/**
* {@inheritDoc}
*/
public function getObjectIdentity($domainObject)
{
try {
return $this->objectIdentityFactory->get($domainObject);
} catch (InvalidDomainObjectException $failed) {
return null;
}
}
/**
* Checks if an access to a resource is granted to the caller
*
* @param string|string[] $attributes Can be a role name(s), permission name(s), an ACL annotation id
* or something else, it depends on registered security voters
* @param mixed $object A domain object, object identity or object identity descriptor (id:type)
* @return bool
*/
public function isGranted($attributes, $object = null)
{
if ($object === null && is_string($attributes) && ($annotation = $this->annotationProvider->findAnnotationById($attributes))) {
$this->logger->debug(sprintf('Check an access using "%s" ACL annotation.', $annotation->getId()));
$isGranted = $this->authorizationChecker->isGranted($annotation->getPermission(), $this->objectIdentityFactory->get($annotation));
} elseif (is_string($object)) {
$isGranted = $this->authorizationChecker->isGranted($attributes, $this->objectIdentityFactory->get($object));
} else {
$isGranted = $this->authorizationChecker->isGranted($attributes, $object);
}
return $isGranted;
}
public function testFromActionAclAnnotation()
{
$obj = new AclAnnotation(array('id' => 'test_action', 'type' => 'action'));
$id = $this->factory->get($obj);
$this->assertEquals('action', $id->getIdentifier());
$this->assertEquals('test_action', $id->getType());
}
/**
* Checks if an access to a resource is granted to the caller
*
* @param string|string[] $attributes Can be a role name(s), permission name(s), an ACL annotation id,
* string in format "permission;descriptor"
* (VIEW;entity:AcmeDemoBundle:AcmeEntity, EDIT;action:acme_action)
* or something else, it depends on registered security voters
* @param mixed $object A domain object, object identity or object identity descriptor (id:type)
* (entity:Acme/DemoBundle/Entity/AcmeEntity, action:some_action)
*
* @return bool
*/
public function isGranted($attributes, $object = null)
{
if (is_string($attributes) && ($annotation = $this->annotationProvider->findAnnotationById($attributes))) {
if ($object === null) {
$this->logger->debug(sprintf('Check class based an access using "%s" ACL annotation.', $annotation->getId()));
$isGranted = $this->securityContext->isGranted($annotation->getPermission(), $this->objectIdentityFactory->get($annotation));
} else {
$this->logger->debug(sprintf('Check object based an access using "%s" ACL annotation.', $annotation->getId()));
$isGranted = $this->securityContext->isGranted($annotation->getPermission(), $object);
}
} elseif (is_string($object)) {
$isGranted = $this->securityContext->isGranted($attributes, $this->objectIdentityFactory->get($object));
} else {
if (is_string($attributes) && $object == null) {
$delimiter = strpos($attributes, ';');
if ($delimiter) {
$object = substr($attributes, $delimiter + 1);
$attributes = substr($attributes, 0, $delimiter);
}
}
$isGranted = $this->securityContext->isGranted($attributes, $object);
}
return $isGranted;
}
/**
* Constructs an ObjectIdentity for the given domain object or based on the given descriptor
*
* The descriptor is a string in the following format: "ExtensionKey:Class"
*
* Examples:
* getOid($object)
* getOid('Entity:AcmeBundle\SomeClass')
* getOid('Entity:AcmeBundle:SomeEntity')
* getOid('Action:Some Action')
*
* @param mixed $val An domain object, object identity descriptor (id:type) or ACL annotation
* @return OID
* @throws InvalidDomainObjectException
*/
public function getOid($val)
{
return $this->objectIdentityFactory->get($val);
}
