|
@@ 317-363 (lines=47) @@
|
| 314 |
|
* |
| 315 |
|
* @return \eZ\Publish\API\Repository\Values\User\RoleDraft |
| 316 |
|
*/ |
| 317 |
|
public function addPolicyByRoleDraft(APIRoleDraft $roleDraft, APIPolicyCreateStruct $policyCreateStruct) |
| 318 |
|
{ |
| 319 |
|
if (!is_string($policyCreateStruct->module) || empty($policyCreateStruct->module)) { |
| 320 |
|
throw new InvalidArgumentValue('module', $policyCreateStruct->module, 'PolicyCreateStruct'); |
| 321 |
|
} |
| 322 |
|
|
| 323 |
|
if (!is_string($policyCreateStruct->function) || empty($policyCreateStruct->function)) { |
| 324 |
|
throw new InvalidArgumentValue('function', $policyCreateStruct->function, 'PolicyCreateStruct'); |
| 325 |
|
} |
| 326 |
|
|
| 327 |
|
if ($policyCreateStruct->module === '*' && $policyCreateStruct->function !== '*') { |
| 328 |
|
throw new InvalidArgumentValue('module', $policyCreateStruct->module, 'PolicyCreateStruct'); |
| 329 |
|
} |
| 330 |
|
|
| 331 |
|
if ($this->repository->hasAccess('role', 'update') !== true) { |
| 332 |
|
throw new UnauthorizedException('role', 'update'); |
| 333 |
|
} |
| 334 |
|
|
| 335 |
|
$loadedRoleDraft = $this->loadRoleDraft($roleDraft->id); |
| 336 |
|
|
| 337 |
|
$limitations = $policyCreateStruct->getLimitations(); |
| 338 |
|
$limitationValidationErrors = $this->validatePolicy( |
| 339 |
|
$policyCreateStruct->module, |
| 340 |
|
$policyCreateStruct->function, |
| 341 |
|
$limitations |
| 342 |
|
); |
| 343 |
|
if (!empty($limitationValidationErrors)) { |
| 344 |
|
throw new LimitationValidationException($limitationValidationErrors); |
| 345 |
|
} |
| 346 |
|
|
| 347 |
|
$spiPolicy = $this->roleDomainMapper->buildPersistencePolicyObject( |
| 348 |
|
$policyCreateStruct->module, |
| 349 |
|
$policyCreateStruct->function, |
| 350 |
|
$limitations |
| 351 |
|
); |
| 352 |
|
|
| 353 |
|
$this->repository->beginTransaction(); |
| 354 |
|
try { |
| 355 |
|
$this->userHandler->addPolicyByRoleDraft($loadedRoleDraft->id, $spiPolicy); |
| 356 |
|
$this->repository->commit(); |
| 357 |
|
} catch (Exception $e) { |
| 358 |
|
$this->repository->rollback(); |
| 359 |
|
throw $e; |
| 360 |
|
} |
| 361 |
|
|
| 362 |
|
return $this->loadRoleDraft($loadedRoleDraft->id); |
| 363 |
|
} |
| 364 |
|
|
| 365 |
|
/** |
| 366 |
|
* Removes a policy from a RoleDraft. |
|
@@ 601-647 (lines=47) @@
|
| 598 |
|
* |
| 599 |
|
* @return \eZ\Publish\API\Repository\Values\User\Role |
| 600 |
|
*/ |
| 601 |
|
public function addPolicy(APIRole $role, APIPolicyCreateStruct $policyCreateStruct) |
| 602 |
|
{ |
| 603 |
|
if (!is_string($policyCreateStruct->module) || empty($policyCreateStruct->module)) { |
| 604 |
|
throw new InvalidArgumentValue('module', $policyCreateStruct->module, 'PolicyCreateStruct'); |
| 605 |
|
} |
| 606 |
|
|
| 607 |
|
if (!is_string($policyCreateStruct->function) || empty($policyCreateStruct->function)) { |
| 608 |
|
throw new InvalidArgumentValue('function', $policyCreateStruct->function, 'PolicyCreateStruct'); |
| 609 |
|
} |
| 610 |
|
|
| 611 |
|
if ($policyCreateStruct->module === '*' && $policyCreateStruct->function !== '*') { |
| 612 |
|
throw new InvalidArgumentValue('module', $policyCreateStruct->module, 'PolicyCreateStruct'); |
| 613 |
|
} |
| 614 |
|
|
| 615 |
|
if ($this->repository->hasAccess('role', 'update') !== true) { |
| 616 |
|
throw new UnauthorizedException('role', 'update'); |
| 617 |
|
} |
| 618 |
|
|
| 619 |
|
$loadedRole = $this->loadRole($role->id); |
| 620 |
|
|
| 621 |
|
$limitations = $policyCreateStruct->getLimitations(); |
| 622 |
|
$limitationValidationErrors = $this->validatePolicy( |
| 623 |
|
$policyCreateStruct->module, |
| 624 |
|
$policyCreateStruct->function, |
| 625 |
|
$limitations |
| 626 |
|
); |
| 627 |
|
if (!empty($limitationValidationErrors)) { |
| 628 |
|
throw new LimitationValidationException($limitationValidationErrors); |
| 629 |
|
} |
| 630 |
|
|
| 631 |
|
$spiPolicy = $this->roleDomainMapper->buildPersistencePolicyObject( |
| 632 |
|
$policyCreateStruct->module, |
| 633 |
|
$policyCreateStruct->function, |
| 634 |
|
$limitations |
| 635 |
|
); |
| 636 |
|
|
| 637 |
|
$this->repository->beginTransaction(); |
| 638 |
|
try { |
| 639 |
|
$this->userHandler->addPolicy($loadedRole->id, $spiPolicy); |
| 640 |
|
$this->repository->commit(); |
| 641 |
|
} catch (Exception $e) { |
| 642 |
|
$this->repository->rollback(); |
| 643 |
|
throw $e; |
| 644 |
|
} |
| 645 |
|
|
| 646 |
|
return $this->loadRole($loadedRole->id); |
| 647 |
|
} |
| 648 |
|
|
| 649 |
|
/** |
| 650 |
|
* Deletes a policy. |
ezsystems /
ezpublish-kernel
