示例#1
0
 /**
  * {@inheritDoc}
  */
 public function getObjectIdentity($domainObject)
 {
     try {
         return $this->objectIdentityFactory->get($domainObject);
     } catch (InvalidDomainObjectException $failed) {
         return null;
     }
 }
示例#2
0
 /**
  * Checks if an access to a resource is granted to the caller
  *
  * @param string|string[] $attributes Can be a role name(s), permission name(s), an ACL annotation id
  *                                    or something else, it depends on registered security voters
  * @param  mixed $object A domain object, object identity or object identity descriptor (id:type)
  * @return bool
  */
 public function isGranted($attributes, $object = null)
 {
     if ($object === null && is_string($attributes) && ($annotation = $this->annotationProvider->findAnnotationById($attributes))) {
         $this->logger->debug(sprintf('Check an access using "%s" ACL annotation.', $annotation->getId()));
         $isGranted = $this->authorizationChecker->isGranted($annotation->getPermission(), $this->objectIdentityFactory->get($annotation));
     } elseif (is_string($object)) {
         $isGranted = $this->authorizationChecker->isGranted($attributes, $this->objectIdentityFactory->get($object));
     } else {
         $isGranted = $this->authorizationChecker->isGranted($attributes, $object);
     }
     return $isGranted;
 }
示例#3
0
 public function testFromActionAclAnnotation()
 {
     $obj = new AclAnnotation(array('id' => 'test_action', 'type' => 'action'));
     $id = $this->factory->get($obj);
     $this->assertEquals('action', $id->getIdentifier());
     $this->assertEquals('test_action', $id->getType());
 }
示例#4
0
 /**
  * {@inheritdoc}
  */
 public function findAcl(ObjectIdentityInterface $oid, array $sids = array())
 {
     $rootOid = $this->objectIdentityFactory->root($oid);
     try {
         $acl = $this->getAcl($oid, $sids, $rootOid);
     } catch (AclNotFoundException $noAcl) {
         try {
             // Try to get ACL for underlying object
             $underlyingOid = $this->objectIdentityFactory->underlying($oid);
             $acl = $this->getAcl($underlyingOid, $sids, $rootOid);
         } catch (\Exception $noUnderlyingAcl) {
             // Try to get ACL for root object
             try {
                 $this->baseAclProvider->cacheEmptyAcl($oid);
                 return $this->baseAclProvider->findAcl($rootOid, $sids);
             } catch (AclNotFoundException $noRootAcl) {
                 throw new AclNotFoundException(sprintf('There is no ACL for %s. The root ACL %s was not found as well.', $oid, $rootOid), 0, $noAcl);
             }
         }
     }
     return $acl;
 }
示例#5
0
 /**
  * Get Acl based on given OID and Parent OID
  *
  * @param ObjectIdentityInterface $oid
  * @param array $sids
  * @param ObjectIdentityInterface $rootOid
  * @return RootBasedAclWrapper|\Symfony\Component\Security\Acl\Model\AclInterface
  */
 protected function getAcl(ObjectIdentityInterface $oid, array $sids, ObjectIdentityInterface $rootOid)
 {
     $acl = $this->baseAclProvider->findAcl($oid, $sids);
     if ($this->baseAclProvider->isReplaceWithUnderlyingAcl($acl)) {
         $underlyingOid = $this->objectIdentityFactory->underlying($oid);
         return $this->getAcl($underlyingOid, $sids, $rootOid);
     }
     try {
         $rootAcl = $this->baseAclProvider->findAcl($rootOid, $sids);
         if ($this->baseAclProvider->isEmptyAcl($acl)) {
             return $rootAcl;
         } else {
             return new RootBasedAclWrapper($acl, $rootAcl);
         }
     } catch (AclNotFoundException $noRootAcl) {
         return $acl;
     }
 }
示例#6
0
 /**
  * Checks if an access to a resource is granted to the caller
  *
  * @param string|string[] $attributes Can be a role name(s), permission name(s), an ACL annotation id,
  *                                    string in format "permission;descriptor"
  *                                    (VIEW;entity:AcmeDemoBundle:AcmeEntity, EDIT;action:acme_action)
  *                                    or something else, it depends on registered security voters
  * @param  mixed          $object     A domain object, object identity or object identity descriptor (id:type)
  *                                    (entity:Acme/DemoBundle/Entity/AcmeEntity,  action:some_action)
  *
  * @return bool
  */
 public function isGranted($attributes, $object = null)
 {
     if (is_string($attributes) && ($annotation = $this->annotationProvider->findAnnotationById($attributes))) {
         if ($object === null) {
             $this->logger->debug(sprintf('Check class based an access using "%s" ACL annotation.', $annotation->getId()));
             $isGranted = $this->securityContext->isGranted($annotation->getPermission(), $this->objectIdentityFactory->get($annotation));
         } else {
             $this->logger->debug(sprintf('Check object based an access using "%s" ACL annotation.', $annotation->getId()));
             $isGranted = $this->securityContext->isGranted($annotation->getPermission(), $object);
         }
     } elseif (is_string($object)) {
         $isGranted = $this->securityContext->isGranted($attributes, $this->objectIdentityFactory->get($object));
     } else {
         if (is_string($attributes) && $object == null) {
             $delimiter = strpos($attributes, ';');
             if ($delimiter) {
                 $object = substr($attributes, $delimiter + 1);
                 $attributes = substr($attributes, 0, $delimiter);
             }
         }
         $isGranted = $this->securityContext->isGranted($attributes, $object);
     }
     return $isGranted;
 }
示例#7
0
 /**
  * Constructs an ObjectIdentity is used for grant default permissions
  * if more appropriate permissions are not specified
  *
  * @param string $extensionKey The ACL extension key
  * @return OID
  */
 public function getRootOid($extensionKey)
 {
     return $this->objectIdentityFactory->root($extensionKey);
 }