/** * Transform a given ACL entry into a Entry model. * * The entry will not be persisted! * * @param \Symfony\Component\Security\Acl\Model\EntryInterface $aclEntry * * @return \Propel\Bundle\PropelBundle\Model\Acl\Entry */ public static function fromAclEntry(EntryInterface $aclEntry) { $entry = new self(); // Already persisted before? if ($aclEntry->getId()) { $entry->setId($aclEntry->getId()); } $entry->setMask($aclEntry->getMask())->setGranting($aclEntry->isGranting())->setGrantingStrategy($aclEntry->getStrategy())->setSecurityIdentity(SecurityIdentity::fromAclIdentity($aclEntry->getSecurityIdentity())); if ($aclEntry instanceof FieldEntryInterface) { $entry->setFieldName($aclEntry->getField()); } if ($aclEntry instanceof AuditableEntryInterface) { $entry->setAuditFailure($aclEntry->isAuditFailure())->setAuditSuccess($aclEntry->isAuditSuccess()); } return $entry; }
/** * Determines whether the ACE is applicable to the given permission/security * identity combination. * * Per default, we support three different comparison strategies. * * Strategy ALL: * The ACE will be considered applicable when all the turned-on bits in the * required mask are also turned-on in the ACE mask. * * Strategy ANY: * The ACE will be considered applicable when any of the turned-on bits in * the required mask is also turned-on the in the ACE mask. * * Strategy EQUAL: * The ACE will be considered applicable when the bitmasks are equal. * * @param integer $requiredMask * @param EntryInterface $ace * @return Boolean */ protected function isAceApplicable($requiredMask, EntryInterface $ace) { $strategy = $ace->getStrategy(); if (self::ALL === $strategy) { return $requiredMask === ($ace->getMask() & $requiredMask); } else { if (self::ANY === $strategy) { return 0 !== ($ace->getMask() & $requiredMask); } else { if (self::EQUAL === $strategy) { return $requiredMask === $ace->getMask(); } } } throw new \RuntimeException(sprintf('The strategy "%s" is not supported.', $strategy)); }
/** * Determines whether the ACE is applicable to the given permission/security identity combination. * * Strategy ALL: * The ACE will be considered applicable when all the turned-on bits in the * required mask are also turned-on in the ACE mask. * * Strategy ANY: * The ACE will be considered applicable when any of the turned-on bits in * the required mask is also turned-on the in the ACE mask. * * Strategy EQUAL: * The ACE will be considered applicable when the bitmasks are equal. * * @param integer $requiredMask * @param EntryInterface $ace * @param AclInterface $acl * @throws \RuntimeException if the ACE strategy is not supported * @return bool */ protected function isAceApplicable($requiredMask, EntryInterface $ace, AclInterface $acl) { $extension = $this->getContext()->getAclExtension(); $aceMask = $ace->getMask(); if ($acl->getObjectIdentity()->getType() === ObjectIdentityFactory::ROOT_IDENTITY_TYPE) { if ($acl->getObjectIdentity()->getIdentifier() !== $extension->getExtensionKey()) { return false; } $aceMask = $extension->adaptRootMask($aceMask, $this->getContext()->getObject()); } if ($extension->getServiceBits($requiredMask) !== $extension->getServiceBits($aceMask)) { return false; } $requiredMask = $extension->removeServiceBits($requiredMask); $aceMask = $extension->removeServiceBits($aceMask); $strategy = $ace->getStrategy(); switch ($strategy) { case self::ALL: return $requiredMask === ($aceMask & $requiredMask); case self::ANY: return 0 !== ($aceMask & $requiredMask); case self::EQUAL: return $requiredMask === $aceMask; default: throw new \RuntimeException(sprintf('The strategy "%s" is not supported.', $strategy)); } }
/** * Determines whether the ACE is applicable to the given permission/security * identity combination. * * Per default, we support three different comparison strategies. * * Strategy ALL: * The ACE will be considered applicable when all the turned-on bits in the * required mask are also turned-on in the ACE mask. * * Strategy ANY: * The ACE will be considered applicable when any of the turned-on bits in * the required mask is also turned-on the in the ACE mask. * * Strategy EQUAL: * The ACE will be considered applicable when the bitmasks are equal. * * @param SecurityIdentityInterface $sid * @param EntryInterface $ace * @param int $requiredMask * @return Boolean */ protected function isAceApplicable($requiredMask, SecurityIdentityInterface $sid, EntryInterface $ace) { if (false === $ace->getSecurityIdentity()->equals($sid)) { return false; } $strategy = $ace->getStrategy(); if (self::ALL === $strategy) { return $requiredMask === ($ace->getMask() & $requiredMask); } else { if (self::ANY === $strategy) { return 0 !== ($ace->getMask() & $requiredMask); } else { if (self::EQUAL === $strategy) { return $requiredMask === $ace->getMask(); } else { throw new \RuntimeException(sprintf('The strategy "%s" is not supported.', $strategy)); } } } }