The closure sandbox will do a catch all on exceptions and rethrow after
re-setting the sudo flag.
Example use:
$location = $repository->sudo(
function ( Repository $repo ) use ( $locationId )
{
return $repo->getLocationService()->loadLocation( $locationId )
}
);
public function updateUserContext(UserContext $context) { $user = $this->repository->getCurrentUser(); /** @var \eZ\Publish\API\Repository\Values\User\RoleAssignment[] $roleAssignments */ $roleAssignments = $this->repository->sudo(function (Repository $repository) use($user) { return $repository->getRoleService()->getRoleAssignmentsForUser($user, true); }); $roleIds = array(); $limitationValues = array(); /** @var UserRoleAssignment $roleAssignment */ foreach ($roleAssignments as $roleAssignment) { $roleId = $roleAssignment->getRole()->id; $roleIds[] = $roleId; $limitation = $roleAssignment->getRoleLimitation(); // If a limitation is present, store the limitation values by roleId if ($limitation !== null) { $limitationValuesKey = sprintf('%s-%s', $roleId, $limitation->getIdentifier()); $limitationValues[$limitationValuesKey] = array(); foreach ($limitation->limitationValues as $value) { $limitationValues[$limitationValuesKey][] = $value; } } } $context->addParameter('roleIdList', $roleIds); $context->addParameter('roleLimitationList', $limitationValues); }
public function setIdentity(Identity $identity) { $user = $this->repository->getCurrentUser(); $roleAssignments = $this->repository->sudo(function ($repository) use($user) { return $repository->getRoleService()->getRoleAssignmentsForUser($user, true); }); $roleIds = array(); $limitationValues = array(); /** @var UserRoleAssignment $roleAssignment */ foreach ($roleAssignments as $roleAssignment) { $roleIds[] = $roleAssignment->role->id; // If a limitation is present, store the limitation values by roleId if ($roleAssignment->limitation !== null) { $limitationValuesKey = "{$roleAssignment->role->id}-" . $roleAssignment->limitation->getIdentifier(); $limitationValues[$limitationValuesKey] = array(); foreach ($roleAssignment->limitation->limitationValues as $value) { $limitationValues[$limitationValuesKey][] = $value; } } } $identity->setInformation('roleIdList', implode('|', $roleIds)); // Flatten each limitation values to a string and then store it as Identity information $limitationValuesFlattened = array(); foreach ($limitationValues as $roleId => $limitationArray) { $limitationValuesFlattened[] = "{$roleId}:" . implode('|', $limitationArray); } $identity->setInformation('roleLimitationList', implode(',', $limitationValuesFlattened)); }
public function loadLocation(ContentInfo $contentInfo) { if (is_null($contentInfo->mainLocationId)) { throw new NotFoundException('main location of content', $contentInfo->id); } try { return $this->repository->sudo(function (Repository $repository) use($contentInfo) { return $repository->getLocationService()->loadLocation($contentInfo->mainLocationId); }); } catch (Exception $e) { throw new NotFoundException('main location of content', $contentInfo->id); } }
public function userIsSubscriber(User $user) { $roleService = $this->repository->getRoleService(); return $this->repository->sudo(function (Repository $repository) use($user, $roleService) { foreach ($repository->getUserService()->loadUserGroupsOfUser($user) as $group) { foreach ($roleService->getRoleAssignmentsForUserGroup($group) as $role) { if ($this->isSubscriberRole($role->role)) { return true; } } } return false; }); }
/** * Loads a location by its locationId, regardless to user limitations since the router is invoked BEFORE security (no user authenticated yet). * Not to be used for link generation. * * @param int $locationId * * @return \eZ\Publish\Core\Repository\Values\Content\Location */ public function loadLocation($locationId) { return $this->repository->sudo(function (Repository $repository) use($locationId) { /* @var $repository \eZ\Publish\Core\Repository\Repository */ return $repository->getLocationService()->loadLocation($locationId); }); }
public function onContentCacheClear(ContentCacheClearEvent $event) { $contentInfo = $event->getContentInfo(); $versionInfo = $this->contentService->loadVersionInfo($contentInfo); foreach ($this->contentService->loadRelations($versionInfo) as $relation) { foreach ($this->locationService->loadLocations($relation->getDestinationContentInfo()) as $relatedLocation) { $event->addLocationToClear($relatedLocation); } } // Using sudo since loading reverse relations is conditioned to content/reverserelatedlist permission and we don't need this check here. /** @var \eZ\Publish\API\Repository\Values\Content\Relation[] $reverseRelations */ $reverseRelations = $this->repository->sudo(function () use($contentInfo) { return $this->contentService->loadReverseRelations($contentInfo); }); foreach ($reverseRelations as $reverseRelation) { foreach ($this->locationService->loadLocations($reverseRelation->getSourceContentInfo()) as $relatedLocation) { $event->addLocationToClear($relatedLocation); } } }
/** * Checks embed permissions for the given Location $id and returns the Location. * * @throws \Symfony\Component\Security\Core\Exception\AccessDeniedException * * @param int|string $id * * @return \eZ\Publish\API\Repository\Values\Content\Location */ protected function checkLocation($id) { /** @var \eZ\Publish\API\Repository\Values\Content\Location $location */ $location = $this->repository->sudo(function (Repository $repository) use($id) { return $repository->getLocationService()->loadLocation($id); }); // Check both 'content/read' and 'content/view_embed'. if (!$this->authorizationChecker->isGranted(new AuthorizationAttribute('content', 'read', array('valueObject' => $location->contentInfo, 'targets' => $location))) && !$this->authorizationChecker->isGranted(new AuthorizationAttribute('content', 'view_embed', array('valueObject' => $location->contentInfo, 'targets' => $location)))) { throw new AccessDeniedException(); } return $location; }