/** * Check organization. If user try to access entity what was created in organization this user do not have access - * deny access. We should check organization for all the entities what have ownership * (USER, BUSINESS_UNIT, ORGANIZATION ownership types) * * @param mixed $object * @param OrganizationContextTokenInterface $securityToken * @return bool */ protected function isAccessDeniedByOrganizationContext($object, OrganizationContextTokenInterface $securityToken) { try { // try to get entity organization value $objectOrganization = $this->entityOwnerAccessor->getOrganization($object); // check entity organization with current organization if ($objectOrganization && $objectOrganization->getId() !== $securityToken->getOrganizationContext()->getId()) { return true; } } catch (InvalidEntityException $e) { // in case if entity has no organization field (none ownership type) } return false; }
/** * @param OnClearEventArgs $event * @param OrganizationContextTokenInterface $token */ protected function checkOrganization(OnClearEventArgs $event, OrganizationContextTokenInterface $token) { $organization = $token->getOrganizationContext(); if (!is_object($organization)) { return; } $organizationClass = ClassUtils::getClass($organization); if ($event->getEntityClass() && $event->getEntityClass() !== $organizationClass) { return; } $em = $event->getEntityManager(); if ($em !== $this->doctrine->getManagerForClass($organizationClass)) { return; } $organization = $this->refreshEntity($organization, $organizationClass, $em); if (!$organization) { return; } $token->setOrganizationContext($organization); }
/** * @param mixed $organization * @param OrganizationContextTokenInterface $token * @throws \InvalidArgumentException */ protected function setOrganization($organization, OrganizationContextTokenInterface $token) { if (!$organization) { return; } $organizationRepository = $this->registry->getRepository('OroOrganizationBundle:Organization'); $organizationId = filter_var($organization, FILTER_VALIDATE_INT); if ($organizationId) { $organizationEntity = $organizationRepository->find($organizationId); } else { $organizationEntity = $organizationRepository->findOneBy(['name' => $organization]); } if ($organizationEntity) { // organization must be enabled if (!$organizationEntity->isEnabled()) { throw new \InvalidArgumentException(sprintf('Organization %s is not enabled', $organizationEntity->getName())); } $user = $token->getUser(); if ($user && $user instanceof User && !$user->hasOrganization($organizationEntity)) { throw new \InvalidArgumentException(sprintf('User %s is not in organization %s', $user->getUsername(), $organizationEntity->getName())); } $token->setOrganizationContext($organizationEntity); } else { throw new \InvalidArgumentException(sprintf('Can\'t find organization with identifier %s', $organization)); } }
public function testSerialize() { $newToken = unserialize(serialize($this->token)); $this->assertEquals($newToken->getUser()->getId(), $this->token->getUser()->getId()); $this->assertEquals($newToken->getOrganizationContext()->getId(), $this->token->getOrganizationContext()->getId()); }