Skip to content
This repository has been archived by the owner on May 25, 2020. It is now read-only.

Refactoring, Debug, Tests #7

Open
wants to merge 5 commits into
base: master
Choose a base branch
from
Open

Refactoring, Debug, Tests #7

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
37a8c90
Add some basic test
Dec 19, 2014
c05e8a9
massiv refactoring + test
Dec 21, 2014
cc3fd43
Update gitignore for functional test dir, fix some bug and add more test
Dec 21, 2014
e39393b
add cs fixer config + fix
Dec 21, 2014
906b9cc
add DeleteAclFor coverage
Jan 5, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 3 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,2 +1,5 @@
vendor/*
composer.lock

Tests/App/cache
Tests/App/logs
15 changes: 15 additions & 0 deletions .php_cs
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,15 @@
<?php

return Symfony\CS\Config\Config::create()
->level(Symfony\CS\FixerInterface::PSR2_LEVEL)
->fixers(array(
'ordered_use',
'multiline_spaces_before_semicolon',
'concat_with_spaces'
))
->finder(
Symfony\CS\Finder\DefaultFinder::create()
->exclude('vendor')
->in(__DIR__)
)
;
295 changes: 222 additions & 73 deletions Domain/AbstractAclManager.php
View file
Open in desktop

Large diffs are not rendered by default.

180 changes: 102 additions & 78 deletions Domain/AclManager.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,7 +2,9 @@

namespace Problematic\AclManagerBundle\Domain;

use Symfony\Component\Security\Acl\Exception\NoAceFoundException;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
use Symfony\Component\Security\Acl\Voter\FieldVote;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter;
use Symfony\Component\Security\Core\Role\RoleInterface;
Expand Down Expand Up @@ -33,47 +35,47 @@ public function addClassPermission($domainObject, $mask, $securityIdentity = nul
/**
* {@inheritDoc}
*/
public function addObjectFieldPermission($domainObject, $field, $mask, $securityIdentity = null)
public function addObjectFieldPermission($domainObject, $fields, $mask, $securityIdentity = null)
{
$this->addPermission($domainObject, $field, $mask, $securityIdentity, 'object', false);
$this->addPermission($domainObject, $fields, $mask, $securityIdentity, 'object', false);

return $this;
}

/**
* {@inheritDoc}
*/
public function addClassFieldPermission($domainObject, $field, $mask, $securityIdentity = null)
public function addClassFieldPermission($domainObject, $fields, $mask, $securityIdentity = null)
{
$this->addPermission($domainObject, $field, $mask, $securityIdentity, 'class', false);
$this->addPermission($domainObject, $fields, $mask, $securityIdentity, 'class', false);

return $this;
}

/**
* @param mixed $domainObject
* @param string $field
* @param int $mask
* @param string $fields
* @param UserInterface|TokenInterface|RoleInterface $securityIdentity
* @param string $type
* @param string $field
* @param boolean $replace_existing
* @param string $fields
* @param boolean $replaceExisting
*
* @return AbstractAclManager
*/
protected function addPermission($domainObject, $field, $mask, $securityIdentity = null, $type = 'object', $replace_existing = false)
protected function addPermission($domainObject, $fields, $attributes, $securityIdentity = null, $type = 'object', $replaceExisting = false)
{
if (is_null($securityIdentity)) {
$securityIdentity = $this->getUser();
}
$mask = $this->buildMask($attributes);

$context = $this->doCreatePermissionContext($type, $field, $securityIdentity, $mask);
$context = $this->doCreatePermissionContext(
$type,
$fields,
$this->doCreateSecurityIdentity($securityIdentity),
$mask
);

$objectIdentityRetriever = $this->getObjectIdentityRetrievalStrategy();
$objectIdentityRetriever->setType($type);
$oid = $objectIdentityRetriever->getObjectIdentity($domainObject);
$acl = $this->doLoadAcl($this->doRetrieveObjectIdentity($domainObject, $type));

$acl = $this->doLoadAcl($oid);
$this->doApplyPermission($acl, $context, $replace_existing);
$this->doApplyPermission($acl, $context, $replaceExisting);

$this->getAclProvider()->updateAcl($acl);

Expand All @@ -85,12 +87,12 @@ protected function addPermission($domainObject, $field, $mask, $securityIdentity
* @param int $mask
* @param UserInterface | TokenInterface | RoleInterface $securityIdentity
* @param string $type
* @param string $field
* @param string $fields
* @return \Problematic\AclManagerBundle\Domain\AbstractAclManager
*/
protected function setPermission($domainObject, $field, $mask, $securityIdentity = null, $type = 'object')
protected function setPermission($domainObject, $fields, $mask, $securityIdentity = null, $type = 'object')
{
$this->addPermission($domainObject, $field, $mask, $securityIdentity, $type, true);
$this->addPermission($domainObject, $fields, $mask, $securityIdentity, $type, true);

return $this;
}
Expand All @@ -114,35 +116,36 @@ public function setClassPermission($domainObject, $mask, $securityIdentity = nul
/**
* {@inheritDoc}
*/
public function setObjectFieldPermission($domainObject, $field, $mask, $securityIdentity = null)
public function setObjectFieldPermission($domainObject, $fields, $mask, $securityIdentity = null)
{
$this->setPermission($domainObject, $field, $mask, $securityIdentity, 'object');
$this->setPermission($domainObject, $fields, $mask, $securityIdentity, 'object');
}

/**
* {@inheritDoc}
*/
public function setClassFieldPermission($domainObject, $field, $mask, $securityIdentity = null)
public function setClassFieldPermission($domainObject, $fields, $mask, $securityIdentity = null)
{
$this->setPermission($domainObject, $field, $mask, $securityIdentity, 'class');
$this->setPermission($domainObject, $fields, $mask, $securityIdentity, 'class');
}

/**
* {@inheritDoc}
*/
public function revokePermission($domainObject, $mask, $securityIdentity = null, $type = 'object')
public function revokePermission($domainObject, $attributes, $securityIdentity = null, $type = 'object')
{
if (is_null($securityIdentity)) {
$securityIdentity = $this->getUser();
if (null !== $securityIdentity) {
$securityIdentity = $this->doCreateSecurityIdentity($securityIdentity);
}

$context = $this->doCreatePermissionContext($type, null, $securityIdentity, $mask);

$objectIdentityRetriever = $this->getObjectIdentityRetrievalStrategy();
$objectIdentityRetriever->setType($type);
$oid = $objectIdentityRetriever->getObjectIdentity($domainObject);
$context = $this->doCreatePermissionContext(
$type,
null,
$securityIdentity,
$this->buildMask($attributes)
);

$acl = $this->doLoadAcl($oid);
$acl = $this->doLoadAcl($this->doRetrieveObjectIdentity($domainObject, $type));
$this->doRevokePermission($acl, $context);
$this->getAclProvider()->updateAcl($acl);

Expand All @@ -152,19 +155,21 @@ public function revokePermission($domainObject, $mask, $securityIdentity = null,
/**
* {@inheritDoc}
*/
public function revokeFieldPermission($domainObject, $field, $mask, $securityIdentity = null, $type = 'object')
public function revokeFieldPermission($domainObject, $fields, $attributes, $securityIdentity = null, $type = 'object')
{
if (is_null($securityIdentity)) {
$securityIdentity = $this->getUser();
if (null === $securityIdentity) {
$securityIdentity = $this->doCreateSecurityIdentity($securityIdentity);
}

$context = $this->doCreatePermissionContext($type, $field, $securityIdentity, $mask);
$context = $this->doCreatePermissionContext(
$type,
$fields,
$securityIdentity,
$this->buildMask($attributes)
);

$objectIdentityRetriever = $this->getObjectIdentityRetrievalStrategy();
$objectIdentityRetriever->setType($type);
$oid = $objectIdentityRetriever->getObjectIdentity($domainObject);
$acl = $this->doLoadAcl($this->doRetrieveObjectIdentity($domainObject, $type));

$acl = $this->doLoadAcl($oid);
$this->doRevokePermission($acl, $context);
$this->getAclProvider()->updateAcl($acl);

Expand All @@ -190,41 +195,42 @@ public function revokeAllObjectPermissions($domainObject, $securityIdentity = nu
/**
* {@inheritDoc}
*/
public function revokeAllClassFieldPermissions($domainObject, $field, $securityIdentity = null)
public function revokeAllClassFieldPermissions($domainObject, $fields, $securityIdentity = null)
{
$this->revokeAllPermissions($domainObject, $field, $securityIdentity, 'class');
$this->revokeAllPermissions($domainObject, $fields, $securityIdentity, 'class');
}

/**
* {@inheritDoc}
*/
public function revokeAllObjectFieldPermissions($domainObject, $field, $securityIdentity = null)
public function revokeAllObjectFieldPermissions($domainObject, $fields, $securityIdentity = null)
{
$this->revokeAllPermissions($domainObject, $field, $securityIdentity, 'object');
$this->revokeAllPermissions($domainObject, $fields, $securityIdentity, 'object');
}

/**
* @param mixed $domainObject
* @param string $field
* @param null $securityIdentity
* @param string|string[] $fields
* @param null|string|SecurityIdentityInterface|UserInterface $securityIdentity
* @param string $type
*
* @return $this
*/
protected function revokeAllPermissions($domainObject, $field, $securityIdentity = null, $type = 'object')
protected function revokeAllPermissions($domainObject, $fields, $securityIdentity = null, $type = 'object')
{
if (is_null($securityIdentity)) {
$securityIdentity = $this->getUser();
if (null !== $securityIdentity) {
$securityIdentity = $this->doCreateSecurityIdentity($securityIdentity);
}

$securityIdentity = $this->doCreateSecurityIdentity($securityIdentity);

$objectIdentityRetriever = $this->getObjectIdentityRetrievalStrategy();
$objectIdentityRetriever->setType($type);
$oid = $objectIdentityRetriever->getObjectIdentity($domainObject);
$context = $this->doCreatePermissionContext(
$type,
$fields,
$securityIdentity
);

$oid = $this->doRetrieveObjectIdentity($domainObject, $type);
$acl = $this->doLoadAcl($oid);
$this->doRevokeAllPermissions($acl, $securityIdentity, $type, $field);
$this->doRevokeAllPermissions($acl, $context);
$this->getAclProvider()->updateAcl($acl);

return $this;
Expand All @@ -249,48 +255,64 @@ public function preloadAcls($objects, $identities = array())
$sids[] = $sid;
}

$acls = $this->getAclProvider()->findAcls($oids, $sids); // todo: do we need to do anything with these?
$acls = $this->getAclProvider()->findAcls($oids, $sids);

return $acls;
}

/**
* {@inheritDoc}
*/
public function deleteAclFor($managedItem, $type = 'class')
public function deleteAclFor($object, $type = 'object')
{
$objectIdentityRetriever = $this->getObjectIdentityRetrievalStrategy();
$objectIdentityRetriever->setType($type);

$oid = $objectIdentityRetriever->getObjectIdentity($managedItem);
$this->getAclProvider()->deleteAcl($oid);
$this->getAclProvider()->deleteAcl($this->doRetrieveObjectIdentity($object, $type));

return $this;
}

/**
* {@inheritDoc}
*/
public function isGranted($attributes, $object = null)
public function isGranted($attributes, $object = null, $type = 'object')
{
return $this->getSecurityContext()->isGranted($attributes, $object);
return $this->getSecurityContext()->isGranted(
$attributes,
$this->doRetrieveObjectIdentity($object, $type)
);
}

/**
* {@inheritDoc}
*/
public function isFieldGranted($masks, $object, $field)
public function isFieldGranted($attributes, $object, $fields, $type = 'object')
{
$oid = $this->getObjectIdentityRetrievalStrategy()->getObjectIdentity($object);
$acl = $this->doLoadAcl($oid);
if (!is_array($fields)) {
$fields = array($fields);
}

try {
return $acl->isFieldGranted($field, $masks, array(
$this->doCreateSecurityIdentity($this->getUser()),
));
} catch (NoAceFoundException $ex) {
return false;
$oid = $this->doRetrieveObjectIdentity($object, $type);
$fieldGranted = array();

foreach ($fields as $field) {
if (true === $this->getSecurityContext()->isGranted($attributes, new FieldVote($oid, $field))) {
$fieldGranted[$field] = true;
}
}

return count($fields) === count($fieldGranted);
}

protected function doRetrieveObjectIdentity($object, $type)
{
if ($object instanceof ObjectIdentityInterface) {
$oid = $object;
} else {
$objectIdentityRetriever = $this->getObjectIdentityRetrievalStrategy();
$objectIdentityRetriever->setType($type);
$oid = $objectIdentityRetriever->getObjectIdentity($object);
}

return $oid;
}

/**
Expand All @@ -304,8 +326,10 @@ public function getUser()
return;
}

$user = $token->getUser();
if (false === $token->isAuthenticated()) {
return AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY;
}

return (is_object($user)) ? $user : AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY;
return $token->getUser();
}
}
Loading