/**
  * @covers Kunstmaan\AdminBundle\Helper\Security\Acl\Permission\MaskBuilder::has
  * @covers Kunstmaan\AdminBundle\Helper\Security\Acl\Permission\MaskBuilder::add
  * @expectedException \InvalidArgumentException
  */
 public function testHasWithInvalidMask()
 {
     $builder = new MaskBuilder();
     $builder->add('edit')->add('view');
     $builder->has(null);
 }
 /**
  * Apply the specified ACL changeset.
  *
  * @param AbstractEntity $entity    The entity
  * @param array          $changeset The changeset
  * @param bool           $recursive The recursive
  */
 public function applyAclChangeset(AbstractEntity $entity, $changeset, $recursive = true)
 {
     if ($recursive) {
         if (!method_exists($entity, 'getChildren')) {
             return;
         }
         // Iterate over children and apply recursively
         /** @noinspection PhpUndefinedMethodInspection */
         foreach ($entity->getChildren() as $child) {
             $this->applyAclChangeset($child, $changeset);
         }
     }
     // Apply ACL modifications to node
     $objectIdentity = $this->oidRetrievalStrategy->getObjectIdentity($entity);
     try {
         /* @var $acl MutableAclInterface */
         $acl = $this->aclProvider->findAcl($objectIdentity);
     } catch (AclNotFoundException $e) {
         /* @var $acl MutableAclInterface */
         $acl = $this->aclProvider->createAcl($objectIdentity);
     }
     // Process permissions in changeset
     foreach ($changeset as $role => $roleChanges) {
         $index = $this->getObjectAceIndex($acl, $role);
         $mask = 0;
         if (false !== $index) {
             $mask = $this->getMaskAtIndex($acl, $index);
         }
         foreach ($roleChanges as $type => $permissions) {
             $maskChange = new MaskBuilder();
             foreach ($permissions as $permission) {
                 $maskChange->add($permission);
             }
             switch ($type) {
                 case self::ADD:
                     $mask = $mask | $maskChange->get();
                     break;
                 case self::DELETE:
                     $mask = $mask & ~$maskChange->get();
                     break;
             }
         }
         if (false !== $index) {
             $acl->updateObjectAce($index, $mask);
         } else {
             $securityIdentity = new RoleSecurityIdentity($role);
             $acl->insertObjectAce($securityIdentity, $mask);
         }
     }
     $this->aclProvider->updateAcl($acl);
 }