/**
* Configure the object ACL for the passed object identities
*
* @param OutputInterface $output
* @param AdminInterface $admin
* @param array $oids an array of ObjectIdentityInterface implementations
* @param UserSecurityIdentity $securityIdentity
*
* @throws \Exception
*
* @return array [countAdded, countUpdated]
*/
public function configureAcls(OutputInterface $output, AdminInterface $admin, array $oids, UserSecurityIdentity $securityIdentity = null)
{
$countAdded = 0;
$countUpdated = 0;
$securityHandler = $admin->getSecurityHandler();
if (!$securityHandler instanceof AclSecurityHandlerInterface) {
$output->writeln(sprintf('Admin `%s` is not configured to use ACL : <info>ignoring</info>', $admin->getCode()));
return array(0, 0);
}
$acls = $securityHandler->findObjectAcls($oids);
foreach ($oids as $oid) {
if ($acls->contains($oid)) {
$acl = $acls->offsetGet($oid);
$countUpdated++;
} else {
$acl = $securityHandler->createAcl($oid);
$countAdded++;
}
if (!is_null($securityIdentity)) {
// add object owner
$securityHandler->addObjectOwner($acl, $securityIdentity);
}
$securityHandler->addObjectClassAces($acl, $securityHandler->buildSecurityInformation($admin));
try {
$securityHandler->updateAcl($acl);
} catch (\Exception $e) {
$output->writeln(sprintf('Error saving ObjectIdentity (%s, %s) ACL : %s <info>ignoring</info>', $oid->getIdentifier(), $oid->getType(), $e->getMessage()));
}
}
return array($countAdded, $countUpdated);
}
/**
* {@inheritdoc}
*/
public function batchConfigureAcls(OutputInterface $output, AdminInterface $admin, UserSecurityIdentity $securityIdentity = null)
{
$securityHandler = $admin->getSecurityHandler();
if (!$securityHandler instanceof AclSecurityHandlerInterface) {
$output->writeln('Admin class is not configured to use ACL : <info>ignoring</info>');
return;
}
$output->writeln(sprintf(' > generate ACLs for %s', $admin->getCode()));
$objectOwnersMsg = is_null($securityIdentity) ? '' : ' and set the object owner';
/** @var DocumentManager $om */
$om = $admin->getModelManager()->getDocumentManager();
$qb = $om->createQueryBuilder($admin->getClass());
$count = 0;
$countUpdated = 0;
$countAdded = 0;
try {
$batchSize = 20;
$batchSizeOutput = 200;
$objectIds = array();
foreach ($qb->getQuery()->iterate() as $row) {
$objectIds[] = ObjectIdentity::fromDomainObject($row);
$objectIdIterator = new \ArrayIterator($objectIds);
// detach from Doctrine, so that it can be Garbage-Collected immediately
$om->detach($row);
++$count;
if ($count % $batchSize == 0) {
list($batchAdded, $batchUpdated) = $this->configureAcls($output, $admin, $objectIdIterator, $securityIdentity);
$countAdded += $batchAdded;
$countUpdated += $batchUpdated;
$objectIds = array();
}
if ($count % $batchSizeOutput == 0) {
$output->writeln(sprintf(' - generated class ACEs%s for %s objects (added %s, updated %s)', $objectOwnersMsg, $count, $countAdded, $countUpdated));
}
}
if (count($objectIds) > 0) {
list($batchAdded, $batchUpdated) = $this->configureAcls($output, $admin, $objectIdIterator, $securityIdentity);
$countAdded += $batchAdded;
$countUpdated += $batchUpdated;
}
} catch (\BadMethodCallException $e) {
throw new ModelManagerException('', 0, $e);
}
$output->writeln(sprintf(' - [TOTAL] generated class ACEs%s for %s objects (added %s, updated %s)', $objectOwnersMsg, $count, $countAdded, $countUpdated));
}
/**
* {@inheritDoc}
*/
public function configureAcls(OutputInterface $output, AdminInterface $admin)
{
$securityHandler = $admin->getSecurityHandler();
if (!$securityHandler instanceof AclSecurityHandlerInterface) {
$output->writeln(sprintf('Admin `%s` is not configured to use ACL : <info>ignoring</info>', $admin->getCode()));
return;
}
$objectIdentity = ObjectIdentity::fromDomainObject($admin);
$newAcl = false;
if (is_null($acl = $securityHandler->getObjectAcl($objectIdentity))) {
$acl = $securityHandler->createAcl($objectIdentity);
$newAcl = true;
}
// create admin ACL
$output->writeln(sprintf(' > install ACL for %s', $admin->getCode()));
$configResult = $this->addAdminClassAces($output, $acl, $securityHandler, $securityHandler->buildSecurityInformation($admin));
if ($configResult) {
$securityHandler->updateAcl($acl);
} else {
$output->writeln(sprintf(' - %s , no roles and permissions found', $newAcl ? 'skip' : 'removed'));
$securityHandler->deleteAcl($objectIdentity);
}
}
/**
* @return array
*/
public function getSecurityInformation()
{
return $this->admin->getSecurityHandler()->buildSecurityInformation($this->admin);
}
/**
* Gets security handler.
*
* @return \Sonata\AdminBundle\Security\Handler\SecurityHandlerInterface
*/
public function getSecurityHandler()
{
return $this->admin->getSecurityHandler();
}
