/** * Updates ACL * * @param \Sonata\AdminBundle\Util\AdminObjectAclData $data */ public function updateAcl(AdminObjectAclData $data) { foreach ($data->getAclUsers() as $aclUser) { $securityIdentity = UserSecurityIdentity::fromAccount($aclUser); $maskBuilder = new $this->maskBuilderClass(); foreach ($data->getUserPermissions() as $permission) { if ($data->getForm()->get($aclUser->getId() . $permission)->getData()) { $maskBuilder->add($permission); } } $masks = $data->getMasks(); $acl = $data->getAcl(); // Restore OWNER and MASTER permissions /*if (!$data->isOwner()) { foreach ($data->getOwnerPermissions() as $permission) { if ($acl->isGranted(array($masks[$permission]), array($securityIdentity))) { $maskBuilder->add($permission); } } }*/ $mask = $maskBuilder->get(); $index = null; $ace = null; foreach ($acl->getObjectAces() as $currentIndex => $currentAce) { if ($currentAce->getSecurityIdentity()->equals($securityIdentity)) { $index = $currentIndex; $ace = $currentAce; break; } } if ($ace) { $acl->updateObjectAce($index, $mask); } else { $acl->insertObjectAce($securityIdentity, $mask); } } $data->getSecurityHandler()->updateAcl($acl); }
/** * Builds the form. * * @param \Sonata\AdminBundle\Util\AdminObjectAclData $data * @param \Symfony\Component\Form\FormBuilderInterface $formBuilder * @param \Traversable $aclValues * * @return \Symfony\Component\Form\Form */ protected function buildForm(AdminObjectAclData $data, FormBuilderInterface $formBuilder, \Traversable $aclValues) { // Retrieve object identity $objectIdentity = ObjectIdentity::fromDomainObject($data->getObject()); $acl = $data->getSecurityHandler()->getObjectAcl($objectIdentity); if (!$acl) { $acl = $data->getSecurityHandler()->createAcl($objectIdentity); } $data->setAcl($acl); $masks = $data->getMasks(); $securityInformation = $data->getSecurityInformation(); foreach ($aclValues as $key => $aclValue) { $securityIdentity = $this->getSecurityIdentity($aclValue); $permissions = array(); foreach ($data->getUserPermissions() as $permission) { try { $checked = $acl->isGranted(array($masks[$permission]), array($securityIdentity)); } catch (NoAceFoundException $e) { $checked = false; } $attr = array(); if (self::ACL_ROLES_FORM_NAME === $formBuilder->getName() && isset($securityInformation[$aclValue]) && array_search($permission, $securityInformation[$aclValue]) !== false) { $attr['disabled'] = 'disabled'; } $permissions[$permission] = array('required' => false, 'data' => $checked, 'disabled' => array_key_exists('disabled', $attr), 'attr' => $attr); } $formBuilder->add($key, new AclMatrixType(), array('permissions' => $permissions, 'acl_value' => $aclValue)); } return $formBuilder->getForm(); }