/**
* @return JsonResponse
*/
public function getAction()
{
$securityFacade = $this->securityFacade;
$annotations = $this->aclProvider->getAnnotations();
$result = [];
foreach ($annotations as $annotation) {
$result[$annotation->getId()] = $securityFacade->isGranted($annotation->getId());
}
return new JsonResponse($result);
}
public function testCache()
{
$this->loader->expects($this->exactly(2))->method('load');
$this->cache->expects($this->at(0))->method('fetch');
$this->cache->expects($this->at(1))->method('save');
$this->cache->expects($this->at(2))->method('delete');
$this->cache->expects($this->at(3))->method('fetch');
$this->provider->warmUpCache();
$this->provider->clearCache();
$this->assertNull($this->provider->findAnnotationById('unknown'));
}
/**
* Checks if an access to a resource is granted to the caller
*
* @param string|string[] $attributes Can be a role name(s), permission name(s), an ACL annotation id
* or something else, it depends on registered security voters
* @param mixed $object A domain object, object identity or object identity descriptor (id:type)
* @return bool
*/
public function isGranted($attributes, $object = null)
{
if ($object === null && is_string($attributes) && ($annotation = $this->annotationProvider->findAnnotationById($attributes))) {
$this->logger->debug(sprintf('Check an access using "%s" ACL annotation.', $annotation->getId()));
$isGranted = $this->authorizationChecker->isGranted($annotation->getPermission(), $this->objectIdentityFactory->get($annotation));
} elseif (is_string($object)) {
$isGranted = $this->authorizationChecker->isGranted($attributes, $this->objectIdentityFactory->get($object));
} else {
$isGranted = $this->authorizationChecker->isGranted($attributes, $object);
}
return $isGranted;
}
/**
* Loads metadata and save them in cache
*/
protected function loadMetadata()
{
$data = array();
foreach ($this->annotationProvider->getAnnotations('action') as $annotation) {
$data[$annotation->getId()] = new ActionMetadata($annotation->getId(), $annotation->getGroup(), $annotation->getLabel());
}
if ($this->cache) {
$this->cache->save(self::CACHE_KEY, $data);
}
$this->localCache = $data;
}
/**
* Makes sure that metadata are loaded
*/
protected function ensureMetadataLoaded()
{
if ($this->localCache === null) {
$data = null;
if ($this->cache) {
$data = $this->cache->fetch(self::CACHE_KEY);
}
if (!$data) {
$data = [];
foreach ($this->annotationProvider->getAnnotations('action') as $annotation) {
$data[$annotation->getId()] = new ActionMetadata($annotation->getId(), $annotation->getGroup(), $annotation->getLabel());
}
if ($this->cache) {
$this->cache->save(self::CACHE_KEY, $data);
}
}
$this->localCache = $data;
}
}
/**
* Checks if an access to a resource is granted to the caller
*
* @param string|string[] $attributes Can be a role name(s), permission name(s), an ACL annotation id,
* string in format "permission;descriptor"
* (VIEW;entity:AcmeDemoBundle:AcmeEntity, EDIT;action:acme_action)
* or something else, it depends on registered security voters
* @param mixed $object A domain object, object identity or object identity descriptor (id:type)
* (entity:Acme/DemoBundle/Entity/AcmeEntity, action:some_action)
*
* @return bool
*/
public function isGranted($attributes, $object = null)
{
if (is_string($attributes) && ($annotation = $this->annotationProvider->findAnnotationById($attributes))) {
if ($object === null) {
$this->logger->debug(sprintf('Check class based an access using "%s" ACL annotation.', $annotation->getId()));
$isGranted = $this->securityContext->isGranted($annotation->getPermission(), $this->objectIdentityFactory->get($annotation));
} else {
$this->logger->debug(sprintf('Check object based an access using "%s" ACL annotation.', $annotation->getId()));
$isGranted = $this->securityContext->isGranted($annotation->getPermission(), $object);
}
} elseif (is_string($object)) {
$isGranted = $this->securityContext->isGranted($attributes, $this->objectIdentityFactory->get($object));
} else {
if (is_string($attributes) && $object == null) {
$delimiter = strpos($attributes, ';');
if ($delimiter) {
$object = substr($attributes, $delimiter + 1);
$attributes = substr($attributes, 0, $delimiter);
}
}
$isGranted = $this->securityContext->isGranted($attributes, $object);
}
return $isGranted;
}
public function testCache()
{
// Called when: warmUpCache, findAnnotationById, warmUpCache
$this->loader->expects($this->exactly(3))->method('load');
// First warmUpCache
$this->cache->expects($this->at(0))->method('save')->with(AclAnnotationProvider::CACHE_KEY);
// clearCache
$this->cache->expects($this->at(1))->method('delete')->with(AclAnnotationProvider::CACHE_KEY);
// First findAnnotationById
$this->cache->expects($this->at(2))->method('fetch')->with(AclAnnotationProvider::CACHE_KEY);
$this->cache->expects($this->at(3))->method('save')->with(AclAnnotationProvider::CACHE_KEY);
// Second warmUpCache
$this->cache->expects($this->at(4))->method('save')->with(AclAnnotationProvider::CACHE_KEY);
$this->provider->warmUpCache();
$this->provider->clearCache();
$this->assertNull($this->provider->findAnnotationById('unknown'));
$this->provider->warmUpCache();
$this->assertNull($this->provider->findAnnotationById('unknown'));
}
/**
* {inheritdoc}
*/
public function clear($cacheDir)
{
$this->provider->clearCache();
}
/**
* {inheritdoc}
*/
public function warmUp($cacheDir)
{
$this->provider->warmUpCache();
}
