/**
* @covers Kunstmaan\AdminBundle\Helper\Security\Acl\Permission\MaskBuilder::has
* @covers Kunstmaan\AdminBundle\Helper\Security\Acl\Permission\MaskBuilder::add
* @expectedException \InvalidArgumentException
*/
public function testHasWithInvalidMask()
{
$builder = new MaskBuilder();
$builder->add('edit')->add('view');
$builder->has(null);
}
/**
* Apply the specified ACL changeset.
*
* @param AbstractEntity $entity The entity
* @param array $changeset The changeset
* @param bool $recursive The recursive
*/
public function applyAclChangeset(AbstractEntity $entity, $changeset, $recursive = true)
{
if ($recursive) {
if (!method_exists($entity, 'getChildren')) {
return;
}
// Iterate over children and apply recursively
/** @noinspection PhpUndefinedMethodInspection */
foreach ($entity->getChildren() as $child) {
$this->applyAclChangeset($child, $changeset);
}
}
// Apply ACL modifications to node
$objectIdentity = $this->oidRetrievalStrategy->getObjectIdentity($entity);
try {
/* @var $acl MutableAclInterface */
$acl = $this->aclProvider->findAcl($objectIdentity);
} catch (AclNotFoundException $e) {
/* @var $acl MutableAclInterface */
$acl = $this->aclProvider->createAcl($objectIdentity);
}
// Process permissions in changeset
foreach ($changeset as $role => $roleChanges) {
$index = $this->getObjectAceIndex($acl, $role);
$mask = 0;
if (false !== $index) {
$mask = $this->getMaskAtIndex($acl, $index);
}
foreach ($roleChanges as $type => $permissions) {
$maskChange = new MaskBuilder();
foreach ($permissions as $permission) {
$maskChange->add($permission);
}
switch ($type) {
case self::ADD:
$mask = $mask | $maskChange->get();
break;
case self::DELETE:
$mask = $mask & ~$maskChange->get();
break;
}
}
if (false !== $index) {
$acl->updateObjectAce($index, $mask);
} else {
$securityIdentity = new RoleSecurityIdentity($role);
$acl->insertObjectAce($securityIdentity, $mask);
}
}
$this->aclProvider->updateAcl($acl);
}
