/** * Tests if there is an access control list for the given object. * * @param string $objectId The object to lookup in the access control system * * @return bool Returns true if an access control list exists for the given object, otherwise false */ public function existsAcl($objectId, $objectType) { if ($objectId === null || $objectType === null) { return false; } try { $this->aclProvider->findAcl(new ObjectIdentity($objectId, $objectType)); return true; } catch (AclNotFoundException $exc) { return false; } }
/** * {@inheritdoc} */ public function vote(TokenInterface $token, $object, array $attributes) { if (!$object instanceof SecurityCondition) { return VoterInterface::ACCESS_ABSTAIN; } if ($object->getObjectType() === null || $object->getObjectId() === null) { return VoterInterface::ACCESS_ABSTAIN; } try { $objectIdentity = new ObjectIdentity($object->getObjectId(), $object->getObjectType()); $this->aclProvider->findAcl($objectIdentity); // only called to check if acl exists return parent::vote($token, $objectIdentity, $attributes); } catch (AclNotFoundException $exc) { return VoterInterface::ACCESS_ABSTAIN; } }
/** * Get Acl based on given OID and Parent OID * * @param ObjectIdentityInterface $oid * @param array $sids * @param ObjectIdentityInterface $rootOid * @return RootBasedAclWrapper|\Symfony\Component\Security\Acl\Model\AclInterface */ protected function getAcl(ObjectIdentityInterface $oid, array $sids, ObjectIdentityInterface $rootOid) { $acl = $this->baseAclProvider->findAcl($oid, $sids); try { $rootAcl = $this->baseAclProvider->findAcl($rootOid, $sids); } catch (AclNotFoundException $noRootAcl) { return $acl; } return new RootBasedAclWrapper($acl, $rootAcl); }
/** * Queries ACL with domain object * * @param object $domainObject * * @return boolean */ public function anonymousAclQueryWith($domainObject) { $oid = ObjectIdentity::fromDomainObject($domainObject); try { $acl = $this->aclProvider->findAcl($oid); $roleIdentity = new RoleSecurityIdentity('IS_AUTHENTICATED_ANONYMOUSLY'); return $acl->isGranted(array(MaskBuilder::MASK_VIEW), array($roleIdentity), false); } catch (\Exception $e) { return false; } }
/** * Get Acl based on given OID and Parent OID * * @param ObjectIdentityInterface $oid * @param array $sids * @param ObjectIdentityInterface $rootOid * @return RootBasedAclWrapper|\Symfony\Component\Security\Acl\Model\AclInterface */ protected function getAcl(ObjectIdentityInterface $oid, array $sids, ObjectIdentityInterface $rootOid) { $acl = $this->baseAclProvider->findAcl($oid, $sids); if ($this->baseAclProvider->isReplaceWithUnderlyingAcl($acl)) { $underlyingOid = $this->objectIdentityFactory->underlying($oid); return $this->getAcl($underlyingOid, $sids, $rootOid); } try { $rootAcl = $this->baseAclProvider->findAcl($rootOid, $sids); if ($this->baseAclProvider->isEmptyAcl($acl)) { return $rootAcl; } else { return new RootBasedAclWrapper($acl, $rootAcl); } } catch (AclNotFoundException $noRootAcl) { return $acl; } }
/** * Fetch ACL permissions for the specified entity * * @param object $object * * @return array */ protected function getAclPermissions($object) { $roles = array(); try { $objectIdentity = ObjectIdentity::fromDomainObject($object); /* @var AclInterface $acl */ $acl = $this->aclProvider->findAcl($objectIdentity); $objectAces = $acl->getObjectAces(); /* @var AuditableEntryInterface $ace */ foreach ($objectAces as $ace) { $securityIdentity = $ace->getSecurityIdentity(); if ($securityIdentity instanceof RoleSecurityIdentity && $ace->getMask() & MaskBuilder::MASK_VIEW != 0) { $roles[] = $securityIdentity->getRole(); } } } catch (AclNotFoundException $e) { // No ACL found... assume default $roles = array('IS_AUTHENTICATED_ANONYMOUSLY'); } return $roles; }
public function testNegativeVoteWithMultipleAttributes() { $this->aclProvider->findAcl(Argument::any())->willThrow(AclNotFoundException::class); $access = $this->voter->vote($this->token->reveal(), new SecurityCondition('sulu.security.roles', null), ['view', 'security']); $this->assertSame(VoterInterface::ACCESS_DENIED, $access); }