public function postAction(Request $request) { try { $identifier = $request->get('id'); $type = $request->get('type'); $permissions = $request->get('permissions'); $securityContext = $request->get('securityContext'); if (!$identifier) { throw new MissingParameterException(static::class, 'id'); } if (!$type) { throw new MissingParameterException(static::class, 'class'); } if (!is_array($permissions)) { throw new RestException('The "permissions" must be passed as an array'); } if ($securityContext) { $this->securityChecker->checkPermission($securityContext, PermissionTypes::SECURITY); } // transfer all permission strings to booleans foreach ($permissions as &$permission) { array_walk($permission, function (&$permissionLine) { $permissionLine = $permissionLine === 'true' || $permissionLine === true; }); } $this->accessControlManager->setPermissions($type, $identifier, $permissions); return $this->viewHandler->handle(View::create(['id' => $identifier, 'type' => $type, 'permissions' => $permissions])); } catch (RestException $exc) { return $this->viewHandler->handle(View::create($exc->toArray(), 400)); } }
/** * Checks if the action is allowed for the current user, and throws an Exception otherwise. * * @param FilterControllerEvent $event * * @throws AccessDeniedException */ public function onKernelController(FilterControllerEvent $event) { $controllerDefinition = $event->getController(); $controller = $controllerDefinition[0]; if (!$controller instanceof SecuredControllerInterface && !$controller instanceof SecuredObjectControllerInterface) { return; } $request = $event->getRequest(); // find appropriate permission type for request $permission = ''; switch ($request->getMethod()) { case 'GET': $permission = PermissionTypes::VIEW; break; case 'POST': if ($controllerDefinition[1] == 'postAction') { // means that the ClassResourceInterface has to be used $permission = PermissionTypes::ADD; } else { $permission = PermissionTypes::EDIT; } break; case 'PUT': case 'PATCH': $permission = PermissionTypes::EDIT; break; case 'DELETE': $permission = PermissionTypes::DELETE; break; } $securityContext = null; $locale = $controller->getLocale($request); $objectType = null; $objectId = null; if ($controller instanceof SecuredObjectControllerInterface) { $objectType = $controller->getSecuredClass(); $objectId = $controller->getSecuredObjectId($request); } // check permission if ($controller instanceof SecuredControllerInterface) { $securityContext = $controller->getSecurityContext(); } if ($securityContext !== null) { $this->securityChecker->checkPermission(new SecurityCondition($securityContext, $locale, $objectType, $objectId), $permission); } }
/** * {@inheritdoc} */ public function delete($id, $checkSecurity = false) { $mediaEntity = $this->getEntityById($id); if ($checkSecurity) { $this->securityChecker->checkPermission(new SecurityCondition('sulu.media.collections', null, Collection::class, $mediaEntity->getCollection()->getId()), 'delete'); } /** @var File $file */ foreach ($mediaEntity->getFiles() as $file) { /** @var FileVersion $fileVersion */ foreach ($file->getFileVersions() as $fileVersion) { $this->formatManager->purge($mediaEntity->getId(), $fileVersion->getName(), $fileVersion->getStorageOptions()); $this->storage->remove($fileVersion->getStorageOptions()); } } $this->em->remove($mediaEntity); $this->em->flush(); }
public function testDelete() { $collection = $this->prophesize(Collection::class); $collection->getId()->willReturn(2); $file = $this->prophesize(File::class); $fileVersion = $this->prophesize(FileVersion::class); $file->getFileVersions()->willReturn([$fileVersion->reveal()]); $fileVersion->getId()->willReturn(1); $fileVersion->getName()->willReturn('test'); $fileVersion->getStorageOptions()->willReturn(json_encode(['segment' => '01', 'fileName' => 'test.jpg'])); $media = $this->prophesize(Media::class); $media->getCollection()->willReturn($collection); $media->getFiles()->willReturn([$file->reveal()]); $media->getId()->willReturn(1); $this->formatManager->purge(1, 'test', json_encode(['segment' => '01', 'fileName' => 'test.jpg']))->shouldBeCalled(); $this->mediaRepository->findMediaById(1)->willReturn($media); $this->securityChecker->checkPermission(new SecurityCondition('sulu.media.collections', null, Collection::class, 2), 'delete')->shouldBeCalled(); $this->storage->remove(json_encode(['segment' => '01', 'fileName' => 'test.jpg']))->shouldBeCalled(); $this->mediaManager->delete(1, true); }
public function testIsGrantedWithoutToken() { $this->tokenStorage->getToken()->willReturn(null); $this->authorizationChecker->isGranted(Argument::any(), Argument::any())->willReturn(false); $this->assertTrue($this->securityChecker->checkPermission('sulu.media.collection', 'view')); }