public function testFindByAclIdentityOnlyClassEntries() { $this->assertEquals(1, EntryQuery::create()->count($this->con)); EntryQuery::create()->findOne($this->con)->setObjectIdentity(null)->save($this->con); $entries = EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(1), array(), $this->con); $this->assertCount(1, $entries); }
/** * @depends testCreateAcl */ public function testUpdatePersistsAuditing() { $acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1)); $acl->insertObjectAce($this->getRoleSecurityIdentity(), 64); $this->getAclProvider()->updateAcl($acl); $entries = EntryQuery::create()->find($this->con); $this->assertCount(1, $entries); // default values $this->assertFalse($entries[0]->getAuditSuccess()); $this->assertTrue($entries[0]->getAuditFailure()); $acl->updateObjectAuditing(0, true, true); $this->getAclProvider()->updateAcl($acl); $entries = EntryQuery::create()->find($this->con); $this->assertCount(1, $entries); $this->assertTrue($entries[0]->getAuditSuccess()); $this->assertTrue($entries[0]->getAuditFailure()); $acl->updateObjectAuditing(0, false, true); $this->getAclProvider()->updateAcl($acl); $entries = EntryQuery::create()->find($this->con); $this->assertCount(1, $entries); $this->assertFalse($entries[0]->getAuditSuccess()); $this->assertTrue($entries[0]->getAuditFailure()); $acl->updateObjectAuditing(0, true, false); $this->getAclProvider()->updateAcl($acl); $entries = EntryQuery::create()->find($this->con); $this->assertCount(1, $entries); $this->assertTrue($entries[0]->getAuditSuccess()); $this->assertFalse($entries[0]->getAuditFailure()); $acl->updateObjectAuditing(0, false, false); $this->getAclProvider()->updateAcl($acl); $entries = EntryQuery::create()->find($this->con); $this->assertCount(1, $entries); $this->assertFalse($entries[0]->getAuditSuccess()); $this->assertFalse($entries[0]->getAuditFailure()); }
/** * Retrieve the persisted model for the given ACE. * * If none is given, null is returned. * * @param \Symfony\Component\Security\Acl\Model\EntryInterface $ace * * @return \Propel\Bundle\PropelBundle\Model\Acl\Entry|null */ protected function getPersistedAce(EntryInterface $ace, ObjectIdentity $objectIdentity, $object = false) { if (null !== $ace->getId() and null !== ($entry = EntryQuery::create()->findPk($ace->getId(), $this->connection))) { $entry->reload(true, $this->connection); return $entry; } /* * The id is not set, but there may be an ACE in the database. * * This happens if the ACL has created new ACEs, but was not reloaded. * We try to retrieve one by the unique key. */ $ukQuery = EntryQuery::create()->filterByAclClass($objectIdentity->getAclClass($this->connection))->filterBySecurityIdentity(SecurityIdentity::fromAclIdentity($ace->getSecurityIdentity(), $this->connection)); if (true === $object) { $ukQuery->filterByObjectIdentity($objectIdentity); } else { $ukQuery->filterByObjectIdentityId(null, Criteria::ISNULL); } if ($ace instanceof FieldEntryInterface) { $ukQuery->filterByFieldName($ace->getField()); } else { $ukQuery->filterByFieldName(null, Criteria::ISNULL); } return $ukQuery->findOne($this->connection); }
/** * @depends testDeleteAcl */ public function testDeleteAclRemovesClassEntriesIfLastObject() { $acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1)); $acl->insertClassAce($this->getRoleSecurityIdentity(), 128); $this->getAclProvider()->updateAcl($acl); $this->getAclProvider()->deleteAcl($this->getAclObjectIdentity(1)); $this->assertEquals(0, EntryQuery::create()->count($this->con)); }
/** * @depends testFindAclWithEntries */ public function testFindAclReadsFromCache() { $this->cache = new AclCache(); $obj = $this->createModelObjectIdentity(1); $entry = $this->createEntry(); $entry->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))->setAclClass($obj->getAclClass())->setMask(64); $obj->addEntry($entry)->save($this->con); // Read and put into cache $acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER'))); $this->cache->content[1] = $acl; // Change database EntryQuery::create()->update(array(EntryTableMap::translateFieldName(EntryTableMap::COL_MASK, TableMap::TYPE_COLNAME, TableMap::TYPE_PHPNAME) => 128), $this->con); $this->assertEquals(0, EntryQuery::create()->filterByMask(64)->count($this->con)); // Verify cache has been read $cachedAcl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER'))); $cachedObjectAces = $cachedAcl->getObjectAces(); $this->assertSame($acl, $cachedAcl); $this->assertEquals(64, $cachedObjectAces[0]->getMask()); }
/** * Returns the ACL that belongs to the given object identity * * @throws \Symfony\Component\Security\Acl\Exception\AclNotFoundException * * @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity * @param array $securityIdentities * * @return \Symfony\Component\Security\Acl\Model\AclInterface */ public function findAcl(ObjectIdentityInterface $objectIdentity, array $securityIdentities = array()) { $modelObj = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($objectIdentity, $this->connection); if (null !== $this->cache and null !== $modelObj) { $cachedAcl = $this->cache->getFromCacheById($modelObj->getId()); if ($cachedAcl instanceof AclInterface) { return $cachedAcl; } } $collection = EntryQuery::create()->findByAclIdentity($objectIdentity, $securityIdentities, $this->connection); if (0 === count($collection)) { if (empty($securityIdentities)) { $errorMessage = 'There is no ACL available for this object identity. Please create one using the MutableAclProvider.'; } else { $errorMessage = 'There is at least no ACL for this object identity and the given security identities. Try retrieving the ACL without security identity filter and add ACEs for the security identities.'; } throw new AclNotFoundException($errorMessage); } $loadedSecurityIdentities = array(); foreach ($collection as $eachEntry) { if (!isset($loadedSecurityIdentities[$eachEntry->getSecurityIdentity()->getId()])) { $loadedSecurityIdentities[$eachEntry->getSecurityIdentity()->getId()] = SecurityIdentity::toAclIdentity($eachEntry->getSecurityIdentity()); } } $parentAcl = null; $entriesInherited = true; if (null !== $modelObj) { $entriesInherited = $modelObj->getEntriesInheriting(); if (null !== $modelObj->getParentObjectIdentityId()) { $parentObj = $modelObj->getObjectIdentityRelatedByParentObjectIdentityId($this->connection); try { $parentAcl = $this->findAcl(new ObjectIdentity($parentObj->getIdentifier(), $parentObj->getAclClass($this->connection)->getType())); } catch (AclNotFoundException $e) { /* * This happens e.g. if the parent ACL is created, but does not contain any ACE by now. * The ACEs may be applied later on. */ } } } return $this->getAcl($collection, $objectIdentity, $loadedSecurityIdentities, $parentAcl, $entriesInherited); }