/**
* Updates the limitations of a policy. The module and function cannot be changed and
* the limitations are replaced by the ones in $roleUpdateStruct
*
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to update a policy
* @throws \eZ\Publish\API\Repository\Exceptions\InvalidArgumentException if limitation of the same type is repeated in policy update
* struct or if limitation is not allowed on module/function
* @throws \eZ\Publish\API\Repository\Exceptions\LimitationValidationException if a limitation in the $policyUpdateStruct is not valid
*
* @param \eZ\Publish\API\Repository\Values\User\PolicyUpdateStruct $policyUpdateStruct
* @param \eZ\Publish\API\Repository\Values\User\Policy $policy
*
* @return \eZ\Publish\API\Repository\Values\User\Policy
*/
public function updatePolicy(APIPolicy $policy, APIPolicyUpdateStruct $policyUpdateStruct)
{
if (!is_string($policy->module)) {
throw new InvalidArgumentValue("module", $policy->module, "Policy");
}
if (!is_string($policy->function)) {
throw new InvalidArgumentValue("function", $policy->function, "Policy");
}
if ($this->repository->hasAccess('role', 'update') !== true) {
throw new UnauthorizedException('role', 'update');
}
$limitations = $policyUpdateStruct->getLimitations();
$limitationValidationErrors = $this->validatePolicy($policy->module, $policy->function, $limitations);
if (!empty($limitationValidationErrors)) {
throw new LimitationValidationException($limitationValidationErrors);
}
$spiPolicy = $this->buildPersistencePolicyObject($policy->module, $policy->function, $limitations);
$spiPolicy->id = $policy->id;
$spiPolicy->roleId = $policy->roleId;
$this->repository->beginTransaction();
try {
$this->userHandler->updatePolicy($spiPolicy);
$this->repository->commit();
} catch (Exception $e) {
$this->repository->rollback();
throw $e;
}
return $this->buildDomainPolicyObject($spiPolicy);
}
/**
* Updates the limitations of a policy. The module and function cannot be changed and
* the limitations are replaced by the ones in $roleUpdateStruct
*
* @throws \eZ\Publish\API\Repository\Exceptions\UnauthorizedException if the authenticated user is not allowed to u�date a policy
*
* @param \eZ\Publish\API\Repository\Values\User\PolicyUpdateStruct $policyUpdateStruct
* @param \eZ\Publish\API\Repository\Values\User\Policy $policy
*
* @return \eZ\Publish\API\Repository\Values\User\Policy
*/
public function updatePolicy(Policy $policy, PolicyUpdateStruct $policyUpdateStruct)
{
if (false === $this->repository->hasAccess('role', '*')) {
throw new UnauthorizedExceptionStub('What error code should be used?');
}
$newPolicy = new PolicyStub(array('id' => $policy->id, 'roleId' => $policy->roleId, 'module' => $policy->module, 'function' => $policy->function, 'limitations' => $policyUpdateStruct->getLimitations()));
$this->policies[$newPolicy->id] = $newPolicy;
$policies = $this->roles[$policy->roleId]->getPolicies();
foreach ($policies as $i => $rolePolicy) {
if ($rolePolicy->id !== $policy->id) {
continue;
}
$policies[$i] = $newPolicy;
break;
}
$this->roles[$policy->roleId] = new RoleStub(array('id' => $this->roles[$policy->roleId]->id, 'identifier' => $this->roles[$policy->roleId]->identifier), $policies);
return $newPolicy;
}
