/** * Updates ACL * * @param \Sonata\AdminBundle\Util\AdminObjectAclData $data */ public function updateAcl(AdminObjectAclData $data) { foreach ($data->getAclUsers() as $aclUser) { $securityIdentity = UserSecurityIdentity::fromAccount($aclUser); $maskBuilder = new $this->maskBuilderClass(); foreach ($data->getUserPermissions() as $permission) { if ($data->getForm()->get($aclUser->getId() . $permission)->getData()) { $maskBuilder->add($permission); } } $masks = $data->getMasks(); $acl = $data->getAcl(); // Restore OWNER and MASTER permissions /*if (!$data->isOwner()) { foreach ($data->getOwnerPermissions() as $permission) { if ($acl->isGranted(array($masks[$permission]), array($securityIdentity))) { $maskBuilder->add($permission); } } }*/ $mask = $maskBuilder->get(); $index = null; $ace = null; foreach ($acl->getObjectAces() as $currentIndex => $currentAce) { if ($currentAce->getSecurityIdentity()->equals($securityIdentity)) { $index = $currentIndex; $ace = $currentAce; break; } } if ($ace) { $acl->updateObjectAce($index, $mask); } else { $acl->insertObjectAce($securityIdentity, $mask); } } $data->getSecurityHandler()->updateAcl($acl); }
/** * Builds ACL. * * @param \Sonata\AdminBundle\Util\AdminObjectAclData $data * @param \Symfony\Component\Form\Form $form * @param \Traversable $aclValues */ protected function buildAcl(AdminObjectAclData $data, Form $form, \Traversable $aclValues) { $masks = $data->getMasks(); $acl = $data->getAcl(); $matrices = $form->getData(); foreach ($aclValues as $aclValue) { foreach ($matrices as $key => $matrix) { if ($aclValue instanceof UserInterface) { if (array_key_exists('user', $matrix) && $aclValue->getUsername() === $matrix['user']) { $matrices[$key]['acl_value'] = $aclValue; } } elseif (array_key_exists('role', $matrix) && $aclValue === $matrix['role']) { $matrices[$key]['acl_value'] = $aclValue; } } } foreach ($matrices as $matrix) { if (!isset($matrix['acl_value'])) { continue; } $securityIdentity = $this->getSecurityIdentity($matrix['acl_value']); $maskBuilder = new $this->maskBuilderClass(); foreach ($data->getUserPermissions() as $permission) { if (isset($matrix[$permission]) && $matrix[$permission] === true) { $maskBuilder->add($permission); } } // Restore OWNER and MASTER permissions if (!$data->isOwner()) { foreach ($data->getOwnerPermissions() as $permission) { if ($acl->isGranted(array($masks[$permission]), array($securityIdentity))) { $maskBuilder->add($permission); } } } $mask = $maskBuilder->get(); $index = null; $ace = null; foreach ($acl->getObjectAces() as $currentIndex => $currentAce) { if ($currentAce->getSecurityIdentity()->equals($securityIdentity)) { $index = $currentIndex; $ace = $currentAce; break; } } if ($ace) { $acl->updateObjectAce($index, $mask); } else { $acl->insertObjectAce($securityIdentity, $mask); } } $data->getSecurityHandler()->updateAcl($acl); }