1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace Kunstmaan\NodeBundle\Helper\Services; |
4
|
|
|
|
5
|
|
|
use Kunstmaan\AdminBundle\Helper\Security\Acl\Permission\MaskBuilder; |
6
|
|
|
use Symfony\Component\DependencyInjection\ContainerInterface; |
7
|
|
|
use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity; |
8
|
|
|
use Symfony\Component\Security\Acl\Exception\AclNotFoundException; |
9
|
|
|
use Symfony\Component\Security\Acl\Model\MutableAclProviderInterface; |
10
|
|
|
use Symfony\Component\Security\Acl\Model\ObjectIdentityRetrievalStrategyInterface; |
11
|
|
|
|
12
|
|
|
/** |
13
|
|
|
* Service to add the correct permissions to new HasNodeInterface objects. |
14
|
|
|
*/ |
15
|
|
|
class ACLPermissionCreatorService |
16
|
|
|
{ |
17
|
|
|
/* @var MutableAclProviderInterface $aclProvider */ |
18
|
|
|
protected $aclProvider; |
19
|
|
|
|
20
|
|
|
public function setAclProvider($aclProvider) |
21
|
|
|
{ |
22
|
|
|
$this->aclProvider = $aclProvider; |
23
|
|
|
} |
24
|
|
|
|
25
|
|
|
/* @var ObjectIdentityRetrievalStrategyInterface $oidStrategy */ |
26
|
|
|
protected $oidStrategy; |
27
|
|
|
|
28
|
|
|
public function setObjectIdentityRetrievalStrategy($oidStrategy) |
29
|
|
|
{ |
30
|
|
|
$this->oidStrategy = $oidStrategy; |
31
|
|
|
} |
32
|
|
|
|
33
|
|
|
/** |
34
|
|
|
* Sets the Container. This is still here for backwards compatibility. |
35
|
|
|
* The ContainerAwareInterface has been removed so the container won't be injected automatically. |
36
|
|
|
* This function is just there for code that calls it manually. |
37
|
|
|
* |
38
|
|
|
* @param ContainerInterface $container a ContainerInterface instance |
|
|
|
|
39
|
|
|
* |
40
|
|
|
* @api |
41
|
|
|
*/ |
42
|
|
|
public function setContainer(ContainerInterface $container = null) |
43
|
|
|
{ |
44
|
|
|
$this->setAclProvider($container->get('security.acl.provider')); |
|
|
|
|
45
|
|
|
$this->setObjectIdentityRetrievalStrategy($container->get('security.acl.object_identity_retrieval_strategy')); |
46
|
|
|
} |
47
|
|
|
|
48
|
|
|
/** |
49
|
|
|
* @param object $object |
50
|
|
|
* |
51
|
|
|
* Create ACL permissions for an object |
52
|
|
|
*/ |
53
|
|
|
public function createPermission($object) |
54
|
|
|
{ |
55
|
|
|
$aclProvider = $this->aclProvider; |
56
|
|
|
|
57
|
|
|
$oidStrategy = $this->oidStrategy; |
58
|
|
|
|
59
|
|
|
$objectIdentity = $oidStrategy->getObjectIdentity($object); |
60
|
|
|
|
61
|
|
|
try { |
62
|
|
|
$aclProvider->deleteAcl($objectIdentity); |
63
|
|
|
} catch (AclNotFoundException $e) { |
64
|
|
|
// Don't fail when the ACL didn't exist yet. |
65
|
|
|
} |
66
|
|
|
$acl = $aclProvider->createAcl($objectIdentity); |
67
|
|
|
|
68
|
|
|
$securityIdentity = new RoleSecurityIdentity('IS_AUTHENTICATED_ANONYMOUSLY'); |
69
|
|
|
$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_VIEW); |
70
|
|
|
|
71
|
|
|
$securityIdentity = new RoleSecurityIdentity('ROLE_ADMIN'); |
72
|
|
|
$acl->insertObjectAce( |
73
|
|
|
$securityIdentity, |
74
|
|
|
MaskBuilder::MASK_VIEW | MaskBuilder::MASK_EDIT | MaskBuilder::MASK_DELETE | MaskBuilder::MASK_PUBLISH | MaskBuilder::MASK_UNPUBLISH |
75
|
|
|
); |
76
|
|
|
|
77
|
|
|
$securityIdentity = new RoleSecurityIdentity('ROLE_SUPER_ADMIN'); |
78
|
|
|
$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_IDDQD); |
79
|
|
|
$aclProvider->updateAcl($acl); |
80
|
|
|
} |
81
|
|
|
} |
82
|
|
|
|
This check looks for
@param
annotations where the type inferred by our type inference engine differs from the declared type.It makes a suggestion as to what type it considers more descriptive.
Most often this is a case of a parameter that can be null in addition to its declared types.