|
@@ 345-391 (lines=47) @@
|
| 342 |
|
* |
| 343 |
|
* @return \eZ\Publish\API\Repository\Values\User\RoleDraft |
| 344 |
|
*/ |
| 345 |
|
public function addPolicyByRoleDraft(APIRoleDraft $roleDraft, APIPolicyCreateStruct $policyCreateStruct) |
| 346 |
|
{ |
| 347 |
|
if (!is_string($policyCreateStruct->module) || empty($policyCreateStruct->module)) { |
| 348 |
|
throw new InvalidArgumentValue('module', $policyCreateStruct->module, 'PolicyCreateStruct'); |
| 349 |
|
} |
| 350 |
|
|
| 351 |
|
if (!is_string($policyCreateStruct->function) || empty($policyCreateStruct->function)) { |
| 352 |
|
throw new InvalidArgumentValue('function', $policyCreateStruct->function, 'PolicyCreateStruct'); |
| 353 |
|
} |
| 354 |
|
|
| 355 |
|
if ($policyCreateStruct->module === '*' && $policyCreateStruct->function !== '*') { |
| 356 |
|
throw new InvalidArgumentValue('module', $policyCreateStruct->module, 'PolicyCreateStruct'); |
| 357 |
|
} |
| 358 |
|
|
| 359 |
|
if ($this->repository->hasAccess('role', 'update') !== true) { |
| 360 |
|
throw new UnauthorizedException('role', 'update'); |
| 361 |
|
} |
| 362 |
|
|
| 363 |
|
$loadedRoleDraft = $this->loadRoleDraft($roleDraft->id); |
| 364 |
|
|
| 365 |
|
$limitations = $policyCreateStruct->getLimitations(); |
| 366 |
|
$limitationValidationErrors = $this->validatePolicy( |
| 367 |
|
$policyCreateStruct->module, |
| 368 |
|
$policyCreateStruct->function, |
| 369 |
|
$limitations |
| 370 |
|
); |
| 371 |
|
if (!empty($limitationValidationErrors)) { |
| 372 |
|
throw new LimitationValidationException($limitationValidationErrors); |
| 373 |
|
} |
| 374 |
|
|
| 375 |
|
$spiPolicy = $this->roleDomainMapper->buildPersistencePolicyObject( |
| 376 |
|
$policyCreateStruct->module, |
| 377 |
|
$policyCreateStruct->function, |
| 378 |
|
$limitations |
| 379 |
|
); |
| 380 |
|
|
| 381 |
|
$this->repository->beginTransaction(); |
| 382 |
|
try { |
| 383 |
|
$this->userHandler->addPolicyByRoleDraft($loadedRoleDraft->id, $spiPolicy); |
| 384 |
|
$this->repository->commit(); |
| 385 |
|
} catch (Exception $e) { |
| 386 |
|
$this->repository->rollback(); |
| 387 |
|
throw $e; |
| 388 |
|
} |
| 389 |
|
|
| 390 |
|
return $this->loadRoleDraft($loadedRoleDraft->id); |
| 391 |
|
} |
| 392 |
|
|
| 393 |
|
/** |
| 394 |
|
* Removes a policy from a RoleDraft. |
|
@@ 629-675 (lines=47) @@
|
| 626 |
|
* |
| 627 |
|
* @return \eZ\Publish\API\Repository\Values\User\Role |
| 628 |
|
*/ |
| 629 |
|
public function addPolicy(APIRole $role, APIPolicyCreateStruct $policyCreateStruct) |
| 630 |
|
{ |
| 631 |
|
if (!is_string($policyCreateStruct->module) || empty($policyCreateStruct->module)) { |
| 632 |
|
throw new InvalidArgumentValue('module', $policyCreateStruct->module, 'PolicyCreateStruct'); |
| 633 |
|
} |
| 634 |
|
|
| 635 |
|
if (!is_string($policyCreateStruct->function) || empty($policyCreateStruct->function)) { |
| 636 |
|
throw new InvalidArgumentValue('function', $policyCreateStruct->function, 'PolicyCreateStruct'); |
| 637 |
|
} |
| 638 |
|
|
| 639 |
|
if ($policyCreateStruct->module === '*' && $policyCreateStruct->function !== '*') { |
| 640 |
|
throw new InvalidArgumentValue('module', $policyCreateStruct->module, 'PolicyCreateStruct'); |
| 641 |
|
} |
| 642 |
|
|
| 643 |
|
if ($this->repository->hasAccess('role', 'update') !== true) { |
| 644 |
|
throw new UnauthorizedException('role', 'update'); |
| 645 |
|
} |
| 646 |
|
|
| 647 |
|
$loadedRole = $this->loadRole($role->id); |
| 648 |
|
|
| 649 |
|
$limitations = $policyCreateStruct->getLimitations(); |
| 650 |
|
$limitationValidationErrors = $this->validatePolicy( |
| 651 |
|
$policyCreateStruct->module, |
| 652 |
|
$policyCreateStruct->function, |
| 653 |
|
$limitations |
| 654 |
|
); |
| 655 |
|
if (!empty($limitationValidationErrors)) { |
| 656 |
|
throw new LimitationValidationException($limitationValidationErrors); |
| 657 |
|
} |
| 658 |
|
|
| 659 |
|
$spiPolicy = $this->roleDomainMapper->buildPersistencePolicyObject( |
| 660 |
|
$policyCreateStruct->module, |
| 661 |
|
$policyCreateStruct->function, |
| 662 |
|
$limitations |
| 663 |
|
); |
| 664 |
|
|
| 665 |
|
$this->repository->beginTransaction(); |
| 666 |
|
try { |
| 667 |
|
$this->userHandler->addPolicy($loadedRole->id, $spiPolicy); |
| 668 |
|
$this->repository->commit(); |
| 669 |
|
} catch (Exception $e) { |
| 670 |
|
$this->repository->rollback(); |
| 671 |
|
throw $e; |
| 672 |
|
} |
| 673 |
|
|
| 674 |
|
return $this->loadRole($loadedRole->id); |
| 675 |
|
} |
| 676 |
|
|
| 677 |
|
/** |
| 678 |
|
* Deletes a policy. |
ezsystems /
ezpublish-kernel
