public function testFindByAclIdentityFilterSecurityIdentity()
{
// Another Entry, should not be found (different SecurityIdentity).
$entry = $this->createEntry();
$entry->setObjectIdentityId(1)->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN')))->setAclClass($this->getAclClass())->setMask(64)->save($this->con);
$this->assertEquals(2, EntryQuery::create()->count($this->con));
$entries = EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')), $this->con);
$this->assertCount(1, $entries);
$this->assertEquals(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER'))->getId(), $entries[0]->getSecurityIdentityId());
}
public function testFromAclIdentityWithRole()
{
$secIdentity = new RoleSecurityIdentity(new Role('ROLE_USER'));
$identity = SecurityIdentity::fromAclIdentity($secIdentity, $this->con);
$this->assertInstanceOf('Propel\\PropelBundle\\Model\\Acl\\SecurityIdentity', $identity);
$this->assertEquals(false, $identity->getUsername());
$this->assertEquals('ROLE_USER', $identity->getIdentifier());
$this->assertGreaterThan(0, $identity->getId());
$dbEntry = SecurityIdentityQuery::create()->findPk($identity->getId());
$this->assertInstanceOf('Propel\\PropelBundle\\Model\\Acl\\SecurityIdentity', $dbEntry);
}
/**
* Transform a given ACL entry into a Entry model.
*
* The entry will not be persisted!
*
* @param \Symfony\Component\Security\Acl\Model\EntryInterface $aclEntry
*
* @return \Propel\PropelBundle\Model\Acl\Entry
*/
public static function fromAclEntry(EntryInterface $aclEntry)
{
$entry = new self();
// Already persisted before?
if ($aclEntry->getId()) {
$entry->setId($aclEntry->getId());
}
$entry->setMask($aclEntry->getMask())->setGranting($aclEntry->isGranting())->setGrantingStrategy($aclEntry->getStrategy())->setSecurityIdentity(SecurityIdentity::fromAclIdentity($aclEntry->getSecurityIdentity()));
if ($aclEntry instanceof FieldEntryInterface) {
$entry->setFieldName($aclEntry->getField());
}
if ($aclEntry instanceof AuditableEntryInterface) {
$entry->setAuditFailure($aclEntry->isAuditFailure())->setAuditSuccess($aclEntry->isAuditSuccess());
}
return $entry;
}
public function testConstruct()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\\PropelBundle\\Model\\Acl\\Entry');
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$model = $this->createEntry();
$model->setAuditFailure(true);
$model->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()));
$entry = new Entry($model, $acl);
$this->assertEquals($model->getMask(), $entry->getMask());
$this->assertEquals($model->getGranting(), $entry->isGranting());
$this->assertEquals($model->getGrantingStrategy(), $entry->getStrategy());
$this->assertEquals($model->getAuditFailure(), $entry->isAuditFailure());
$this->assertEquals($model->getAuditSuccess(), $entry->isAuditSuccess());
$this->assertEquals($this->getRoleSecurityIdentity(), $entry->getSecurityIdentity());
return $entry;
}
/**
* Return Entry objects filtered by an ACL related ObjectIdentity.
*
* @see find()
*
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity An ACL related ObjectIdentity.
* @param array $securityIdentities A list of SecurityIdentity to filter by.
* @param \PropelPDO $con
*
* @return \PropelObjectCollection
*/
public function findByAclIdentity(ObjectIdentityInterface $objectIdentity, array $securityIdentities = array(), \PropelPDO $con = null)
{
$securityIds = array();
foreach ($securityIdentities as $eachIdentity) {
if (!$eachIdentity instanceof SecurityIdentityInterface) {
if (is_object($eachIdentity)) {
$errorMessage = sprintf('The list of security identities contains at least one invalid entry of class "%s". Please provide objects of classes implementing "Symfony\\Component\\Security\\Acl\\Model\\SecurityIdentityInterface" only.', get_class($eachIdentity));
} else {
$errorMessage = sprintf('The list of security identities contains at least one invalid entry "%s". Please provide objects of classes implementing "Symfony\\Component\\Security\\Acl\\Model\\SecurityIdentityInterface" only.', $eachIdentity);
}
throw new \InvalidArgumentException($errorMessage);
}
if ($securityIdentity = SecurityIdentity::fromAclIdentity($eachIdentity)) {
$securityIds[$securityIdentity->getId()] = $securityIdentity->getId();
}
}
$this->useAclClassQuery(null, \Criteria::INNER_JOIN)->filterByType((string) $objectIdentity->getType())->endUse()->leftJoinObjectIdentity()->add(ObjectIdentityPeer::OBJECT_IDENTIFIER, (string) $objectIdentity->getIdentifier(), \Criteria::EQUAL)->addOr(EntryPeer::OBJECT_IDENTITY_ID, null, \Criteria::ISNULL);
if (!empty($securityIdentities)) {
$this->filterBySecurityIdentityId($securityIds);
}
return $this->find($con);
}
protected function createModelEntry()
{
$entry = new ModelEntry();
$entry->setId(42)->setAclClass($this->getAclClass())->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))->setAuditFailure(true)->setAuditSuccess(false)->setGrantingStrategy('all')->setGranting(true)->setMask(64);
return $entry;
}
public function testSerializeUnserialize()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\\PropelBundle\\Model\\Acl\\Entry');
$entry = $this->createEntry();
$entry->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN')))->setAclClass($this->getAclClass());
$collection->append($entry);
$acl = new MutableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$serialized = serialize($acl);
$unserialized = unserialize($serialized);
$this->assertNotEmpty($serialized);
$this->assertNotEmpty($unserialized);
$this->assertInstanceOf('Propel\\PropelBundle\\Security\\Acl\\Domain\\MutableAcl', $unserialized);
$this->assertEquals($serialized, serialize($unserialized));
}
/**
* Retrieve the persisted model for the given ACE.
*
* If none is given, null is returned.
*
* @param \Symfony\Component\Security\Acl\Model\EntryInterface $ace
*
* @return \Propel\PropelBundle\Model\Acl\Entry|null
*/
protected function getPersistedAce(EntryInterface $ace, ObjectIdentity $objectIdentity, $object = false)
{
if (null !== $ace->getId() and null !== ($entry = EntryQuery::create()->findPk($ace->getId(), $this->connection))) {
$entry->reload(true, $this->connection);
return $entry;
}
/*
* The id is not set, but there may be an ACE in the database.
*
* This happens if the ACL has created new ACEs, but was not reloaded.
* We try to retrieve one by the unique key.
*/
$ukQuery = EntryQuery::create()->filterByAclClass($objectIdentity->getAclClass($this->connection))->filterBySecurityIdentity(SecurityIdentity::fromAclIdentity($ace->getSecurityIdentity(), $this->connection));
if (true === $object) {
$ukQuery->filterByObjectIdentity($objectIdentity);
} else {
$ukQuery->filterByObjectIdentityId(null, \Criteria::ISNULL);
}
if ($ace instanceof FieldEntryInterface) {
$ukQuery->filterByFieldName($ace->getField());
} else {
$ukQuery->filterByFieldName(null, \Criteria::ISNULL);
}
return $ukQuery->findOne($this->connection);
}
/**
* @depends testFindAclWithEntries
*/
public function testFindAclReadsFromCache()
{
$this->cache = new AclCache();
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))->setAclClass($obj->getAclClass())->setMask(64);
$obj->addEntry($entry)->save($this->con);
// Read and put into cache
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')));
$this->cache->content[1] = $acl;
// Change database
EntryQuery::create()->update(array(EntryPeer::translateFieldName(EntryPeer::MASK, \BasePeer::TYPE_COLNAME, \BasePeer::TYPE_PHPNAME) => 128), $this->con);
$this->assertEquals(0, EntryQuery::create()->filterByMask(64)->count($this->con));
// Verify cache has been read
$cachedAcl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')));
$cachedObjectAces = $cachedAcl->getObjectAces();
$this->assertSame($acl, $cachedAcl);
$this->assertEquals(64, $cachedObjectAces[0]->getMask());
}
/**
* Create a new ACL Entry.
*
* @param int $mask
* @param int $index
* @param \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface $securityIdentity
* @param string $strategy
* @param bool $granting
* @param string $field
*
* @return \Propel\PropelBundle\Security\Acl\Domain\Entry|\Propel\PropelBundle\Security\Acl\Domain\FieldEntry
*/
protected function createAce($mask, $index, SecurityIdentityInterface $securityIdentity, $strategy = null, $granting = true, $field = null)
{
if (!is_int($mask)) {
throw new \InvalidArgumentException('The given mask is not valid. Please provide an integer.');
}
// Compatibility with default implementation
if (null === $strategy) {
if (true === $granting) {
$strategy = PermissionGrantingStrategy::ALL;
} else {
$strategy = PermissionGrantingStrategy::ANY;
}
}
$model = new ModelEntry();
$model->setAceOrder($index)->setMask($mask)->setGrantingStrategy($strategy)->setGranting($granting)->setSecurityIdentity(SecurityIdentity::fromAclIdentity($securityIdentity));
if (null !== $field) {
$model->setFieldName($field);
return new FieldEntry($model, $this);
}
return new Entry($model, $this);
}
/**
* @depends testUpdateObjectAuditing
*/
public function testUpdateClassFieldAuditing()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\\PropelBundle\\Model\\Acl\\Entry');
$entry = $this->createEntry();
$entry->setFieldName('name')->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))->setAclClass($this->getAclClass());
$collection->append($entry);
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$aces = $acl->getClassFieldAces('name');
$this->assertCount(1, $aces);
$acl->updateClassFieldAuditing(0, 'name', true, true);
$aces = $acl->getClassFieldAces('name');
$this->assertTrue($aces[0]->isAuditSuccess());
$this->assertTrue($aces[0]->isAuditFailure());
$acl->updateClassFieldAuditing(0, 'name', false, false);
$aces = $acl->getClassFieldAces('name');
$this->assertFalse($aces[0]->isAuditSuccess());
$this->assertFalse($aces[0]->isAuditFailure());
}
