1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
namespace Oro\Bundle\OrganizationBundle\Provider; |
4
|
|
|
|
5
|
|
|
use Oro\Bundle\SecurityBundle\Acl\AccessLevel; |
6
|
|
|
use Oro\Bundle\SecurityBundle\Acl\Domain\OneShotIsGrantedObserver; |
7
|
|
|
use Oro\Bundle\SecurityBundle\Acl\Voter\AclVoter; |
8
|
|
|
use Oro\Bundle\SecurityBundle\SecurityFacade; |
9
|
|
|
use Oro\Bundle\SecurityBundle\Owner\OwnerTreeProvider; |
10
|
|
|
|
11
|
|
|
class BusinessUnitAclProvider |
12
|
|
|
{ |
13
|
|
|
/** @var SecurityFacade */ |
14
|
|
|
protected $securityFacade; |
15
|
|
|
|
16
|
|
|
/** @var AclVoter */ |
17
|
|
|
protected $aclVoter; |
18
|
|
|
|
19
|
|
|
/** @var OwnerTreeProvider */ |
20
|
|
|
protected $treeProvider; |
21
|
|
|
|
22
|
|
|
/** @var OneShotIsGrantedObserver */ |
23
|
|
|
protected $observer; |
24
|
|
|
|
25
|
|
|
/** @var string */ |
26
|
|
|
protected $accessLevel; |
27
|
|
|
|
28
|
|
|
/** |
29
|
|
|
* @param SecurityFacade $securityFacade |
30
|
|
|
* @param AclVoter $aclVoter |
31
|
|
|
* @param OwnerTreeProvider $treeProvider |
32
|
|
|
*/ |
33
|
|
|
public function __construct( |
34
|
|
|
SecurityFacade $securityFacade, |
35
|
|
|
AclVoter $aclVoter, |
36
|
|
|
OwnerTreeProvider $treeProvider |
37
|
|
|
) { |
38
|
|
|
$this->securityFacade = $securityFacade; |
39
|
|
|
$this->aclVoter = $aclVoter; |
40
|
|
|
$this->treeProvider = $treeProvider; |
41
|
|
|
$this->observer = new OneShotIsGrantedObserver(); |
42
|
|
|
} |
43
|
|
|
|
44
|
|
|
/** |
45
|
|
|
* Get business units ids for current user and current entity access level |
46
|
|
|
* |
47
|
|
|
* @param string $dataClassName |
48
|
|
|
* @param string $permission |
49
|
|
|
* @return array |
50
|
|
|
*/ |
51
|
|
|
public function getBusinessUnitIds($dataClassName, $permission = 'VIEW') |
52
|
|
|
{ |
53
|
|
|
$ids = []; |
54
|
|
|
|
55
|
|
|
$this->accessLevel = $this->getAccessLevel($permission, 'entity:' . $dataClassName); |
|
|
|
|
56
|
|
|
$currentUser = $this->securityFacade->getLoggedUser(); |
57
|
|
|
|
58
|
|
|
if (!$currentUser || !$this->accessLevel) { |
|
|
|
|
59
|
|
|
return $ids; |
60
|
|
|
} |
61
|
|
|
|
62
|
|
|
if (AccessLevel::SYSTEM_LEVEL === $this->accessLevel) { |
63
|
|
|
$ids = $this->treeProvider->getTree()->getAllBusinessUnitIds(); |
64
|
|
|
} elseif (AccessLevel::GLOBAL_LEVEL === $this->accessLevel) { |
65
|
|
|
$ids = $this->treeProvider->getTree()->getOrganizationBusinessUnitIds( |
66
|
|
|
$this->getOrganizationContextId() |
67
|
|
|
); |
68
|
|
View Code Duplication |
} elseif (AccessLevel::DEEP_LEVEL === $this->accessLevel) { |
69
|
|
|
$ids = $this->treeProvider->getTree()->getUserSubordinateBusinessUnitIds( |
70
|
|
|
$currentUser->getId(), |
71
|
|
|
$this->getOrganizationContextId() |
72
|
|
|
); |
73
|
|
|
} elseif (AccessLevel::LOCAL_LEVEL === $this->accessLevel) { |
74
|
|
|
$ids = $this->treeProvider->getTree()->getUserBusinessUnitIds( |
75
|
|
|
$currentUser->getId(), |
76
|
|
|
$this->getOrganizationContextId() |
77
|
|
|
); |
78
|
|
|
} |
79
|
|
|
|
80
|
|
|
return $ids; |
81
|
|
|
} |
82
|
|
|
|
83
|
|
|
/** |
84
|
|
|
* @return string |
85
|
|
|
*/ |
86
|
|
|
public function getProcessedEntityAccessLevel() |
87
|
|
|
{ |
88
|
|
|
return $this->accessLevel; |
89
|
|
|
} |
90
|
|
|
|
91
|
|
|
/** |
92
|
|
|
* Get object's access level |
93
|
|
|
* |
94
|
|
|
* @param string $permission |
95
|
|
|
* @param string $object |
96
|
|
|
* @return null|int |
97
|
|
|
*/ |
98
|
|
|
protected function getAccessLevel($permission, $object) |
99
|
|
|
{ |
100
|
|
|
$this->aclVoter->addOneShotIsGrantedObserver($this->observer); |
101
|
|
|
if ($this->securityFacade->isGranted($permission, $object)) { |
102
|
|
|
return $this->observer->getAccessLevel(); |
103
|
|
|
} |
104
|
|
|
|
105
|
|
|
return null; |
106
|
|
|
} |
107
|
|
|
|
108
|
|
|
/** |
109
|
|
|
* @return int |
110
|
|
|
*/ |
111
|
|
|
protected function getOrganizationContextId() |
112
|
|
|
{ |
113
|
|
|
return $this->securityFacade->getOrganization()->getId(); |
114
|
|
|
} |
115
|
|
|
} |
116
|
|
|
|
Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly.
For example, imagine you have a variable
$accountId
that can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to theid
property of an instance of theAccount
class. This class holds a proper account, so the id value must no longer be false.Either this assignment is in error or a type check should be added for that assignment.