) { $entity = $args->getEntity(); if ($entity instanceof Product) { // creating the ACL $aclProvider = $this->container->get('security.acl.provider'); $objectIdentity = ObjectIdentity::fromDomainObject($entity); $acl = $aclProvider->createAcl($objectIdentity); // retrieving the security identity of the currently logged-in user $securityIdentity = UserSecurityIdentity::fromAccount($entity->getUser()); // grant owner access $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER); $aclProvider->updateAcl($acl); } }
public function countOtherUserInTheSamePage($controller, $action, $entity) { $date = new \DateTime('@' . strtotime('-30 minutes')); $from = 'SELECT owner, entity FROM admin_log ' . 'WHERE created_at > "' . $date->format('Y-m-d H:i:s') . '" ' . 'AND controller = "\\\\' . str_replace('\\', '\\\\', $controller) . '" ' . 'AND action = "' . $action . '" ' . 'AND entity = "' . str_replace('\\', '\\\\', (string) ObjectIdentity::fromDomainObject($entity)) . '" ' . 'ORDER BY created_at DESC'; $sql = 'SELECT owner, entity FROM :from_result AS orderer_log GROUP BY owner'; $result = $this->getEntityManager()->getConnection()->executeQuery($sql, array('form_result' => $from)); $verif = $this->_getActualAdminEdition(); $return = $result->fetchAll(\PDO::FETCH_ASSOC); foreach ($return as $key => $result) { if (array_key_exists($result['owner'], $verif) && $verif[$result['owner']] != $result['entity']) { unset($return[$key]); } } return count($return); }
/** * execute * * @param InputInterface $input * @param OutputInterface $output * @access protected * @return void */ protected function execute(InputInterface $input, OutputInterface $output) { // creating the ACL $objectClass = $input->getArgument('objectClass'); $objectId = $input->getArgument('objectId'); $doctrine = $input->getOption('doctrine'); $entityManager = $input->getOption('entity-manager'); if (!$doctrine) { $doctrine = 'doctrine'; } if ($doctrine != 'doctrine' && $doctrine != 'doctrine_mongodb') { $output->writeln('<error>You have to choose between "doctrine" and "doctrine_mongodb"</error>'); return 1; } $object = $this->get($doctrine)->getManager($entityManager ?: null)->getRepository($objectClass)->find($objectId); if (!$object) { $output->writeln('<error>Unable to find the ' . $objectClass . ':' . $objectId . '</error>'); return 1; } $aclProvider = $this->get('security.acl.provider'); $objectIdentity = ObjectIdentity::fromDomainObject($object); try { $acl = $aclProvider->findAcl($objectIdentity); } catch (\Symfony\Component\Security\Acl\Exception\AclNotFoundException $e) { $output->writeln('<error>No previous acl found for ' . $objectClass . ':' . $objectId . '</error>'); return 1; } // retrieving the security identity of the currently logged-in user $username = $input->getArgument('username'); $user = $this->get('fos_user.user_manager')->findUserByUsernameOrEmail($username); if (!$user) { $output->writeln('<error>User ' . $username . ' not found.</error>'); return 1; } $securityIdentity = UserSecurityIdentity::fromAccount($user); $aceList = $acl->getObjectAces(); $i = 0; foreach ($aceList as $ace) { if ($ace->getSecurityIdentity() == $securityIdentity) { // Got it! Let's remove it! $output->writeln('got one'); $acl->deleteObjectAce($i); } $i++; } $aclProvider->updateAcl($acl); $output->writeln('<info>ACL successfully updated.</info>'); }
/** * {@inheritdoc} */ public function batchConfigureAcls(OutputInterface $output, AdminInterface $admin, UserSecurityIdentity $securityIdentity = null) { $securityHandler = $admin->getSecurityHandler(); if (!$securityHandler instanceof AclSecurityHandlerInterface) { $output->writeln('Admin class is not configured to use ACL : <info>ignoring</info>'); return; } $output->writeln(sprintf(' > generate ACLs for %s', $admin->getCode())); $objectOwnersMsg = is_null($securityIdentity) ? '' : ' and set the object owner'; /** @var DocumentManager $om */ $om = $admin->getModelManager()->getDocumentManager(); $qb = $om->createQueryBuilder($admin->getClass()); $count = 0; $countUpdated = 0; $countAdded = 0; try { $batchSize = 20; $batchSizeOutput = 200; $objectIds = array(); foreach ($qb->getQuery()->iterate() as $row) { $objectIds[] = ObjectIdentity::fromDomainObject($row); $objectIdIterator = new \ArrayIterator($objectIds); // detach from Doctrine, so that it can be Garbage-Collected immediately $om->detach($row); ++$count; if ($count % $batchSize == 0) { list($batchAdded, $batchUpdated) = $this->configureAcls($output, $admin, $objectIdIterator, $securityIdentity); $countAdded += $batchAdded; $countUpdated += $batchUpdated; $objectIds = array(); } if ($count % $batchSizeOutput == 0) { $output->writeln(sprintf(' - generated class ACEs%s for %s objects (added %s, updated %s)', $objectOwnersMsg, $count, $countAdded, $countUpdated)); } } if (count($objectIds) > 0) { list($batchAdded, $batchUpdated) = $this->configureAcls($output, $admin, $objectIdIterator, $securityIdentity); $countAdded += $batchAdded; $countUpdated += $batchUpdated; } } catch (\BadMethodCallException $e) { throw new ModelManagerException('', 0, $e); } $output->writeln(sprintf(' - [TOTAL] generated class ACEs%s for %s objects (added %s, updated %s)', $objectOwnersMsg, $count, $countAdded, $countUpdated)); }