/** * Applies ACL conditions to the search query * * @param Query $query * @param string $permission * * @return Query */ public function apply(Query $query, $permission = 'VIEW') { $querySearchAliases = $this->getSearchAliases($query); $allowedAliases = []; $ownerExpressions = []; $expr = $query->getCriteria()->expr(); if (count($querySearchAliases) !== 0) { foreach ($querySearchAliases as $entityAlias) { $className = $this->mappingProvider->getEntityClass($entityAlias); if ($className) { $ownerField = sprintf('%s_owner', $entityAlias); $condition = $this->ownershipDataBuilder->getAclConditionData($className, $permission); if (count($condition) === 0 || !($condition[0] === null && $condition[3] === null)) { $allowedAliases[] = $entityAlias; // in case if we should not limit data for entity if (count($condition) === 0 || $condition[1] === null) { $ownerExpressions[] = $expr->gte('integer.' . $ownerField, SearchListener::EMPTY_OWNER_ID); continue; } $owners = !empty($condition[1]) ? $condition[1] : SearchListener::EMPTY_OWNER_ID; $ownerExpressions[] = !is_array($owners) || count($owners) === 1 ? $expr->eq('integer.' . $ownerField, $owners) : $expr->in('integer.' . $ownerField, $owners); } } } } if (count($ownerExpressions) !== 0) { $query->getCriteria()->andWhere(new CompositeExpression(CompositeExpression::TYPE_OR, $ownerExpressions)); } $query->from($allowedAliases); $this->addOrganizationLimits($query, $expr); return $query; }
/** * @dataProvider dataProvider */ public function testApply(QueryBuilder $queryBuilder, $conditions, $resultHandler, $walkerResult, $exception) { $eventDispatcher = $this->getMock('Symfony\\Component\\EventDispatcher\\EventDispatcherInterface'); $this->conditionBuilder = $this->getMockBuilder('Oro\\Bundle\\SecurityBundle\\ORM\\Walker\\OwnershipConditionDataBuilder')->disableOriginalConstructor()->getMock(); $this->conditionBuilder->expects($this->any())->method('getAclConditionData')->will($this->returnCallback(function ($entityName, $permission) use($conditions) { if (isset($conditions[$entityName])) { return $conditions[$entityName]; } return null; })); $conditionalFactorBuilder = new AclConditionalFactorBuilder(); $this->helper = new AclHelper($this->conditionBuilder, $eventDispatcher, $conditionalFactorBuilder); $query = $this->helper->apply($queryBuilder); $this->{$resultHandler}($query->getHints()); $parserResult = $this->getMockBuilder('Doctrine\\ORM\\Query\\ParserResult')->disableOriginalConstructor()->getMock(); $this->assertEquals($query->getDQL(), $queryBuilder->getDQL()); $this->walker = new AclWalker($query, $parserResult, []); $resultAst = $this->walker->walkSelectStatement($query->getAST()); $this->{$walkerResult}($resultAst); if ($exception) { list($class, $message) = $exception; $this->setExpectedException($class, $message); } $this->assertNotEmpty($query->getSQL()); }
public function testGetUserIdWithNonLoginUser() { $token = $this->getMock('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface'); $token->expects($this->any())->method('getUser')->will($this->returnValue('anon')); $this->securityContext->expects($this->any())->method('getToken')->will($this->returnValue($token)); $this->assertNull($this->builder->getUserId()); }
/** * @dataProvider dataProvider */ public function testApply(QueryBuilder $queryBuilder, $conditions, $resultHandler, $walkerResult) { $this->conditionBuilder = $this->getMockBuilder('Oro\\Bundle\\SecurityBundle\\ORM\\Walker\\OwnershipConditionDataBuilder')->disableOriginalConstructor()->getMock(); $this->conditionBuilder->expects($this->any())->method('getAclConditionData')->will($this->returnCallback(function ($entityName, $permission) use($conditions) { if (isset($conditions[$entityName])) { return $conditions[$entityName]; } return null; })); $this->helper = new AclHelper($this->conditionBuilder); $query = $this->helper->apply($queryBuilder); $this->{$resultHandler}($query->getHints()); $parserResult = $this->getMockBuilder('Doctrine\\ORM\\Query\\ParserResult')->disableOriginalConstructor()->getMock(); $this->assertEquals($query->getDQL(), $queryBuilder->getDQL()); $this->walker = new AclWalker($query, $parserResult, []); $resultAst = $this->walker->walkSelectStatement($query->getAST()); $this->{$walkerResult}($resultAst); }
/** * Process where and join statements * * @param RangeVariableDeclaration $rangeVariableDeclaration * @param string $permission * * @return Node|null */ protected function processRangeVariableDeclarationShare(RangeVariableDeclaration $rangeVariableDeclaration, $permission) { $entityName = $rangeVariableDeclaration->abstractSchemaName; $entityAlias = $rangeVariableDeclaration->aliasIdentificationVariable; $resultData = $this->builder->getAclShareData($entityName, $entityAlias, $permission); if (!empty($resultData)) { list($shareCondition, $queryComponents) = $resultData; $this->addQueryComponents($queryComponents); return $shareCondition; } return null; }
/** * Process where statement * * @param RangeVariableDeclaration $rangeVariableDeclaration * @param $permission * @param bool $isJoin * @return null|AclCondition|JoinAclCondition */ protected function processRangeVariableDeclaration(RangeVariableDeclaration $rangeVariableDeclaration, $permission, $isJoin = false) { $this->addEntityAlias($rangeVariableDeclaration); $entityName = $rangeVariableDeclaration->abstractSchemaName; $entityAlias = $rangeVariableDeclaration->aliasIdentificationVariable; $resultData = $this->builder->getAclConditionData($entityName, $permission); if ($resultData === null || !empty($resultData)) { $entityField = $value = null; if (!empty($resultData)) { list($entityField, $value) = $resultData; } if ($isJoin) { return new JoinAclCondition($entityAlias, $entityField, $value); } else { return new AclCondition($entityAlias, $entityField, $value); } } return null; }
/** * Process where statement * * @param RangeVariableDeclaration $rangeVariableDeclaration * @param string $permission * @param bool $isJoin * @param bool $isSubRequest * * @return null|AclCondition|JoinAclCondition */ protected function processRangeVariableDeclaration(RangeVariableDeclaration $rangeVariableDeclaration, $permission, $isJoin = false, $isSubRequest = false) { $this->addEntityAlias($rangeVariableDeclaration); $entityName = $rangeVariableDeclaration->abstractSchemaName; $entityAlias = $rangeVariableDeclaration->aliasIdentificationVariable; $isUserTable = in_array($rangeVariableDeclaration->abstractSchemaName, [self::ORO_USER_CLASS]); $resultData = false; if (!$isUserTable || $rangeVariableDeclaration->isRoot) { $resultData = $this->builder->getAclConditionData($entityName, $permission); } if ($resultData !== false && ($resultData === null || !empty($resultData))) { $entityField = $value = $pathExpressionType = $organizationField = $organizationValue = $ignoreOwner = null; if (!empty($resultData)) { list($entityField, $value, $pathExpressionType, $organizationField, $organizationValue, $ignoreOwner) = $resultData; } if ($isJoin) { return new JoinAclCondition($entityAlias, $entityField, $value, $pathExpressionType, $organizationField, $organizationValue, $ignoreOwner); } else { return new AclCondition($entityAlias, $entityField, $value, $pathExpressionType, $organizationField, $organizationValue, $ignoreOwner); } } return null; }