Created
February 15, 2011 10:34
-
-
Save docteurklein/827374 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| public function createClassAce(ObjectIdentity $objectIdentity, User $user = null, MaskBuilder $maskBuilder = null) | |
| { | |
| if( ! $user) { | |
| $user = $this->getUser(); | |
| } | |
| if( ! $user instanceof \Symfony\Component\Security\Core\User\AccountInterface) | |
| { | |
| throw new \InvalidArgumentException('you must have a User in "security.context"'); | |
| } | |
| try { | |
| $acl = $this->aclProvider->findAcl($objectIdentity); | |
| } | |
| catch(AclNotFoundException $e) { | |
| $acl = $this->aclProvider->createAcl($objectIdentity); | |
| } | |
| $securityIdentity = UserSecurityIdentity::fromAccount($user); | |
| $mask = MaskBuilder::MASK_OWNER; // defaults to owner rights | |
| if(null !== $maskBuilder) { | |
| $mask = $maskBuilder->get(); | |
| } | |
| // grant owner access | |
| $acl->insertClassAce($securityIdentity, $mask); | |
| $this->aclProvider->updateAcl($acl); | |
| } | |
| public function getUser() | |
| { | |
| if(null === $token = $this->securityContext->getToken()) { | |
| return; | |
| } | |
| return $token->getUser(); | |
| } | |
| /** | |
| * Creates an ObjectIdentity instance from a domain object | |
| * | |
| * @param object a Domain Object | |
| * @return ObjectIdentity | |
| */ | |
| public function fromDomainObject($object) | |
| { | |
| return ObjectIdentity::fromDomainObject($object); | |
| } | |
| /*public function fromClassName($id, $className) | |
| { | |
| return new ObjectIdentity($id, $className); | |
| }*/ | |
| /** | |
| * Creates an ObjectIdentity instance from a class name | |
| * | |
| * @param $id a uuid | |
| * @param $className the className | |
| * @return ObjectIdentity | |
| */ | |
| public function fromClassName($className) | |
| { | |
| return new ObjectIdentity('class', $className); | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| class BaseEntity implements DomainObjectInterface | |
| { | |
| protected $id; | |
| public function __construct($id) | |
| { | |
| $this->id = $id; | |
| } | |
| public function getObjectIdentifier() | |
| { | |
| return $this->id; | |
| } | |
| } | |
| class Entity1 extends BaseEntity | |
| { | |
| } | |
| class Entity2 extends baseEntity | |
| { | |
| } | |
| class Entity3 extends baseEntity | |
| { | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <?php | |
| $entity4 = new Entity3(1); | |
| $entity5 = new Entity3(2); | |
| $this->assertFalse($securityContext->vote('VIEW', $entity5), 'User has no right to view the object'); | |
| $aclManager->createClassAce($aclManager->fromClassName(\get_class($entity4)), $user, new MaskBuilder(MaskBuilder::MASK_VIEW)); | |
| $this->assertTrue($securityContext->vote('VIEW', $entity4), 'User has right to view any object of class "Entity3"'); | |
| $this->assertTrue($securityContext->vote('VIEW', $entity5), 'User has right to view any object of class "Entity3"'); | |
| // this 2 last lines fails: user should have right to view any instance of class Entity3. Why ? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment