protected function updateManagerRole(AclManager $manager) { $sid = $manager->getSid($this->getReference('manager_role')); // grant to view other user's calendar for the same business unit $oid = $manager->getOid('entity:Oro\\Bundle\\CalendarBundle\\Entity\\CalendarConnection'); $maskBuilder = $manager->getMaskBuilder($oid)->add('VIEW_SYSTEM'); $manager->setPermission($sid, $oid, $maskBuilder->get()); // grant to manage own calendar events $oid = $manager->getOid('entity:Oro\\Bundle\\CalendarBundle\\Entity\\CalendarEvent'); $maskBuilder = $manager->getMaskBuilder($oid)->add('VIEW_SYSTEM')->add('CREATE_SYSTEM')->add('EDIT_SYSTEM')->add('DELETE_SYSTEM'); $manager->setPermission($sid, $oid, $maskBuilder->get()); }
protected function updateUserRole(AclManager $manager) { $sid = $manager->getSid($this->getRole(LoadRolesData::ROLE_ADMINISTRATOR)); $oid = $manager->getOid('entity:Oro\\Bundle\\EmailBundle\\Entity\\Email'); $maskBuilder = $manager->getMaskBuilder($oid)->add('VIEW_SYSTEM')->add('CREATE_SYSTEM')->add('EDIT_SYSTEM'); $manager->setPermission($sid, $oid, $maskBuilder->get()); }
/** * @param AclManager $aclManager * @return AccountUserRole */ protected function createAdministratorRole(AclManager $aclManager) { $chainMetadataProvider = $this->container->get('oro_security.owner.metadata_provider.chain'); $allowedEntities = $this->getFrontendOwnedEntities(); $allowedAcls = ['VIEW_LOCAL', 'CREATE_LOCAL', 'EDIT_LOCAL', 'DELETE_LOCAL', 'ASSIGN_LOCAL']; $role = $this->createEntity(self::ADMINISTRATOR, $this->defaultRoles[self::ADMINISTRATOR]); if ($aclManager->isAclEnabled()) { $sid = $aclManager->getSid($role); foreach ($aclManager->getAllExtensions() as $extension) { if ($extension instanceof EntityAclExtension) { $chainMetadataProvider->startProviderEmulation(FrontendOwnershipMetadataProvider::ALIAS); foreach ($allowedEntities as $className) { $oid = $aclManager->getOid('entity:' . $className); $builder = $aclManager->getMaskBuilder($oid); $mask = $builder->reset()->get(); foreach ($allowedAcls as $acl) { $mask = $builder->add($acl)->get(); } $aclManager->setPermission($sid, $oid, $mask); } $chainMetadataProvider->stopProviderEmulation(); } else { $this->setPermissionGroup($aclManager, $extension, $sid, 'GROUP_ALL'); } } } return $role; }
protected function updateManagerRole(AclManager $manager) { $sid = $manager->getSid($this->getRole(LoadRolesData::ROLE_MANAGER)); // grant to manage own calendar events $oid = $manager->getOid('entity:Oro\\Bundle\\CalendarBundle\\Entity\\CalendarEvent'); $maskBuilder = $manager->getMaskBuilder($oid)->add('VIEW_SYSTEM')->add('CREATE_SYSTEM')->add('EDIT_SYSTEM')->add('DELETE_SYSTEM'); $manager->setPermission($sid, $oid, $maskBuilder->get()); }
/** * @param string $class * @param int $mask * @return boolean */ protected function isGrantedEntityMask($class, $mask) { if (!$class) { return false; } $descriptor = sprintf('entity:%s', ClassUtils::getRealClass($class)); $oid = $this->aclManager->getOid($descriptor); return $this->isGrantedOidMask($oid, $class, $mask); }
protected function updateUserRole(AclManager $manager) { $roles = ['ROLE_ONLINE_SALES_REP', 'ROLE_MARKETING_MANAGER', 'ROLE_LEADS_DEVELOPMENT_REP']; foreach ($roles as $roleName) { $sid = $manager->getSid($this->getRole($roleName)); $oid = $manager->getOid('entity:Oro\\Bundle\\EmailBundle\\Entity\\EmailUser'); $maskBuilder = $manager->getMaskBuilder($oid)->add('VIEW_BASIC')->add('CREATE_BASIC')->add('EDIT_BASIC'); $manager->setPermission($sid, $oid, $maskBuilder->get()); } }
protected function updateUserRole(AclManager $manager) { $roles = [LoadRolesData::ROLE_USER, LoadRolesData::ROLE_MANAGER]; foreach ($roles as $roleName) { $sid = $manager->getSid($this->getRole($roleName)); $oid = $manager->getOid('entity:Oro\\Bundle\\EmailBundle\\Entity\\EmailUser'); $maskBuilder = $manager->getMaskBuilder($oid)->add('VIEW_BASIC')->add('CREATE_BASIC')->add('EDIT_BASIC'); $manager->setPermission($sid, $oid, $maskBuilder->get()); } }
/** * @param AclManager $aclManager * @param SecurityIdentityInterface $sid * @param array $permissions */ protected function setPermissions(AclManager $aclManager, SecurityIdentityInterface $sid, array $permissions) { foreach ($permissions as $permission => $acls) { $oid = $aclManager->getOid(str_replace('|', ':', $permission)); $builder = $aclManager->getMaskBuilder($oid); $builder->reset(); if ($acls) { foreach ($acls as $acl) { $builder->add($acl); } } $mask = $builder->get(); $aclManager->setPermission($sid, $oid, $mask); } }
/** * @param ObjectManager $manager * @param AclManager $aclManager */ protected function setBuyerShoppingListPermissions(ObjectManager $manager, AclManager $aclManager) { $chainMetadataProvider = $this->container->get('oro_security.owner.metadata_provider.chain'); $allowedAcls = ['VIEW_BASIC', 'CREATE_BASIC', 'EDIT_BASIC', 'DELETE_BASIC']; $role = $this->getBuyerRole($manager); if ($aclManager->isAclEnabled()) { $sid = $aclManager->getSid($role); $className = $this->container->getParameter('orob2b_shopping_list.entity.shopping_list.class'); foreach ($aclManager->getAllExtensions() as $extension) { if ($extension instanceof EntityAclExtension) { $chainMetadataProvider->startProviderEmulation(FrontendOwnershipMetadataProvider::ALIAS); $oid = $aclManager->getOid('entity:' . $className); $builder = $aclManager->getMaskBuilder($oid); $mask = $builder->reset()->get(); foreach ($allowedAcls as $acl) { $mask = $builder->add($acl)->get(); } $aclManager->setPermission($sid, $oid, $mask); $chainMetadataProvider->stopProviderEmulation(); } } } }
public function testGetOid() { $oid = new ObjectIdentity('test', 'test'); $this->objectIdentityFactory->expects($this->once())->method('get')->with($this->equalTo('test'))->will($this->returnValue($oid)); $this->assertTrue($oid === $this->manager->getOid('test')); }
/** * @param AclManager $aclManager * @param AccountUserRole $role * @param string $className * @param array $allowedAcls */ protected function setRolePermissions(AclManager $aclManager, AccountUserRole $role, $className, array $allowedAcls) { /* @var $chainMetadataProvider ChainMetadataProvider */ $chainMetadataProvider = $this->container->get('oro_security.owner.metadata_provider.chain'); if ($aclManager->isAclEnabled()) { $sid = $aclManager->getSid($role); foreach ($aclManager->getAllExtensions() as $extension) { if ($extension instanceof EntityAclExtension) { $chainMetadataProvider->startProviderEmulation(FrontendOwnershipMetadataProvider::ALIAS); $oid = $aclManager->getOid('entity:' . $className); $builder = $aclManager->getMaskBuilder($oid); $mask = $builder->reset()->get(); foreach ($allowedAcls as $acl) { $mask = $builder->add($acl)->get(); } $aclManager->setPermission($sid, $oid, $mask); $chainMetadataProvider->stopProviderEmulation(); } } } }