/** * @dataProvider provideObjectIdentifiers */ public function testPermissionUpdateEvent($objectId, $objectType, $objectIdentifier) { $this->aclProvider->findAcl(new ObjectIdentity($objectIdentifier, $objectType))->willThrow(AclNotFoundException::class); $this->aclProvider->createAcl(new ObjectIdentity($objectIdentifier, $objectType))->willReturn($this->acl->reveal())->shouldBeCalled(); $this->aclProvider->updateAcl($this->acl->reveal())->shouldBeCalled(); $this->acl->getObjectAces()->willReturn([]); $this->acl->insertObjectAce(Argument::cetera())->shouldBeCalled(); $this->accessControlManager->setPermissions($objectType, $objectId, [$this->securityIdentity->getRole() => ['view']]); }
/** * @dataProvider provideObjectIdentifiers */ public function testPermissionUpdateEvent($objectId, $objectType, $locale, $objectIdentifier) { $this->aclProvider->findAcl(new ObjectIdentity($objectIdentifier, $objectType))->willThrow(AclNotFoundException::class); $this->aclProvider->createAcl(new ObjectIdentity($objectIdentifier, $objectType))->willReturn($this->acl->reveal())->shouldBeCalled(); $this->aclProvider->updateAcl($this->acl->reveal())->shouldBeCalled(); $this->acl->getObjectAces()->willReturn([]); $this->acl->insertObjectAce(Argument::cetera())->shouldBeCalled(); $this->eventDispatcher->dispatch('sulu.security.permission.update', new PermissionUpdateEvent($objectType, $objectIdentifier, $this->securityIdentity, ['view']))->shouldBeCalled(); $this->accessControlManager->setPermissions($objectType, $objectId, $this->securityIdentity, ['view'], $locale); }
/** * Persists any changes which were made to the ACL, or any associated access control entries. * * Changes to parent ACLs are not persisted. * * @throws \Symfony\Component\Security\Acl\Exception\Exception * * @param \Symfony\Component\Security\Acl\Model\MutableAclInterface $acl * * @return bool */ public function updateAcl(MutableAclInterface $acl) { if (!$acl instanceof MutableAcl) { throw new \InvalidArgumentException('The given ACL is not tracked by this provider. Please provide \\Propel\\Bundle\\PropelBundle\\Security\\Acl\\Domain\\MutableAcl only.'); } try { $modelEntries = EntryQuery::create()->findByAclIdentity($acl->getObjectIdentity(), array(), $this->connection); $objectIdentity = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($acl->getObjectIdentity(), $this->connection); $this->connection->beginTransaction(); $keepEntries = array_merge($this->persistAcl($acl->getClassAces(), $objectIdentity), $this->persistAcl($acl->getObjectAces(), $objectIdentity, true)); foreach ($acl->getFields() as $eachField) { $keepEntries = array_merge($keepEntries, $this->persistAcl($acl->getClassFieldAces($eachField), $objectIdentity), $this->persistAcl($acl->getObjectFieldAces($eachField), $objectIdentity, true)); } foreach ($modelEntries as $eachEntry) { if (!in_array($eachEntry->getId(), $keepEntries)) { $eachEntry->delete($this->connection); } } if (null === $acl->getParentAcl()) { $objectIdentity->setParentObjectIdentityId(null)->save($this->connection); } else { $objectIdentity->setParentObjectIdentityId($acl->getParentAcl()->getId())->save($this->connection); } $this->connection->commit(); // After successfully committing the transaction, we are good to update the cache. if (null !== $this->cache) { $this->cache->evictFromCacheById($objectIdentity->getId()); $this->cache->putInCache($acl); } return true; // @codeCoverageIgnoreStart } catch (Exception $e) { $this->connection->rollBack(); throw new AclException('An error occurred while updating the ACL.', 0, $e); } // @codeCoverageIgnoreEnd }
/** * Compare ACLs * * @param MutableAclInterface $acl * @param array $acl_array * @return array */ protected function diffACL(MutableAclInterface $acl, array $acl_array) { $insert = $acl_array; $update = array(); $delete = array(); /** * @var integer $index * @var EntryInterface $ace */ foreach ($acl->getObjectAces() as $index => $ace) { $identity = $this->resolveIdentity($ace); $mask = $ace->getMask(); $found = false; foreach ($acl_array as $key => $acl_entry) { if ($acl_entry['identity'] == $identity) { $found = true; if ($acl_entry['permission'] != $mask) { $update[$index] = $acl_entry; } unset($insert[$key]); } } if (!$found) { $delete[$index] = array('identity' => $identity, 'permission' => $mask); } } return array('insert' => $insert, 'update' => $update, 'delete' => $delete); }