/** * Validate configs nad fill default values * * @param DatagridConfiguration $config */ public function processConfigs(DatagridConfiguration $config) { $configItems = $config->offsetGetOr(Configuration::BASE_CONFIG_KEY, []); $configuration = new Configuration(Configuration::BASE_CONFIG_KEY); $normalizedConfigItems = $this->validateConfiguration($configuration, [Configuration::BASE_CONFIG_KEY => $configItems]); $isGranted = $this->securityFacade->isGranted('EDIT', 'entity:' . $configItems['entity_name']); //according to ACL disable inline editing for the whole grid if (!$isGranted) { $normalizedConfigItems[Configuration::CONFIG_KEY_ENABLE] = false; } // replace config values by normalized, extra keys passed directly $resultConfigItems = array_replace_recursive($configItems, $normalizedConfigItems); if (is_null($resultConfigItems['save_api_accessor']['default_route_parameters']['className'])) { $resultConfigItems['save_api_accessor']['default_route_parameters']['className'] = $this->entityClassNameHelper->getUrlSafeClassName($configItems['entity_name']); } $config->offsetSet(Configuration::BASE_CONFIG_KEY, $resultConfigItems); //add inline editing where it is possible, do not use ACL, because additional parameters for columns needed $columns = $config->offsetGetOr(FormatterConfiguration::COLUMNS_KEY, []); $blackList = $configuration->getBlackList(); foreach ($columns as $columnName => &$column) { if (!in_array($columnName, $blackList)) { $newColumn = $this->guesser->getColumnOptions($columnName, $configItems['entity_name'], $column); //frontend type key must not be replaced with default value $typeKey = PropertyInterface::FRONTEND_TYPE_KEY; if (!empty($newColumn[$typeKey])) { $column[$typeKey] = $newColumn[$typeKey]; } $column = array_replace_recursive($newColumn, $column); } } $config->offsetSet(FormatterConfiguration::COLUMNS_KEY, $columns); }
/** * @param object $object * @param int $depth * @param bool $ignoreAcl * @param Organization|null $organization * * @return Recipient[] */ public function getRecipients($object, $depth = 1, $ignoreAcl = false, Organization $organization = null) { $recipients = []; if ($this->isAccessDenyForOrganization($object, $ignoreAcl, $organization)) { return $recipients; } if (!$depth || ($ignoreAcl || !$this->securityFacade->isGranted('VIEW', $object))) { if (!$depth || $this->securityFacade->getLoggedUser() !== $object) { return $recipients; } } $className = ClassUtils::getClass($object); $metadata = $this->getMetadata($className); $attributes = $this->initAttributes($className, $metadata); foreach ($metadata->associationMappings as $name => $assoc) { if (in_array('Oro\\Bundle\\EmailBundle\\Entity\\EmailInterface', class_implements($assoc['targetEntity']), true)) { $attributes[] = new EmailAttribute($name, true); } else { if ($depth > 1) { $assocObject = $this->getPropertyAccessor()->getValue($object, $name); if (!$assocObject instanceof \Traversable && !is_array($assocObject)) { if ($assocObject) { $assocObject = [$assocObject]; } else { $assocObject = []; } } foreach ($assocObject as $obj) { $recipients = array_merge($recipients, $this->getRecipients($obj, $depth - 1, false, $organization)); } } } } return array_merge($recipients, $this->createRecipientsFromEmails($this->createEmailsFromAttributes($attributes, $object), $object, $metadata)); }
/** * {@inheritdoc} */ public function isVisible(array $config = [], array $context = []) { if (!isset($config['acl'])) { throw new \InvalidArgumentException('The "acl" should be provided in the configuration.'); } return $this->securityFacade->isGranted($config['acl']); }
/** * {@inheritdoc} */ public function isAllowed() { if (!$this->acl) { return true; } return $this->securityFacade->hasLoggedUser() && $this->securityFacade->isGranted($this->acl); }
/** * {@inheritdoc} */ public function getCalendarDefaultValues($organizationId, $userId, $calendarId, array $calendarIds) { $result = []; if (!$this->calendarConfig->isPublicCalendarEnabled()) { foreach ($calendarIds as $id) { $result[$id] = null; } return $result; } /** @var SystemCalendarRepository $repo */ $repo = $this->doctrineHelper->getEntityRepository('OroCalendarBundle:SystemCalendar'); $qb = $repo->getPublicCalendarsQueryBuilder(); /** @var SystemCalendar[] $calendars */ $calendars = $qb->getQuery()->getResult(); $isEventManagementGranted = $this->securityFacade->isGranted('oro_public_calendar_event_management'); foreach ($calendars as $calendar) { $resultItem = ['calendarName' => $calendar->getName(), 'backgroundColor' => $calendar->getBackgroundColor(), 'removable' => false, 'position' => -80]; if ($isEventManagementGranted) { $resultItem['canAddEvent'] = true; $resultItem['canEditEvent'] = true; $resultItem['canDeleteEvent'] = true; } $result[$calendar->getId()] = $resultItem; } return $result; }
/** * Options: * - grid_name - name of grid that will be used for entity selection * - grid_parameters - parameters need to be passed to grid request * - grid_render_parameters - render parameters need to be set for grid rendering * - existing_entity_grid_id - grid row field name used as entity identifier * - create_enabled - enables new entity creation * - create_acl - ACL resource used to determine that create is allowed, by default CREATE for entity used * - create_form_route - route name for creation form * - create_form_route_parameters - route parameters for create_form_route_parameters * * {@inheritDoc} */ public function setDefaultOptions(OptionsResolverInterface $resolver) { $resolver->setDefaults(['existing_entity_grid_id' => 'id', 'create_enabled' => true, 'create_acl' => null, 'create_form_route' => null, 'create_form_route_parameters' => [], 'grid_name' => null, 'grid_parameters' => [], 'grid_render_parameters' => []]); $resolver->setNormalizers(['create_enabled' => function (Options $options, $createEnabled) { $createRouteName = $options->get('create_form_route'); $createEnabled = $createEnabled && !empty($createRouteName); if ($createEnabled) { $aclName = $options->get('create_acl'); if (empty($aclName)) { $aclObjectName = 'Entity:' . $options->get('entity_class'); $createEnabled = $this->securityFacade->isGranted('CREATE', $aclObjectName); } else { $createEnabled = $this->securityFacade->isGranted($aclName); } } return $createEnabled; }, 'grid_name' => function (Options $options, $gridName) { if (!empty($gridName)) { return $gridName; } $formConfig = $this->configManager->getProvider('form')->getConfig($options->get('entity_class')); if ($formConfig->has('grid_name')) { return $formConfig->get('grid_name'); } throw new InvalidConfigurationException('The option "grid_name" must be set.'); }]); }
/** * {@inheritdoc} */ public function addEntityFields(FormBuilderInterface $builder) { // user fields $builder->addEventSubscriber(new UserSubscriber($builder->getFormFactory(), $this->security)); $this->setDefaultUserFields($builder); if ($this->securityFacade->isGranted('oro_user_role_view')) { $builder->add('roles', 'entity', ['property_path' => 'rolesCollection', 'label' => 'oro.user.roles.label', 'class' => 'OroUserBundle:Role', 'property' => 'label', 'query_builder' => function (EntityRepository $er) { return $er->createQueryBuilder('r')->where('r.role <> :anon')->setParameter('anon', User::ROLE_ANONYMOUS)->orderBy('r.label'); }, 'multiple' => true, 'expanded' => true, 'required' => !$this->isMyProfilePage, 'read_only' => $this->isMyProfilePage, 'disabled' => $this->isMyProfilePage, 'translatable_options' => false]); } if ($this->securityFacade->isGranted('oro_user_group_view')) { $builder->add('groups', 'entity', ['label' => 'oro.user.groups.label', 'class' => 'OroUserBundle:Group', 'property' => 'name', 'multiple' => true, 'expanded' => true, 'required' => false, 'read_only' => $this->isMyProfilePage, 'disabled' => $this->isMyProfilePage, 'translatable_options' => false]); } if ($this->securityFacade->isGranted('oro_organization_view') && $this->securityFacade->isGranted('oro_business_unit_view')) { $builder->add('organizations', 'oro_organizations_select', ['required' => false, 'label' => 'oro.user.form.access_settings.label']); } $builder->add('plainPassword', 'repeated', ['label' => 'oro.user.password.label', 'type' => 'password', 'required' => true, 'first_options' => ['label' => 'oro.user.password.label'], 'second_options' => ['label' => 'oro.user.password_re.label']])->add('emails', 'collection', ['label' => 'oro.user.emails.label', 'type' => 'oro_user_email', 'allow_add' => true, 'allow_delete' => true, 'by_reference' => false, 'prototype' => true, 'prototype_name' => 'tag__name__']); if ($this->userConfigManager->get('oro_imap.enable_google_imap')) { $builder->add('imapAccountType', 'oro_imap_choice_account_type', ['label' => 'oro.user.imap_configuration.label']); } else { $builder->add('imapConfiguration', 'oro_imap_configuration', ['label' => 'oro.user.imap_configuration.label']); } $builder->add('change_password', ChangePasswordType::NAME)->add('avatar', 'oro_image', ['label' => 'oro.user.avatar.label', 'required' => false]); $this->addInviteUserField($builder); }
/** * @return bool */ protected function isUnsubscribeGranted() { if ($this->unsubscribeGranted === null) { $this->unsubscribeGranted = $this->securityFacade->isGranted('orocrm_magento_newsletter_subscriber_unsubscribe_customer'); } return $this->unsubscribeGranted; }
/** * Checks if the entity can have comments * * @param object|null $entity * * @return bool */ public function isApplicable($entity) { if (!is_object($entity) || !$this->doctrineHelper->isManageableEntity($entity) || !$this->securityFacade->isGranted('oro_comment_view')) { return false; } return $this->commentAssociationHelper->isCommentAssociationEnabled(ClassUtils::getClass($entity)); }
/** * Process form * * @param mixed $entity * * @return mixed|null The instance of saved entity on successful processing; otherwise, null */ public function process($entity) { if ($this->securityFacade->isGranted('EDIT', $entity)) { return parent::process($entity); } return null; }
/** * @param GridViewsLoadEvent $event */ public function onViewsLoad(GridViewsLoadEvent $event) { $gridName = $event->getGridName(); $currentUser = $this->getCurrentUser(); if (!$currentUser) { return; } $gridViews = $this->getGridViewRepository()->findGridViews($this->aclHelper, $currentUser, $gridName); if (!$gridViews) { return; } $choices = []; $views = []; foreach ($gridViews as $gridView) { $view = $gridView->createView(); $view->setEditable($this->securityFacade->isGranted('EDIT', $gridView)); $view->setDeletable($this->securityFacade->isGranted('DELETE', $gridView)); $views[] = $view->getMetadata(); $choices[] = ['label' => $this->createGridViewLabel($currentUser, $gridView), 'value' => $gridView->getId()]; } $newGridViews = $event->getGridViews(); $newGridViews['choices'] = array_merge($newGridViews['choices'], $choices); $newGridViews['views'] = array_merge($newGridViews['views'], $views); $event->setGridViews($newGridViews); }
/** * {@inheritdoc} */ public function beforeProcess($entity) { //check owner (Contact) entity with 'edit' permission if (!$this->securityFacade->isGranted('EDIT', $entity->getOwner())) { throw new AccessDeniedException(); } }
/** * {@inheritdoc} */ protected function applyPermissions(&$item, $calendarId) { if (!$this->securityFacade->isGranted('oro_public_calendar_event_management')) { $item['editable'] = false; $item['removable'] = false; } }
/** * @param ConfigureMenuEvent $event */ public function onNavigationConfigure(ConfigureMenuEvent $event) { $menu = $event->getMenu(); $children = array(); $entitiesMenuItem = $menu->getChild('system_tab')->getChild('entities_list'); if ($entitiesMenuItem) { /** @var ConfigProvider $entityConfigProvider */ $entityConfigProvider = $this->configManager->getProvider('entity'); /** @var ConfigProvider $entityExtendProvider */ $entityExtendProvider = $this->configManager->getProvider('extend'); $extendConfigs = $entityExtendProvider->getConfigs(); foreach ($extendConfigs as $extendConfig) { if ($this->checkAvailability($extendConfig)) { $config = $entityConfigProvider->getConfig($extendConfig->getId()->getClassname()); if (!class_exists($config->getId()->getClassName()) || !$this->securityFacade->hasLoggedUser() || !$this->securityFacade->isGranted('VIEW', 'entity:' . $config->getId()->getClassName())) { continue; } $children[$config->get('label')] = array('label' => $this->translator->trans($config->get('label')), 'options' => array('route' => 'oro_entity_index', 'routeParameters' => array('entityName' => str_replace('\\', '_', $config->getId()->getClassName())), 'extras' => array('safe_label' => true, 'routes' => array('oro_entity_*')))); } } sort($children); foreach ($children as $child) { $entitiesMenuItem->addChild($child['label'], $child['options']); } } }
/** * Get last operations data * * @param array $types * * @return array */ public function getLastOperationsData(array $types) { $types = array_filter($types, function ($type) { return $this->securityFacade->isGranted(sprintf('pim_importexport_%s_execution_show', $type)); }); return $this->repository->getLastOperationsData($types); }
/** * @param Router $router * @param EntityNameResolver $entityNameResolver * @param SecurityFacade $securityFacade */ public function __construct(Router $router, EntityNameResolver $entityNameResolver, SecurityFacade $securityFacade) { $this->entityNameResolver = $entityNameResolver; $this->router = $router; $this->securityFacade = $securityFacade; $this->canViewContact = $this->securityFacade->isGranted('orocrm_contact_view'); }
/** * @param Router $router * @param NameFormatter $nameFormatter * @param SecurityFacade $securityFacade */ public function __construct(Router $router, NameFormatter $nameFormatter, SecurityFacade $securityFacade) { $this->nameFormatter = $nameFormatter; $this->router = $router; $this->securityFacade = $securityFacade; $this->canViewContact = $this->securityFacade->isGranted('orocrm_contact_view'); }
/** * PRE_SET_DATA event handler * * @param FormEvent $event */ public function preSetData(FormEvent $event) { $form = $event->getForm(); if ($this->calendarConfig->isPublicCalendarEnabled() && $this->calendarConfig->isSystemCalendarEnabled()) { $options = ['required' => false, 'label' => 'oro.calendar.systemcalendar.public.label', 'empty_value' => false, 'choices' => [false => 'oro.calendar.systemcalendar.scope.organization', true => 'oro.calendar.systemcalendar.scope.system']]; /** @var SystemCalendar|null $data */ $data = $event->getData(); if ($data) { $isPublicGranted = $this->securityFacade->isGranted('oro_public_calendar_management'); $isSystemGranted = $this->securityFacade->isGranted($data->getId() ? 'oro_system_calendar_update' : 'oro_system_calendar_create'); if (!$isPublicGranted || !$isSystemGranted) { $options['read_only'] = true; if (!$data->getId() && !$isSystemGranted) { $options['data'] = true; } unset($options['choices'][$isSystemGranted]); } } $form->add('public', 'choice', $options); } elseif ($this->calendarConfig->isPublicCalendarEnabled()) { $form->add('public', 'hidden', ['data' => true]); } elseif ($this->calendarConfig->isSystemCalendarEnabled()) { $form->add('public', 'hidden', ['data' => false]); } }
/** * {@inheritdoc} */ public function getCalendarEvents($organizationId, $userId, $calendarId, $start, $end, $connections, $extraFields = []) { if (!$this->calendarConfig->isSystemCalendarEnabled() || !$this->securityFacade->isGranted('oro_system_calendar_view')) { return []; } //@TODO: temporary return all system calendars until BAP-6566 implemented ///** @var CalendarEventRepository $repo */ //$repo = $this->doctrineHelper->getEntityRepository('OroCalendarBundle:CalendarEvent'); //$qb = $repo->getSystemEventListByTimeIntervalQueryBuilder( // $calendarId, // $start, // $end, // [] //); $extraFields = $this->filterSupportedFields($extraFields, 'Oro\\Bundle\\CalendarBundle\\Entity\\CalendarEvent'); /** @var CalendarEventRepository $repo */ $repo = $this->doctrineHelper->getEntityRepository('OroCalendarBundle:CalendarEvent'); $qb = $repo->getSystemEventListByTimeIntervalQueryBuilder($start, $end, [], $extraFields)->andWhere('c.organization = :organizationId')->setParameter('organizationId', $organizationId); $invisibleIds = []; foreach ($connections as $id => $visible) { if (!$visible) { $invisibleIds[] = $id; } } if ($invisibleIds) { $qb->andWhere('c.id NOT IN (:invisibleIds)')->setParameter('invisibleIds', $invisibleIds); } return $this->calendarEventNormalizer->getCalendarEvents($calendarId, $qb->getQuery()); }
/** * @param FormEvent $event */ public function addAttributeAsLabelField(FormEvent $event) { $data = $event->getData(); if ($data instanceof FamilyInterface && $data->getId()) { $form = $event->getForm(); $form->add($this->factory->createNamed('attributeAsLabel', 'entity', $data->getAttributeAsLabel(), ['required' => true, 'label' => 'Attribute used as label', 'class' => $this->attributeClass, 'choices' => $data->getAttributeAsLabelChoices(), 'auto_initialize' => false, 'select2' => true, 'disabled' => !$this->securityFacade->isGranted('pim_enrich_family_edit_properties')])); } }
/** * @param $name * @return boolean */ public function isAutocompleteGranted($name) { $aclResource = $this->getAutocompleteAclResource($name); if ($aclResource) { return $this->securityFacade->isGranted($aclResource); } return true; }
/** * Checks if the entity can have comments * * @param object|null $entity * * @return bool */ public function isApplicable($entity) { if (!is_object($entity) || !$this->doctrineHelper->isManageableEntity($entity) || !$this->securityFacade->isGranted('oro_comment_view')) { return false; } $className = ClassUtils::getClass($entity); return $this->commentConfigProvider->hasConfig($className) && $this->commentConfigProvider->getConfig($className)->is('enabled') && $this->entityConfigProvider->hasConfig(Comment::ENTITY_NAME, ExtendHelper::buildAssociationName($className)); }
/** * @param Attachment $entity * * @throws AccessDeniedException */ protected function checkFoundEntity($entity) { parent::checkFoundEntity($entity); $attachmentTarget = $entity->getTarget(); if ($attachmentTarget && !$this->securityFacade->isGranted('VIEW', $attachmentTarget)) { throw new AccessDeniedException(); } }
/** * {@inheritdoc} */ public function serializeOne($id) { list($fileId, $ownerEntityClass, $ownerEntityId) = $this->attachmentManager->parseFileKey($id); if (!$this->securityFacade->isGranted('VIEW', new ObjectIdentity($ownerEntityId, $ownerEntityClass))) { throw new AccessDeniedException(); } return parent::serializeOne($fileId); }
/** * Checks if the entity can be shared * * @param object $entity * @return bool */ public function isShareEnabled($entity) { if (null === $entity || !is_object($entity)) { return false; } $className = ClassUtils::getClass($entity); return $this->securityFacade->isGranted('SHARE', $entity) && $this->configProvider->hasConfig($className) && $this->configProvider->getConfig($className)->get('share_scopes'); }
/** * Gets definition for tag column. * * @param DatagridConfiguration $config * * @return array */ protected function getColumnDefinition(DatagridConfiguration $config) { $className = $this->getEntityClassName($config); $urlSafeClassName = $this->entityRoutingHelper->getUrlSafeClassName($className); $permissions = ['oro_tag_create' => $this->securityFacade->isGranted(TagManager::ACL_RESOURCE_CREATE_ID_KEY), 'oro_tag_unassign_global' => $this->securityFacade->isGranted(TagManager::ACL_RESOURCE_REMOVE_ID_KEY)]; return ['label' => 'oro.tag.tags_label', 'type' => 'callback', 'frontend_type' => 'tags', 'callable' => function (ResultRecordInterface $record) { return $record->getValue(self::COLUMN_NAME); }, 'editable' => false, 'translatable' => true, 'renderable' => $this->taggableHelper->isEnableGridColumn($className), 'inline_editing' => ['enable' => $this->securityFacade->isGranted(TagManager::ACL_RESOURCE_ASSIGN_ID_KEY), 'editor' => ['view' => 'orotag/js/app/views/editor/tags-editor-view', 'view_options' => ['permissions' => $permissions]], 'save_api_accessor' => ['route' => 'oro_api_post_taggable', 'http_method' => 'POST', 'default_route_parameters' => ['entity' => $urlSafeClassName], 'route_parameters_rename_map' => ['id' => 'entityId']], 'autocomplete_api_accessor' => ['class' => 'oroui/js/tools/search-api-accessor', 'search_handler_name' => 'tags', 'label_field_name' => 'name']]]; }
/** * @param ResultRecordInterface $record * * @return array */ public function getAccountUserRolePermission(ResultRecordInterface $record) { $isGranted = true; $delete = true; if ($record->getValue('isRolePredefined')) { $isGranted = $this->securityFacade->isGranted('orob2b_account_frontend_account_user_role_create'); $delete = false; } return ['view' => true, 'update' => $isGranted, 'delete' => $delete]; }
/** * Returns callback for configuration of grid/actions visibility per row * * @return callable */ public function getSystemActionConfigurationClosure() { return function (ResultRecordInterface $record) { if ($this->securityFacade->isGranted('oro_system_calendar_event_management')) { return []; } else { return ['update' => false, 'delete' => false]; } }; }
/** * @param ShoppingList|null $shoppingList * @return bool */ public function isAllowed(ShoppingList $shoppingList = null) { if (!$this->securityFacade->hasLoggedUser()) { return false; } $isAllowed = $this->securityFacade->isGranted('orob2b_shopping_list_line_item_frontend_add'); if (!$shoppingList) { return $isAllowed; } return $isAllowed && $this->securityFacade->isGranted('EDIT', $shoppingList); }
/** * {@inheritdoc} */ public function isVisible(array $config = [], array $context = []) { if (!isset($config['attribute'])) { throw new \InvalidArgumentException('The "attribute" should be provided in the configuration.'); } if (!isset($config['object'])) { throw new \InvalidArgumentException('The "object" should be provided in the configuration.'); } $object = $this->getObject($config['object'], $context); return $this->securityFacade->isGranted(constant($config['attribute']), $object); }