1
|
|
|
<?php |
2
|
|
|
|
3
|
|
|
declare(strict_types=1); |
4
|
|
|
|
5
|
|
|
/* |
6
|
|
|
* This file is part of the Sonata Project package. |
7
|
|
|
* |
8
|
|
|
* (c) Thomas Rabaix <[email protected]> |
9
|
|
|
* |
10
|
|
|
* For the full copyright and license information, please view the LICENSE |
11
|
|
|
* file that was distributed with this source code. |
12
|
|
|
*/ |
13
|
|
|
|
14
|
|
|
namespace Sonata\AdminBundle\Command; |
15
|
|
|
|
16
|
|
|
use Doctrine\Common\Persistence\ManagerRegistry; |
17
|
|
|
use Sonata\AdminBundle\Admin\AdminInterface; |
18
|
|
|
use Sonata\AdminBundle\Admin\Pool; |
19
|
|
|
use Sonata\AdminBundle\Util\ObjectAclManipulatorInterface; |
20
|
|
|
use Symfony\Bridge\Doctrine\RegistryInterface; |
21
|
|
|
use Symfony\Component\Console\Input\InputInterface; |
22
|
|
|
use Symfony\Component\Console\Input\InputOption; |
23
|
|
|
use Symfony\Component\Console\Output\OutputInterface; |
24
|
|
|
use Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException; |
25
|
|
|
use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity; |
26
|
|
|
|
27
|
|
|
/** |
28
|
|
|
* @final since sonata-project/admin-bundle 3.52 |
29
|
|
|
* |
30
|
|
|
* @author Thomas Rabaix <[email protected]> |
31
|
|
|
*/ |
32
|
|
|
class GenerateObjectAclCommand extends QuestionableCommand |
33
|
|
|
{ |
34
|
|
|
protected static $defaultName = 'sonata:admin:generate-object-acl'; |
35
|
|
|
|
36
|
|
|
/** |
37
|
|
|
* NEXT_MAJOR: Rename to `$userModelClass`. |
38
|
|
|
* |
39
|
|
|
* @var string |
40
|
|
|
*/ |
41
|
|
|
protected $userEntityClass = ''; |
42
|
|
|
|
43
|
|
|
/** |
44
|
|
|
* @var Pool |
45
|
|
|
*/ |
46
|
|
|
private $pool; |
47
|
|
|
|
48
|
|
|
/** |
49
|
|
|
* An array of object ACL manipulators indexed by their service ids. |
50
|
|
|
* |
51
|
|
|
* @var ObjectAclManipulatorInterface[] |
52
|
|
|
*/ |
53
|
|
|
private $aclObjectManipulators = []; |
54
|
|
|
|
55
|
|
|
/** |
56
|
|
|
* @var RegistryInterface|ManagerRegistry|null |
57
|
|
|
*/ |
58
|
|
|
private $registry; |
59
|
|
|
|
60
|
|
|
/** |
61
|
|
|
* @param RegistryInterface|ManagerRegistry|null $registry |
62
|
|
|
*/ |
63
|
|
|
public function __construct(Pool $pool, array $aclObjectManipulators, $registry = null) |
64
|
|
|
{ |
65
|
|
|
$this->pool = $pool; |
66
|
|
|
$this->aclObjectManipulators = $aclObjectManipulators; |
67
|
|
|
if (null !== $registry && (!$registry instanceof RegistryInterface && !$registry instanceof ManagerRegistry)) { |
68
|
|
|
if (!$registry instanceof ManagerRegistry) { |
69
|
|
|
@trigger_error(sprintf( |
|
|
|
|
70
|
|
|
"Passing an object that doesn't implement %s as argument 3 to %s() is deprecated since sonata-project/admin-bundle 3.56.", |
71
|
|
|
ManagerRegistry::class, |
72
|
|
|
__METHOD__ |
73
|
|
|
), E_USER_DEPRECATED); |
74
|
|
|
} |
75
|
|
|
|
76
|
|
|
throw new \TypeError(sprintf( |
|
|
|
|
77
|
|
|
'Argument 3 passed to %s() must be either an instance of %s or %s, %s given.', |
78
|
|
|
__METHOD__, |
79
|
|
|
RegistryInterface::class, |
80
|
|
|
ManagerRegistry::class, |
81
|
|
|
\is_object($registry) ? \get_class($registry) : \gettype($registry) |
82
|
|
|
)); |
83
|
|
|
} |
84
|
|
|
$this->registry = $registry; |
85
|
|
|
|
86
|
|
|
parent::__construct(); |
87
|
|
|
} |
88
|
|
|
|
89
|
|
|
public function configure() |
90
|
|
|
{ |
91
|
|
|
$this |
92
|
|
|
->setDescription('Install ACL for the objects of the Admin Classes.') |
93
|
|
|
->addOption('object_owner', null, InputOption::VALUE_OPTIONAL, 'If set, the task will set the object owner for each admin.') |
94
|
|
|
// NEXT_MAJOR: Remove "user_entity" option. |
95
|
|
|
->addOption('user_entity', null, InputOption::VALUE_OPTIONAL, '<error>DEPRECATED</error> Use <comment>user_model</comment> option instead.') |
96
|
|
|
->addOption('user_model', null, InputOption::VALUE_OPTIONAL, 'Shortcut notation like <comment>AcmeDemoBundle:User</comment>. If not set, it will be asked the first time an object owner is set.') |
97
|
|
|
->addOption('step', null, InputOption::VALUE_NONE, 'If set, the task will ask for each admin if the ACLs need to be generated and what object owner to set, if any.') |
98
|
|
|
; |
99
|
|
|
} |
100
|
|
|
|
101
|
|
|
public function execute(InputInterface $input, OutputInterface $output) |
102
|
|
|
{ |
103
|
|
|
$output->writeln('Welcome to the AdminBundle object ACL generator'); |
104
|
|
|
$output->writeln([ |
|
|
|
|
105
|
|
|
'', |
106
|
|
|
'This command helps you to generate ACL entities for the objects handled by the AdminBundle.', |
107
|
|
|
'', |
108
|
|
|
'If the step option is used, you will be asked if you want to generate the object ACL entities for each Admin.', |
109
|
|
|
'You must use the shortcut notation like <comment>AcmeDemoBundle:User</comment> if you want to set an object owner.', |
110
|
|
|
'', |
111
|
|
|
]); |
112
|
|
|
|
113
|
|
|
if (!$this->registry) { |
114
|
|
|
$msg = sprintf('The command "%s" has a dependency on a non-existent service "doctrine".', static::$defaultName); |
115
|
|
|
|
116
|
|
|
throw new ServiceNotFoundException('doctrine', static::class, null, [], $msg); |
117
|
|
|
} |
118
|
|
|
|
119
|
|
|
if ($input->getOption('user_model')) { |
120
|
|
|
try { |
121
|
|
|
$this->getUserEntityClass($input, $output); |
|
|
|
|
122
|
|
|
} catch (\Exception $e) { |
123
|
|
|
$output->writeln(sprintf('<error>%s</error>', $e->getMessage())); |
124
|
|
|
|
125
|
|
|
return 1; |
126
|
|
|
} |
127
|
|
|
} |
128
|
|
|
|
129
|
|
|
if (!$this->aclObjectManipulators) { |
|
|
|
|
130
|
|
|
$output->writeln('No manipulators are implemented : <info>ignoring</info>'); |
131
|
|
|
|
132
|
|
|
return 1; |
133
|
|
|
} |
134
|
|
|
|
135
|
|
|
foreach ($this->pool->getAdminServiceIds() as $id) { |
136
|
|
|
try { |
137
|
|
|
$admin = $this->pool->getInstance($id); |
138
|
|
|
} catch (\Exception $e) { |
139
|
|
|
$output->writeln('<error>Warning : The admin class cannot be initiated from the command line</error>'); |
140
|
|
|
$output->writeln(sprintf('<error>%s</error>', $e->getMessage())); |
141
|
|
|
|
142
|
|
|
continue; |
143
|
|
|
} |
144
|
|
|
|
145
|
|
|
if ($input->getOption('step') && !$this->askConfirmation($input, $output, sprintf("<question>Generate ACLs for the object instances handled by \"%s\"?</question>\n", $id), 'no', '?')) { |
146
|
|
|
continue; |
147
|
|
|
} |
148
|
|
|
|
149
|
|
|
$securityIdentity = null; |
150
|
|
|
if ($input->getOption('step') && $this->askConfirmation($input, $output, "<question>Set an object owner?</question>\n", 'no', '?')) { |
151
|
|
|
$username = $this->askAndValidate($input, $output, 'Please enter the username: ', '', 'Sonata\AdminBundle\Command\Validators::validateUsername'); |
152
|
|
|
|
153
|
|
|
$securityIdentity = new UserSecurityIdentity($username, $this->getUserEntityClass($input, $output)); |
|
|
|
|
154
|
|
|
} |
155
|
|
|
if (!$input->getOption('step') && $input->getOption('object_owner')) { |
156
|
|
|
$securityIdentity = new UserSecurityIdentity($input->getOption('object_owner'), $this->getUserEntityClass($input, $output)); |
|
|
|
|
157
|
|
|
} |
158
|
|
|
|
159
|
|
|
$manipulatorId = sprintf('sonata.admin.manipulator.acl.object.%s', $admin->getManagerType()); |
160
|
|
|
if (!$manipulator = $this->aclObjectManipulators[$manipulatorId] ?? null) { |
161
|
|
|
$output->writeln('Admin class is using a manager type that has no manipulator implemented : <info>ignoring</info>'); |
162
|
|
|
|
163
|
|
|
continue; |
164
|
|
|
} |
165
|
|
|
if (!$manipulator instanceof ObjectAclManipulatorInterface) { |
166
|
|
|
$output->writeln(sprintf('The interface "ObjectAclManipulatorInterface" is not implemented for %s: <info>ignoring</info>', \get_class($manipulator))); |
167
|
|
|
|
168
|
|
|
continue; |
169
|
|
|
} |
170
|
|
|
|
171
|
|
|
\assert($admin instanceof AdminInterface); |
172
|
|
|
$manipulator->batchConfigureAcls($output, $admin, $securityIdentity); |
173
|
|
|
} |
174
|
|
|
|
175
|
|
|
return 0; |
176
|
|
|
} |
177
|
|
|
|
178
|
|
|
protected function initialize(InputInterface $input, OutputInterface $output) |
179
|
|
|
{ |
180
|
|
|
parent::initialize($input, $output); |
181
|
|
|
|
182
|
|
|
// NEXT_MAJOR: Remove the following conditional block. |
183
|
|
|
if (null !== $input->getOption('user_entity')) { |
184
|
|
|
$output->writeln([ |
|
|
|
|
185
|
|
|
'Option <comment>user_entity</comment> is deprecated since sonata-project/admin-bundle 3.x and will be removed in version 4.0.' |
186
|
|
|
.' Use <comment>user_model</comment> option instead.', |
187
|
|
|
'', |
188
|
|
|
]); |
189
|
|
|
|
190
|
|
|
@trigger_error( |
|
|
|
|
191
|
|
|
'Option "user_entity" is deprecated since sonata-project/admin-bundle 3.x and will be removed in version 4.0.' |
192
|
|
|
.' Use "user_model" option instead.', |
193
|
|
|
E_USER_DEPRECATED |
194
|
|
|
); |
195
|
|
|
|
196
|
|
|
if (null === $input->getOption('user_model')) { |
197
|
|
|
$input->setOption('user_model', $input->getOption('user_entity')); |
198
|
|
|
} |
199
|
|
|
} |
200
|
|
|
} |
201
|
|
|
|
202
|
|
|
protected function getUserModelClass(InputInterface $input, OutputInterface $output): string |
203
|
|
|
{ |
204
|
|
|
return $this->getUserEntityClass($input, $output); |
|
|
|
|
205
|
|
|
} |
206
|
|
|
|
207
|
|
|
/** |
208
|
|
|
* NEXT_MAJOR: Remove this method and move its body to `getUserModelClass()`. |
209
|
|
|
* |
210
|
|
|
* @deprecated since sonata-project/admin-bundle 3.x. Use `getUserModelClass()` instead. |
211
|
|
|
* |
212
|
|
|
* @return string |
213
|
|
|
*/ |
214
|
|
|
protected function getUserEntityClass(InputInterface $input, OutputInterface $output) |
215
|
|
|
{ |
216
|
|
|
if (self::class !== static::class) { |
217
|
|
|
@trigger_error(sprintf( |
|
|
|
|
218
|
|
|
'Method %s() is deprecated since sonata-project/admin-bundle 3.x and will be removed in version 4.0.' |
219
|
|
|
.' Use %s::getUserModelClass() instead.', |
220
|
|
|
__METHOD__, |
221
|
|
|
__CLASS__ |
222
|
|
|
), E_USER_DEPRECATED); |
223
|
|
|
} |
224
|
|
|
|
225
|
|
|
if ('' === $this->userEntityClass) { |
226
|
|
|
if ($input->getOption('user_model')) { |
227
|
|
|
list($userBundle, $userModel) = Validators::validateEntityName($input->getOption('user_model')); |
228
|
|
|
} else { |
229
|
|
|
list($userBundle, $userModel) = $this->askAndValidate($input, $output, 'Please enter the User model shortcut name: ', '', 'Sonata\AdminBundle\Command\Validators::validateEntityName'); |
230
|
|
|
} |
231
|
|
|
// Entity exists? |
232
|
|
|
if ($this->registry instanceof RegistryInterface) { |
233
|
|
|
$this->userEntityClass = $this->registry->getEntityNamespace($userBundle).'\\'.$userModel; |
234
|
|
|
} else { |
235
|
|
|
$this->userEntityClass = $this->registry->getAliasNamespace($userBundle).'\\'.$userModel; |
236
|
|
|
} |
237
|
|
|
} |
238
|
|
|
|
239
|
|
|
return $this->userEntityClass; |
240
|
|
|
} |
241
|
|
|
} |
242
|
|
|
|
If you suppress an error, we recommend checking for the error condition explicitly: