public function setUp()
{
parent::setUp();
$this->aclProvider = $this->prophesize(MutableAclProviderInterface::class);
$this->objectIdentityRetrievalStrategy = $this->prophesize(ObjectIdentityRetrievalStrategyInterface::class);
$this->securityIdentityRetrievalStrategy = $this->prophesize(SecurityIdentityRetrievalStrategyInterface::class);
$this->permissionMap = $this->prophesize(PermissionMapInterface::class);
$this->token = $this->prophesize(TokenInterface::class);
$this->accessControlVoter = new AccessControlVoter($this->aclProvider->reveal(), $this->objectIdentityRetrievalStrategy->reveal(), $this->securityIdentityRetrievalStrategy->reveal(), $this->permissionMap->reveal());
}
/**
* Sets the default object Acl entry for the supplied Comment.
*
* @param CommentInterface $comment
* @return void
*/
public function setDefaultAcl(CommentInterface $comment)
{
$objectIdentity = $this->objectRetrieval->getObjectIdentity($comment);
$acl = $this->aclProvider->createAcl($objectIdentity);
if ($comment instanceof SignedCommentInterface && null !== $comment->getAuthor()) {
$securityIdentity = UserSecurityIdentity::fromAccount($comment->getAuthor());
$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
}
$this->aclProvider->updateAcl($acl);
}
/**
* {@inheritDoc}
*/
public function setDefaultAcl(PostInterface $post)
{
$objectIdentity = $this->objectRetrieval->getObjectIdentity($post);
$acl = $this->aclProvider->createAcl($objectIdentity);
$securityIdentity = UserSecurityIdentity::fromAccount($post->getUser());
$mask = new MaskBuilder();
$mask->add('create')->add('view')->add('edit')->add('delete');
$acl->insertObjectAce($securityIdentity, $mask->get());
$this->aclProvider->updateAcl($acl);
}
/**
* Apply the specified ACL changeset.
*
* @param AbstractEntity $entity The entity
* @param array $changeset The changeset
* @param bool $recursive The recursive
*/
public function applyAclChangeset(AbstractEntity $entity, $changeset, $recursive = true)
{
if ($recursive) {
if (!method_exists($entity, 'getChildren')) {
return;
}
// Iterate over children and apply recursively
/** @noinspection PhpUndefinedMethodInspection */
foreach ($entity->getChildren() as $child) {
$this->applyAclChangeset($child, $changeset);
}
}
// Apply ACL modifications to node
$objectIdentity = $this->oidRetrievalStrategy->getObjectIdentity($entity);
try {
/* @var $acl MutableAclInterface */
$acl = $this->aclProvider->findAcl($objectIdentity);
} catch (AclNotFoundException $e) {
/* @var $acl MutableAclInterface */
$acl = $this->aclProvider->createAcl($objectIdentity);
}
// Process permissions in changeset
foreach ($changeset as $role => $roleChanges) {
$index = $this->getObjectAceIndex($acl, $role);
$mask = 0;
if (false !== $index) {
$mask = $this->getMaskAtIndex($acl, $index);
}
foreach ($roleChanges as $type => $permissions) {
$maskChange = new MaskBuilder();
foreach ($permissions as $permission) {
$maskChange->add($permission);
}
switch ($type) {
case self::ADD:
$mask = $mask | $maskChange->get();
break;
case self::DELETE:
$mask = $mask & ~$maskChange->get();
break;
}
}
if (false !== $index) {
$acl->updateObjectAce($index, $mask);
} else {
$securityIdentity = new RoleSecurityIdentity($role);
$acl->insertObjectAce($securityIdentity, $mask);
}
}
$this->aclProvider->updateAcl($acl);
}