/** * {@inheritDoc} */ public function getSecurityIdentities(TokenInterface $token) { $sids = array(); // add user security identity if (!$token instanceof AnonymousToken) { try { $sids[] = UserSecurityIdentity::fromToken($token); } catch (\InvalidArgumentException $invalid) { // ignore, user has no user security identity } } // add all reachable roles foreach ($this->roleHierarchy->getReachableRoles($token->getRoles()) as $role) { $sids[] = new RoleSecurityIdentity($role); } // add built-in special roles if ($this->authenticationTrustResolver->isFullFledged($token)) { $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_FULLY); $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED); $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); } else { if ($this->authenticationTrustResolver->isRememberMe($token)) { $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED); $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); } else { if ($this->authenticationTrustResolver->isAnonymous($token)) { $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); } } } return $sids; }
public function getCompareData() { $account = $this->getMockBuilder('Symfony\\Component\\Security\\Core\\User\\UserInterface')->setMockClassName('USI_AccountImpl')->getMock(); $account->expects($this->any())->method('getUsername')->will($this->returnValue('foo')); $token = $this->getMock('Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface'); $token->expects($this->any())->method('getUser')->will($this->returnValue($account)); return array(array(new UserSecurityIdentity('foo', 'Foo'), new UserSecurityIdentity('foo', 'Foo'), true), array(new UserSecurityIdentity('foo', 'Bar'), new UserSecurityIdentity('foo', 'Foo'), false), array(new UserSecurityIdentity('foo', 'Foo'), new UserSecurityIdentity('bar', 'Foo'), false), array(new UserSecurityIdentity('foo', 'Foo'), UserSecurityIdentity::fromAccount($account), false), array(new UserSecurityIdentity('bla', 'Foo'), new UserSecurityIdentity('blub', 'Foo'), false), array(new UserSecurityIdentity('foo', 'Foo'), new RoleSecurityIdentity('foo'), false), array(new UserSecurityIdentity('foo', 'Foo'), UserSecurityIdentity::fromToken($token), false), array(new UserSecurityIdentity('foo', 'USI_AccountImpl'), UserSecurityIdentity::fromToken($token), true)); }
public function __construct($uid = null, $token = null) { $this->_uid = is_null($uid) ? md5(uniqid('', true)) : $uid; $this->_created_at = new \DateTime(); if ($token instanceof TokenInterface) { $this->_owner = UserSecurityIdentity::fromToken($token); } }
/** * Constructs SID (an object implements SecurityIdentityInterface) based on the given identity * * @param string|RoleInterface|UserInterface|TokenInterface $identity * @throws \InvalidArgumentException * @return SID */ public function getSid($identity) { if (is_string($identity)) { return new RoleSecurityIdentity($identity); } elseif ($identity instanceof RoleInterface) { return new RoleSecurityIdentity($identity->getRole()); } elseif ($identity instanceof UserInterface) { return UserSecurityIdentity::fromAccount($identity); } elseif ($identity instanceof TokenInterface) { return UserSecurityIdentity::fromToken($identity); } throw new \InvalidArgumentException(sprintf('$identity must be a string or implement one of RoleInterface, UserInterface, TokenInterface' . ' (%s given)', is_object($identity) ? get_class($identity) : gettype($identity))); }
/** * {@inheritdoc} */ public function getSecurityIdentities(Token\TokenInterface $token) { $sids = array(); // add user security identity if (!$token instanceof Token\AnonymousToken) { try { $sids[] = UserSecurityIdentity::fromToken($token); } catch (\InvalidArgumentException $invalid) { // ignore, user has no user security identity } } // add all reachable roles foreach ($this->roleHierarchy->getReachableRoles($token->getRoles()) as $role) { $sids[] = new RoleSecurityIdentity($role); } // add journal roles $user = $token->getUser(); try { $selectedJournal = $this->journalService->getSelectedJournal(); } catch (\Exception $e) { $selectedJournal = false; } if ($user instanceof User && $selectedJournal instanceof Journal) { foreach ($user->getJournalRoles($selectedJournal) as $journalRoles) { $sids[] = new JournalRoleSecurityIdentity($journalRoles[0], $journalRoles[1]); } } // add built-in special roles if ($this->authenticationTrustResolver->isFullFledged($token)) { $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_FULLY); $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED); $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); } elseif ($this->authenticationTrustResolver->isRememberMe($token)) { $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED); $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); } elseif ($this->authenticationTrustResolver->isAnonymous($token)) { $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); } return $sids; }
/** * @PreAuthorize("isAuthenticated()") */ public function newPostAction() { if (!($title = $this->request->request->get('title'))) { throw new HttpException(400); } $this->em->getConnection()->beginTransaction(); try { $post = new Post($title); $this->em->persist($post); $this->em->flush(); $oid = ObjectIdentity::fromDomainObject($post); $acl = $this->getAclProvider()->createAcl($oid); $sid = UserSecurityIdentity::fromToken($this->tokenStorage->getToken()); $acl->insertObjectAce($sid, MaskBuilder::MASK_OWNER); $this->getAclProvider()->updateAcl($acl); $this->em->getConnection()->commit(); return new Response('', 201, array('Location' => $this->router->generate('post_controller_edit', array('id' => $post->getId())))); } catch (\Exception $ex) { $this->em->getConnection()->rollBack(); $this->em->close(); throw $ex; } }
/** * Returns all current drafts for authenticated user. * * @param TokenInterface $token * * @return array */ public function getAllDrafts(TokenInterface $token) { $owner = UserSecurityIdentity::fromToken($token); $states = [Revision::STATE_ADDED, Revision::STATE_MODIFIED]; $result = []; try { $result = $this->findBy(['_owner' => $owner, '_state' => $states]); } catch (ConversionException $e) { $result = []; foreach ($this->getAllDraftsUids($owner, $states) as $data) { try { $result[] = $this->find($data['_uid']); } catch (ConversionException $e) { $this->_em->getConnection()->executeUpdate('DELETE FROM revision WHERE uid = :uid', ['uid' => $data['_uid']]); } } } catch (MappingException $e) { $result = []; foreach ($this->getAllDraftsUids($owner, $states) as $data) { $draft = $this->find($data['_uid']); if (null !== $draft->getContent()) { $result[] = $draft; } else { $this->_em->getConnection()->executeUpdate('DELETE FROM revision WHERE uid = :uid', ['uid' => $data['_uid']]); } } } return $result; }
/** * Creates a new object instanceof SecurityIdentityInterface from input implementing one of UserInterface, TokenInterface or RoleInterface (or its string representation) * @param mixed $identity * @throws InvalidIdentityException * @return SecurityIdentityInterface */ protected function doCreateSecurityIdentity($identity) { if (!$identity instanceof UserInterface && !$identity instanceof TokenInterface && !$identity instanceof RoleInterface && !is_string($identity)) { throw new \InvalidArgumentException(sprintf('$identity must implement one of: UserInterface, TokenInterface, RoleInterface (%s given)', get_class($identity))); } $securityIdentity = null; if ($identity instanceof UserInterface) { $securityIdentity = UserSecurityIdentity::fromAccount($identity); } else { if ($identity instanceof TokenInterface) { $securityIdentity = UserSecurityIdentity::fromToken($identity); } else { if ($identity instanceof RoleInterface || is_string($identity)) { $securityIdentity = new RoleSecurityIdentity($identity); } } } if (!$securityIdentity instanceof SecurityIdentityInterface) { throw new \InvalidArgumentException('Couldn\'t create a valid SecurityIdentity with the provided identity information'); } return $securityIdentity; }
/** * {@inheritdoc} */ public function getUserSecurityIdentity(UserInterface $user = null) { return null === $user ? UserSecurityIdentity::fromToken($this->tokenStorage->getToken()) : UserSecurityIdentity::fromAccount($user); }
/** * Returns all current drafts for authenticated user. * * @param TokenInterface $token * * @return array */ public function getAllDrafts(TokenInterface $token) { $owner = UserSecurityIdentity::fromToken($token); $states = [Revision::STATE_ADDED, Revision::STATE_MODIFIED]; $result = []; try { $result = $this->findBy(['_owner' => $owner, '_state' => $states]); } catch (ConversionException $e) { $qb = $this->createQueryBuilder('r'); $uids = $qb->select('r._uid')->where('r._owner = :owner')->setParameter('owner', $owner)->andWhere($qb->expr()->in('r._state', $states))->getQuery()->getResult(); $result = []; foreach ($uids as $data) { try { $result[] = $this->find($data['_uid']); } catch (ConversionException $e) { $this->_em->getConnection()->executeUpdate('DELETE FROM revision WHERE uid = :uid', ['uid' => $data['_uid']]); } } } return $result; }
/** * Returns all current drafts for authenticated user. * * @param TokenInterface $token */ public function getAllDrafts(TokenInterface $token) { return $this->_em->getRepository('BackBee\\ClassContent\\Revision')->findBy(['_owner' => UserSecurityIdentity::fromToken($token), '_state' => [Revision::STATE_ADDED, Revision::STATE_MODIFIED]]); }
/** * Sets options at the construction of a new revision. * * @param mixed $options * * @return \BackBee\ClassContent\AContent * @return \BackBee\ClassContent\AbstractClassContent */ protected function setOptions($options = null) { if ($options instanceof TokenInterface) { $this->_owner = UserSecurityIdentity::fromToken($options); } return $this; }
/** * Returns all current drafts for authenticated user. * * @param TokenInterface $token * * @return array */ public function getAllDrafts(TokenInterface $token) { return $this->findBy(['_owner' => UserSecurityIdentity::fromToken($token), '_state' => [Revision::STATE_ADDED, Revision::STATE_MODIFIED]]); }
/** * getSecurityEntity * * @param mixed $identityObject * @access private * @return SecurityIdentityInterface */ private function getSecurityEntity($identityObject) { if ($identityObject instanceof UserInterface) { return UserSecurityIdentity::fromAccount($identityObject); } elseif ($identityObject instanceof TokenInterface) { return UserSecurityIdentity::fromToken($identityObject); } elseif ($identityObject instanceof RoleInterface) { return new RoleSecurityIdentity($identityObject->getRole()); } return null; }
/** * * @param type $identity * @return SecurityIdentityInterface * @throws \InvalidArgumentException */ protected function getSecurityIdentity($identity) { $securityIdentity = null; if ($identity instanceof UserInterface) { $securityIdentity = UserSecurityIdentity::fromAccount($identity); } else { if ($identity instanceof TokenInterface) { $securityIdentity = UserSecurityIdentity::fromToken($identity); } else { if ($identity instanceof RoleInterface || is_string($identity)) { $securityIdentity = new RoleSecurityIdentity($identity); } } } if (!$securityIdentity instanceof SecurityIdentityInterface) { throw new \Exception('Couldn\'t create a valid SecurityIdentity with the provided identity information'); } return $securityIdentity; }
protected function createSecurityIdentity($input) { if (is_null($input)) { $input = $this->getCurrentAuthenticationToken(); } $identity = null; if ($input instanceof UserInterface) { $identity = UserSecurityIdentity::fromAccount($input); } elseif ($input instanceof TokenInterface) { $identity = UserSecurityIdentity::fromToken($input); } elseif ($input instanceof RoleInterface) { $identity = new RoleSecurityIdentity($input->getRole()); } elseif (is_string($input)) { $identity = new RoleSecurityIdentity($input); } elseif ($input instanceof SecurityIdentityInterface) { $identity = $input; } if (!$identity instanceof SecurityIdentityInterface) { throw new \InvalidArgumentException('Couldn\'t create a valid SecurityIdentity with the provided identity information'); } return $identity; }