/** * @param OnClearEventArgs $event * @param OrganizationContextTokenInterface $token */ protected function checkOrganization(OnClearEventArgs $event, OrganizationContextTokenInterface $token) { $organization = $token->getOrganizationContext(); if (!is_object($organization)) { return; } $organizationClass = ClassUtils::getClass($organization); if ($event->getEntityClass() && $event->getEntityClass() !== $organizationClass) { return; } $em = $event->getEntityManager(); if ($em !== $this->doctrine->getManagerForClass($organizationClass)) { return; } $organization = $this->refreshEntity($organization, $organizationClass, $em); if (!$organization) { return; } $token->setOrganizationContext($organization); }
/** * Check organization. If user try to access entity what was created in organization this user do not have access - * deny access. We should check organization for all the entities what have ownership * (USER, BUSINESS_UNIT, ORGANIZATION ownership types) * * @param mixed $object * @param OrganizationContextTokenInterface $securityToken * @return bool */ protected function isAccessDeniedByOrganizationContext($object, OrganizationContextTokenInterface $securityToken) { try { // try to get entity organization value $objectOrganization = $this->entityOwnerAccessor->getOrganization($object); // check entity organization with current organization if ($objectOrganization && $objectOrganization->getId() !== $securityToken->getOrganizationContext()->getId()) { return true; } } catch (InvalidEntityException $e) { // in case if entity has no organization field (none ownership type) } return false; }
public function testSerialize() { $newToken = unserialize(serialize($this->token)); $this->assertEquals($newToken->getUser()->getId(), $this->token->getUser()->getId()); $this->assertEquals($newToken->getOrganizationContext()->getId(), $this->token->getOrganizationContext()->getId()); }