/** * Transform a given ACL entry into a Entry model. * * The entry will not be persisted! * * @param \Symfony\Component\Security\Acl\Model\EntryInterface $aclEntry * * @return \Propel\Bundle\PropelBundle\Model\Acl\Entry */ public static function fromAclEntry(EntryInterface $aclEntry) { $entry = new self(); // Already persisted before? if ($aclEntry->getId()) { $entry->setId($aclEntry->getId()); } $entry->setMask($aclEntry->getMask())->setGranting($aclEntry->isGranting())->setGrantingStrategy($aclEntry->getStrategy())->setSecurityIdentity(SecurityIdentity::fromAclIdentity($aclEntry->getSecurityIdentity())); if ($aclEntry instanceof FieldEntryInterface) { $entry->setFieldName($aclEntry->getField()); } if ($aclEntry instanceof AuditableEntryInterface) { $entry->setAuditFailure($aclEntry->isAuditFailure())->setAuditSuccess($aclEntry->isAuditSuccess()); } return $entry; }
/** * Retrieve the persisted model for the given ACE. * * If none is given, null is returned. * * @param \Symfony\Component\Security\Acl\Model\EntryInterface $ace * * @return \Propel\Bundle\PropelBundle\Model\Acl\Entry|null */ protected function getPersistedAce(EntryInterface $ace, ObjectIdentity $objectIdentity, $object = false) { if (null !== $ace->getId() and null !== ($entry = EntryQuery::create()->findPk($ace->getId(), $this->connection))) { $entry->reload(true, $this->connection); return $entry; } /* * The id is not set, but there may be an ACE in the database. * * This happens if the ACL has created new ACEs, but was not reloaded. * We try to retrieve one by the unique key. */ $ukQuery = EntryQuery::create()->filterByAclClass($objectIdentity->getAclClass($this->connection))->filterBySecurityIdentity(SecurityIdentity::fromAclIdentity($ace->getSecurityIdentity(), $this->connection)); if (true === $object) { $ukQuery->filterByObjectIdentity($objectIdentity); } else { $ukQuery->filterByObjectIdentityId(null, Criteria::ISNULL); } if ($ace instanceof FieldEntryInterface) { $ukQuery->filterByFieldName($ace->getField()); } else { $ukQuery->filterByFieldName(null, Criteria::ISNULL); } return $ukQuery->findOne($this->connection); }
/** * Determines whether the ACE is applicable to the given permission/security * identity combination. * * Per default, we support three different comparison strategies. * * Strategy ALL: * The ACE will be considered applicable when all the turned-on bits in the * required mask are also turned-on in the ACE mask. * * Strategy ANY: * The ACE will be considered applicable when any of the turned-on bits in * the required mask is also turned-on the in the ACE mask. * * Strategy EQUAL: * The ACE will be considered applicable when the bitmasks are equal. * * @param SecurityIdentityInterface $sid * @param EntryInterface $ace * @param int $requiredMask * @return Boolean */ protected function isAceApplicable($requiredMask, SecurityIdentityInterface $sid, EntryInterface $ace) { if (false === $ace->getSecurityIdentity()->equals($sid)) { return false; } $strategy = $ace->getStrategy(); if (self::ALL === $strategy) { return $requiredMask === ($ace->getMask() & $requiredMask); } else { if (self::ANY === $strategy) { return 0 !== ($ace->getMask() & $requiredMask); } else { if (self::EQUAL === $strategy) { return $requiredMask === $ace->getMask(); } else { throw new \RuntimeException(sprintf('The strategy "%s" is not supported.', $strategy)); } } } }
/** * Resolve ACE itentity to User or Role * * @param EntryInterface $ace * @return mixed */ protected function resolveIdentity(EntryInterface $ace) { $securityIdentity = $ace->getSecurityIdentity(); if ($securityIdentity instanceof UserSecurityIdentity) { $userProvider = $this->userProvider; try { return $userProvider->loadUserByUsername($securityIdentity->getUsername()); } catch (UsernameNotFoundException $e) { } } elseif ($securityIdentity instanceof RoleSecurityIdentity) { return $securityIdentity->getRole(); } return null; }