/** * @param string $group * @return int */ protected function checkAclGroup($group) { if ($group === null || !$this->groupProvider || !$this->object) { return self::ACCESS_ABSTAIN; } return $group === $this->groupProvider->getGroup() ? self::ACCESS_ABSTAIN : self::ACCESS_DENIED; }
/** * Get data for query acl access level check * Return empty array if entity has full access, null if user does't have access to the entity * and array with entity field and field values which user have access. * * @param $entityClassName * @param $permissions * * @return null|array */ public function getAclConditionData($entityClassName, $permissions = 'VIEW') { if ($this->aclVoter === null || !$this->getUserId() || !$this->entityMetadataProvider->isProtectedEntity($entityClassName)) { // return full access to the entity return []; } $observer = new OneShotIsGrantedObserver(); $this->aclVoter->addOneShotIsGrantedObserver($observer); $groupedEntityClassName = $entityClassName; if ($this->aclGroupProvider) { $group = $this->aclGroupProvider->getGroup(); if ($group) { $groupedEntityClassName = sprintf('%s@%s', $this->aclGroupProvider->getGroup(), $entityClassName); } } $isGranted = $this->getSecurityContext()->isGranted($permissions, new ObjectIdentity('entity', $groupedEntityClassName)); if ($isGranted) { $condition = $this->buildConstraintIfAccessIsGranted($entityClassName, $observer->getAccessLevel(), $this->metadataProvider->getMetadata($entityClassName)); } else { $condition = $this->getAccessDeniedCondition(); } return $condition; }