1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace Kunstmaan\NodeBundle\Helper\Services; |
4
|
|
|
|
5
|
|
|
use Kunstmaan\AdminBundle\Helper\Security\Acl\Permission\MaskBuilder; |
6
|
|
|
use Symfony\Component\DependencyInjection\ContainerInterface; |
7
|
|
|
use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity; |
8
|
|
|
use Symfony\Component\Security\Acl\Exception\AclNotFoundException; |
9
|
|
|
use Symfony\Component\Security\Acl\Model\MutableAclProviderInterface; |
10
|
|
|
use Symfony\Component\Security\Acl\Model\ObjectIdentityRetrievalStrategyInterface; |
11
|
|
|
|
12
|
|
|
/** |
13
|
|
|
* Service to add the correct permissions to new HasNodeInterface objects. |
14
|
|
|
*/ |
15
|
|
|
class ACLPermissionCreatorService |
16
|
|
|
{ |
17
|
|
|
/* @var MutableAclProviderInterface $aclProvider */ |
18
|
|
|
protected $aclProvider; |
19
|
|
|
/* @var ObjectIdentityRetrievalStrategyInterface $oidStrategy */ |
20
|
|
|
protected $oidStrategy; |
21
|
|
|
|
22
|
|
|
public function __construct(MutableAclProviderInterface $aclProvider = null, ObjectIdentityRetrievalStrategyInterface $oidStrategy = null) |
23
|
|
|
{ |
24
|
|
|
if (null === $aclProvider) { |
25
|
|
|
@trigger_error(sprintf('Not injecting the required dependencies in the constructor of "%s" is deprecated since KunstmaanNodeBundle 5.7 and will be required in KunstmaanNodeBundle 6.0.', __CLASS__), E_USER_DEPRECATED); |
26
|
|
|
} |
27
|
|
|
|
28
|
|
|
$this->aclProvider = $aclProvider; |
29
|
|
|
$this->oidStrategy = $oidStrategy; |
30
|
|
|
} |
31
|
|
|
|
32
|
|
|
/** |
33
|
|
|
* @deprecated since KunstmaanNodeBundle 5.7 and will be removed in KunstmaanNodeBundle 6.0. Inject the required dependencies in the constructor instead. |
34
|
|
|
*/ |
35
|
|
|
public function setAclProvider($aclProvider) |
36
|
|
|
{ |
37
|
|
|
@trigger_error(sprintf('Using the "%s" method is deprecated since KunstmaanNodeBundle 5.7 and will be removed in KunstmaanNodeBundle 6.0. Inject the required dependencies in the constructor instead.', __METHOD__), E_USER_DEPRECATED); |
38
|
|
|
|
39
|
|
|
$this->aclProvider = $aclProvider; |
40
|
|
|
} |
41
|
|
|
|
42
|
|
|
/** |
43
|
|
|
* @deprecated since KunstmaanNodeBundle 5.7 and will be removed in KunstmaanNodeBundle 6.0. Inject the required dependencies in the constructor instead. |
44
|
|
|
*/ |
45
|
|
|
public function setObjectIdentityRetrievalStrategy($oidStrategy) |
46
|
|
|
{ |
47
|
|
|
@trigger_error(sprintf('Using the "%s" method is deprecated since KunstmaanNodeBundle 5.7 and will be removed in KunstmaanNodeBundle 6.0. Inject the required dependencies in the constructor instead.', __METHOD__), E_USER_DEPRECATED); |
48
|
|
|
|
49
|
|
|
$this->oidStrategy = $oidStrategy; |
50
|
|
|
} |
51
|
|
|
|
52
|
|
|
/** |
53
|
|
|
* Sets the Container. This is still here for backwards compatibility. |
54
|
|
|
* The ContainerAwareInterface has been removed so the container won't be injected automatically. |
55
|
|
|
* This function is just there for code that calls it manually. |
56
|
|
|
* |
57
|
|
|
* @param ContainerInterface $container a ContainerInterface instance |
|
|
|
|
58
|
|
|
* |
59
|
|
|
* @deprecated since KunstmaanNodeBundle 5.7 and will be removed in KunstmaanNodeBundle 6.0. Inject the required dependencies in the constructor instead. |
60
|
|
|
* |
61
|
|
|
* @api |
62
|
|
|
*/ |
63
|
|
|
public function setContainer(ContainerInterface $container = null) |
64
|
|
|
{ |
65
|
|
|
@trigger_error(sprintf('Using the "%s" method is deprecated since KunstmaanNodeBundle 5.7 and will be removed in KunstmaanNodeBundle 6.0. Inject the required dependencies in the constructor instead.', __METHOD__), E_USER_DEPRECATED); |
66
|
|
|
|
67
|
|
|
$this->setAclProvider($container->get('security.acl.provider')); |
|
|
|
|
68
|
|
|
$this->setObjectIdentityRetrievalStrategy($container->get('security.acl.object_identity_retrieval_strategy')); |
|
|
|
|
69
|
|
|
} |
70
|
|
|
|
71
|
|
|
/** |
72
|
|
|
* @param object $object |
73
|
|
|
* |
74
|
|
|
* Create ACL permissions for an object |
75
|
|
|
*/ |
76
|
|
|
public function createPermission($object) |
77
|
|
|
{ |
78
|
|
|
$aclProvider = $this->aclProvider; |
79
|
|
|
|
80
|
|
|
$oidStrategy = $this->oidStrategy; |
81
|
|
|
|
82
|
|
|
$objectIdentity = $oidStrategy->getObjectIdentity($object); |
83
|
|
|
|
84
|
|
|
try { |
85
|
|
|
$aclProvider->deleteAcl($objectIdentity); |
86
|
|
|
} catch (AclNotFoundException $e) { |
87
|
|
|
// Don't fail when the ACL didn't exist yet. |
88
|
|
|
} |
89
|
|
|
$acl = $aclProvider->createAcl($objectIdentity); |
90
|
|
|
|
91
|
|
|
$securityIdentity = new RoleSecurityIdentity('IS_AUTHENTICATED_ANONYMOUSLY'); |
92
|
|
|
$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_VIEW); |
93
|
|
|
|
94
|
|
|
$securityIdentity = new RoleSecurityIdentity('ROLE_ADMIN'); |
95
|
|
|
$acl->insertObjectAce( |
96
|
|
|
$securityIdentity, |
97
|
|
|
MaskBuilder::MASK_VIEW | MaskBuilder::MASK_EDIT | MaskBuilder::MASK_DELETE | MaskBuilder::MASK_PUBLISH | MaskBuilder::MASK_UNPUBLISH |
98
|
|
|
); |
99
|
|
|
|
100
|
|
|
$securityIdentity = new RoleSecurityIdentity('ROLE_SUPER_ADMIN'); |
101
|
|
|
$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_IDDQD); |
102
|
|
|
$aclProvider->updateAcl($acl); |
103
|
|
|
} |
104
|
|
|
} |
105
|
|
|
|
This check looks for
@param
annotations where the type inferred by our type inference engine differs from the declared type.It makes a suggestion as to what type it considers more descriptive.
Most often this is a case of a parameter that can be null in addition to its declared types.