1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace Kunstmaan\AdminBundle\Service; |
4
|
|
|
|
5
|
|
|
use Doctrine\ORM\EntityManagerInterface; |
6
|
|
|
use Kunstmaan\NodeBundle\Entity\Node; |
7
|
|
|
use Symfony\Component\Security\Acl\Model\MutableAclProviderInterface; |
8
|
|
|
use Symfony\Component\Security\Acl\Model\ObjectIdentityRetrievalStrategyInterface; |
9
|
|
|
use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity; |
10
|
|
|
use Kunstmaan\AdminBundle\Helper\Security\Acl\Permission\PermissionAdmin; |
11
|
|
|
use Kunstmaan\AdminBundle\Entity\AclChangeset; |
12
|
|
|
|
13
|
|
|
/** |
14
|
|
|
* Class AclManager |
15
|
|
|
*/ |
16
|
|
|
class AclManager |
17
|
|
|
{ |
18
|
|
|
/** @var MutableAclProviderInterface */ |
19
|
|
|
private $aclProvider; |
20
|
|
|
|
21
|
|
|
/** @var ObjectIdentityRetrievalStrategyInterface */ |
22
|
|
|
private $objectIdentityRetrievalStrategy; |
23
|
|
|
|
24
|
|
|
/** @var EntityManagerInterface */ |
25
|
|
|
private $em; |
26
|
|
|
|
27
|
|
|
/** @var PermissionAdmin */ |
28
|
|
|
private $permissionAdmin; |
29
|
|
|
|
30
|
|
|
public function __construct(MutableAclProviderInterface $aclProvider, ObjectIdentityRetrievalStrategyInterface $objectIdentityRetrievalStrategy, EntityManagerInterface $em, PermissionAdmin $permissionAdmin) |
31
|
|
|
{ |
32
|
|
|
$this->aclProvider = $aclProvider; |
33
|
|
|
$this->objectIdentityRetrievalStrategy = $objectIdentityRetrievalStrategy; |
34
|
|
|
$this->em = $em; |
35
|
|
|
$this->permissionAdmin = $permissionAdmin; |
36
|
|
|
} |
37
|
|
|
|
38
|
|
|
/** |
39
|
|
|
* @param $originalNode |
40
|
|
|
* @param $nodeNewPage |
41
|
|
|
*/ |
42
|
|
View Code Duplication |
public function updateNodeAcl(Node $originalNode, Node $nodeNewPage) |
43
|
|
|
{ |
44
|
|
|
$originalIdentity = $this->objectIdentityRetrievalStrategy->getObjectIdentity($originalNode); |
45
|
|
|
$originalAcl = $this->aclProvider->findAcl($originalIdentity); |
46
|
|
|
|
47
|
|
|
$newIdentity = $this->objectIdentityRetrievalStrategy->getObjectIdentity($nodeNewPage); |
48
|
|
|
$newAcl = $this->aclProvider->createAcl($newIdentity); |
49
|
|
|
|
50
|
|
|
$aces = $originalAcl->getObjectAces(); |
51
|
|
|
/* @var EntryInterface $ace */ |
52
|
|
|
foreach ($aces as $ace) { |
53
|
|
|
$securityIdentity = $ace->getSecurityIdentity(); |
54
|
|
|
if ($securityIdentity instanceof RoleSecurityIdentity) { |
55
|
|
|
$newAcl->insertObjectAce($securityIdentity, $ace->getMask()); |
56
|
|
|
} |
57
|
|
|
} |
58
|
|
|
$this->aclProvider->updateAcl($newAcl); |
59
|
|
|
} |
60
|
|
|
|
61
|
|
|
/** |
62
|
|
|
* @param array $nodes |
63
|
|
|
* @param string $role |
64
|
|
|
* @param int $mask |
65
|
|
|
*/ |
66
|
|
|
public function updateNodesAclToRole(array $nodes, $role, $mask) |
67
|
|
|
{ |
68
|
|
|
foreach ($nodes as $node) { |
69
|
|
|
$objectIdentity = $this->objectIdentityRetrievalStrategy->getObjectIdentity($node); |
70
|
|
|
|
71
|
|
|
/** @var Acl $acl */ |
72
|
|
|
$acl = $this->aclProvider->findAcl($objectIdentity); |
73
|
|
|
$securityIdentity = new RoleSecurityIdentity($role); |
74
|
|
|
|
75
|
|
|
/** @var Entry $ace */ |
76
|
|
|
foreach ($acl->getObjectAces() as $index => $ace) { |
77
|
|
|
if (!$ace->getSecurityIdentity()->equals($securityIdentity)) { |
78
|
|
|
continue; |
79
|
|
|
} |
80
|
|
|
$acl->updateObjectAce($index, $mask); |
81
|
|
|
|
82
|
|
|
break; |
83
|
|
|
} |
84
|
|
|
$this->aclProvider->updateAcl($acl); |
85
|
|
|
} |
86
|
|
|
} |
87
|
|
|
|
88
|
|
|
public function applyAclChangesets() |
89
|
|
|
{ |
90
|
|
|
/* @var AclChangesetRepository $aclRepo */ |
91
|
|
|
$aclRepo = $this->em->getRepository(AclChangeset::class); |
92
|
|
|
do { |
93
|
|
|
/* @var AclChangeset $changeset */ |
94
|
|
|
$changeset = $aclRepo->findNewChangeset(); |
95
|
|
|
if (\is_null($changeset)) { |
96
|
|
|
break; |
97
|
|
|
} |
98
|
|
|
|
99
|
|
|
$this->applyAclChangeSet($changeset); |
100
|
|
|
|
101
|
|
|
$hasPending = $aclRepo->hasPendingChangesets(); |
102
|
|
|
} while ($hasPending); |
103
|
|
|
} |
104
|
|
|
|
105
|
|
|
/** |
106
|
|
|
* @param AclChangeset $aclChangeset |
107
|
|
|
*/ |
108
|
|
|
public function applyAclChangeSet(AclChangeset $aclChangeset) |
109
|
|
|
{ |
110
|
|
|
$aclChangeset->setPid(getmypid()); |
111
|
|
|
$aclChangeset->setStatus(AclChangeset::STATUS_RUNNING); |
112
|
|
|
$this->em->persist($aclChangeset); |
113
|
|
|
$this->em->flush(); |
114
|
|
|
|
115
|
|
|
$entity = $this->em->getRepository($aclChangeset->getRefEntityName())->find($aclChangeset->getRefId()); |
116
|
|
|
$this->permissionAdmin->applyAclChangeset($entity, $aclChangeset->getChangeset()); |
|
|
|
|
117
|
|
|
|
118
|
|
|
$aclChangeset->setStatus(AclChangeset::STATUS_FINISHED); |
119
|
|
|
$this->em->persist($aclChangeset); |
120
|
|
|
$this->em->flush(); |
121
|
|
|
} |
122
|
|
|
} |
123
|
|
|
|
It seems like the type of the argument is not accepted by the function/method which you are calling.
In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug.
We suggest to add an explicit type cast like in the following example: