/** * Adds permissions to the given $privilege based on the given ACEs. * The $permissions argument is used to filter privileges for the given permissions only. * * @param AclPrivilege $privilege * @param string[] $permissions * @param EntryInterface[] $aces * @param AclExtensionInterface $extension * @param bool $itIsRootAcl */ protected function addAcesPermissions(AclPrivilege $privilege, array $permissions, array $aces, AclExtensionInterface $extension, $itIsRootAcl = false) { if (empty($aces)) { return; } foreach ($aces as $ace) { if (!$ace->isGranting()) { // denying ACE is not supported continue; } $mask = $ace->getMask(); if ($itIsRootAcl) { $mask = $extension->adaptRootMask($mask, $privilege->getIdentity()->getId()); } if ($extension->removeServiceBits($mask) === 0) { foreach ($permissions as $permission) { if (!$privilege->hasPermission($permission)) { $privilege->addPermission(new AclPermission($permission, AccessLevel::NONE_LEVEL)); } } } else { foreach ($extension->getPermissions($mask) as $permission) { if (!$privilege->hasPermission($permission) && in_array($permission, $permissions)) { $privilege->addPermission($this->getAclPermission($extension, $permission, $mask, $privilege)); } } } } }