public function postAction(Request $request)
{
try {
$identifier = $request->get('id');
$type = $request->get('type');
$permissions = $request->get('permissions');
$securityContext = $request->get('securityContext');
if (!$identifier) {
throw new MissingParameterException(static::class, 'id');
}
if (!$type) {
throw new MissingParameterException(static::class, 'class');
}
if (!is_array($permissions)) {
throw new RestException('The "permissions" must be passed as an array');
}
if ($securityContext) {
$this->securityChecker->checkPermission($securityContext, PermissionTypes::SECURITY);
}
// transfer all permission strings to booleans
foreach ($permissions as &$permission) {
array_walk($permission, function (&$permissionLine) {
$permissionLine = $permissionLine === 'true' || $permissionLine === true;
});
}
$this->accessControlManager->setPermissions($type, $identifier, $permissions);
return $this->viewHandler->handle(View::create(['id' => $identifier, 'type' => $type, 'permissions' => $permissions]));
} catch (RestException $exc) {
return $this->viewHandler->handle(View::create($exc->toArray(), 400));
}
}
/**
* Checks if the action is allowed for the current user, and throws an Exception otherwise.
*
* @param FilterControllerEvent $event
*
* @throws AccessDeniedException
*/
public function onKernelController(FilterControllerEvent $event)
{
$controllerDefinition = $event->getController();
$controller = $controllerDefinition[0];
if (!$controller instanceof SecuredControllerInterface && !$controller instanceof SecuredObjectControllerInterface) {
return;
}
$request = $event->getRequest();
// find appropriate permission type for request
$permission = '';
switch ($request->getMethod()) {
case 'GET':
$permission = PermissionTypes::VIEW;
break;
case 'POST':
if ($controllerDefinition[1] == 'postAction') {
// means that the ClassResourceInterface has to be used
$permission = PermissionTypes::ADD;
} else {
$permission = PermissionTypes::EDIT;
}
break;
case 'PUT':
case 'PATCH':
$permission = PermissionTypes::EDIT;
break;
case 'DELETE':
$permission = PermissionTypes::DELETE;
break;
}
$securityContext = null;
$locale = $controller->getLocale($request);
$objectType = null;
$objectId = null;
if ($controller instanceof SecuredObjectControllerInterface) {
$objectType = $controller->getSecuredClass();
$objectId = $controller->getSecuredObjectId($request);
}
// check permission
if ($controller instanceof SecuredControllerInterface) {
$securityContext = $controller->getSecurityContext();
}
if ($securityContext !== null) {
$this->securityChecker->checkPermission(new SecurityCondition($securityContext, $locale, $objectType, $objectId), $permission);
}
}
/**
* {@inheritdoc}
*/
public function delete($id, $checkSecurity = false)
{
$mediaEntity = $this->getEntityById($id);
if ($checkSecurity) {
$this->securityChecker->checkPermission(new SecurityCondition('sulu.media.collections', null, Collection::class, $mediaEntity->getCollection()->getId()), 'delete');
}
/** @var File $file */
foreach ($mediaEntity->getFiles() as $file) {
/** @var FileVersion $fileVersion */
foreach ($file->getFileVersions() as $fileVersion) {
$this->formatManager->purge($mediaEntity->getId(), $fileVersion->getName(), $fileVersion->getStorageOptions());
$this->storage->remove($fileVersion->getStorageOptions());
}
}
$this->em->remove($mediaEntity);
$this->em->flush();
}
public function testDelete()
{
$collection = $this->prophesize(Collection::class);
$collection->getId()->willReturn(2);
$file = $this->prophesize(File::class);
$fileVersion = $this->prophesize(FileVersion::class);
$file->getFileVersions()->willReturn([$fileVersion->reveal()]);
$fileVersion->getId()->willReturn(1);
$fileVersion->getName()->willReturn('test');
$fileVersion->getStorageOptions()->willReturn(json_encode(['segment' => '01', 'fileName' => 'test.jpg']));
$media = $this->prophesize(Media::class);
$media->getCollection()->willReturn($collection);
$media->getFiles()->willReturn([$file->reveal()]);
$media->getId()->willReturn(1);
$this->formatManager->purge(1, 'test', json_encode(['segment' => '01', 'fileName' => 'test.jpg']))->shouldBeCalled();
$this->mediaRepository->findMediaById(1)->willReturn($media);
$this->securityChecker->checkPermission(new SecurityCondition('sulu.media.collections', null, Collection::class, 2), 'delete')->shouldBeCalled();
$this->storage->remove(json_encode(['segment' => '01', 'fileName' => 'test.jpg']))->shouldBeCalled();
$this->mediaManager->delete(1, true);
}
public function testIsGrantedWithoutToken()
{
$this->tokenStorage->getToken()->willReturn(null);
$this->authorizationChecker->isGranted(Argument::any(), Argument::any())->willReturn(false);
$this->assertTrue($this->securityChecker->checkPermission('sulu.media.collection', 'view'));
}
