/** * Updates or creates ACE with the given attributes for the given ACL * * @param ACL $acl * @param AclExtensionInterface $extension * @param bool $replace If true the mask and strategy of the existing ACE should be replaced with the given ones * @param string $type The ACE type. Can be one of AclManager::*_ACE constants * @param string|null $field The name of a field. * Set to null for class-based or object-based ACE * Set to not null class-field-based or object-field-based ACE * @param SID $sid * @param bool $granting * @param int $mask * @param string|null $strategy If null the strategy should not be changed for existing ACE * or the appropriate strategy should be selected automatically for new ACE * ALL strategy is used for $granting = true * ANY strategy is used for $granting = false * @return bool True if a permission was updated or created */ public function setPermission(ACL $acl, AclExtensionInterface $extension, $replace, $type, $field, SID $sid, $granting, $mask, $strategy = null) { $hasChanges = false; $found = false; $maskServiceBits = $extension->getServiceBits($mask); $aces = $this->getAces($acl, $type, $field); foreach ($aces as $index => $ace) { if ($sid->equals($ace->getSecurityIdentity()) && $granting === $ace->isGranting()) { if ($mask === $ace->getMask() && ($strategy === null || $strategy === $ace->getStrategy())) { $found = true; } elseif ($replace && $maskServiceBits === $extension->getServiceBits($ace->getMask())) { $this->updateAce($acl, $type, $field, $index, $mask, $strategy); $found = true; $hasChanges = true; } } } if (!$found) { $this->insertAce($acl, $type, $field, 0, $sid, $granting, $mask, $strategy); $hasChanges = true; } return $hasChanges; }
/** * Gets a list of masks from permissions given in $permissions argument * * @param ArrayCollection|AclPermission[] $permissions * @param AclExtensionInterface $extension * @param MaskBuilder[] $maskBuilders * @return int[] */ protected function getPermissionMasks($permissions, AclExtensionInterface $extension, array $maskBuilders) { $masks = array(); foreach ($maskBuilders as $maskBuilder) { $maskBuilder->reset(); } foreach ($permissions as $permission) { $maskBuilder = $maskBuilders[$permission->getName()]; $accessLevelName = AccessLevel::getAccessLevelName($permission->getAccessLevel()); if ($accessLevelName !== null) { $maskName = 'MASK_' . $permission->getName() . '_' . $accessLevelName; // check if a mask builder supports access levels if (!$maskBuilder->hasConst($maskName)) { // remove access level name from the mask name if a mask builder do not support access levels $maskName = 'MASK_' . $permission->getName(); } $maskBuilder->add($maskBuilder->getConst($maskName)); } $masks[$extension->getServiceBits($maskBuilder->get())] = $maskBuilder->get(); } return array_values($masks); }