/**
* Updates ACL
*
* @param \Sonata\AdminBundle\Util\AdminObjectAclData $data
*/
public function updateAcl(AdminObjectAclData $data)
{
foreach ($data->getAclUsers() as $aclUser) {
$securityIdentity = UserSecurityIdentity::fromAccount($aclUser);
$maskBuilder = new $this->maskBuilderClass();
foreach ($data->getUserPermissions() as $permission) {
if ($data->getForm()->get($aclUser->getId() . $permission)->getData()) {
$maskBuilder->add($permission);
}
}
$masks = $data->getMasks();
$acl = $data->getAcl();
// Restore OWNER and MASTER permissions
/*if (!$data->isOwner()) {
foreach ($data->getOwnerPermissions() as $permission) {
if ($acl->isGranted(array($masks[$permission]), array($securityIdentity))) {
$maskBuilder->add($permission);
}
}
}*/
$mask = $maskBuilder->get();
$index = null;
$ace = null;
foreach ($acl->getObjectAces() as $currentIndex => $currentAce) {
if ($currentAce->getSecurityIdentity()->equals($securityIdentity)) {
$index = $currentIndex;
$ace = $currentAce;
break;
}
}
if ($ace) {
$acl->updateObjectAce($index, $mask);
} else {
$acl->insertObjectAce($securityIdentity, $mask);
}
}
$data->getSecurityHandler()->updateAcl($acl);
}
/**
* Builds ACL.
*
* @param \Sonata\AdminBundle\Util\AdminObjectAclData $data
* @param \Symfony\Component\Form\Form $form
* @param \Traversable $aclValues
*/
protected function buildAcl(AdminObjectAclData $data, Form $form, \Traversable $aclValues)
{
$masks = $data->getMasks();
$acl = $data->getAcl();
$matrices = $form->getData();
foreach ($aclValues as $aclValue) {
foreach ($matrices as $key => $matrix) {
if ($aclValue instanceof UserInterface) {
if (array_key_exists('user', $matrix) && $aclValue->getUsername() === $matrix['user']) {
$matrices[$key]['acl_value'] = $aclValue;
}
} elseif (array_key_exists('role', $matrix) && $aclValue === $matrix['role']) {
$matrices[$key]['acl_value'] = $aclValue;
}
}
}
foreach ($matrices as $matrix) {
if (!isset($matrix['acl_value'])) {
continue;
}
$securityIdentity = $this->getSecurityIdentity($matrix['acl_value']);
$maskBuilder = new $this->maskBuilderClass();
foreach ($data->getUserPermissions() as $permission) {
if (isset($matrix[$permission]) && $matrix[$permission] === true) {
$maskBuilder->add($permission);
}
}
// Restore OWNER and MASTER permissions
if (!$data->isOwner()) {
foreach ($data->getOwnerPermissions() as $permission) {
if ($acl->isGranted(array($masks[$permission]), array($securityIdentity))) {
$maskBuilder->add($permission);
}
}
}
$mask = $maskBuilder->get();
$index = null;
$ace = null;
foreach ($acl->getObjectAces() as $currentIndex => $currentAce) {
if ($currentAce->getSecurityIdentity()->equals($securityIdentity)) {
$index = $currentIndex;
$ace = $currentAce;
break;
}
}
if ($ace) {
$acl->updateObjectAce($index, $mask);
} else {
$acl->insertObjectAce($securityIdentity, $mask);
}
}
$data->getSecurityHandler()->updateAcl($acl);
}
