public function setUp()
 {
     parent::setUp();
     $this->aclProvider = $this->prophesize(MutableAclProviderInterface::class);
     $this->objectIdentityRetrievalStrategy = $this->prophesize(ObjectIdentityRetrievalStrategyInterface::class);
     $this->securityIdentityRetrievalStrategy = $this->prophesize(SecurityIdentityRetrievalStrategyInterface::class);
     $this->permissionMap = $this->prophesize(PermissionMapInterface::class);
     $this->token = $this->prophesize(TokenInterface::class);
     $this->accessControlVoter = new AccessControlVoter($this->aclProvider->reveal(), $this->objectIdentityRetrievalStrategy->reveal(), $this->securityIdentityRetrievalStrategy->reveal(), $this->permissionMap->reveal());
 }
 /**
  * Sets the default object Acl entry for the supplied Comment.
  *
  * @param CommentInterface $comment
  * @return void
  */
 public function setDefaultAcl(CommentInterface $comment)
 {
     $objectIdentity = $this->objectRetrieval->getObjectIdentity($comment);
     $acl = $this->aclProvider->createAcl($objectIdentity);
     if ($comment instanceof SignedCommentInterface && null !== $comment->getAuthor()) {
         $securityIdentity = UserSecurityIdentity::fromAccount($comment->getAuthor());
         $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
     }
     $this->aclProvider->updateAcl($acl);
 }
示例#3
0
 /**
  * {@inheritDoc}
  */
 public function setDefaultAcl(PostInterface $post)
 {
     $objectIdentity = $this->objectRetrieval->getObjectIdentity($post);
     $acl = $this->aclProvider->createAcl($objectIdentity);
     $securityIdentity = UserSecurityIdentity::fromAccount($post->getUser());
     $mask = new MaskBuilder();
     $mask->add('create')->add('view')->add('edit')->add('delete');
     $acl->insertObjectAce($securityIdentity, $mask->get());
     $this->aclProvider->updateAcl($acl);
 }
 /**
  * Apply the specified ACL changeset.
  *
  * @param AbstractEntity $entity    The entity
  * @param array          $changeset The changeset
  * @param bool           $recursive The recursive
  */
 public function applyAclChangeset(AbstractEntity $entity, $changeset, $recursive = true)
 {
     if ($recursive) {
         if (!method_exists($entity, 'getChildren')) {
             return;
         }
         // Iterate over children and apply recursively
         /** @noinspection PhpUndefinedMethodInspection */
         foreach ($entity->getChildren() as $child) {
             $this->applyAclChangeset($child, $changeset);
         }
     }
     // Apply ACL modifications to node
     $objectIdentity = $this->oidRetrievalStrategy->getObjectIdentity($entity);
     try {
         /* @var $acl MutableAclInterface */
         $acl = $this->aclProvider->findAcl($objectIdentity);
     } catch (AclNotFoundException $e) {
         /* @var $acl MutableAclInterface */
         $acl = $this->aclProvider->createAcl($objectIdentity);
     }
     // Process permissions in changeset
     foreach ($changeset as $role => $roleChanges) {
         $index = $this->getObjectAceIndex($acl, $role);
         $mask = 0;
         if (false !== $index) {
             $mask = $this->getMaskAtIndex($acl, $index);
         }
         foreach ($roleChanges as $type => $permissions) {
             $maskChange = new MaskBuilder();
             foreach ($permissions as $permission) {
                 $maskChange->add($permission);
             }
             switch ($type) {
                 case self::ADD:
                     $mask = $mask | $maskChange->get();
                     break;
                 case self::DELETE:
                     $mask = $mask & ~$maskChange->get();
                     break;
             }
         }
         if (false !== $index) {
             $acl->updateObjectAce($index, $mask);
         } else {
             $securityIdentity = new RoleSecurityIdentity($role);
             $acl->insertObjectAce($securityIdentity, $mask);
         }
     }
     $this->aclProvider->updateAcl($acl);
 }