/** * @param $entity * @param $mask * @param SecurityIdentityInterface $securityIdentity * @return $this */ public function revokeMask($entity, $mask, SecurityIdentityInterface $securityIdentity) { $acl = $this->getAcl($entity); $aces = $acl->getObjectAces(); foreach ($aces as $index => $ace) { if ($securityIdentity->equals($ace->getSecurityIdentity())) { $this->removeMask($index, $acl, $ace, $mask); } } $this->aclProvider->updateAcl($acl); return $this; }
/** * Gets all ACEs associated with given ACL and the given security identity * * @param SID $sid * @param AclInterface $acl * @param string $type The ACE type. Can be one of AclManager::*_ACE constants * @param string|null $field The name of a field. * Set to null for class-based or object-based ACE * Set to not null class-field-based or object-field-based ACE * @return EntryInterface[] */ protected function getAces(SID $sid, AclInterface $acl, $type, $field) { return array_filter($this->manager->getAceProvider()->getAces($acl, $type, $field), function ($ace) use(&$sid) { /** @var EntryInterface $ace */ return $sid->equals($ace->getSecurityIdentity()); }); }
/** * Gets all ACEs associated with given ACL and the given security identity * * @param SID $sid * @param OID $oid * @param string $type The ACE type. Can be one of self::*_ACE constants * @param string|null $field The name of a field. * Set to null for class-based or object-based ACE * Set to not null class-field-based or object-field-based ACE * @return EntryInterface[] */ protected function doGetAces(SID $sid, OID $oid, $type, $field) { $acl = $this->getAcl($oid); if (!$acl) { return array(); } return array_filter($this->aceProvider->getAces($acl, $type, $field), function ($ace) use(&$sid) { /** @var EntryInterface $ace */ return $sid->equals($ace->getSecurityIdentity()); }); }
/** * Deletes all ACEs for the given security identity from the given ACL * * @param ACL $acl * @param string $type The ACE type. Can be one of AclManager::*_ACE constants * @param string|null $field The name of a field. * Set to null for class-based or object-based ACE * Set to not null class-field-based or object-field-based ACE * @param SID $sid * @return bool True if at least one permission was deleted */ public function deleteAllPermissions(ACL $acl, $type, $field, SID $sid) { $hasChanges = false; $aces = $this->getAces($acl, $type, $field); foreach ($aces as $index => $ace) { if ($sid->equals($ace->getSecurityIdentity())) { $this->deleteAce($acl, $type, $field, $index); $hasChanges = true; } } return $hasChanges; }
/** * Deletes all ACEs the given type and security identity from the list of ACEs associated with this item * * @param string $type The ACE type. Can be one of AclManager::*_ACE constants * @param string|null $field The name of a field. * Set to null for class-based or object-based ACE * Set to not null class-field-based or object-field-based ACE * @param SID $sid */ public function removeAces($type, $field, SID $sid) { if ($this->aces !== null) { $toRemoveKeys = []; foreach ($this->aces as $key => $val) { if ($sid->equals($val->getSecurityIdentity()) && $type === $val->getType() && $field === $val->getField()) { $toRemoveKeys[] = $key; break; } } if (!empty($toRemoveKeys)) { foreach ($toRemoveKeys as $key) { $this->aces->remove($key); } } } }
/** * @param ObjectIdentityInterface $objectIdentity * @param SecurityIdentityInterface $securityIdentity * @param string|string[] $permissions * @param string $type * @param null|string $field */ protected function revoke(ObjectIdentityInterface $objectIdentity, SecurityIdentityInterface $securityIdentity, $permissions, $type, $field = null) { if (null === ($acl = $this->findAcl($objectIdentity))) { return; } $index = false; $oldMask = 0; /** @var Entry $ace */ foreach ($acl->{$this->resolveAceMethod('get', $type, $field)}($field) as $k => $ace) { if ($securityIdentity->equals($ace->getSecurityIdentity())) { $index = $k; $oldMask = $ace->getMask(); continue; } } if (false !== $index) { $maskBuilder = $this->permissionMap->getMaskBuilder(); $maskBuilder->set($oldMask); foreach ((array) $permissions as $permission) { $maskBuilder->remove($permission); } if (null === $field) { $acl->{$this->resolveAceMethod('update', $type)}($index, $maskBuilder->get()); } else { $acl->{$this->resolveAceMethod('update', $type, $field)}($index, $field, $maskBuilder->get()); } } $this->aclProvider->updateAcl($acl); }