/**
* Deletes the given security identity.
*
* @param SID $sid
*/
public function deleteSid(SID $sid)
{
if ($this->isAclEnabled()) {
if ($sid instanceof RoleSecurityIdentity) {
/**
* Marking removed Role as Disabled instead of delete, because straight deleting role identity breaks
* ace indexes
* TODO: Create a job to remove marked role identities and rebuild ace indexes
*/
$disabledSid = new RoleSecurityIdentity($sid->getRole() . uniqid(self::ROLE_DISABLED_FLAG));
$this->aclProvider->updateSecurityIdentity($disabledSid, $sid->getRole());
} else {
$this->aclProvider->deleteSecurityIdentity($sid);
}
}
}
/**
* {@inheritDoc}
*/
public function equals(SecurityIdentityInterface $sid)
{
if (!$sid instanceof RoleSecurityIdentity) {
return false;
}
return $this->role === $sid->getRole();
}
/**
* {@inheritdoc}
*/
public function equals(SecurityIdentityInterface $sid)
{
if (!$sid instanceof JournalRoleSecurityIdentity) {
return false;
}
return $this->role === $sid->getRole() && (int) $this->journal === (int) $sid->getJournal();
}
/**
* Transform a given ACL security identity into a SecurityIdentity model.
*
* If there is no model entry given, a new one will be created and saved to the database.
*
* @throws \InvalidArgumentException
*
* @param \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface $aclIdentity
* @param \PropelPDO $con
*
* @return \Propel\PropelBundle\Model\Acl\SecurityIdentity
*/
public static function fromAclIdentity(SecurityIdentityInterface $aclIdentity, \PropelPDO $con = null)
{
if ($aclIdentity instanceof UserSecurityIdentity) {
$identifier = $aclIdentity->getClass() . '-' . $aclIdentity->getUsername();
$username = true;
} elseif ($aclIdentity instanceof RoleSecurityIdentity) {
$identifier = $aclIdentity->getRole();
$username = false;
} else {
throw new \InvalidArgumentException('The ACL identity must either be an instance of UserSecurityIdentity or RoleSecurityIdentity.');
}
$obj = SecurityIdentityQuery::create()->filterByIdentifier($identifier)->filterByUsername($username)->findOneOrCreate($con);
if ($obj->isNew()) {
$obj->save($con);
}
return $obj;
}
/**
* Constructs the SQL for selecting the primary key of a security identity.
*
* @param SecurityIdentityInterface $sid
* @throws \InvalidArgumentException
* @return string
*/
protected function getSelectSecurityIdentityIdSql(SecurityIdentityInterface $sid)
{
if ($sid instanceof UserSecurityIdentity) {
$identifier = $sid->getClass() . '-' . $sid->getUsername();
$username = true;
} elseif ($sid instanceof RoleSecurityIdentity) {
$identifier = $sid->getRole();
$username = false;
} else {
throw new \InvalidArgumentException('$sid must either be an instance of UserSecurityIdentity, or RoleSecurityIdentity.');
}
return sprintf('SELECT id FROM %s WHERE identifier = %s AND username = %s', $this->options['sid_table_name'], $this->connection->quote($identifier), $this->connection->getDatabasePlatform()->convertBooleans($username));
}
/**
* Constructs the SQL for updating a security identity.
*
* @param SecurityIdentityInterface $sid
* @param string $oldName
* @throws \InvalidArgumentException
* @return string
*/
protected function getUpdateSecurityIdentitySql(SecurityIdentityInterface $sid, $oldName)
{
if ($sid instanceof UserSecurityIdentity) {
if ($sid->getUsername() == $oldName) {
throw new \InvalidArgumentException('There are no changes.');
}
$oldIdentifier = $sid->getClass() . '-' . $oldName;
$newIdentifier = $sid->getClass() . '-' . $sid->getUsername();
$username = true;
} elseif ($sid instanceof RoleSecurityIdentity) {
if ($sid->getRole() == $oldName) {
throw new \InvalidArgumentException('There are no changes.');
}
$oldIdentifier = $oldName;
$newIdentifier = $sid->getRole();
$username = false;
} else {
throw new \InvalidArgumentException('$sid must either be an instance of UserSecurityIdentity, or RoleSecurityIdentity.');
}
return sprintf('UPDATE %s SET identifier = %s WHERE identifier = %s AND username = %s', $this->options['sid_table_name'], $this->connection->quote($newIdentifier), $this->connection->quote($oldIdentifier), $this->connection->getDatabasePlatform()->convertBooleans($username));
}
/**
* Create an array of the security identity for inserting in the document
*
* @param SecurityIdentityInterface $sid
* @throws \InvalidArgumentException
* @return array
*/
protected function getSecurityIdentityQuery(SecurityIdentityInterface $sid)
{
if ($sid instanceof UserSecurityIdentity) {
return array('username' => $sid->getUsername(), 'class' => $sid->getClass());
} else {
if ($sid instanceof RoleSecurityIdentity) {
return array('role' => $sid->getRole());
} else {
throw new \InvalidArgumentException('$sid must either be an instance of UserSecurityIdentity, or RoleSecurityIdentity.');
}
}
}
/**
* Constructs sql restriction based on sid specified as array and fills list
* of used sql params to be bind in prepared statement
*
* @param SecurityIdentityInterface $sid sid
* @param array &$valuesForBind list of params to be bind
*
* @return string
*/
private function getSidSqlRestriction(SecurityIdentityInterface $sid, &$valuesForBind)
{
if ($sid instanceof UserSecurityIdentity) {
$identifier = $sid->getClass() . '-' . $sid->getUsername();
$isUsername = true;
} elseif ($sid instanceof RoleSecurityIdentity) {
$identifier = $sid->getRole();
$isUsername = false;
} else {
throw new InvalidArgumentException('$sid must either be an instance of UserSecurityIdentity, or RoleSecurityIdentity.');
}
$sidSqlRestriction = sprintf("INNER JOIN %s s ON e.security_identity_id = s.id AND s.identifier = :identifier AND s.username = :username", $this->options['sid_table_name']);
$valuesForBind['identifier'] = ['value' => $identifier, 'type' => PDO::PARAM_STR];
$valuesForBind['username'] = ['value' => $isUsername, 'type' => PDO::PARAM_BOOL];
return $sidSqlRestriction;
}
/**
* Constructs the SQL for inserting a security identity.
*
* @param SecurityIdentityInterface $sid
*
* @throws \InvalidArgumentException
*
* @return string
*/
protected function getInsertSecurityIdentitySql(SecurityIdentityInterface $sid)
{
if ($sid instanceof UserSecurityIdentity) {
$identifier = $sid->getClass() . '-' . $sid->getUsername();
$username = true;
} elseif ($sid instanceof RoleSecurityIdentity) {
$identifier = $sid->getRole();
$username = false;
} elseif ($sid instanceof JournalRoleSecurityIdentity) {
$identifier = $sid->getIdentifier();
$username = false;
} else {
throw new \InvalidArgumentException('$sid must either be an instance of UserSecurityIdentity, JournalRoleSecurityIdentity or RoleSecurityIdentity.');
}
return sprintf('INSERT INTO %s (identifier, username) VALUES (%s, %s)', $this->options['sid_table_name'], $this->connection->quote($identifier), $this->connection->getDatabasePlatform()->convertBooleans($username));
}
/**
* Get Security Identifier and Username flag to create SQL queries
*
* @param SecurityIdentityInterface $sid
*
* @throws \InvalidArgumentException
*
* @return array
*/
protected function getSecurityIdentifier(SecurityIdentityInterface $sid)
{
if ($sid instanceof UserSecurityIdentity) {
return [$sid->getClass() . '-' . $sid->getUsername(), true];
} elseif ($sid instanceof RoleSecurityIdentity) {
return [$sid->getRole(), false];
} elseif ($sid instanceof BusinessUnitSecurityIdentity) {
return [$sid->getClass() . '-' . $sid->getId(), false];
} else {
throw new \InvalidArgumentException('$sid must either be an instance of UserSecurityIdentity or RoleSecurityIdentity' . ' or BusinessUnitSecurityIdentity.');
}
}
