/**
* @param Connection $connection
* @param UserInterface $user
*
* @return int[]
*/
private function findSidIds(Connection $connection, UserInterface $user = null)
{
$userSid = $this->aclIdentifier->getUserSecurityIdentity($user);
$queryBuilder = $connection->createQueryBuilder();
$queryBuilder->select('acl_s.id')->from($this->aclTables['sid'], 'acl_s')->where('acl_s.username = :username_true AND acl_s.identifier = :identifier')->setParameter('identifier', $userSid->getClass() . '-' . $userSid->getUsername())->setParameter('username_true', true, \PDO::PARAM_BOOL);
if (null === $user && null !== $this->tokenStorage->getToken()) {
$user = $this->tokenStorage->getToken()->getUser();
}
if ($user instanceof UserInterface) {
$roles = $this->roleHierarchy->getReachableRoles(array_map(function ($role) {
if (is_string($role)) {
$role = new Role($role);
}
return $role;
}, $user->getRoles()));
$roles = array_map(function (RoleInterface $role) {
return $role->getRole();
}, $roles);
if (!empty($roles)) {
$queryBuilder->orWhere('acl_s.username = :username_false AND acl_s.identifier IN (:roles)')->setParameter('roles', $roles, Connection::PARAM_STR_ARRAY)->setParameter('username_false', false, \PDO::PARAM_BOOL);
}
}
return array_map(function (array $row) {
return (int) $row['id'];
}, $queryBuilder->execute()->fetchAll());
}
/**
* @param string $type
* @param string|object $classOrObject
* @param null|string $field
*
* @return ObjectIdentity|FieldVote
*/
protected function getObjectToSecure($type, $classOrObject, $field = null)
{
$objectIdentity = $this->aclIdentifier->getObjectIdentity($type, $classOrObject);
if (null === $field) {
return $objectIdentity;
}
return new FieldVote($objectIdentity, $field);
}
/**
* @param string $function
* @param array $arguments
*
* @return mixed
*/
private function collectManagement($function, $arguments)
{
$this->stopwatch->start('acl.managements');
$result = call_user_func_array([$this->aclManager, $function], $arguments);
$periods = $this->stopwatch->stop('acl.managements')->getPeriods();
$oidType = 'Class' === substr($function, -5) ? AclIdentifierInterface::OID_TYPE_CLASS : AclIdentifierInterface::OID_TYPE_OBJECT;
if ('delete' === substr($function, 0, 6)) {
$permissions = null;
$oid = $this->aclIdentifier->getObjectIdentity($oidType, $arguments[0]);
$sid = null;
$field = null;
} else {
$permissions = $arguments[0];
$oid = $this->aclIdentifier->getObjectIdentity($oidType, $arguments[1]);
$sid = false !== strpos($function, 'Role') ? $this->aclIdentifier->getRoleSecurityIdentity($arguments[2]) : $this->aclIdentifier->getUserSecurityIdentity(isset($arguments[2]) ? $arguments[2] : null);
$field = isset($arguments[3]) ? $arguments[3] : null;
}
$this->managements[] = ['method' => $function, 'permissions' => (array) $permissions, 'oid' => $oid, 'sid' => $sid, 'field' => $field, 'time' => end($periods)->getDuration()];
return $result;
}
/**
* @param string $function
* @param array $arguments
*
* @return mixed
*/
private function collectCheck($function, array $arguments)
{
$this->stopwatch->start('acl.checks');
$result = call_user_func_array([$this->aclChecker, $function], $arguments);
$periods = $this->stopwatch->stop('acl.checks')->getPeriods();
$oidType = 'Class' === substr($function, -5) ? AclIdentifierInterface::OID_TYPE_CLASS : AclIdentifierInterface::OID_TYPE_OBJECT;
if ('is' === substr($function, 0, 2)) {
$attributes = $arguments[0];
$field = isset($arguments[2]) ? $arguments[2] : null;
$oid = $this->getObjectToSecure->invoke($this->aclChecker, $oidType, $arguments[1], $field);
$sid = $this->aclIdentifier->getUserSecurityIdentity();
} else {
$sid = 'role' === substr($function, 0, 4) ? $this->aclIdentifier->getRoleSecurityIdentity($arguments[0]) : $this->aclIdentifier->getUserSecurityIdentity($arguments[0]);
$attributes = $arguments[1];
$field = isset($arguments[3]) ? $arguments[3] : null;
$oid = $this->getObjectToSecure->invoke($this->aclChecker, $oidType, $arguments[2], $field);
}
$isFieldVote = $oid instanceof FieldVote;
$this->checks[] = ['method' => $function, 'result' => $result, 'attributes' => (array) $attributes, 'oid' => $isFieldVote ? $oid->getDomainObject() : $oid, 'sid' => $sid, 'field' => $isFieldVote ? $oid->getField() : null, 'time' => end($periods)->getDuration()];
return $result;
}
/**
* {@inheritdoc}
*/
public function deleteAclForObject($object)
{
$this->aclProvider->deleteAcl($this->aclIdentifier->getObjectIdentity(AclIdentifierInterface::OID_TYPE_OBJECT, $object));
}
