/** * {@inheritDoc} */ public function isGranted(AclInterface $acl, array $masks, array $sids, $administrativeMode = false) { $result = null; // check object ACEs $aces = $acl->getObjectAces(); if (!empty($aces)) { $result = $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode); } // check class ACEs if object ACEs were not found if ($result === null) { $aces = $acl->getClassAces(); if (!empty($aces)) { $result = $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode); } } // check parent ACEs if object and class ACEs were not found if ($result === null && $acl->isEntriesInheriting()) { $parentAcl = $acl->getParentAcl(); if ($parentAcl !== null) { $result = $parentAcl->isGranted($masks, $sids, $administrativeMode); } } // throw NoAceFoundException if no any ACEs were found if ($result === null) { throw new NoAceFoundException(); } return $result; }
/** * {@inheritDoc} */ public function isGranted(AclInterface $acl, array $masks, array $sids, $administrativeMode = false) { try { try { $aces = $acl->getObjectAces(); if (!$aces) { throw static::$noAceException; } return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode); } catch (NoAceFoundException $noObjectAce) { $aces = $acl->getClassAces(); if (!$aces) { throw static::$noAceException; } return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode); } } catch (NoAceFoundException $noClassAce) { if ($acl->isEntriesInheriting() && null !== ($parentAcl = $acl->getParentAcl())) { return $parentAcl->isGranted($masks, $sids, $administrativeMode); } throw new NoAceFoundException('No applicable ACE was found.'); } }
/** * Get object ACE mask at specified index. * * @param AclInterface $acl The acl interface * @param int $index The index * * @return bool|int */ private function getMaskAtIndex(AclInterface $acl, $index) { $objectAces = $acl->getObjectAces(); /* @var $ace AuditableEntryInterface */ $ace = $objectAces[$index]; $securityIdentity = $ace->getSecurityIdentity(); if ($securityIdentity instanceof RoleSecurityIdentity) { return $ace->getMask(); } return false; }
/** * Extracts SIDs from ACL depending on entity config to prevent deletion of sharing when sharing scope is changed. * * @param AclInterface $acl * * @return array */ protected function extractSids(AclInterface $acl) { $sids = []; foreach ($acl->getObjectAces() as $key => $ace) { /** @var Entry $ace */ $sid = $ace->getSecurityIdentity(); if ($this->isSidApplicable($sid)) { $sids[$key] = $sid; } } return $sids; }