/** * {@inheritDoc} */ public function getSecurityIdentities(TokenInterface $token) { $sids = array(); // add user security identity if (!$token instanceof AnonymousToken) { try { $sids[] = UserSecurityIdentity::fromToken($token); } catch (\InvalidArgumentException $invalid) { // ignore, user has no user security identity } } // add all reachable roles foreach ($this->roleHierarchy->getReachableRoles($token->getRoles()) as $role) { $sids[] = new RoleSecurityIdentity($role); } // add built-in special roles if ($this->authenticationTrustResolver->isFullFledged($token)) { $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_FULLY); $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED); $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); } else { if ($this->authenticationTrustResolver->isRememberMe($token)) { $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED); $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); } else { if ($this->authenticationTrustResolver->isAnonymous($token)) { $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); } } } return $sids; }
/** * Muestra el formulario para crear una nueva oferta y se encarga del * procesamiento de la información recibida y la creación de las nuevas * entidades de tipo Oferta */ public function ofertaNuevaAction() { $peticion = $this->getRequest(); $oferta = new Oferta(); $formulario = $this->createForm(new OfertaType(), $oferta); if ($peticion->getMethod() == 'POST') { $formulario->bindRequest($peticion); if ($formulario->isValid()) { // Completar las propiedades de la oferta que una tienda no puede establecer $tienda = $this->get('security.context')->getToken()->getUser(); $oferta->setCompras(0); $oferta->setRevisada(false); $oferta->setTienda($tienda); $oferta->setCiudad($tienda->getCiudad()); // Copiar la foto subida y guardar la ruta $oferta->subirFoto($this->container->getParameter('cupon.directorio.imagenes')); $em = $this->getDoctrine()->getEntityManager(); $em->persist($oferta); $em->flush(); // Asignar el permiso necesario para que la tienda pueda modificar esta oferta $idObjeto = ObjectIdentity::fromDomainObject($oferta); $idUsuario = UserSecurityIdentity::fromAccount($tienda); $acl = $this->get('security.acl.provider')->createAcl($idObjeto); $acl->insertObjectAce($idUsuario, MaskBuilder::MASK_OPERATOR); $this->get('security.acl.provider')->updateAcl($acl); return $this->redirect($this->generateUrl('extranet_portada')); } } return $this->render('TiendaBundle:Extranet:formulario.html.twig', array('accion' => 'crear', 'formulario' => $formulario->createView())); }
/** * {@inheritDoc} */ public function getSecurityIdentities(TokenInterface $token) { $sids = array(); // add user security identity $user = $token->getUser(); if ($user instanceof AccountInterface) { $sids[] = UserSecurityIdentity::fromAccount($user); } // add all reachable roles foreach ($this->roleHierarchy->getReachableRoles($token->getRoles()) as $role) { $sids[] = new RoleSecurityIdentity($role); } // add built-in special roles if ($this->authenticationTrustResolver->isFullFledged($token)) { $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_FULLY); $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED); $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); } else { if ($this->authenticationTrustResolver->isRememberMe($token)) { $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED); $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); } else { if ($this->authenticationTrustResolver->isAnonymous($token)) { $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); } } } return $sids; }
/** * New category page * @return \Symfony\Component\HttpFoundation\Response */ public function newAction(Request $request) { $category = new Category(); $user = $this->getUser(); $category->setJeweler($user); //j'associe mon jeweler 1 à mon produit // je crée un formulaire de produit $form = $this->createForm(new CategoryType($user), $category, array('validation_groups' => 'new', 'attr' => array('method' => 'post', 'novalidate' => 'novalidate', 'action' => $this->generateUrl('store_backend_category_new')))); $form->handleRequest($request); if ($form->isValid()) { $em = $this->getDoctrine()->getManager(); //je récupère le manager de Doctrine // j'upload mon fichier en faisant appel a la methode upload() $category->upload(); $em->persist($category); //j'enregistre mon objet product dans doctrine $em->flush(); //j'envoie ma requete d'insert à ma table product // création de l'ACL $aclProvider = $this->get('security.acl.provider'); $objectIdentity = ObjectIdentity::fromDomainObject($category); $acl = $aclProvider->createAcl($objectIdentity); // retrouve l'identifiant de sécurité de l'utilisateur actuellement connecté $tokenStorage = $this->get('security.token_storage'); $user = $tokenStorage->getToken()->getUser(); $securityIdentity = UserSecurityIdentity::fromAccount($user); // donne accès au propriétaire $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER); $aclProvider->updateAcl($acl); $this->get('session')->getFlashBag()->add('success', 'Votre catégorie a bien été crée'); return $this->redirectToRoute('store_backend_category_list'); //redirection selon la route } return $this->render('StoreBackendBundle:Category:new.html.twig', array('form' => $form->createView())); }
/** * Creates a new Url entity. * */ public function createAction(Request $request) { $entity = new Url(); $form = $this->createCreateForm($entity); $form->handleRequest($request); // sets the author field to session username $entity->setAuthor($this->get('security.token_storage')->getToken()->getUser()); if ($form->isValid()) { $em = $this->getDoctrine()->getManager(); $em->persist($entity); $em->flush(); //check logged in user for acl creation if ($this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) { // creating the ACL $aclProvider = $this->get('security.acl.provider'); $objectIdentity = ObjectIdentity::fromDomainObject($entity); $acl = $aclProvider->createAcl($objectIdentity); // retrieving the security identity of the currently logged-in user $tokenStorage = $this->get('security.token_storage'); $user = $tokenStorage->getToken()->getUser(); $securityIdentity = UserSecurityIdentity::fromAccount($user); // grant owner access $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER); $aclProvider->updateAcl($acl); } return $this->redirect($this->generateUrl('url_show', array('id' => $entity->getId()))); } return $this->render('SurlUrlBundle:Url:new.html.twig', array('entity' => $entity, 'form' => $form->createView())); }
/** * @Route("/create", name="freedom_objective_dashboard_create", options={"expose"=true}) * @Template() */ public function createAction() { $objective = new Objective(); $form = $this->createForm(new ObjectiveCreateType(), $objective); $request = $this->get('request'); if ($request->getMethod() == 'POST') { $form->handleRequest($request); if ($form->isValid()) { $objective->setUser($this->getUser()); $objective->setNbsteps(count($objective->getSteps())); foreach ($objective->getSteps() as $key => $value) { $value->setObjective($objective); $objective->addStep($value); } $em = $this->getDoctrine()->getManager(); $em->persist($objective); $em->flush(); //ACL $aclProvider = $this->get('security.acl.provider'); $objectIdentity = ObjectIdentity::fromDomainObject($objective); $acl = $aclProvider->createAcl($objectIdentity); $securityContext = $this->get('security.context'); $user = $securityContext->getToken()->getUser(); $securityIdentity = UserSecurityIdentity::fromAccount($user); $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER); $aclProvider->updateAcl($acl); return $this->redirect($this->generateUrl('freedom_objective_dashboard_details', array('id' => $objective->getId()))); } } return array('form' => $form->createView()); }
/** * @param ResourceInterface $resource * @param bool $andFlush * @param UserInterface $creator * @return ResourceInterface */ public function create(ResourceInterface $resource, $andFlush = true, UserInterface $creator = null) { $resource = parent::create($resource, $andFlush); if (!is_null($creator)) { $this->authorizationManager->grantMask($resource, MaskBuilder::MASK_OWNER, UserSecurityIdentity::fromAccount($creator)); } return $resource; }
public function getCompareData() { $account = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\User\\UserInterface')->setMockClassName('USI_AccountImpl')->getMock(); $account->expects($this->any())->method('getUsername')->will($this->returnValue('foo')); $token = $this->getMock('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface'); $token->expects($this->any())->method('getUser')->will($this->returnValue($account)); return array(array(new UserSecurityIdentity('foo', 'Foo'), new UserSecurityIdentity('foo', 'Foo'), true), array(new UserSecurityIdentity('foo', 'Bar'), new UserSecurityIdentity('foo', 'Foo'), false), array(new UserSecurityIdentity('foo', 'Foo'), new UserSecurityIdentity('bar', 'Foo'), false), array(new UserSecurityIdentity('foo', 'Foo'), UserSecurityIdentity::fromAccount($account), false), array(new UserSecurityIdentity('bla', 'Foo'), new UserSecurityIdentity('blub', 'Foo'), false), array(new UserSecurityIdentity('foo', 'Foo'), new RoleSecurityIdentity('foo'), false), array(new UserSecurityIdentity('foo', 'Foo'), UserSecurityIdentity::fromToken($token), false), array(new UserSecurityIdentity('foo', 'USI_AccountImpl'), UserSecurityIdentity::fromToken($token), true)); }
/** * Creates the ACE for a user. * * @param UserInterface $user */ public function createUserAce(UserInterface $user) { if (!$this->aclProvider) { return; } $oid = ObjectIdentity::fromDomainObject($user); $acl = $this->aclProvider->createAcl($oid); $acl->insertObjectAce(UserSecurityIdentity::fromAccount($user), MaskBuilder::MASK_OWNER); $this->aclProvider->updateAcl($acl); }
/** * Save acl for new object * * @param Object $object * @param Integer $mask */ public function saveObjectAcl($object, $mask = MaskBuilder::MASK_OWNER) { // creating the ACL $objectIdentity = ObjectIdentity::fromDomainObject($object); $acl = $this->container->get('security.acl.provider')->createAcl($objectIdentity); // retrieving the security identity of the currently logged-in user $user = $this->container->get('security.context')->getToken()->getUser(); $securityIdentity = UserSecurityIdentity::fromAccount($user); // grant owner access $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER); $this->container->get('security.acl.provider')->updateAcl($acl); }
private function setPermissions($proveedor, $object, $user, $mask) { $idUsuario = UserSecurityIdentity::fromAccount($user); try { $acl = $proveedor->findAcl($object, array($idUsuario)); } catch (\Symfony\Component\Security\Acl\Exception\AclNotFoundException $e) { $acl = $proveedor->createAcl($object); } $acl->insertObjectAce($idUsuario, $mask); //actualizando todos los permisos asignados $this->get('security.acl.provider')->updateAcl($acl); }
public function setOwner(Project $project, User $user, $save = true) { $project->setOwner($user); $objectIdentity = ObjectIdentity::fromDomainObject($project); $entry = $this->acl->createAcl($objectIdentity); $securityIdentity = UserSecurityIdentity::fromAccount($user); $entry->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER); $this->acl->updateAcl($entry); if ($save) { $this->saveProject($project); } }
public function userCreateACL($entity, $user) { // creating the ACL $aclProvider = $this->container->get('security.acl.provider'); $objectIdentity = ObjectIdentity::fromDomainObject($entity); $acl = $aclProvider->createAcl($objectIdentity); // retrieving the security identity of the user parameter $securityIdentity = UserSecurityIdentity::fromAccount($user); // grant owner access $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OPERATOR); $aclProvider->updateAcl($acl); }
/** * Constructs SID (an object implements SecurityIdentityInterface) based on the given identity * * @param string|RoleInterface|UserInterface|TokenInterface $identity * @throws \InvalidArgumentException * @return SID */ public function getSid($identity) { if (is_string($identity)) { return new RoleSecurityIdentity($identity); } elseif ($identity instanceof RoleInterface) { return new RoleSecurityIdentity($identity->getRole()); } elseif ($identity instanceof UserInterface) { return UserSecurityIdentity::fromAccount($identity); } elseif ($identity instanceof TokenInterface) { return UserSecurityIdentity::fromToken($identity); } throw new \InvalidArgumentException(sprintf('$identity must be a string or implement one of RoleInterface, UserInterface, TokenInterface' . ' (%s given)', is_object($identity) ? get_class($identity) : gettype($identity))); }
public function testCreateACLCollection() { $user = new FakeUser(); $entity = new FakeEntity(); $collection = new ArrayCollection(); $collection->add($entity); $acl = $this->getMock('Symfony\\Component\\Security\\Acl\\Model\\MutableAclInterface'); $acl->expects($this->at(0))->method('insertObjectAce')->with(UserSecurityIdentity::fromAccount($user), MaskBuilder::MASK_OWNER); $acl->expects($this->at(1))->method('insertObjectAce')->with(new RoleSecurityIdentity('ROLE_TEST'), MaskBuilder::MASK_VIEW); $this->aclProvider->expects($this->once())->method('createACL')->with($this->isInstanceOf('Symfony\\Component\\Security\\Acl\\Domain\\ObjectIdentity'))->will($this->returnValue($acl)); $this->aclProvider->expects($this->once())->method('updateAcl')->with($acl); $this->om->createACL($collection, array(array('identity' => $user, 'permission' => MaskBuilder::MASK_OWNER), array('identity' => 'ROLE_TEST', 'permission' => MaskBuilder::MASK_VIEW))); }
public function grantDefaultPrivileges($dbObject) { // creating the ACL $objectIdentity = ObjectIdentity::fromDomainObject($dbObject); $acl = $this->aclProvider->createAcl($objectIdentity); $user = $this->tokenStorage->getToken()->getUser(); $securityIdentity = UserSecurityIdentity::fromAccount($user); $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER); $securityIdentity = new RoleSecurityIdentity("ROLE_MODO"); $acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OPERATOR); $securityIdentity = new RoleSecurityIdentity("ROLE_ADMIN"); $acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER); $this->aclProvider->updateAcl($acl); }
protected function setUp() { if (!class_exists('PDO') || !in_array('sqlite', \PDO::getAvailableDrivers())) { self::markTestSkipped('This test requires SQLite support in your environment'); } $this->con = DriverManager::getConnection(['driver' => 'pdo_sqlite', 'memory' => true]); // import the schema $schema = new Schema($this->getOptions()); foreach ($schema->toSql($this->con->getDatabasePlatform()) as $sql) { $this->con->exec($sql); } $this->sid = UserSecurityIdentity::fromAccount(new User('jimmy', 'jimmypass')); $this->aclProvider = $this->getProvider(); }
public function postPersist(LifecycleEventArgs $args) { $entity = $args->getEntity(); if ($entity instanceof Product) { // creating the ACL $aclProvider = $this->container->get('security.acl.provider'); $objectIdentity = ObjectIdentity::fromDomainObject($entity); $acl = $aclProvider->createAcl($objectIdentity); // retrieving the security identity of the currently logged-in user $securityIdentity = UserSecurityIdentity::fromAccount($entity->getUser()); // grant owner access $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER); $aclProvider->updateAcl($acl); } }
protected function addAcl(Base $entity, $role = 'ROLE_SUPER', User $user = null) { $aclProvider = $this->get('security.acl.provider'); $securityContext = $this->get('security.context'); $objectIdentity = ObjectIdentity::fromDomainObject($entity); $acl = $aclProvider->createAcl($objectIdentity); if (!$user) { $user = $securityContext->getToken()->getUser(); } $securityIdentity = UserSecurityIdentity::fromAccount($user); $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OPERATOR); $roleSecurityIdentity = new RoleSecurityIdentity($role); $acl->insertObjectAce($roleSecurityIdentity, MaskBuilder::MASK_MASTER); $aclProvider->updateAcl($acl); }
/** * execute * * @param InputInterface $input * @param OutputInterface $output * @access protected * @return void */ protected function execute(InputInterface $input, OutputInterface $output) { // creating the ACL $objectClass = $input->getArgument('objectClass'); $objectId = $input->getArgument('objectId'); $doctrine = $input->getOption('doctrine'); $entityManager = $input->getOption('entity-manager'); if (!$doctrine) { $doctrine = 'doctrine'; } if ($doctrine != 'doctrine' && $doctrine != 'doctrine_mongodb') { $output->writeln('<error>You have to choose between "doctrine" and "doctrine_mongodb"</error>'); return 1; } $object = $this->get($doctrine)->getManager($entityManager ?: null)->getRepository($objectClass)->find($objectId); if (!$object) { $output->writeln('<error>Unable to find the ' . $objectClass . ':' . $objectId . '</error>'); return 1; } $aclProvider = $this->get('security.acl.provider'); $objectIdentity = ObjectIdentity::fromDomainObject($object); try { $acl = $aclProvider->findAcl($objectIdentity); } catch (\Symfony\Component\Security\Acl\Exception\AclNotFoundException $e) { $output->writeln('<error>No previous acl found for ' . $objectClass . ':' . $objectId . '</error>'); return 1; } // retrieving the security identity of the currently logged-in user $username = $input->getArgument('username'); $user = $this->get('fos_user.user_manager')->findUserByUsernameOrEmail($username); if (!$user) { $output->writeln('<error>User ' . $username . ' not found.</error>'); return 1; } $securityIdentity = UserSecurityIdentity::fromAccount($user); $aceList = $acl->getObjectAces(); $i = 0; foreach ($aceList as $ace) { if ($ace->getSecurityIdentity() == $securityIdentity) { // Got it! Let's remove it! $output->writeln('got one'); $acl->deleteObjectAce($i); } $i++; } $aclProvider->updateAcl($acl); $output->writeln('<info>ACL successfully updated.</info>'); }
/** * Gives a user the right to edit himself. */ public function giveOwnRights($user) { $aclProvider = $this->container->get('security.acl.provider'); $maskBuilder = new MaskBuilder(); $usid = UserSecurityIdentity::fromAccount($user); $uoid = ObjectIdentity::fromDomainObject($user); foreach ($this->container->getParameter("fom_user.user_own_permissions") as $permission) { $maskBuilder->add($permission); } $umask = $maskBuilder->get(); try { $acl = $aclProvider->findAcl($uoid); } catch (\Exception $e) { $acl = $aclProvider->createAcl($uoid); } $acl->insertObjectAce($usid, $umask); $aclProvider->updateAcl($acl); }
/** * execute * * @param InputInterface $input * @param OutputInterface $output * @access protected * @return int */ protected function execute(InputInterface $input, OutputInterface $output) { // creating the ACL $objectClass = $input->getArgument('objectClass'); $objectId = $input->getArgument('objectId'); $doctrine = $input->getOption('doctrine'); $entityManager = $input->getOption('entity-manager'); if (!$doctrine) { $doctrine = 'doctrine'; } if ($doctrine != 'doctrine' && $doctrine != 'doctrine_mongodb') { $output->writeln('<error>You have to choose between "doctrine" and "doctrine_mongodb"</error>'); return 1; } $object = $this->get($doctrine)->getManager($entityManager ?: null)->getRepository($objectClass)->find($objectId); if (!$object) { $output->writeln('<error>Unable to find the ' . $objectClass . ':' . $objectId . '</error>'); return 1; } $aclProvider = $this->get('security.acl.provider'); $objectIdentity = ObjectIdentity::fromDomainObject($object); try { $acl = $aclProvider->findAcl($objectIdentity); } catch (\Symfony\Component\Security\Acl\Exception\AclNotFoundException $e) { $acl = $aclProvider->createAcl($objectIdentity); } // retrieving the security identity of the currently logged-in user $username = $input->getArgument('username'); $user = $this->get('fos_user.user_manager')->findUserByUsernameOrEmail($username); if (!$user) { $output->writeln('<error>User ' . $username . ' not found.</error>'); return 1; } $securityIdentity = UserSecurityIdentity::fromAccount($user); // grant owner access $dialog = $this->getHelperSet()->get('dialog'); $maskList = array('VIEW', 'EDIT', 'CREATE', 'DELETE', 'UNDELETE', 'OPERATOR', 'MASTER', 'OWNER'); $maskInt = $dialog->select($output, 'Please select the ACL (default: VIEW)', $maskList, 0); $mask = constant('Symfony\\Component\\Security\\Acl\\Permission\\MaskBuilder::MASK_' . $maskList[$maskInt]); $acl->insertObjectAce($securityIdentity, $mask); $aclProvider->updateAcl($acl); $output->writeln('<info>ACL successfully updated.</info>'); return 0; }
/** * @Route("", name="post_todo_list") * @Method({"POST"}) * @Rest\View() * @ApiDoc */ public function postTodoListAction() { $data = $this->getRequest()->request; $todoList = new TodoList(); $todoList->setTitle($data->get('title')); $em = $this->get('doctrine')->getManager(); $em->persist($todoList); $em->flush(); // creating the ACL $aclProvider = $this->get('security.acl.provider'); $acl = $aclProvider->createAcl(ObjectIdentity::fromDomainObject($todoList)); // retrieving the security identity of the currently logged-in user $securityContext = $this->get('security.context'); $securityIdentity = UserSecurityIdentity::fromAccount($securityContext->getToken()->getUser()); // grant owner access $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER); $aclProvider->updateAcl($acl); return RouteRedirectView::create('get_todo', array('id' => $todoList->getId()), HttpCodes::HTTP_CREATED); }
/** * @see Command */ protected function execute(InputInterface $input, OutputInterface $output) { $this->container->get('security.context')->setToken(new UsernamePasswordToken('command.line', null, $this->container->getParameter('fos_user.provider_key'), array(User::ROLE_SUPERADMIN))); $userManager = $this->container->get('fos_user.user_manager'); $user = $userManager->createUser(); $user->setUsername($input->getArgument('username')); $user->setEmail($input->getArgument('email')); $user->setPlainPassword($input->getArgument('password')); $user->setEnabled(!$input->getOption('inactive')); $user->setSuperAdmin(!!$input->getOption('super-admin')); $userManager->updateUser($user); if ($this->container->has('security.acl.provider')) { $provider = $this->container->get('security.acl.provider'); $oid = ObjectIdentity::fromDomainObject($user); $acl = $provider->createAcl($oid); $acl->insertObjectAce(UserSecurityIdentity::fromAccount($user), MaskBuilder::MASK_OWNER); $provider->updateAcl($acl); } $output->writeln(sprintf('Created user <comment>%s</comment>', $user->getUsername())); }
/** * @inheritdoc */ public function buildForm(FormBuilderInterface $builder, array $options) { try { if ($options['class'] && class_exists($options['class'])) { $oid = new ObjectIdentity('class', $options['class']); $acl = $this->aclProvider->findAcl($oid); $aces = $acl->getClassAces(); } else { $oid = ObjectIdentity::fromDomainObject($options['data']); $acl = $this->aclProvider->findAcl($oid); $aces = $acl->getObjectAces(); } $isMaster = $this->securityContext->isGranted('MASTER'); $isOwner = $this->securityContext->isGranted('OWNER'); } catch (\Exception $e) { $isMaster = true; $isOwner = true; $aces = array(); if (true === $options['create_standard_permissions']) { // for unsaved entities, fake three standard permissions: // - Owner access for current user // - View access for anonymous users // - View access for logged in users $oid = null; $aces = array(); $owner = $this->securityContext->getToken()->getUser(); $ownerAccess = array('sid' => UserSecurityIdentity::fromAccount($owner), 'mask' => MaskBuilder::MASK_OWNER); $aces[] = $ownerAccess; if ($options['standard_anon_access']) { $anon = new RoleSecurityIdentity('IS_AUTHENTICATED_ANONYMOUSLY'); $anonAccess = array('sid' => $anon, 'mask' => MaskBuilder::MASK_VIEW); $user = new RoleSecurityIdentity('ROLE_USER'); $userAccess = array('sid' => $anon, 'mask' => MaskBuilder::MASK_VIEW); $aces[] = $anonAccess; } } } $permissions = is_string($options['permissions']) ? $this->getStandardPermissions($options, $isMaster, $isOwner) : array('show' => $options['permissions']); $aceOptions = array('type' => 'ace', 'label' => 'Permissions', 'allow_add' => true, 'allow_delete' => true, 'auto_initialize' => false, 'prototype' => true, 'options' => array('available_permissions' => $permissions['show']), 'mapped' => false, 'data' => $aces); $builder->add('ace', 'collection', $aceOptions); }
/** * Aplica y actualiza las reglas de la ACL * * @param $acl * @param $applyTo */ private function applyAcl($acl, $applyTo) { $aclProviderCallable = $this->aclProviderCallable; if (isset($applyTo['users'])) { foreach ($applyTo['users'] as $username => $mask) { if ($user = $this->findUserByUsername($username)) { $securityIdentity = UserSecurityIdentity::fromAccount($user); $acl->insertObjectAce($securityIdentity, $this->getMask($mask)); } else { $this->logger->addAlert(sprintf('No es posible adicionar ACL para el usuario \'%s\', el mismo no pudo ser encontrado.', $username)); } } } if (isset($applyTo['roles'])) { foreach ($applyTo['roles'] as $role => $mask) { $securityIdentity = new RoleSecurityIdentity($role); $acl->insertObjectAce($securityIdentity, $this->getMask($mask)); } } $aclProviderCallable($acl, 'update'); }
/** * {@inheritdoc} */ public function getSecurityIdentities(Token\TokenInterface $token) { $sids = array(); // add user security identity if (!$token instanceof Token\AnonymousToken) { try { $sids[] = UserSecurityIdentity::fromToken($token); } catch (\InvalidArgumentException $invalid) { // ignore, user has no user security identity } } // add all reachable roles foreach ($this->roleHierarchy->getReachableRoles($token->getRoles()) as $role) { $sids[] = new RoleSecurityIdentity($role); } // add journal roles $user = $token->getUser(); try { $selectedJournal = $this->journalService->getSelectedJournal(); } catch (\Exception $e) { $selectedJournal = false; } if ($user instanceof User && $selectedJournal instanceof Journal) { foreach ($user->getJournalRoles($selectedJournal) as $journalRoles) { $sids[] = new JournalRoleSecurityIdentity($journalRoles[0], $journalRoles[1]); } } // add built-in special roles if ($this->authenticationTrustResolver->isFullFledged($token)) { $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_FULLY); $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED); $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); } elseif ($this->authenticationTrustResolver->isRememberMe($token)) { $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED); $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); } elseif ($this->authenticationTrustResolver->isAnonymous($token)) { $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); } return $sids; }
/** * @Route("/index") * @Template() */ public function indexAction() { $user = $this->get('fos_user.user_manager')->findUserByEmail('*****@*****.**'); $post = new Post(); $post->setTitle('TES ttlekj')->setBody(' kadfj adslkfj adsklfj adslkfj ')->setAuthor($user)->setCreated(new \DateTime()); $manager = $this->getDoctrine()->getManager(); $manager->persist($post); $manager->flush(); $comment = new Comment(); $comment->setPost($post)->setBody('kljdfa adslkfjadslkfj')->setCreated(new \DateTime())->setAuthor($user); $manager->persist($comment); $manager->flush(); // $aclProvider = $this->get('security.acl.provider'); // $comments = $this->getDoctrine()->getRepository('TDomainBundle:Comment')->findAll(); // foreach ($comments as $comment) { // $oid = ObjectIdentity::fromDomainObject($comment); // $aclProvider->createAcl($oid); // } // creating the ACL // $aclProvider = $this->get('security.acl.provider'); $objectIdentity = new ObjectIdentity('class', 'T\\DomainBundle\\Entity\\Comment'); // $acl = $aclProvider->findAcl($objectIdentity); // retrieving the security identity of the currently logged-in user $securityContext = $this->get('security.context'); // $user = $securityContext->getToken()->getUser(); $securityIdentity = UserSecurityIdentity::fromAccount($user); // grant owner access // $acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER); // $aclProvider->updateAcl($acl); $entity = $this->getDoctrine()->getManager()->find('TDomainBundle:Comment', 2); $token = new UsernamePasswordToken($user, $user->getPassword(), 'public', $user->getRoles()); // $securityContext = $this->get('security.context'); $securityContext->setToken($token); // check for edit access if (false === $securityContext->isGranted('EDIT', $entity)) { throw new AccessDeniedException(); } // $aces = $acl->getClassAces(); return array('name' => 'patapam', 'aces' => array()); }
/** * Updates ACL * * @param \Sonata\AdminBundle\Util\AdminObjectAclData $data */ public function updateAcl(AdminObjectAclData $data) { foreach ($data->getAclUsers() as $aclUser) { $securityIdentity = UserSecurityIdentity::fromAccount($aclUser); $maskBuilder = new $this->maskBuilderClass(); foreach ($data->getUserPermissions() as $permission) { if ($data->getForm()->get($aclUser->getId() . $permission)->getData()) { $maskBuilder->add($permission); } } $masks = $data->getMasks(); $acl = $data->getAcl(); // Restore OWNER and MASTER permissions /*if (!$data->isOwner()) { foreach ($data->getOwnerPermissions() as $permission) { if ($acl->isGranted(array($masks[$permission]), array($securityIdentity))) { $maskBuilder->add($permission); } } }*/ $mask = $maskBuilder->get(); $index = null; $ace = null; foreach ($acl->getObjectAces() as $currentIndex => $currentAce) { if ($currentAce->getSecurityIdentity()->equals($securityIdentity)) { $index = $currentIndex; $ace = $currentAce; break; } } if ($ace) { $acl->updateObjectAce($index, $mask); } else { $acl->insertObjectAce($securityIdentity, $mask); } } $data->getSecurityHandler()->updateAcl($acl); }
/** * @PreAuthorize("isAuthenticated()") */ public function newPostAction() { if (!($title = $this->request->request->get('title'))) { throw new HttpException(400); } $this->em->getConnection()->beginTransaction(); try { $post = new Post($title); $this->em->persist($post); $this->em->flush(); $oid = ObjectIdentity::fromDomainObject($post); $acl = $this->getAclProvider()->createAcl($oid); $sid = UserSecurityIdentity::fromToken($this->tokenStorage->getToken()); $acl->insertObjectAce($sid, MaskBuilder::MASK_OWNER); $this->getAclProvider()->updateAcl($acl); $this->em->getConnection()->commit(); return new Response('', 201, array('Location' => $this->router->generate('post_controller_edit', array('id' => $post->getId())))); } catch (\Exception $ex) { $this->em->getConnection()->rollBack(); $this->em->close(); throw $ex; } }