deblan/propel-bundle
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Merge pull request #387 from havvg/feature/remove-acl

Browse source 
remove Symfony Security ACL integration
This commit is contained in:
Toni Uebernickel 2016-01-23 20:26:59 +01:00
commit 0aa63c16b2
42 changed files with 1 additions and 5159 deletions
Download patch file Download diff file Expand all files Collapse all files

95
Command/AclInitCommand.php
View file

@ -1,95 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Command;
use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Output\Output;
use Symfony\Component\Filesystem\Filesystem;
use Symfony\Component\HttpKernel\Bundle\BundleInterface;
use Symfony\Component\HttpKernel\KernelInterface;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AclInitCommand extends SqlInsertCommand
{
protected function configure()
{
$this
->setDescription('Initialize "Access Control Lists" model and SQL')
->addOption('force', null, InputOption::VALUE_NONE, 'Set this parameter to execute this action.')
->addOption('connection', null, InputOption::VALUE_OPTIONAL, 'Set this parameter to define a connection to use')
->setHelp(<<<EOT
The <info>%command.name%</info> command connects to the database and executes all SQL statements required to setup the ACL database, it also generates the ACL model.
<info>php %command.full_name%</info>
The <info>--force</info> parameter has to be used to actually insert SQL.
The <info>--connection</info> parameter allows you to change the connection to use.
The default connection is the active connection (propel.dbal.default_connection).
EOT
)
->setName('propel:acl:init')
;
}
protected function execute(InputInterface $input, OutputInterface $output)
{
// Generate ACL model
if (true == $result = $this->callPhing('om')) {
$output->writeln(sprintf(
'>> <info>%20s</info> Generated model classes from <comment>%s</comment>',
$this->getApplication()->getKernel()->getBundle('PropelBundle')->getName(),
'acl_schema.xml'
));
} else {
$this->writeTaskError($output, 'om');
return 1;
}
// Prepare SQL directory
$sqlDirectory = $this->getSqlDir();
$filesystem = new Filesystem();
$filesystem->remove($sqlDirectory);
$filesystem->mkdir($sqlDirectory);
if (true == $result = $this->callPhing('build-sql', array('propel.sql.dir' => $sqlDirectory))) {
$this->writeSection(
$output,
'<comment>1</comment> <info>SQL file has been generated.</info>'
);
} else {
$this->writeTaskError($output, 'build-sql');
return 2;
}
return parent::execute($input, $output);
}
protected function getFinalSchemas(KernelInterface $kernel, BundleInterface $bundle = null)
{
$aclSchema = new \SplFileInfo($kernel->locateResource('@PropelBundle/Resources/acl_schema.xml'));
return array((string) $aclSchema => array($kernel->getBundle('PropelBundle'), $aclSchema));
}
protected function getSqlDir()
{
return sprintf('%s/cache/%s/propel/acl/sql',
$this->getApplication()->getKernel()->getRootDir(),
$this->getApplication()->getKernel()->getEnvironment()
);
}
}

42
Model/Acl/AclClass.php
View file

@ -1,42 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseAclClass;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
class AclClass extends BaseAclClass
{
/**
* Return an AclClass for the given ACL ObjectIdentity.
*
* If none can be found, a new one will be saved.
*
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
* @param \PropelPDO $con
*
* @return \Propel\PropelBundle\Model\Acl\AclClass
*/
public static function fromAclObjectIdentity(ObjectIdentityInterface $objectIdentity, \PropelPDO $con = null)
{
$obj = AclClassQuery::create()
->filterByType($objectIdentity->getType())
->findOneOrCreate($con)
;
if ($obj->isNew()) {
$obj->save($con);
}
return $obj;
}
}

18
Model/Acl/AclClassPeer.php
View file

@ -1,18 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseAclClassPeer;
class AclClassPeer extends BaseAclClassPeer
{
}

18
Model/Acl/AclClassQuery.php
View file

@ -1,18 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseAclClassQuery;
class AclClassQuery extends BaseAclClassQuery
{
}

80
Model/Acl/Entry.php
View file

@ -1,80 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseEntry;
use Propel\PropelBundle\Security\Acl\Domain\Entry as AclEntry;
use Propel\PropelBundle\Security\Acl\Domain\FieldEntry as AclFieldEntry;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\EntryInterface;
use Symfony\Component\Security\Acl\Model\AuditableEntryInterface;
use Symfony\Component\Security\Acl\Model\FieldEntryInterface;
class Entry extends BaseEntry
{
/**
* Transform a given ACL entry into a Entry model.
*
* The entry will not be persisted!
*
* @param \Symfony\Component\Security\Acl\Model\EntryInterface $aclEntry
*
* @return \Propel\PropelBundle\Model\Acl\Entry
*/
public static function fromAclEntry(EntryInterface $aclEntry)
{
$entry = new self();
// Already persisted before?
if ($aclEntry->getId()) {
$entry->setId($aclEntry->getId());
}
$entry
->setMask($aclEntry->getMask())
->setGranting($aclEntry->isGranting())
->setGrantingStrategy($aclEntry->getStrategy())
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($aclEntry->getSecurityIdentity()))
;
if ($aclEntry instanceof FieldEntryInterface) {
$entry->setFieldName($aclEntry->getField());
}
if ($aclEntry instanceof AuditableEntryInterface) {
$entry
->setAuditFailure($aclEntry->isAuditFailure())
->setAuditSuccess($aclEntry->isAuditSuccess())
;
}
return $entry;
}
/**
* Transform a given model entry into an ACL related Entry (ACE).
*
* @param \Propel\PropelBundle\Model\Acl\Entry $modelEntry
* @param \Symfony\Component\Security\Acl\Model\AclInterface $acl
*
* @return \Symfony\Component\Security\Acl\Model\EntryInterface
*/
public static function toAclEntry(Entry $modelEntry, AclInterface $acl)
{
if (null === $modelEntry->getFieldName()) {
return new AclEntry($modelEntry, $acl);
}
return new AclFieldEntry($modelEntry, $acl);
}
}

18
Model/Acl/EntryPeer.php
View file

@ -1,18 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseEntryPeer;
class EntryPeer extends BaseEntryPeer
{
}

66
Model/Acl/EntryQuery.php
View file

@ -1,66 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseEntryQuery;
use Propel\PropelBundle\Model\Acl\EntryPeer;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
class EntryQuery extends BaseEntryQuery
{
/**
* Return Entry objects filtered by an ACL related ObjectIdentity.
*
* @see find()
*
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity An ACL related ObjectIdentity.
* @param array $securityIdentities A list of SecurityIdentity to filter by.
* @param \PropelPDO $con
*
* @return \PropelObjectCollection
*/
public function findByAclIdentity(ObjectIdentityInterface $objectIdentity, array $securityIdentities = array(), \PropelPDO $con = null)
{
$securityIds = array();
foreach ($securityIdentities as $eachIdentity) {
if (!$eachIdentity instanceof SecurityIdentityInterface) {
if (is_object($eachIdentity)) {
$errorMessage = sprintf('The list of security identities contains at least one invalid entry of class "%s". Please provide objects of classes implementing "Symfony\Component\Security\Acl\Model\SecurityIdentityInterface" only.', get_class($eachIdentity));
} else {
$errorMessage = sprintf('The list of security identities contains at least one invalid entry "%s". Please provide objects of classes implementing "Symfony\Component\Security\Acl\Model\SecurityIdentityInterface" only.', $eachIdentity);
}
throw new \InvalidArgumentException($errorMessage);
}
if ($securityIdentity = SecurityIdentity::fromAclIdentity($eachIdentity)) {
$securityIds[$securityIdentity->getId()] = $securityIdentity->getId();
}
}
$this
->useAclClassQuery(null, \Criteria::INNER_JOIN)
->filterByType((string) $objectIdentity->getType())
->endUse()
->leftJoinObjectIdentity()
->add(ObjectIdentityPeer::OBJECT_IDENTIFIER, (string) $objectIdentity->getIdentifier(), \Criteria::EQUAL)
->addOr(EntryPeer::OBJECT_IDENTITY_ID, null, \Criteria::ISNULL)
;
if (!empty($securityIdentities)) {
$this->filterBySecurityIdentityId($securityIds);
}
return $this->find($con);
}
}

137
Model/Acl/ObjectIdentity.php
View file

@ -1,137 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseObjectIdentity;
class ObjectIdentity extends BaseObjectIdentity
{
public function preInsert(\PropelPDO $con = null)
{
// Compatibility with default implementation.
$ancestor = new ObjectIdentityAncestor();
$ancestor->setObjectIdentityRelatedByObjectIdentityId($this);
$ancestor->setObjectIdentityRelatedByAncestorId($this);
$this->addObjectIdentityAncestorRelatedByAncestorId($ancestor);
if ($this->getParentObjectIdentityId()) {
$this->updateAncestorsTree($con);
}
return true;
}
public function preUpdate(\PropelPDO $con = null)
{
if ($this->isColumnModified(ObjectIdentityPeer::PARENT_OBJECT_IDENTITY_ID)) {
$this->updateAncestorsTree($con);
}
return true;
}
public function preDelete(\PropelPDO $con = null)
{
// Only retrieve direct children, it's faster and grand children will be retrieved recursively.
$children = ObjectIdentityQuery::create()->findChildren($this, $con);
$objIds = $children->getPrimaryKeys(false);
$objIds[] = $this->getId();
$children->delete($con);
// Manually delete those for DBAdapter not capable of cascading the DELETE.
ObjectIdentityAncestorQuery::create()
->filterByObjectIdentityId($objIds, \Criteria::IN)
->delete($con)
;
return true;
}
/**
* Update all ancestor entries to reflect changes on this instance.
*
* @param \PropelPDO $con
*
* @return \Propel\PropelBundle\Model\Acl\ObjectIdentity $this
*/
protected function updateAncestorsTree(\PropelPDO $con = null)
{
$con->beginTransaction();
$oldAncestors = ObjectIdentityQuery::create()->findAncestors($this, $con);
$children = ObjectIdentityQuery::create()->findGrandChildren($this, $con);
$children->append($this);
if (count($oldAncestors)) {
foreach ($children as $eachChild) {
/*
* Delete only those entries, that are ancestors based on the parent relation.
* Ancestors of grand children up to the current node will be kept.
*/
$query = ObjectIdentityAncestorQuery::create()
->filterByObjectIdentityId($eachChild->getId())
->filterByObjectIdentityRelatedByAncestorId($oldAncestors, \Criteria::IN)
;
if ($eachChild->getId() !== $this->getId()) {
$query->filterByAncestorId(array($eachChild->getId(), $this->getId()), \Criteria::NOT_IN);
} else {
$query->filterByAncestorId($this->getId(), \Criteria::NOT_EQUAL);
}
$query->delete($con);
}
}
// This is the new parent object identity!
$parent = $this->getObjectIdentityRelatedByParentObjectIdentityId($con);
if (null !== $parent) {
$newAncestors = ObjectIdentityQuery::create()->findAncestors($parent, $con);
$newAncestors->append($parent);
foreach ($newAncestors as $eachAncestor) {
// This collection contains the current object identity!
foreach ($children as $eachChild) {
$ancestor = ObjectIdentityAncestorQuery::create()
->filterByObjectIdentityId($eachChild->getId())
->filterByAncestorId($eachAncestor->getId())
->findOneOrCreate($con)
;
// If the entry already exists, next please.
if (!$ancestor->isNew()) {
continue;
}
if ($eachChild->getId() === $this->getId()) {
// Do not save() here, as it would result in an infinite recursion loop!
$this->addObjectIdentityAncestorRelatedByObjectIdentityId($ancestor);
} else {
// Save the new ancestor to avoid integrity constraint violation.
$ancestor->save($con);
$eachChild
->addObjectIdentityAncestorRelatedByObjectIdentityId($ancestor)
->save($con)
;
}
}
}
}
$con->commit();
return $this;
}
}

18
Model/Acl/ObjectIdentityAncestor.php
View file

@ -1,18 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseObjectIdentityAncestor;
class ObjectIdentityAncestor extends BaseObjectIdentityAncestor
{
}

18
Model/Acl/ObjectIdentityAncestorPeer.php
View file

@ -1,18 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseObjectIdentityAncestorPeer;
class ObjectIdentityAncestorPeer extends BaseObjectIdentityAncestorPeer
{
}

18
Model/Acl/ObjectIdentityAncestorQuery.php
View file

@ -1,18 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseObjectIdentityAncestorQuery;
class ObjectIdentityAncestorQuery extends BaseObjectIdentityAncestorQuery
{
}

18
Model/Acl/ObjectIdentityPeer.php
View file

@ -1,18 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseObjectIdentityPeer;
class ObjectIdentityPeer extends BaseObjectIdentityPeer
{
}

112
Model/Acl/ObjectIdentityQuery.php
View file

@ -1,112 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\ObjectIdentity;
use Propel\PropelBundle\Model\Acl\om\BaseObjectIdentityQuery;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
class ObjectIdentityQuery extends BaseObjectIdentityQuery
{
/**
* Filter by an ObjectIdentity object belonging to the given ACL related ObjectIdentity.
*
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
* @param \PropelPDO $con
*
* @return \Propel\PropelBundle\Model\Acl\ObjectIdentityQuery $this
*/
public function filterByAclObjectIdentity(ObjectIdentityInterface $objectIdentity, \PropelPDO $con = null)
{
/*
* Not using a JOIN here, because the filter may be applied on 'findOneOrCreate',
* which is currently (Propel 1.6.4-dev) not working.
*/
$aclClass = AclClass::fromAclObjectIdentity($objectIdentity, $con);
$this
->filterByClassId($aclClass->getId())
->filterByIdentifier($objectIdentity->getIdentifier())
;
return $this;
}
/**
* Return an ObjectIdentity object belonging to the given ACL related ObjectIdentity.
*
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
* @param \PropelPDO $con
*
* @return \Propel\PropelBundle\Model\Acl\ObjectIdentity
*/
public function findOneByAclObjectIdentity(ObjectIdentityInterface $objectIdentity, \PropelPDO $con = null)
{
return $this
->filterByAclObjectIdentity($objectIdentity, $con)
->findOne($con)
;
}
/**
* Return all children of the given object identity.
*
* @param \Propel\PropelBundle\Model\Acl\ObjectIdentity $objectIdentity
* @param \PropelPDO $con
*
* @return \PropelObjectCollection
*/
public function findChildren(ObjectIdentity $objectIdentity, \PropelPDO $con = null)
{
return $this
->filterByObjectIdentityRelatedByParentObjectIdentityId($objectIdentity)
->find($con)
;
}
/**
* Return all children and grand-children of the given object identity.
*
* @param \Propel\PropelBundle\Model\Acl\ObjectIdentity $objectIdentity
* @param \PropelPDO $con
*
* @return \PropelObjectCollection
*/
public function findGrandChildren(ObjectIdentity $objectIdentity, \PropelPDO $con = null)
{
return $this
->useObjectIdentityAncestorRelatedByObjectIdentityIdQuery()
->filterByObjectIdentityRelatedByAncestorId($objectIdentity)
->filterByObjectIdentityRelatedByObjectIdentityId($objectIdentity, \Criteria::NOT_EQUAL)
->endUse()
->find($con)
;
}
/**
* Return all ancestors of the given object identity.
*
* @param ObjectIdentity $objectIdentity
* @param \PropelPDO $con
*
* @return \PropelObjectCollection
*/
public function findAncestors(ObjectIdentity $objectIdentity, \PropelPDO $con = null)
{
return $this
->useObjectIdentityAncestorRelatedByAncestorIdQuery()
->filterByObjectIdentityRelatedByObjectIdentityId($objectIdentity)
->filterByObjectIdentityRelatedByAncestorId($objectIdentity, \Criteria::NOT_EQUAL)
->endUse()
->find($con)
;
}
}

85
Model/Acl/SecurityIdentity.php
View file

@ -1,85 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseSecurityIdentity;
use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity;
use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity;
use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
class SecurityIdentity extends BaseSecurityIdentity
{
/**
* Transform a given mode security identity into an ACL related SecurityIdentity.
*
* @param \Propel\PropelBundle\Model\Acl\SecurityIdentity $securityIdentity
*
* @return \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface
*/
public static function toAclIdentity(SecurityIdentity $securityIdentity)
{
$identifier = $securityIdentity->getIdentifier();
if ($securityIdentity->getUsername()) {
if (false === strpos($identifier, '-')) {
throw new \InvalidArgumentException('The given identifier does not resolve to a UserSecurityIdentity.');
}
list($class, $username) = explode('-', $identifier, 2);
return new UserSecurityIdentity($username, $class);
}
if (0 === strpos($identifier, 'ROLE_') or 0 === strpos($identifier, 'IS_AUTHENTICATED_')) {
return new RoleSecurityIdentity($identifier);
}
throw new \InvalidArgumentException('The security identity does not resolve to either UserSecurityIdentity or RoleSecurityIdentity.');
}
/**
* Transform a given ACL security identity into a SecurityIdentity model.
*
* If there is no model entry given, a new one will be created and saved to the database.
*
* @throws \InvalidArgumentException
*
* @param \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface $aclIdentity
* @param \PropelPDO $con
*
* @return \Propel\PropelBundle\Model\Acl\SecurityIdentity
*/
public static function fromAclIdentity(SecurityIdentityInterface $aclIdentity, \PropelPDO $con = null)
{
if ($aclIdentity instanceof UserSecurityIdentity) {
$identifier = $aclIdentity->getClass().'-'.$aclIdentity->getUsername();
$username = true;
} elseif ($aclIdentity instanceof RoleSecurityIdentity) {
$identifier = $aclIdentity->getRole();
$username = false;
} else {
throw new \InvalidArgumentException('The ACL identity must either be an instance of UserSecurityIdentity or RoleSecurityIdentity.');
}
$obj = SecurityIdentityQuery::create()
->filterByIdentifier($identifier)
->filterByUsername($username)
->findOneOrCreate($con)
;
if ($obj->isNew()) {
$obj->save($con);
}
return $obj;
}
}

18
Model/Acl/SecurityIdentityPeer.php
View file

@ -1,18 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseSecurityIdentityPeer;
class SecurityIdentityPeer extends BaseSecurityIdentityPeer
{
}

18
Model/Acl/SecurityIdentityQuery.php
View file

@ -1,18 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseSecurityIdentityQuery;
class SecurityIdentityQuery extends BaseSecurityIdentityQuery
{
}

104
Resources/acl_schema.xml
View file

@ -1,104 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<database name="default" namespace="Propel\PropelBundle\Model\Acl" defaultIdMethod="native" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xsd.propelorm.org/1.6/database.xsd">
<table name="acl_classes" phpName="AclClass">
<column name="id" type="integer" autoIncrement="true" primaryKey="true" />
<column name="class_type" type="varchar" size="200" required="true" phpName="Type" />
<unique>
<unique-column name="class_type" />
</unique>
</table>
<table name="acl_security_identities" phpName="SecurityIdentity">
<column name="id" type="integer" autoIncrement="true" primaryKey="true" />
<column name="identifier" type="varchar" size="200" required="true" />
<column name="username" type="boolean" required="true" />
<unique>
<unique-column name="identifier" />
<unique-column name="username" />
</unique>
</table>
<table name="acl_object_identities" phpName="ObjectIdentity">
<column name="id" type="integer" autoIncrement="true" primaryKey="true" />
<column name="class_id" type="integer" required="true" />
<column name="object_identifier" type="varchar" size="200" required="true" phpName="Identifier" />
<column name="parent_object_identity_id" type="integer" required="false" defaultValue="null" />
<column name="entries_inheriting" type="boolean" required="true" defaultValue="true" />
<unique>
<unique-column name="class_id" />
<unique-column name="object_identifier" />
</unique>
<index>
<index-column name="parent_object_identity_id" />
</index>
<foreign-key foreignTable="acl_classes" onDelete="RESTRICT" onUpdate="CASCADE">
<reference local="class_id" foreign="id" />
</foreign-key>
<foreign-key foreignTable="acl_object_identities" onDelete="RESTRICT" onUpdate="CASCADE">
<reference local="parent_object_identity_id" foreign="id" />
</foreign-key>
</table>
<table name="acl_object_identity_ancestors" phpName="ObjectIdentityAncestor" heavyIndexing="true">
<column name="object_identity_id" type="integer" primaryKey="true" />
<column name="ancestor_id" type="integer" primaryKey="true" />
<foreign-key foreignTable="acl_object_identities" onDelete="CASCADE" onUpdate="CASCADE">
<reference local="object_identity_id" foreign="id" />
</foreign-key>
<foreign-key foreignTable="acl_object_identities" onDelete="CASCADE" onUpdate="CASCADE">
<reference local="ancestor_id" foreign="id" />
</foreign-key>
</table>
<table name="acl_entries" phpName="Entry">
<column name="id" type="integer" autoIncrement="true" primaryKey="true" />
<column name="class_id" type="integer" required="true" />
<column name="object_identity_id" type="integer" required="false" defaultValue="null" />
<column name="security_identity_id" type="integer" required="true" />
<column name="field_name" type="varchar" size="50" />
<column name="ace_order" type="integer" required="true" />
<column name="mask" type="integer" required="true" />
<column name="granting" type="boolean" required="true" />
<column name="granting_strategy" type="varchar" size="30" required="true" />
<column name="audit_success" type="boolean" required="true" defaultValue="false" />
<column name="audit_failure" type="boolean" required="true" defaultValue="true" />
<unique>
<unique-column name="class_id" />
<unique-column name="object_identity_id" />
<unique-column name="field_name" />
<unique-column name="ace_order" />
</unique>
<index>
<index-column name="class_id" />
<index-column name="object_identity_id" />
<index-column name="security_identity_id" />
</index>
<index>
<index-column name="class_id" />
</index>
<index>
<index-column name="object_identity_id" />
</index>
<index>
<index-column name="security_identity_id" />
</index>
<foreign-key foreignTable="acl_classes" onDelete="CASCADE" onUpdate="CASCADE">
<reference local="class_id" foreign="id" />
</foreign-key>
<foreign-key foreignTable="acl_object_identities" onDelete="CASCADE" onUpdate="CASCADE">
<reference local="object_identity_id" foreign="id" />
</foreign-key>
<foreign-key foreignTable="acl_security_identities" onDelete="CASCADE" onUpdate="CASCADE">
<reference local="security_identity_id" foreign="id" />
</foreign-key>
</table>
</database>

178
Security/Acl/AclProvider.php
View file

@ -1,178 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Security\Acl;
use Propel\PropelBundle\Model\Acl\EntryQuery;
use Propel\PropelBundle\Model\Acl\ObjectIdentityQuery;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Security\Acl\Domain\Acl;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use Symfony\Component\Security\Acl\Exception\AclNotFoundException;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\AclCacheInterface;
use Symfony\Component\Security\Acl\Model\AclProviderInterface;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
use Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface;
/**
* An implementation of the AclProviderInterface using Propel ORM.
*
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AclProvider implements AclProviderInterface
{
protected $permissionGrantingStrategy;
protected $connection;
protected $cache;
/**
* Constructor.
*
* @param \Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface $permissionGrantingStrategy
* @param \PropelPDO $con
* @param \Symfony\Component\Security\Acl\Model\AclCacheInterface $cache
*/
public function __construct(PermissionGrantingStrategyInterface $permissionGrantingStrategy, \PropelPDO $connection = null, AclCacheInterface $cache = null)
{
$this->permissionGrantingStrategy = $permissionGrantingStrategy;
$this->connection = $connection;
$this->cache = $cache;
}
/**
* Retrieves all child object identities from the database.
*
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $parentObjectIdentity
* @param bool $directChildrenOnly
*
* @return array
*/
public function findChildren(ObjectIdentityInterface $parentObjectIdentity, $directChildrenOnly = false)
{
$modelIdentity = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($parentObjectIdentity, $this->connection);
if (empty($modelIdentity)) {
return array();
}
if ($directChildrenOnly) {
$collection = ObjectIdentityQuery::create()->findChildren($modelIdentity, $this->connection);
} else {
$collection = ObjectIdentityQuery::create()->findGrandChildren($modelIdentity, $this->connection);
}
$children = array();
foreach ($collection as $eachChild) {
$children[] = new ObjectIdentity($eachChild->getIdentifier(), $eachChild->getAclClass($this->connection)->getType());
}
return $children;
}
/**
* Returns the ACL that belongs to the given object identity
*
* @throws \Symfony\Component\Security\Acl\Exception\AclNotFoundException
*
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
* @param array $securityIdentities
*
* @return \Symfony\Component\Security\Acl\Model\AclInterface
*/
public function findAcl(ObjectIdentityInterface $objectIdentity, array $securityIdentities = array())
{
$modelObj = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($objectIdentity, $this->connection);
if (null !== $this->cache and null !== $modelObj) {
$cachedAcl = $this->cache->getFromCacheById($modelObj->getId());
if ($cachedAcl instanceof AclInterface) {
return $cachedAcl;
}
}
$collection = EntryQuery::create()->findByAclIdentity($objectIdentity, $securityIdentities, $this->connection);
if (0 === count($collection)) {
if (empty($securityIdentities)) {
$errorMessage = 'There is no ACL available for this object identity. Please create one using the MutableAclProvider.';
} else {
$errorMessage = 'There is at least no ACL for this object identity and the given security identities. Try retrieving the ACL without security identity filter and add ACEs for the security identities.';
}
throw new AclNotFoundException($errorMessage);
}
$loadedSecurityIdentities = array();
foreach ($collection as $eachEntry) {
if (!isset($loadedSecurityIdentities[$eachEntry->getSecurityIdentity()->getId()])) {
$loadedSecurityIdentities[$eachEntry->getSecurityIdentity()->getId()] = SecurityIdentity::toAclIdentity($eachEntry->getSecurityIdentity());
}
}
$parentAcl = null;
$entriesInherited = true;
if (null !== $modelObj) {
$entriesInherited = $modelObj->getEntriesInheriting();
if (null !== $modelObj->getParentObjectIdentityId()) {
$parentObj = $modelObj->getObjectIdentityRelatedByParentObjectIdentityId($this->connection);
try {
$parentAcl = $this->findAcl(new ObjectIdentity($parentObj->getIdentifier(), $parentObj->getAclClass($this->connection)->getType()));
} catch (AclNotFoundException $e) {
/*
* This happens e.g. if the parent ACL is created, but does not contain any ACE by now.
* The ACEs may be applied later on.
*/
}
}
}
return $this->getAcl($collection, $objectIdentity, $loadedSecurityIdentities, $parentAcl, $entriesInherited);
}
/**
* Returns the ACLs that belong to the given object identities
*
* @throws \Symfony\Component\Security\Acl\Exception\AclNotFoundException When at least one object identity is missing its ACL.
*
* @param array $objectIdentities an array of ObjectIdentityInterface implementations
* @param array $securityIdentities an array of SecurityIdentityInterface implementations
*
* @return \SplObjectStorage mapping the passed object identities to ACLs
*/
public function findAcls(array $objectIdentities, array $securityIdentities = array())
{
$result = new \SplObjectStorage();
foreach ($objectIdentities as $eachIdentity) {
$result[$eachIdentity] = $this->findAcl($eachIdentity, $securityIdentities);
}
return $result;
}
/**
* Create an ACL.
*
* @param \PropelObjectCollection $collection
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
* @param array $loadedSecurityIdentities
* @param \Symfony\Component\Security\Acl\Model\AclInterface $parentAcl
* @param bool $inherited
*
* @return \Propel\PropelBundle\Security\Acl\Domain\Acl
*/
protected function getAcl(\PropelObjectCollection $collection, ObjectIdentityInterface $objectIdentity, array $loadedSecurityIdentities = array(), AclInterface $parentAcl = null, $inherited = true)
{
return new Acl($collection, $objectIdentity, $this->permissionGrantingStrategy, $loadedSecurityIdentities, $parentAcl, $inherited);
}
}

38
Security/Acl/AuditableAclProvider.php
View file

@ -1,38 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Security\Acl;
use Propel\PropelBundle\Security\Acl\Domain\AuditableAcl;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AuditableAclProvider extends MutableAclProvider
{
/**
* Get an ACL for this provider.
*
* @param \PropelObjectCollection $collection
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
* @param array $loadedSecurityIdentities
* @param \Symfony\Component\Security\Acl\Model\AclInterface $parentAcl
* @param bool $inherited
*
* @return \Propel\PropelBundle\Security\Acl\Domain\AuditableAcl
*/
protected function getAcl(\PropelObjectCollection $collection, ObjectIdentityInterface $objectIdentity, array $loadedSecurityIdentities = array(), AclInterface $parentAcl = null, $inherited = true)
{
return new AuditableAcl($collection, $objectIdentity, $this->permissionGrantingStrategy, $loadedSecurityIdentities, $parentAcl, $inherited, $this->connection);
}
}

314
Security/Acl/Domain/Acl.php
View file

@ -1,314 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Security\Acl\Domain;
use Symfony\Component\Security\Acl\Exception\Exception as AclException;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
use Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface;
use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
/**
* An ACL implementation that is immutable based on data from a PropelObjectCollection of Propel\PropelBundle\Model\Acl\Entry.
*
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class Acl implements AclInterface
{
protected $model = 'Propel\PropelBundle\Model\Acl\Entry';
protected $classAces = array();
protected $classFieldAces = array();
protected $objectAces = array();
protected $objectFieldAces = array();
protected $objectIdentity;
protected $parentAcl;
protected $permissionGrantingStrategy;
protected $inherited;
protected $loadedSecurityIdentities = array();
/**
* A list of known associated fields on this ACL.
*
* @var array
*/
protected $fields = array();
/**
* Constructor.
*
* @param \PropelObjectCollection $entries
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
* @param \Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface $permissionGrantingStrategy
* @param array $loadedSecurityIdentities
* @param \Symfony\Component\Security\Acl\Model\AclInterface $parentAcl
* @param bool $inherited
*/
public function __construct(\PropelObjectCollection $entries, ObjectIdentityInterface $objectIdentity, PermissionGrantingStrategyInterface $permissionGrantingStrategy, array $loadedSecurityIdentities = array(), AclInterface $parentAcl = null, $inherited = true)
{
if ($entries->getModel() !== $this->model) {
throw new AclException(sprintf('The given collection does not contain models of class "%s" but of class "%s".', $this->model, $entries->getModel()));
}
foreach ($entries as $eachEntry) {
if (null === $eachEntry->getFieldName() and null === $eachEntry->getObjectIdentityId()) {
$this->classAces[] = new Entry($eachEntry, $this);
}
if (null !== $eachEntry->getFieldName() and null === $eachEntry->getObjectIdentityId()) {
if (empty($this->classFieldAces[$eachEntry->getFieldName()])) {
$this->classFieldAces[$eachEntry->getFieldName()] = array();
$this->updateFields($eachEntry->getFieldName());
}
$this->classFieldAces[$eachEntry->getFieldName()][] = new FieldEntry($eachEntry, $this);
}
if (null === $eachEntry->getFieldName() and null !== $eachEntry->getObjectIdentityId()) {
$this->objectAces[] = new Entry($eachEntry, $this);
}
if (null !== $eachEntry->getFieldName() and null !== $eachEntry->getObjectIdentityId()) {
if (empty($this->objectFieldAces[$eachEntry->getFieldName()])) {
$this->objectFieldAces[$eachEntry->getFieldName()] = array();
$this->updateFields($eachEntry->getFieldName());
}
$this->objectFieldAces[$eachEntry->getFieldName()][] = new FieldEntry($eachEntry, $this);
}
}
$this->objectIdentity = $objectIdentity;
$this->permissionGrantingStrategy = $permissionGrantingStrategy;
$this->parentAcl = $parentAcl;
$this->inherited = $inherited;
$this->loadedSecurityIdentities = $loadedSecurityIdentities;
$this->fields = array_unique($this->fields);
}
/**
* Returns all class-based ACEs associated with this ACL
*
* @return array
*/
public function getClassAces()
{
return $this->classAces;
}
/**
* Returns all class-field-based ACEs associated with this ACL
*
* @param string $field
*
* @return array
*/
public function getClassFieldAces($field)
{
return isset($this->classFieldAces[$field]) ? $this->classFieldAces[$field] : array();
}
/**
* Returns all object-based ACEs associated with this ACL
*
* @return array
*/
public function getObjectAces()
{
return $this->objectAces;
}
/**
* Returns all object-field-based ACEs associated with this ACL
*
* @param string $field
*
* @return array
*/
public function getObjectFieldAces($field)
{
return isset($this->objectFieldAces[$field]) ? $this->objectFieldAces[$field] : array();
}
/**
* Returns the object identity associated with this ACL
*
* @return \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface
*/
public function getObjectIdentity()
{
return $this->objectIdentity;
}
/**
* Returns the parent ACL, or null if there is none.
*
* @return \Symfony\Component\Security\Acl\Model\AclInterface|null
*/
public function getParentAcl()
{
return $this->parentAcl;
}
/**
* Whether this ACL is inheriting ACEs from a parent ACL.
*
* @return bool
*/
public function isEntriesInheriting()
{
return $this->inherited;
}
/**
* Determines whether field access is granted
*
* @param string $field
* @param array $masks
* @param array $securityIdentities
* @param bool $administrativeMode
*
* @return bool
*/
public function isFieldGranted($field, array $masks, array $securityIdentities, $administrativeMode = false)
{
return $this->permissionGrantingStrategy->isFieldGranted($this, $field, $masks, $securityIdentities, $administrativeMode);
}
/**
* Determines whether access is granted
*
* @throws \Symfony\Component\Security\Acl\Exception\NoAceFoundException when no ACE was applicable for this request
*
* @param array $masks
* @param array $securityIdentities
* @param bool $administrativeMode
*
* @return bool
*/
public function isGranted(array $masks, array $securityIdentities, $administrativeMode = false)
{
return $this->permissionGrantingStrategy->isGranted($this, $masks, $securityIdentities, $administrativeMode);
}
/**
* Whether the ACL has loaded ACEs for all of the passed security identities
*
* @throws \InvalidArgumentException
*
* @param mixed $securityIdentities an implementation of SecurityIdentityInterface, or an array thereof
*
* @return bool
*/
public function isSidLoaded($securityIdentities)
{
if (!is_array($securityIdentities)) {
$securityIdentities = array($securityIdentities);
}
$found = 0;
foreach ($securityIdentities as $eachSecurityIdentity) {
if (!$eachSecurityIdentity instanceof SecurityIdentityInterface) {
throw new \InvalidArgumentException('At least one entry of the given list is not implementing the "SecurityIdentityInterface".');
}
foreach ($this->loadedSecurityIdentities as $eachLoadedIdentity) {
if ($eachSecurityIdentity->equals($eachLoadedIdentity)) {
$found++;
break;
}
}
}
return ($found === count($securityIdentities));
}
/**
* String representation of object
*
* @link http://php.net/manual/en/serializable.serialize.php
*
* @return string the string representation of the object or &null;
*/
public function serialize()
{
return serialize(array(
$this->model,
$this->classAces,
$this->classFieldAces,
$this->objectAces,
$this->objectFieldAces,
$this->objectIdentity,
$this->parentAcl,
$this->permissionGrantingStrategy,
$this->inherited,
$this->loadedSecurityIdentities,
));
}
/**
* Constructs the object
*
* @link http://php.net/manual/en/serializable.unserialize.php
*
* @param string $serialized
*
* @return mixed the original value unserialized.
*/
public function unserialize($serialized)
{
list(
$this->model,
$this->classAces,
$this->classFieldAces,
$this->objectAces,
$this->objectFieldAces,
$this->objectIdentity,
$this->parentAcl,
$this->permissionGrantingStrategy,
$this->inherited,
$this->loadedSecurityIdentities,
) = unserialize($serialized);
return $this;
}
/**
* Returns a list of associated fields on this ACL.
*
* @return array
*/
public function getFields()
{
return $this->fields;
}
/**
* Update the internal list of associated fields on this ACL.
*
* @param string $field
*
* @return \Propel\PropelBundle\Security\Acl\Domain\Acl $this
*/
protected function updateFields($field)
{
if (!in_array($field, $this->fields)) {
$this->fields[] = $field;
}
return $this;
}
}

103
Security/Acl/Domain/AuditableAcl.php
View file

@ -1,103 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Security\Acl\Domain;
use Propel\PropelBundle\Model\Acl\Entry as ModelEntry;
use Symfony\Component\Security\Acl\Model\AuditableAclInterface;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AuditableAcl extends MutableAcl implements AuditableAclInterface
{
/**
* Updates auditing for class-based ACE
*
* @param integer $index
* @param bool $auditSuccess
* @param bool $auditFailure
*/
public function updateClassAuditing($index, $auditSuccess, $auditFailure)
{
$this->updateAuditing($this->classAces, $index, $auditSuccess, $auditFailure);
}
/**
* Updates auditing for class-field-based ACE
*
* @param integer $index
* @param string $field
* @param bool $auditSuccess
* @param bool $auditFailure
*/
public function updateClassFieldAuditing($index, $field, $auditSuccess, $auditFailure)
{
$this->validateField($this->classFieldAces, $field);
$this->updateAuditing($this->classFieldAces[$field], $index, $auditSuccess, $auditFailure);
}
/**
* Updates auditing for object-based ACE
*
* @param integer $index
* @param bool $auditSuccess
* @param bool $auditFailure
*/
public function updateObjectAuditing($index, $auditSuccess, $auditFailure)
{
$this->updateAuditing($this->objectAces, $index, $auditSuccess, $auditFailure);
}
/**
* Updates auditing for object-field-based ACE
*
* @param integer $index
* @param string $field
* @param bool $auditSuccess
* @param bool $auditFailure
*/
public function updateObjectFieldAuditing($index, $field, $auditSuccess, $auditFailure)
{
$this->validateField($this->objectFieldAces, $field);
$this->updateAuditing($this->objectFieldAces[$field], $index, $auditSuccess, $auditFailure);
}
/**
* Update auditing on a single ACE.
*
* @throws \InvalidArgumentException
*
* @param array $list
* @param int $index
* @param bool $auditSuccess
* @param bool $auditFailure
*
* @return \Propel\PropelBundle\Security\Acl\Domain\AuditableAcl $this
*/
protected function updateAuditing(array &$list, $index, $auditSuccess, $auditFailure)
{
if (!is_bool($auditSuccess) or !is_bool($auditFailure)) {
throw new \InvalidArgumentException('The given auditing flags are invalid. Please provide boolean only.');
}
$this->validateIndex($list, $index);
$entry = ModelEntry::fromAclEntry($list[$index])
->setAuditSuccess($auditSuccess)
->setAuditFailure($auditFailure)
;
$list[$index] = ModelEntry::toAclEntry($entry, $this);
return $this;
}
}

192
Security/Acl/Domain/Entry.php
View file

@ -1,192 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Security\Acl\Domain;
use Propel\PropelBundle\Model\Acl\Entry as ModelEntry;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\AuditableEntryInterface;
use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
/**
* An ACE implementation retrieving data from a given Propel\PropelBundle\Model\Acl\Entry.
*
* The entry is only used to grab a "snapshot" of its data as an EntryInterface is immutable!
*
* @see \Symfony\Component\Security\Acl\Model\EntryInterface
*
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class Entry implements AuditableEntryInterface
{
protected $acl;
protected $id;
protected $securityIdentity;
protected $mask;
protected $isGranting;
protected $strategy;
protected $auditSuccess;
protected $auditFailure;
/**
* Constructor.
*
* @param \Propel\PropelBundle\Model\Acl\Entry $entry
* @param \Symfony\Component\Security\Acl\Model\AclInterface $acl
*/
public function __construct(ModelEntry $entry, AclInterface $acl)
{
$this->acl = $acl;
$this->securityIdentity = SecurityIdentity::toAclIdentity($entry->getSecurityIdentity());
/*
* A new ACE (from a MutableAcl) does not have an ID,
* but will be persisted by the MutableAclProvider afterwards, if issued.
*/
if ($entry->getId()) {
$this->id = $entry->getId();
}
$this->mask = $entry->getMask();
$this->isGranting = $entry->getGranting();
$this->strategy = $entry->getGrantingStrategy();
$this->auditFailure = $entry->getAuditFailure();
$this->auditSuccess = $entry->getAuditSuccess();
}
/**
* String representation of object
*
* @link http://php.net/manual/en/serializable.serialize.php
*
* @return string the string representation of the object or &null;
*/
public function serialize()
{
return serialize(array(
$this->acl,
$this->securityIdentity,
$this->id,
$this->mask,
$this->isGranting,
$this->strategy,
$this->auditFailure,
$this->auditSuccess,
));
}
/**
* Constructs the object
*
* @link http://php.net/manual/en/serializable.unserialize.php
*
* @param string $serialized
*
* @return mixed the original value unserialized.
*/
public function unserialize($serialized)
{
list(
$this->acl,
$this->securityIdentity,
$this->id,
$this->mask,
$this->isGranting,
$this->strategy,
$this->auditFailure,
$this->auditSuccess,
) = unserialize($serialized);
return $this;
}
/**
* The ACL this ACE is associated with.
*
* @return \Symfony\Component\Security\Acl\Model\AclInterface
*/
public function getAcl()
{
return $this->acl;
}
/**
* The security identity associated with this ACE
*
* @return \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface
*/
public function getSecurityIdentity()
{
return $this->securityIdentity;
}
/**
* The primary key of this ACE
*
* @return integer
*/
public function getId()
{
return $this->id;
}
/**
* The permission mask of this ACE
*
* @return integer
*/
public function getMask()
{
return $this->mask;
}
/**
* The strategy for comparing masks
*
* @return string
*/
public function getStrategy()
{
return $this->strategy;
}
/**
* Returns whether this ACE is granting, or denying
*
* @return bool
*/
public function isGranting()
{
return $this->isGranting;
}
/**
* Whether auditing for successful grants is turned on
*
* @return bool
*/
public function isAuditFailure()
{
return $this->auditFailure;
}
/**
* Whether auditing for successful denies is turned on
*
* @return bool
*/
public function isAuditSuccess()
{
return $this->auditSuccess;
}
}

101
Security/Acl/Domain/FieldEntry.php
View file

@ -1,101 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Security\Acl\Domain;
use Propel\PropelBundle\Model\Acl\Entry as ModelEntry;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\FieldEntryInterface;
/**
* An ACE implementation retrieving data from a given \Propel\PropelBundle\Model\Acl\Entry.
*
* The entry is only used to grab a "snapshot" of its data as an \Symfony\Component\Security\Acl\Model\EntryInterface is immutable!
*
* @see \Symfony\Component\Security\Acl\Model\EntryInterface
*
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class FieldEntry extends Entry implements FieldEntryInterface
{
protected $field;
/**
* Constructor.
*
* @param \Propel\PropelBundle\Model\Acl\Entry $entry
* @param \Symfony\Component\Security\Acl\Model\AclInterface $acl
*/
public function __construct(ModelEntry $entry, AclInterface $acl)
{
$this->field = $entry->getFieldName();
parent::__construct($entry, $acl);
}
/**
* Returns the field used for this entry.
*
* @return string
*/
public function getField()
{
return $this->field;
}
/**
* String representation of object
*
* @link http://php.net/manual/en/serializable.serialize.php
*
* @return string the string representation of the object or &null;
*/
public function serialize()
{
return serialize(array(
$this->acl,
$this->securityIdentity,
$this->id,
$this->mask,
$this->isGranting,
$this->strategy,
$this->auditFailure,
$this->auditSuccess,
$this->field,
));
}
/**
* Constructs the object
*
* @link http://php.net/manual/en/serializable.unserialize.php
*
* @param string $serialized
*
* @return mixed the original value unserialized.
*/
public function unserialize($serialized)
{
list(
$this->acl,
$this->securityIdentity,
$this->id,
$this->mask,
$this->isGranting,
$this->strategy,
$this->auditFailure,
$this->auditSuccess,
$this->field,
) = unserialize($serialized);
return $this;
}
}

528
Security/Acl/Domain/MutableAcl.php
View file

@ -1,528 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Security\Acl\Domain;
use Propel\PropelBundle\Model\Acl\Entry as ModelEntry;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Model\Acl\ObjectIdentity;
use Propel\PropelBundle\Model\Acl\ObjectIdentityQuery;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\MutableAclInterface;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
use Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface;
use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class MutableAcl extends Acl implements MutableAclInterface
{
/**
* The id of the current ACL.
*
* It's the id of the ObjectIdentity model.
*
* @var int
*/
protected $id;
/**
* A reference to the ObjectIdentity this ACL is mapped to.
*
* @var \Propel\PropelBundle\Model\Acl\ObjectIdentity
*/
protected $modelObjectIdentity;
/**
* A connection to be used for all changes on the ACL.
*
* @var \PropelPDO
*/
protected $con;
/**
* Constructor.
*
* @param \PropelObjectCollection $entries
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
* @param \Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface $permissionGrantingStrategy
* @param array $loadedSecurityIdentities
* @param \Symfony\Component\Security\Acl\Model\AclInterface $parentAcl
* @param bool $inherited
* @param \PropelPDO $con
*/
public function __construct(\PropelObjectCollection $entries, ObjectIdentityInterface $objectIdentity, PermissionGrantingStrategyInterface $permissionGrantingStrategy, array $loadedSecurityIdentities = array(), AclInterface $parentAcl = null, $inherited = true, \PropelPDO $con = null)
{
parent::__construct($entries, $objectIdentity, $permissionGrantingStrategy, $loadedSecurityIdentities, $parentAcl, $inherited);
$this->modelObjectIdentity = ObjectIdentityQuery::create()
->filterByAclObjectIdentity($objectIdentity, $con)
->findOneOrCreate($con)
;
if ($this->modelObjectIdentity->isNew()) {
$this->modelObjectIdentity->save($con);
}
$this->id = $this->modelObjectIdentity->getId();
$this->con = $con;
}
/**
* Returns the primary key of this ACL
*
* @return integer
*/
public function getId()
{
return $this->id;
}
/**
* Sets whether entries are inherited
*
* @param bool $boolean
*/
public function setEntriesInheriting($boolean)
{
$this->inherited = $boolean;
}
/**
* Sets the parent ACL
*
* @param \Symfony\Component\Security\Acl\Model\AclInterface|null $acl
*/
public function setParentAcl(AclInterface $acl = null)
{
$this->parentAcl = $acl;
}
/**
* Deletes a class-based ACE
*
* @param integer $index
*/
public function deleteClassAce($index)
{
$this->deleteIndex($this->classAces, $index);
}
/**
* Deletes a class-field-based ACE
*
* @param integer $index
* @param string $field
*/
public function deleteClassFieldAce($index, $field)
{
$this
->validateField($this->classFieldAces, $field)
->deleteIndex($this->classFieldAces[$field], $index)
;
}
/**
* Deletes an object-based ACE
*
* @param integer $index
*/
public function deleteObjectAce($index)
{
$this->deleteIndex($this->objectAces, $index);
}
/**
* Deletes an object-field-based ACE
*
* @param integer $index
* @param string $field
*/
public function deleteObjectFieldAce($index, $field)
{
$this
->validateField($this->objectFieldAces, $field)
->deleteIndex($this->objectFieldAces[$field], $index)
;
}
/**
* Inserts a class-based ACE
*
* @param \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface $securityIdentity
* @param integer $mask
* @param integer $index
* @param bool $granting
* @param string $strategy
*/
public function insertClassAce(SecurityIdentityInterface $securityIdentity, $mask, $index = 0, $granting = true, $strategy = null)
{
$this->insertToList($this->classAces, $index, $this->createAce($mask, $index, $securityIdentity, $strategy, $granting));
}
/**
* Inserts a class-field-based ACE
*
* @param string $field
* @param \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface $securityIdentity
* @param integer $mask
* @param integer $index
* @param boolean $granting
* @param string $strategy
*/
public function insertClassFieldAce($field, SecurityIdentityInterface $securityIdentity, $mask, $index = 0, $granting = true, $strategy = null)
{
if (!isset($this->classFieldAces[$field])) {
$this->classFieldAces[$field] = array();
}
$this->insertToList($this->classFieldAces[$field], $index, $this->createAce($mask, $index, $securityIdentity, $strategy, $granting, $field));
}
/**
* Inserts an object-based ACE
*
* @param \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface $securityIdentity
* @param integer $mask
* @param integer $index
* @param boolean $granting
* @param string $strategy
*/
public function insertObjectAce(SecurityIdentityInterface $securityIdentity, $mask, $index = 0, $granting = true, $strategy = null)
{
$this->insertToList($this->objectAces, $index, $this->createAce($mask, $index, $securityIdentity, $strategy, $granting));
}
/**
* Inserts an object-field-based ACE
*
* @param string $field
* @param \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface $securityIdentity
* @param integer $mask
* @param integer $index
* @param boolean $granting
* @param string $strategy
*/
public function insertObjectFieldAce($field, SecurityIdentityInterface $securityIdentity, $mask, $index = 0, $granting = true, $strategy = null)
{
if (!isset($this->objectFieldAces[$field])) {
$this->objectFieldAces[$field] = array();
}
$this->insertToList($this->objectFieldAces[$field], $index, $this->createAce($mask, $index, $securityIdentity, $strategy, $granting, $field));
}
/**
* Updates a class-based ACE
*
* @param integer $index
* @param integer $mask
* @param string $strategy if null the strategy should not be changed
*/
public function updateClassAce($index, $mask, $strategy = null)
{
$this->updateAce($this->classAces, $index, $mask, $strategy);
}
/**
* Updates a class-field-based ACE
*
* @param integer $index
* @param string $field
* @param integer $mask
* @param string $strategy if null the strategy should not be changed
*/
public function updateClassFieldAce($index, $field, $mask, $strategy = null)
{
$this
->validateField($this->classFieldAces, $field)
->updateAce($this->classFieldAces[$field], $index, $mask, $strategy)
;
}
/**
* Updates an object-based ACE
*
* @param integer $index
* @param integer $mask
* @param string $strategy if null the strategy should not be changed
*/
public function updateObjectAce($index, $mask, $strategy = null)
{
$this->updateAce($this->objectAces, $index, $mask, $strategy);
}
/**
* Updates an object-field-based ACE
*
* @param integer $index
* @param string $field
* @param integer $mask
* @param string $strategy if null the strategy should not be changed
*/
public function updateObjectFieldAce($index, $field, $mask, $strategy = null)
{
$this->validateField($this->objectFieldAces, $field);
$this->updateAce($this->objectFieldAces[$field], $index, $mask, $strategy);
}
/**
* String representation of object
*
* @link http://php.net/manual/en/serializable.serialize.php
*
* @return string the string representation of the object or &null;
*/
public function serialize()
{
return serialize(array(
$this->id,
$this->modelObjectIdentity,
$this->model,
$this->classAces,
$this->classFieldAces,
$this->objectAces,
$this->objectFieldAces,
$this->objectIdentity,
$this->parentAcl,
$this->permissionGrantingStrategy,
$this->inherited,
$this->loadedSecurityIdentities,
));
}
/**
* Constructs the object
*
* @link http://php.net/manual/en/serializable.unserialize.php
*
* @param string $serialized
*
* @return mixed the original value unserialized.
*/
public function unserialize($serialized)
{
list(
$this->id,
$this->modelObjectIdentity,
$this->model,
$this->classAces,
$this->classFieldAces,
$this->objectAces,
$this->objectFieldAces,
$this->objectIdentity,
$this->parentAcl,
$this->permissionGrantingStrategy,
$this->inherited,
$this->loadedSecurityIdentities,
) = unserialize($serialized);
return $this;
}
/**
* Insert a given entry into the list on the given index by shifting all others.
*
* @param array $list
* @param int $index
* @param \Propel\PropelBundle\Model\Acl\Entry\Entry $entry
*
* @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this
*/
protected function insertToList(array &$list, $index, Entry $entry)
{
$this->isWithinBounds($list, $index);
if ($entry instanceof FieldEntry) {
$this->updateFields($entry->getField());
}
$list = array_merge(
array_slice($list, 0, $index),
array($entry),
array_splice($list, $index)
);
return $this;
}
/**
* Update a single ACE of this ACL.
*
* @param array $list
* @param int $index
* @param int $mask
* @param string $strategy
* @param string $field
*
* @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this
*/
protected function updateAce(array &$list, $index, $mask, $strategy = null)
{
$this->validateIndex($list, $index);
$entry = ModelEntry::fromAclEntry($list[$index]);
// Apply updates
$entry->setMask($mask);
if (null !== $strategy) {
$entry->setGrantingStrategy($strategy);
}
$list[$index] = ModelEntry::toAclEntry($entry, $this);
return $this;
}
/**
* Delete the ACE of the given list and index.
*
* The list will be re-ordered to have a valid 0..x list.
*
* @param array $list
* @param $index
*
* @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this
*/
protected function deleteIndex(array &$list, $index)
{
$this->validateIndex($list, $index);
unset($list[$index]);
$this->reorderList($list, $index-1);
return $this;
}
/**
* Validate the index on the given list of ACEs.
*
* @throws \OutOfBoundsException
*
* @param array $list
* @param int $index
*
* @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this
*/
protected function isWithinBounds(array &$list, $index)
{
// No count()-1, the count is one ahead of index, and could create the next valid entry!
if ($index < 0 or $index > count($list)) {
throw new \OutOfBoundsException(sprintf('The index must be in the interval [0, %d].', count($list)));
}
return $this;
}
/**
* Check the index for existence in the given list.
*
* @throws \OutOfBoundsException
*
* @param array $list
* @param $index
*
* @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this
*/
protected function validateIndex(array &$list, $index)
{
if (!isset($list[$index])) {
throw new \OutOfBoundsException(sprintf('The index "%d" does not exist.', $index));
}
return $this;
}
/**
* Validate the given field to be present.
*
* @throws \InvalidArgumentException
*
* @param array $list
* @param string $field
*
* @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this
*/
protected function validateField(array &$list, $field)
{
if (!isset($list[$field])) {
throw new \InvalidArgumentException(sprintf('The given field "%s" does not exist.', $field));
}
return $this;
}
/**
* Order the given list to have numeric indexes from 0..x
*
* @param array $list
* @param int $index The right boundary to which the list is valid.
*
* @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this
*/
protected function reorderList(array &$list, $index)
{
$list = array_merge(
array_slice($list, 0, $index+1), // +1 to get length
array_splice($list, $index+1) // +1 to get first index to re-order
);
return $this;
}
/**
* Create a new ACL Entry.
*
* @param int $mask
* @param int $index
* @param \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface $securityIdentity
* @param string $strategy
* @param bool $granting
* @param string $field
*
* @return \Propel\PropelBundle\Security\Acl\Domain\Entry|\Propel\PropelBundle\Security\Acl\Domain\FieldEntry
*/
protected function createAce($mask, $index, SecurityIdentityInterface $securityIdentity, $strategy = null, $granting = true, $field = null)
{
if (!is_int($mask)) {
throw new \InvalidArgumentException('The given mask is not valid. Please provide an integer.');
}
// Compatibility with default implementation
if (null === $strategy) {
if (true === $granting) {
$strategy = PermissionGrantingStrategy::ALL;
} else {
$strategy = PermissionGrantingStrategy::ANY;
}
}
$model = new ModelEntry();
$model
->setAceOrder($index)
->setMask($mask)
->setGrantingStrategy($strategy)
->setGranting($granting)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($securityIdentity))
;
if (null !== $field) {
$model->setFieldName($field);
return new FieldEntry($model, $this);
}
return new Entry($model, $this);
}
}

334
Security/Acl/MutableAclProvider.php
View file

@ -1,334 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Security\Acl;
use Propel\PropelBundle\Model\Acl\Entry as ModelEntry;
use Propel\PropelBundle\Model\Acl\EntryPeer;
use Propel\PropelBundle\Model\Acl\EntryQuery;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Model\Acl\ObjectIdentity;
use Propel\PropelBundle\Model\Acl\ObjectIdentityQuery;
use Propel\PropelBundle\Security\Acl\Domain\Acl;
use Propel\PropelBundle\Security\Acl\Domain\MutableAcl;
use Propel\PropelBundle\Security\Acl\Domain\Entry;
use Symfony\Component\Security\Acl\Exception\AclAlreadyExistsException;
use Symfony\Component\Security\Acl\Exception\Exception as AclException;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\EntryInterface;
use Symfony\Component\Security\Acl\Model\FieldEntryInterface;
use Symfony\Component\Security\Acl\Model\AuditableEntryInterface;
use Symfony\Component\Security\Acl\Model\AclCacheInterface;
use Symfony\Component\Security\Acl\Model\MutableAclInterface;
use Symfony\Component\Security\Acl\Model\MutableAclProviderInterface;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
use Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface;
/**
* An implementation of the MutableAclProviderInterface using Propel ORM.
*
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class MutableAclProvider extends AclProvider implements MutableAclProviderInterface
{
/**
* Constructor.
*
* @param \Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface $permissionGrantingStrategy
* @param \PropelPDO $connection
* @param \Symfony\Component\Security\Acl\Model\AclCacheInterface $cache
*/
public function __construct(PermissionGrantingStrategyInterface $permissionGrantingStrategy, \PropelPDO $connection = null, AclCacheInterface $cache = null)
{
// @codeCoverageIgnoreStart
if (null === $connection) {
$connection = \Propel::getConnection(EntryPeer::DATABASE_NAME, \Propel::CONNECTION_WRITE);
}
// @codeCoverageIgnoreEnd
parent::__construct($permissionGrantingStrategy, $connection, $cache);
}
/**
* Creates a new ACL for the given object identity.
*
* @throws \Symfony\Component\Security\Acl\Exception\AclAlreadyExistsException When there already is an ACL for the given object identity.
*
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
*
* @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl
*/
public function createAcl(ObjectIdentityInterface $objectIdentity)
{
$entries = EntryQuery::create()->findByAclIdentity($objectIdentity, array(), $this->connection);
if (count($entries)) {
throw new AclAlreadyExistsException('An ACL for the given object identity already exists, find and update that one.');
}
$objIdentity = ObjectIdentityQuery::create()
->filterByAclObjectIdentity($objectIdentity, $this->connection)
->findOneOrCreate($this->connection)
;
if ($objIdentity->isNew()) {
// This is safe to do, it makes the ID available and does not affect changes to any ACL.
$objIdentity->save($this->connection);
}
return $this->getAcl($entries, $objectIdentity, array(), null, false);
}
/**
* Deletes the ACL for a given object identity.
*
* This will automatically trigger a delete for any child ACLs. If you don't
* want child ACLs to be deleted, you will have to set their parent ACL to null.
*
* @throws \Symfony\Component\Security\Acl\Exception\Exception
*
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
*
* @return bool
*/
public function deleteAcl(ObjectIdentityInterface $objectIdentity)
{
try {
$objIdentity = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($objectIdentity, $this->connection);
if (null === $objIdentity) {
// No object identity, no ACL, so deletion is successful (expected result is given).
return true;
}
$this->connection->beginTransaction();
// Retrieve all class and class-field ACEs, if any.
$aces = EntryQuery::create()->findByAclIdentity($objectIdentity, array(), $this->connection);
if (count($aces)) {
// In case this is the last of its kind, delete the class and class-field ACEs.
$count = ObjectIdentityQuery::create()->filterByClassId($objIdentity->getClassId())->count($this->connection);
if (1 === $count) {
$aces->delete($this->connection);
}
}
/*
* If caching is enabled, retrieve the (grand-)children of this ACL.
* Those will be removed from the cache as well, as their parents do not exist anymore.
*/
if (null !== $this->cache) {
$children = ObjectIdentityQuery::create()->findGrandChildren($objIdentity, $this->connection);
}
// This deletes all object and object-field ACEs, too.
$objIdentity->delete($this->connection);
$this->connection->commit();
if (null !== $this->cache) {
$this->cache->evictFromCacheById($objIdentity->getId());
foreach ($children as $eachChild) {
$this->cache->evictFromCacheById($eachChild->getId());
}
}
return true;
// @codeCoverageIgnoreStart
} catch (Exception $e) {
throw new AclException('An error occurred while deleting the ACL.', 1, $e);
}
// @codeCoverageIgnoreEnd
}
/**
* Persists any changes which were made to the ACL, or any associated access control entries.
*
* Changes to parent ACLs are not persisted.
*
* @throws \Symfony\Component\Security\Acl\Exception\Exception
*
* @param \Symfony\Component\Security\Acl\Model\MutableAclInterface $acl
*
* @return bool
*/
public function updateAcl(MutableAclInterface $acl)
{
if (!$acl instanceof MutableAcl) {
throw new \InvalidArgumentException('The given ACL is not tracked by this provider. Please provide \Propel\PropelBundle\Security\Acl\Domain\MutableAcl only.');
}
try {
$modelEntries = EntryQuery::create()->findByAclIdentity($acl->getObjectIdentity(), array(), $this->connection);
$objectIdentity = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($acl->getObjectIdentity(), $this->connection);
$this->connection->beginTransaction();
$keepEntries = array_merge(
$this->persistAcl($acl->getClassAces(), $objectIdentity),
$this->persistAcl($acl->getObjectAces(), $objectIdentity, true)
);
foreach ($acl->getFields() as $eachField) {
$keepEntries = array_merge($keepEntries,
$this->persistAcl($acl->getClassFieldAces($eachField), $objectIdentity),
$this->persistAcl($acl->getObjectFieldAces($eachField), $objectIdentity, true)
);
}
foreach ($modelEntries as &$eachEntry) {
if (!in_array($eachEntry->getId(), $keepEntries)) {
$eachEntry->delete($this->connection);
}
}
if (null === $acl->getParentAcl()) {
$objectIdentity
->setParentObjectIdentityId(null)
->save($this->connection)
;
} else {
$objectIdentity
->setParentObjectIdentityId($acl->getParentAcl()->getId())
->save($this->connection)
;
}
$this->connection->commit();
// After successfully committing the transaction, we are good to update the cache.
if (null !== $this->cache) {
$this->cache->evictFromCacheById($objectIdentity->getId());
$this->cache->putInCache($acl);
}
return true;
// @codeCoverageIgnoreStart
} catch (Exception $e) {
$this->connection->rollBack();
throw new AclException('An error occurred while updating the ACL.', 0, $e);
}
// @codeCoverageIgnoreEnd
}
/**
* Persist the given ACEs.
*
* @param array $accessControlEntries
* @param \Propel\PropelBundle\Model\Acl\ObjectIdentity $objectIdentity
* @param bool $object
*
* @return array The IDs of the persisted ACEs.
*/
protected function persistAcl(array $accessControlEntries, ObjectIdentity $objectIdentity, $object = false)
{
$entries = array();
/* @var $eachAce \Symfony\Component\Security\Acl\Model\EntryInterface */
foreach ($accessControlEntries as $order => $eachAce) {
// If the given ACE has never been persisted, create a new one.
if (null === $entry = $this->getPersistedAce($eachAce, $objectIdentity, $object)) {
$entry = ModelEntry::fromAclEntry($eachAce);
}
if (in_array($entry->getId(), $entries)) {
$entry = ModelEntry::fromAclEntry($eachAce);
}
// Apply possible changes from local ACE.
$entry
->setAceOrder($order)
->setAclClass($objectIdentity->getAclClass())
->setMask($eachAce->getMask())
;
if ($eachAce instanceof AuditableEntryInterface) {
if (is_bool($eachAce->isAuditSuccess())) {
$entry->setAuditSuccess($eachAce->isAuditSuccess());
}
if (is_bool($eachAce->isAuditFailure())) {
$entry->setAuditFailure($eachAce->isAuditFailure());
}
}
if (true === $object) {
$entry->setObjectIdentity($objectIdentity);
}
$entry->save($this->connection);
$entries[] = $entry->getId();
}
return $entries;
}
/**
* Retrieve the persisted model for the given ACE.
*
* If none is given, null is returned.
*
* @param \Symfony\Component\Security\Acl\Model\EntryInterface $ace
*
* @return \Propel\PropelBundle\Model\Acl\Entry|null
*/
protected function getPersistedAce(EntryInterface $ace, ObjectIdentity $objectIdentity, $object = false)
{
if (null !== $ace->getId() and null !== $entry = EntryQuery::create()->findPk($ace->getId(), $this->connection)) {
$entry->reload(true, $this->connection);
return $entry;
}
/*
* The id is not set, but there may be an ACE in the database.
*
* This happens if the ACL has created new ACEs, but was not reloaded.
* We try to retrieve one by the unique key.
*/
$ukQuery = EntryQuery::create()
->filterByAclClass($objectIdentity->getAclClass($this->connection))
->filterBySecurityIdentity(SecurityIdentity::fromAclIdentity($ace->getSecurityIdentity(), $this->connection))
;
if (true === $object) {
$ukQuery->filterByObjectIdentity($objectIdentity);
} else {
$ukQuery->filterByObjectIdentityId(null, \Criteria::ISNULL);
}
if ($ace instanceof FieldEntryInterface) {
$ukQuery->filterByFieldName($ace->getField());
} else {
$ukQuery->filterByFieldName(null, \Criteria::ISNULL);
}
return $ukQuery->findOne($this->connection);
}
/**
* Get an ACL for this provider.
*
* @param \PropelObjectCollection $collection
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
* @param array $loadedSecurityIdentities
* @param \Symfony\Component\Security\Acl\Model\AclInterface $parentAcl
* @param bool $inherited
*
* @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl
*/
protected function getAcl(\PropelObjectCollection $collection, ObjectIdentityInterface $objectIdentity, array $loadedSecurityIdentities = array(), AclInterface $parentAcl = null, $inherited = true)
{
return new MutableAcl($collection, $objectIdentity, $this->permissionGrantingStrategy, $loadedSecurityIdentities, $parentAcl, $inherited, $this->connection);
}
}

103
Tests/AclTestCase.php
View file

@ -1,103 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests;
use Propel\PropelBundle\Model\Acl\AclClass;
use Propel\PropelBundle\Model\Acl\Entry;
use Propel\PropelBundle\Model\Acl\ObjectIdentity as ModelObjectIdentity;
use Propel\PropelBundle\Security\Acl\MutableAclProvider;
use Symfony\Component\Security\Core\Role\Role;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
/**
* AclTestCase
*
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AclTestCase extends TestCase
{
protected $con = null;
protected $cache = null;
public function setUp()
{
parent::setUp();
$this->loadPropelQuickBuilder();
$schema = file_get_contents(__DIR__.'/../Resources/acl_schema.xml');
$builder = new \PropelQuickBuilder();
$builder->setSchema($schema);
if (!class_exists('Propel\PropelBundle\Model\Acl\map\AclClassTableMap')) {
$builder->setClassTargets(array('tablemap', 'peer', 'object', 'query'));
} else {
$builder->setClassTargets(array());
}
$this->con = $builder->build();
}
/**
* @return \Propel\PropelBundle\Model\Acl\ObjectIdentity
*/
protected function createModelObjectIdentity($identifier)
{
$aclClass = $this->getAclClass();
$objIdentity = new ModelObjectIdentity();
$this->assertTrue((bool) $objIdentity
->setAclClass($aclClass)
->setIdentifier($identifier)
->save($this->con)
);
return $objIdentity;
}
protected function createEntry()
{
$entry = new Entry();
$entry
->setAuditSuccess(false)
->setAuditFailure(false)
->setMask(64)
->setGranting(true)
->setGrantingStrategy('all')
->setAceOrder(0)
;
return $entry;
}
protected function getAclClass()
{
return AclClass::fromAclObjectIdentity($this->getAclObjectIdentity(), $this->con);
}
protected function getAclProvider()
{
return new MutableAclProvider(new PermissionGrantingStrategy(), $this->con, $this->cache);
}
protected function getAclObjectIdentity($identifier = 1)
{
return new ObjectIdentity($identifier, 'Propel\PropelBundle\Tests\Fixtures\Model\Book');
}
protected function getRoleSecurityIdentity($role = 'ROLE_USER')
{
return new RoleSecurityIdentity(new Role($role));
}
}

60
Tests/Fixtures/Acl/ArrayCache.php
View file

@ -1,60 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Fixtures\Acl;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\AclCacheInterface;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
class ArrayCache implements AclCacheInterface
{
public $content = array();
public function evictFromCacheById($primaryKey)
{
if (isset($this->content[$primaryKey])) {
unset($this->content[$primaryKey]);
}
}
public function evictFromCacheByIdentity(ObjectIdentityInterface $oid)
{
// Propel ACL does not make use of those.
}
public function getFromCacheById($primaryKey)
{
if (isset($this->content[$primaryKey])) {
return $this->content[$primaryKey];
}
return null;
}
public function getFromCacheByIdentity(ObjectIdentityInterface $oid)
{
// Propel ACL does not make use of those.
}
public function putInCache(AclInterface $acl)
{
if (null === $acl->getId()) {
throw new \InvalidArgumentException('The given ACL does not have an ID.');
}
$this->content[$acl->getId()] = $acl;
}
public function clearCache()
{
$this->content = array();
}
}

41
Tests/Model/Acl/AclClassTest.php
View file

@ -1,41 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Model\Acl;
use Criteria;
use Propel\PropelBundle\Model\Acl\AclClass;
use Propel\PropelBundle\Model\Acl\AclClassPeer;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AclClassTest extends AclTestCase
{
public function testFromAclObjectIdentity()
{
$type = 'Merchant';
$aclClass = AclClass::fromAclObjectIdentity(new ObjectIdentity(5, $type), $this->con);
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\AclClass', $aclClass);
$this->assertEquals($type, $aclClass->getType());
$dbEntry = AclClassPeer::doSelectOne(new Criteria(), $this->con);
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\AclClass', $dbEntry);
$this->assertEquals($type, $dbEntry->getType());
$this->assertEquals($dbEntry->getId(), $aclClass->getId());
}
}

135
Tests/Model/Acl/EntryQueryTest.php
View file

@ -1,135 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Model\Acl;
use Propel\PropelBundle\Model\Acl\Entry;
use Propel\PropelBundle\Model\Acl\EntryQuery;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class EntryQueryTest extends AclTestCase
{
public function setUp()
{
parent::setUp();
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
}
public function testFindByAclIdentityInvalidSecurityIdentity()
{
$this->setExpectedException('InvalidArgumentException');
EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(), array('foo'), $this->con);
}
public function testFindByAclIdentityInvalidSecurityIdentityObject()
{
$this->setExpectedException('InvalidArgumentException');
EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(), array(new \stdClass()), $this->con);
}
public function testFindByAclIdentityNotExists()
{
$this->assertCount(0, EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(2), array(), $this->con));
}
public function testFindByAclIdentitySecurityIdentityNotFound()
{
$this->assertCount(0, EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_ADMIN')), $this->con));
}
public function testFindByAclIdentity()
{
// Another Entry, should not be found (different ObjectIdentity).
$obj = $this->createModelObjectIdentity(2);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
$entries = EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(1), array(), $this->con);
$this->assertCount(1, $entries);
$this->assertEquals(1, $entries[0]->getObjectIdentityId());
// A class based entry for the wrong ObjectIdentity.
$classEntry = $this->createEntry();
$classEntry
->setObjectIdentityId(2)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($obj->getAclClass())
->setMask(64)
->save($this->con)
;
// A class based entry for the correct ObjectIdentity.
$classEntry = $this->createEntry();
$classEntry
->setObjectIdentityId(null)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
->setMask(64)
->save($this->con)
;
$this->assertEquals(4, EntryQuery::create()->count($this->con));
$entries = EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(1), array(), $this->con);
$this->assertCount(2, $entries);
$this->assertEquals($obj->getClassId(), $entries[0]->getClassId());
$this->assertEquals($obj->getClassId(), $entries[1]->getClassId());
}
public function testFindByAclIdentityFilterSecurityIdentity()
{
// Another Entry, should not be found (different SecurityIdentity).
$entry = $this->createEntry();
$entry
->setObjectIdentityId(1)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN')))
->setAclClass($this->getAclClass())
->setMask(64)
->save($this->con)
;
$this->assertEquals(2, EntryQuery::create()->count($this->con));
$entries = EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')), $this->con);
$this->assertCount(1, $entries);
$this->assertEquals(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER'))->getId(), $entries[0]->getSecurityIdentityId());
}
public function testFindByAclIdentityOnlyClassEntries()
{
$this->assertEquals(1, EntryQuery::create()->count($this->con));
EntryQuery::create()->findOne($this->con)
->setObjectIdentity(null)
->save($this->con);
$entries = EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(1), array(), $this->con);
$this->assertCount(1, $entries);
}
}

88
Tests/Model/Acl/EntryTest.php
View file

@ -1,88 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Model\Acl;
use Propel\PropelBundle\Model\Acl\Entry as ModelEntry;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Security\Acl\Domain\Entry as AclEntry;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class EntryTest extends AclTestCase
{
public function testToAclEntry()
{
$acl = $this->getMock('Propel\PropelBundle\Security\Acl\Domain\AuditableAcl', array(), array(), '', false, false);
$entry = $this->createModelEntry();
$aclEntry = ModelEntry::toAclEntry($entry, $acl);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $aclEntry);
$this->assertSame($acl, $aclEntry->getAcl());
$this->assertEquals(42, $aclEntry->getId());
$this->assertTrue($aclEntry->isAuditFailure());
$this->assertFalse($aclEntry->isAuditSuccess());
$this->assertEquals('all', $aclEntry->getStrategy());
$this->assertTrue($aclEntry->isGranting());
$this->assertEquals(64, $aclEntry->getMask());
return $aclEntry;
}
/**
* @depends testToAclEntry
*/
public function testToAclEntryFieldEntry()
{
$acl = $this->getMock('Propel\PropelBundle\Security\Acl\Domain\AuditableAcl', array(), array(), '', false, false);
$entry = $this->createModelEntry();
$entry->setFieldName('name');
$aclEntry = ModelEntry::toAclEntry($entry, $acl);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $aclEntry);
}
/**
* @depends testToAclEntry
*/
public function testFromAclEntry($aclEntry)
{
$modelEntry = ModelEntry::fromAclEntry($aclEntry);
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\Entry', $modelEntry);
$this->assertEquals(42, $modelEntry->getId());
$this->assertTrue($modelEntry->getAuditFailure());
$this->assertFalse($modelEntry->getAuditSuccess());
$this->assertEquals('all', $modelEntry->getGrantingStrategy());
$this->assertTrue($modelEntry->getGranting());
$this->assertEquals(64, $modelEntry->getMask());
}
protected function createModelEntry()
{
$entry = new ModelEntry();
$entry
->setId(42)
->setAclClass($this->getAclClass())
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAuditFailure(true)
->setAuditSuccess(false)
->setGrantingStrategy('all')
->setGranting(true)
->setMask(64)
;
return $entry;
}
}

134
Tests/Model/Acl/ObjectIdentityQueryTest.php
View file

@ -1,134 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Model\Acl;
use Propel\PropelBundle\Model\Acl\AclClass;
use Propel\PropelBundle\Model\Acl\ObjectIdentityQuery;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class ObjectIdentityQueryTest extends AclTestCase
{
public function testFilterByAclObjectIdentity()
{
$aclObj = new ObjectIdentity(1, 'Propel\PropelBundle\Tests\Fixtures\Model\Book');
$aclClass = AclClass::fromAclObjectIdentity($aclObj, $this->con);
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\AclClass', $aclClass);
// None given.
$result = ObjectIdentityQuery::create()->filterByAclObjectIdentity($aclObj, $this->con)->find($this->con);
$this->assertCount(0, $result);
$this->createModelObjectIdentity(1);
$result = ObjectIdentityQuery::create()->filterByAclObjectIdentity($aclObj, $this->con)->find($this->con);
$this->assertCount(1, $result);
$this->assertEquals($aclClass->getId(), $result->getFirst()->getClassId());
$this->assertEquals(1, $result->getFirst()->getIdentifier());
// Change the entity.
$aclObj = new ObjectIdentity(2, 'Propel\PropelBundle\Tests\Fixtures\Model\Book');
$result = ObjectIdentityQuery::create()->filterByAclObjectIdentity($aclObj, $this->con)->find($this->con);
$this->assertCount(0, $result);
}
/**
* @depends testFilterByAclObjectIdentity
*/
public function testFindOneByAclObjectIdentity()
{
$aclObj = new ObjectIdentity(1, 'Propel\PropelBundle\Tests\Fixtures\Model\Book');
$result = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($aclObj, $this->con);
$this->assertEmpty($result);
$objIdentity = $this->createModelObjectIdentity(1);
$result = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($aclObj, $this->con);
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\ObjectIdentity', $result);
$this->assertSame($objIdentity, $result);
}
/**
* @depends testFindOneByAclObjectIdentity
*/
public function testFindChildren()
{
list($objIdentity, $childObjIdentity) = $this->createObjectIdentities();
// Parent not set, yet.
$result = ObjectIdentityQuery::create()->findChildren($objIdentity, $this->con);
$this->assertCount(0, $result);
$childObjIdentity->setObjectIdentityRelatedByParentObjectIdentityId($objIdentity)->save($this->con);
$result = ObjectIdentityQuery::create()->findChildren($objIdentity, $this->con);
$this->assertCount(1, $result);
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\ObjectIdentity', $result->getFirst());
$this->assertSame($childObjIdentity, $result->getFirst());
$this->assertSame($objIdentity, $result->getFirst()->getObjectIdentityRelatedByParentObjectIdentityId());
}
/**
* @depends testFindOneByAclObjectIdentity
*/
public function testFindGrandChildren()
{
list($objIdentity, $childObjIdentity, $grandChildObjIdentity) = $this->createObjectIdentities();
// Parents not set, yet.
$result = ObjectIdentityQuery::create()->findGrandChildren($objIdentity, $this->con);
$this->assertCount(0, $result);
$childObjIdentity->setObjectIdentityRelatedByParentObjectIdentityId($objIdentity)->save($this->con);
$result = ObjectIdentityQuery::create()->findGrandChildren($objIdentity, $this->con);
$this->assertCount(1, $result);
$grandChildObjIdentity->setObjectIdentityRelatedByParentObjectIdentityId($childObjIdentity)->save($this->con);
$result = ObjectIdentityQuery::create()->findGrandChildren($objIdentity, $this->con);
$this->assertCount(2, $result);
}
/**
* @depends testFindOneByAclObjectIdentity
*/
public function testFindAncestors()
{
list($objIdentity, $childObjIdentity) = $this->createObjectIdentities();
// Parents not set, yet.
$result = ObjectIdentityQuery::create()->findAncestors($childObjIdentity, $this->con);
$this->assertCount(0, $result);
$childObjIdentity->setObjectIdentityRelatedByParentObjectIdentityId($objIdentity)->save($this->con);
$result = ObjectIdentityQuery::create()->findAncestors($childObjIdentity, $this->con);
$this->assertCount(1, $result);
}
protected function createObjectIdentities()
{
return array(
$this->createModelObjectIdentity(1),
$this->createModelObjectIdentity(2),
$this->createModelObjectIdentity(3),
);
}
}

302
Tests/Model/Acl/ObjectIdentityTest.php
View file

@ -1,302 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Model\Acl;
use Criteria;
use Propel\PropelBundle\Model\Acl\ObjectIdentity;
use Propel\PropelBundle\Model\Acl\ObjectIdentityQuery;
use Propel\PropelBundle\Model\Acl\ObjectIdentityAncestorQuery;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class ObjectIdentityTest extends AclTestCase
{
public function testCompatibleDefaultImplementation()
{
$objIdenity = $this->createModelObjectIdentity(1);
$ancestorEntries = ObjectIdentityAncestorQuery::create()->find($this->con);
$this->assertCount(1, $ancestorEntries);
$this->assertEquals($objIdenity->getId(), $ancestorEntries->getFirst()->getAncestorId());
$this->assertEquals($objIdenity->getId(), $ancestorEntries->getFirst()->getObjectIdentityId());
$anotherIdenity = $this->createModelObjectIdentity(2);
$ancestorEntries = ObjectIdentityAncestorQuery::create()->orderByAncestorId(Criteria::ASC)->find($this->con);
$this->assertCount(2, $ancestorEntries);
$this->assertEquals($objIdenity->getId(), $ancestorEntries[0]->getAncestorId());
$this->assertEquals($objIdenity->getId(), $ancestorEntries[0]->getObjectIdentityId());
$this->assertEquals($anotherIdenity->getId(), $ancestorEntries[1]->getAncestorId());
$this->assertEquals($anotherIdenity->getId(), $ancestorEntries[1]->getObjectIdentityId());
}
public function testTreeSimpleParent()
{
$parent = $this->createModelObjectIdentity(1);
$obj = $this->createModelObjectIdentity(2);
$this->assertTrue((bool) $obj->setObjectIdentityRelatedByParentObjectIdentityId($parent)->save($this->con));
$entries = ObjectIdentityAncestorQuery::create()
->filterByObjectIdentityId($obj->getId())
->orderByAncestorId(Criteria::ASC)
->find($this->con)
;
$this->assertCount(2, $entries);
$this->assertEquals($obj->getId(), $entries[0]->getObjectIdentityId());
$this->assertEquals($parent->getId(), $entries[0]->getAncestorId());
$this->assertEquals($obj->getId(), $entries[1]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[1]->getAncestorId());
$this->assertTrue((bool) $obj->setObjectIdentityRelatedByParentObjectIdentityId(null)->save($this->con));
$entries = ObjectIdentityAncestorQuery::create()
->filterByObjectIdentityId($obj->getId())
->orderByAncestorId(Criteria::ASC)
->find($this->con)
;
$this->assertCount(1, $entries);
$this->assertEquals($obj->getId(), $entries[0]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[0]->getAncestorId());
}
/**
* @depends testTreeSimpleParent
*/
public function testTreeAddParentChildHavingChild()
{
$parent = $this->createModelObjectIdentity(1);
$obj = $this->createModelObjectIdentity(2);
$child = $this->createModelObjectIdentity(3);
$child->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con);
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parent)->save($this->con);
$entries = ObjectIdentityAncestorQuery::create()
->orderByObjectIdentityId(Criteria::ASC)
->orderByAncestorId(Criteria::ASC)
->find($this->con)
;
$this->assertCount(6, $entries);
$this->assertEquals($parent->getId(), $entries[0]->getObjectIdentityId());
$this->assertEquals($parent->getId(), $entries[0]->getAncestorId());
$this->assertEquals($obj->getId(), $entries[1]->getObjectIdentityId());
$this->assertEquals($parent->getId(), $entries[1]->getAncestorId());
$this->assertEquals($obj->getId(), $entries[2]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[2]->getAncestorId());
$this->assertEquals($child->getId(), $entries[3]->getObjectIdentityId());
$this->assertEquals($parent->getId(), $entries[3]->getAncestorId());
$this->assertEquals($child->getId(), $entries[4]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[4]->getAncestorId());
$this->assertEquals($child->getId(), $entries[5]->getObjectIdentityId());
$this->assertEquals($child->getId(), $entries[5]->getAncestorId());
}
/**
* Tree splitted:
* 1-2
* 3-4-5
*
* Tree merged:
* 1-2-3-4-5
*
* @depends testTreeAddParentChildHavingChild
*/
public function testTreeAddParentChildHavingGrandchildrenAndParentHavingParent()
{
// Part I, before.
$grandParent = $this->createModelObjectIdentity(1);
$parent = $this->createModelObjectIdentity(2);
$parent->setObjectIdentityRelatedByParentObjectIdentityId($grandParent)->save($this->con);
// Part II, before.
$obj = $this->createModelObjectIdentity(3);
$child = $this->createModelObjectIdentity(4);
$grandChild = $this->createModelObjectIdentity(5);
$grandChild->setObjectIdentityRelatedByParentObjectIdentityId($child)->save($this->con);
$child->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con);
// Verify "before"
$entries = ObjectIdentityAncestorQuery::create()
->orderByObjectIdentityId(Criteria::ASC)
->orderByAncestorId(Criteria::ASC)
->find($this->con)
;
$this->assertCount(9, $entries);
$this->assertEquals($grandParent->getId(), $entries[0]->getObjectIdentityId());
$this->assertEquals($grandParent->getId(), $entries[0]->getAncestorId());
$this->assertEquals($parent->getId(), $entries[1]->getObjectIdentityId());
$this->assertEquals($grandParent->getId(), $entries[1]->getAncestorId());
$this->assertEquals($parent->getId(), $entries[2]->getObjectIdentityId());
$this->assertEquals($parent->getId(), $entries[2]->getAncestorId());
$this->assertEquals($obj->getId(), $entries[3]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[3]->getAncestorId());
$this->assertEquals($child->getId(), $entries[4]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[4]->getAncestorId());
$this->assertEquals($child->getId(), $entries[5]->getObjectIdentityId());
$this->assertEquals($child->getId(), $entries[5]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[6]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[6]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[7]->getObjectIdentityId());
$this->assertEquals($child->getId(), $entries[7]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[8]->getObjectIdentityId());
$this->assertEquals($grandChild->getId(), $entries[8]->getAncestorId());
// Merge Trees
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parent)->save($this->con);
$entries = ObjectIdentityAncestorQuery::create()
->orderByObjectIdentityId(Criteria::ASC)
->orderByAncestorId(Criteria::ASC)
->find($this->con)
;
$this->assertCount(15, $entries);
$this->assertEquals($grandParent->getId(), $entries[0]->getObjectIdentityId());
$this->assertEquals($grandParent->getId(), $entries[0]->getAncestorId());
$this->assertEquals($parent->getId(), $entries[1]->getObjectIdentityId());
$this->assertEquals($grandParent->getId(), $entries[1]->getAncestorId());
$this->assertEquals($parent->getId(), $entries[2]->getObjectIdentityId());
$this->assertEquals($parent->getId(), $entries[2]->getAncestorId());
$this->assertEquals($obj->getId(), $entries[3]->getObjectIdentityId());
$this->assertEquals($grandParent->getId(), $entries[3]->getAncestorId());
$this->assertEquals($obj->getId(), $entries[4]->getObjectIdentityId());
$this->assertEquals($parent->getId(), $entries[4]->getAncestorId());
$this->assertEquals($obj->getId(), $entries[5]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[5]->getAncestorId());
$this->assertEquals($child->getId(), $entries[6]->getObjectIdentityId());
$this->assertEquals($grandParent->getId(), $entries[6]->getAncestorId());
$this->assertEquals($child->getId(), $entries[7]->getObjectIdentityId());
$this->assertEquals($parent->getId(), $entries[7]->getAncestorId());
$this->assertEquals($child->getId(), $entries[8]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[8]->getAncestorId());
$this->assertEquals($child->getId(), $entries[9]->getObjectIdentityId());
$this->assertEquals($child->getId(), $entries[9]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[10]->getObjectIdentityId());
$this->assertEquals($grandParent->getId(), $entries[10]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[11]->getObjectIdentityId());
$this->assertEquals($parent->getId(), $entries[11]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[12]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[12]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[13]->getObjectIdentityId());
$this->assertEquals($child->getId(), $entries[13]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[14]->getObjectIdentityId());
$this->assertEquals($grandChild->getId(), $entries[14]->getAncestorId());
// Split Tree
$obj->setObjectIdentityRelatedByParentObjectIdentityId(null)->save($this->con);
$entries = ObjectIdentityAncestorQuery::create()
->orderByObjectIdentityId(Criteria::ASC)
->orderByAncestorId(Criteria::ASC)
->find($this->con)
;
$this->assertCount(9, $entries);
$this->assertEquals($grandParent->getId(), $entries[0]->getObjectIdentityId());
$this->assertEquals($grandParent->getId(), $entries[0]->getAncestorId());
$this->assertEquals($parent->getId(), $entries[1]->getObjectIdentityId());
$this->assertEquals($grandParent->getId(), $entries[1]->getAncestorId());
$this->assertEquals($parent->getId(), $entries[2]->getObjectIdentityId());
$this->assertEquals($parent->getId(), $entries[2]->getAncestorId());
$this->assertEquals($obj->getId(), $entries[3]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[3]->getAncestorId());
$this->assertEquals($child->getId(), $entries[4]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[4]->getAncestorId());
$this->assertEquals($child->getId(), $entries[5]->getObjectIdentityId());
$this->assertEquals($child->getId(), $entries[5]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[6]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[6]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[7]->getObjectIdentityId());
$this->assertEquals($child->getId(), $entries[7]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[8]->getObjectIdentityId());
$this->assertEquals($grandChild->getId(), $entries[8]->getAncestorId());
}
/**
* @depends testTreeAddParentChildHavingChild
*/
public function testDeleteRemovesGrandchildren()
{
$parent = $this->createModelObjectIdentity(1);
$obj = $this->createModelObjectIdentity(2);
$child = $this->createModelObjectIdentity(3);
$child->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con);
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parent)->save($this->con);
$parent->delete($this->con);
$this->assertEquals(0, ObjectIdentityQuery::create()->count($this->con));
$this->assertEquals(0, ObjectIdentityAncestorQuery::create()->count($this->con));
}
public function testInsertWithAssignedParent()
{
$parent = $this->createModelObjectIdentity(1);
$obj = new ObjectIdentity();
$obj
->setAclClass($this->getAclClass())
->setIdentifier(2)
->setObjectIdentityRelatedByParentObjectIdentityId($parent)
->save($this->con)
;
$entries = ObjectIdentityQuery::create()->orderByParentObjectIdentityId(Criteria::ASC)->find($this->con);
$this->assertCount(2, $entries);
$this->assertNull($entries[0]->getParentObjectIdentityId());
$this->assertEquals($entries[0]->getId(), $entries[1]->getParentObjectIdentityId());
}
}

122
Tests/Model/Acl/SecurityIdentityTest.php
View file

@ -1,122 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Model\Acl;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Model\Acl\SecurityIdentityQuery;
use Symfony\Component\Security\Core\Role\Role;
use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity;
use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class SecurityIdentityTest extends AclTestCase
{
public function testToAclIdentityUserWithInvalidIdentifier()
{
$identity = new SecurityIdentity();
$identity->setIdentifier('invalidIdentifier');
$identity->setUsername(true);
$this->setExpectedException('InvalidArgumentException');
SecurityIdentity::toAclIdentity($identity);
}
public function testToAclIdentityUnknownSecurityIdentity()
{
$identity = new SecurityIdentity();
$identity->setIdentifier('invalidIdentifier');
$identity->setUsername(false);
$this->setExpectedException('InvalidArgumentException');
SecurityIdentity::toAclIdentity($identity);
}
public function testToAclIdentityValidUser()
{
$identity = new SecurityIdentity();
$identity->setIdentifier('Propel\PropelBundle\Tests\Fixtures\UserProxy-propel');
$identity->setUsername(true);
$secIdentity = SecurityIdentity::toAclIdentity($identity);
$this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\UserSecurityIdentity', $secIdentity);
}
public function testToAclIdentityMultipleDashes()
{
$identity = new SecurityIdentity();
$identity->setIdentifier('Propel\PropelBundle\Tests\Fixtures\UserProxy-some-username@domain.com');
$identity->setUsername(true);
$secIdentity = SecurityIdentity::toAclIdentity($identity);
$this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\UserSecurityIdentity', $secIdentity);
$this->assertEquals('some-username@domain.com', $secIdentity->getUsername());
}
public function testToAclIdentityValidRole()
{
$identity = new SecurityIdentity();
$identity->setIdentifier('ROLE_ADMIN');
$identity->setUsername(false);
$secIdentity = SecurityIdentity::toAclIdentity($identity);
$this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity', $secIdentity);
$identity = new SecurityIdentity();
$identity->setIdentifier('IS_AUTHENTICATED_ANONYMOUSLY');
$identity->setUsername(false);
$secIdentity = SecurityIdentity::toAclIdentity($identity);
$this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity', $secIdentity);
}
public function testFromAclIdentityWithInvalid()
{
$secIdentity = $this->getMock('Symfony\Component\Security\Acl\Model\SecurityIdentityInterface');
$this->setExpectedException('InvalidArgumentException');
SecurityIdentity::fromAclIdentity($secIdentity, $this->con);
}
public function testFromAclIdentityWithUser()
{
$secIdentity = new UserSecurityIdentity('propel', 'Propel\PropelBundle\Tests\Fixtures\UserProxy');
$identity = SecurityIdentity::fromAclIdentity($secIdentity, $this->con);
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\SecurityIdentity', $identity);
$this->assertEquals(true, $identity->getUsername());
$this->assertEquals('Propel\PropelBundle\Tests\Fixtures\UserProxy-propel', $identity->getIdentifier());
$this->assertGreaterThan(0, $identity->getId());
$dbEntry = SecurityIdentityQuery::create()->findPk($identity->getId());
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\SecurityIdentity', $dbEntry);
}
public function testFromAclIdentityWithRole()
{
$secIdentity = new RoleSecurityIdentity(new Role('ROLE_USER'));
$identity = SecurityIdentity::fromAclIdentity($secIdentity, $this->con);
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\SecurityIdentity', $identity);
$this->assertEquals(false, $identity->getUsername());
$this->assertEquals('ROLE_USER', $identity->getIdentifier());
$this->assertGreaterThan(0, $identity->getId());
$dbEntry = SecurityIdentityQuery::create()->findPk($identity->getId());
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\SecurityIdentity', $dbEntry);
}
}

259
Tests/Security/Acl/AclProviderTest.php
View file

@ -1,259 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Model\Acl\EntryQuery;
use Propel\PropelBundle\Model\Acl\EntryPeer;
use Propel\PropelBundle\Security\Acl\AclProvider;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
use Propel\PropelBundle\Tests\AclTestCase;
use Propel\PropelBundle\Tests\Fixtures\Acl\ArrayCache as AclCache;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AclProviderTest extends AclTestCase
{
public function testFindAclNoneGiven()
{
$provider = $this->getAclProvider();
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\AclNotFoundException', 'There is no ACL available for this object identity. Please create one using the MutableAclProvider.');
$provider->findAcl($this->getAclObjectIdentity());
}
public function testFindAclNoneGivenFilterSecurityIdentity()
{
$provider = $this->getAclProvider();
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\AclNotFoundException', 'There is at least no ACL for this object identity and the given security identities. Try retrieving the ACL without security identity filter and add ACEs for the security identities.');
$provider->findAcl($this->getAclObjectIdentity(), array($this->getRoleSecurityIdentity()));
}
public function testFindAclWithEntries()
{
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')));
$this->assertNotEmpty($acl);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Acl', $acl);
$this->assertEmpty($acl->getFields());
$this->assertEmpty($acl->getClassAces());
$this->assertNotEmpty($acl->getObjectAces());
$this->assertCount(1, $acl->getObjectAces());
$this->assertNull($acl->getParentAcl());
$this->assertTrue($acl->isEntriesInheriting());
$this->assertFalse($acl->isSidLoaded($this->getRoleSecurityIdentity('ROLE_ADMIN')));
$this->assertTrue($acl->isSidLoaded($this->getRoleSecurityIdentity('ROLE_USER')));
$this->assertTrue($acl->isGranted(array(1, 2, 4, 8, 16, 32, 64), array($this->getRoleSecurityIdentity('ROLE_USER'))));
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\NoAceFoundException');
$acl->isGranted(array(128), array($this->getRoleSecurityIdentity('ROLE_USER')));
}
/**
* @depends testFindAclWithEntries
*/
public function testFindAclWithParent()
{
$parent = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($parent->getAclClass())
->setMask(128)
;
$parent->addEntry($entry)->save($this->con);
$obj = $this->createModelObjectIdentity(2);
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parent);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(2), array($this->getRoleSecurityIdentity('ROLE_USER')));
$parent = $acl->getParentAcl();
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Acl', $acl);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Acl', $parent);
$aces = $acl->getObjectAces();
$parentAces = $parent->getObjectAces();
$this->assertEquals(64, $aces[0]->getMask());
$this->assertEquals(128, $parentAces[0]->getMask());
}
/**
* @depends testFindAclWithEntries
*/
public function testFindAcls()
{
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
;
$obj->addEntry($entry)->save($this->con);
$aclObj = $this->getAclObjectIdentity(1);
$acls = $this->getAclProvider()->findAcls(array($aclObj), array($this->getRoleSecurityIdentity('ROLE_USER')));
$acl = $this->getAclProvider()->findAcl($aclObj, array($this->getRoleSecurityIdentity('ROLE_USER')));
$this->assertNotEmpty($acls);
$this->assertCount(1, $acls);
$this->assertTrue($acls->contains($aclObj));
$this->assertEquals($acl, $acls[$aclObj]);
}
public function testFindChildrenParentNotExists()
{
$this->assertEmpty($this->getAclProvider()->findChildren(new ObjectIdentity(5, 'Book')));
}
/**
* @depends testFindAclWithEntries
*/
public function testFindChildrenWithoutChildren()
{
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
$childrenAcl = $this->getAclProvider()->findChildren($this->getAclObjectIdentity(1));
$this->assertEmpty($childrenAcl);
}
public function testFindChildrenDirectOnly()
{
list($parentObj, $obj, $childObj) = $this->createObjectIdentities();
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parentObj)->save($this->con);
$childObj->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con);
$children = $this->getAclProvider()->findChildren($this->getAclObjectIdentity(1), true);
$this->assertNotEmpty($children);
$this->assertCount(1, $children);
$this->assertEquals(2, $children[0]->getIdentifier());
}
public function testFindChildrenWithGrandChildren()
{
list($parentObj, $obj, $childObj) = $this->createObjectIdentities();
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parentObj)->save($this->con);
$childObj->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con);
$children = $this->getAclProvider()->findChildren($this->getAclObjectIdentity(1));
$this->assertNotEmpty($children);
$this->assertCount(2, $children);
$this->assertEquals(2, $children[0]->getIdentifier());
$this->assertEquals(3, $children[1]->getIdentifier());
}
protected function createObjectIdentities()
{
$parentObj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($parentObj->getAclClass())
->setMask(64)
;
$parentObj->addEntry($entry)->save($this->con);
$obj = $this->createModelObjectIdentity(2);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
$childObj = $this->createModelObjectIdentity(3);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($childObj->getAclClass())
->setMask(64)
;
$childObj->addEntry($entry)->save($this->con);
return array($parentObj, $obj, $childObj);
}
/**
* @depends testFindAclWithEntries
*/
public function testFindAclReadsFromCache()
{
$this->cache = new AclCache();
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
// Read and put into cache
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')));
$this->cache->content[1] = $acl;
// Change database
EntryQuery::create()->update(array(EntryPeer::translateFieldName(EntryPeer::MASK, \BasePeer::TYPE_COLNAME, \BasePeer::TYPE_PHPNAME) => 128), $this->con);
$this->assertEquals(0, EntryQuery::create()->filterByMask(64)->count($this->con));
// Verify cache has been read
$cachedAcl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')));
$cachedObjectAces = $cachedAcl->getObjectAces();
$this->assertSame($acl, $cachedAcl);
$this->assertEquals(64, $cachedObjectAces[0]->getMask());
}
protected function getAclProvider()
{
return new AclProvider(new PermissionGrantingStrategy(), $this->con, $this->cache);
}
}

87
Tests/Security/Acl/AuditableAclProviderTest.php
View file

@ -1,87 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl;
use Propel\PropelBundle\Model\Acl\EntryQuery;
use Propel\PropelBundle\Security\Acl\AuditableAclProvider;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AuditableAclProviderTest extends AclTestCase
{
public function testCreateAcl()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$this->assertNotEmpty($acl);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\AuditableAcl', $acl);
$this->assertEquals(1, $acl->getId());
}
/**
* @depends testCreateAcl
*/
public function testUpdatePersistsAuditing()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->find($this->con);
$this->assertCount(1, $entries);
// default values
$this->assertFalse($entries[0]->getAuditSuccess());
$this->assertTrue($entries[0]->getAuditFailure());
$acl->updateObjectAuditing(0, true, true);
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->find($this->con);
$this->assertCount(1, $entries);
$this->assertTrue($entries[0]->getAuditSuccess());
$this->assertTrue($entries[0]->getAuditFailure());
$acl->updateObjectAuditing(0, false, true);
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->find($this->con);
$this->assertCount(1, $entries);
$this->assertFalse($entries[0]->getAuditSuccess());
$this->assertTrue($entries[0]->getAuditFailure());
$acl->updateObjectAuditing(0, true, false);
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->find($this->con);
$this->assertCount(1, $entries);
$this->assertTrue($entries[0]->getAuditSuccess());
$this->assertFalse($entries[0]->getAuditFailure());
$acl->updateObjectAuditing(0, false, false);
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->find($this->con);
$this->assertCount(1, $entries);
$this->assertFalse($entries[0]->getAuditSuccess());
$this->assertFalse($entries[0]->getAuditFailure());
}
protected function getAclProvider()
{
return new AuditableAclProvider(new PermissionGrantingStrategy(), $this->con);
}
}

206
Tests/Security/Acl/Domain/AclTest.php
View file

@ -1,206 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl\Domain;
use Propel\PropelBundle\Model\Acl\Entry;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Security\Acl\Domain\Acl;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AclTest extends AclTestCase
{
public function testConstructorInvalidCollection()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\AclClass');
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\Exception');
new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
}
public function testConstructorEmptyCollection()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$aclObj = $this->getAclObjectIdentity();
$acl = new Acl($collection, $aclObj, new PermissionGrantingStrategy());
$this->assertEmpty($acl->getClassAces());
$this->assertEmpty($acl->getObjectAces());
$this->assertEmpty($acl->getFields());
$this->assertNull($acl->getParentAcl());
$this->assertSame($aclObj, $acl->getObjectIdentity());
$this->assertTrue($acl->isEntriesInheriting());
}
/**
* @depends testConstructorEmptyCollection
*/
public function testConstructorWithAces()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$obj = $this->createModelObjectIdentity(1);
// object based ACE
$entry = $this->createEntry();
$entry
->setObjectIdentity($obj)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
// object field based ACE
$entry = $this->createEntry();
$entry
->setObjectIdentity($obj)
->setFieldName('name')
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
// class based ACE
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
// class field based ACE
$entry = $this->createEntry();
$entry
->setFieldName('name')
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->assertNotEmpty($acl->getClassAces());
$this->assertNotEmpty($acl->getObjectAces());
$this->assertEquals(array('name'), $acl->getFields());
$this->assertNotEmpty($acl->getClassFieldAces('name'));
$this->assertNotEmpty($acl->getObjectFieldAces('name'));
$classAces = $acl->getClassAces();
$objectAces = $acl->getObjectAces();
$classFieldAces = $acl->getClassFieldAces('name');
$objectFieldAces = $acl->getObjectFieldAces('name');
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $classAces[0]);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $objectAces[0]);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $classFieldAces[0]);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $objectFieldAces[0]);
$this->assertSame($acl, $classAces[0]->getAcl());
$this->assertSame($acl, $objectAces[0]->getAcl());
$this->assertSame($acl, $classFieldAces[0]->getAcl());
$this->assertSame($acl, $objectFieldAces[0]->getAcl());
$this->assertEquals('name', $classFieldAces[0]->getField());
$this->assertEquals('name', $objectFieldAces[0]->getField());
}
public function testIsSidLoadedNoneLoaded()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->assertFalse($acl->isSidLoaded($this->getRoleSecurityIdentity()));
}
public function testIsSidLoadedInvalid()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$aclObj = $this->getAclObjectIdentity();
$acl = new Acl($collection, $aclObj, new PermissionGrantingStrategy());
$this->setExpectedException('InvalidArgumentException');
$acl->isSidLoaded('foo');
}
public function testIsGrantedNoAces()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\NoAceFoundException');
$acl->isGranted(array(64), array($this->getRoleSecurityIdentity()));
}
public function testIsGrantedNoMatchingSecurityIdentity()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN')))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\NoAceFoundException');
$acl->isGranted(array(64), array($this->getRoleSecurityIdentity('ROLE_USER')));
}
public function testIsFieldGrantedNoAces()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\NoAceFoundException');
$acl->isFieldGranted('name', array(64), array($this->getRoleSecurityIdentity()));
}
public function testSerializeUnserialize()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN')))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$serialized = serialize($acl);
$unserialized = unserialize($serialized);
$this->assertNotEmpty($serialized);
$this->assertNotEmpty($unserialized);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Acl', $unserialized);
$this->assertEquals($serialized, serialize($unserialized));
}
}

212
Tests/Security/Acl/Domain/AuditableAclTest.php
View file

@ -1,212 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl\Domain;
use Propel\PropelBundle\Model\Acl\Entry;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Security\Acl\Domain\AuditableAcl;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AuditableAclTest extends AclTestCase
{
public function testUpdateAuditingInvalidIndex()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->setExpectedException('OutOfBoundsException');
$acl->updateObjectAuditing(0, false, false);
}
public function testUpdateAuditingInvalidField()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setObjectIdentity($obj)
->setFieldName('name')
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->setExpectedException('InvalidArgumentException');
$acl->updateObjectFieldAuditing(0, 'foo', false, false);
}
public function testUpdateAuditingInvalidFlag()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setObjectIdentity($obj)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->setExpectedException('InvalidArgumentException');
$acl->updateObjectAuditing(0, 'foo', 'bar');
}
public function testUpdateObjectAuditing()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setObjectIdentity($obj)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$aces = $acl->getObjectAces();
$this->assertCount(1, $aces);
$acl->updateObjectAuditing(0, true, true);
$aces = $acl->getObjectAces();
$this->assertTrue($aces[0]->isAuditSuccess());
$this->assertTrue($aces[0]->isAuditFailure());
$acl->updateObjectAuditing(0, false, true);
$aces = $acl->getObjectAces();
$this->assertFalse($aces[0]->isAuditSuccess());
$this->assertTrue($aces[0]->isAuditFailure());
$acl->updateObjectAuditing(0, true, false);
$aces = $acl->getObjectAces();
$this->assertTrue($aces[0]->isAuditSuccess());
$this->assertFalse($aces[0]->isAuditFailure());
$acl->updateObjectAuditing(0, false, false);
$aces = $acl->getObjectAces();
$this->assertFalse($aces[0]->isAuditSuccess());
$this->assertFalse($aces[0]->isAuditFailure());
}
/**
* @depends testUpdateObjectAuditing
*/
public function testUpdateObjectFieldAuditing()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setFieldName('name')
->setObjectIdentity($obj)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$aces = $acl->getObjectFieldAces('name');
$this->assertCount(1, $aces);
$acl->updateObjectFieldAuditing(0, 'name', true, true);
$aces = $acl->getObjectFieldAces('name');
$this->assertTrue($aces[0]->isAuditSuccess());
$this->assertTrue($aces[0]->isAuditFailure());
$acl->updateObjectFieldAuditing(0, 'name', false, false);
$aces = $acl->getObjectFieldAces('name');
$this->assertFalse($aces[0]->isAuditSuccess());
$this->assertFalse($aces[0]->isAuditFailure());
}
/**
* @depends testUpdateObjectAuditing
*/
public function testUpdateClassAuditing()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$aces = $acl->getClassAces();
$this->assertCount(1, $aces);
$acl->updateClassAuditing(0, true, true);
$aces = $acl->getClassAces('name');
$this->assertTrue($aces[0]->isAuditSuccess());
$this->assertTrue($aces[0]->isAuditFailure());
$acl->updateClassAuditing(0, false, false);
$aces = $acl->getClassAces();
$this->assertFalse($aces[0]->isAuditSuccess());
$this->assertFalse($aces[0]->isAuditFailure());
}
/**
* @depends testUpdateObjectAuditing
*/
public function testUpdateClassFieldAuditing()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$entry = $this->createEntry();
$entry
->setFieldName('name')
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$aces = $acl->getClassFieldAces('name');
$this->assertCount(1, $aces);
$acl->updateClassFieldAuditing(0, 'name', true, true);
$aces = $acl->getClassFieldAces('name');
$this->assertTrue($aces[0]->isAuditSuccess());
$this->assertTrue($aces[0]->isAuditFailure());
$acl->updateClassFieldAuditing(0, 'name', false, false);
$aces = $acl->getClassFieldAces('name');
$this->assertFalse($aces[0]->isAuditSuccess());
$this->assertFalse($aces[0]->isAuditFailure());
}
}

70
Tests/Security/Acl/Domain/EntryTest.php
View file

@ -1,70 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl\Domain;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Security\Acl\Domain\Acl;
use Propel\PropelBundle\Security\Acl\Domain\Entry;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class EntryTest extends AclTestCase
{
public function testConstruct()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$model = $this->createEntry();
$model->setAuditFailure(true);
$model->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()));
$entry = new Entry($model, $acl);
$this->assertEquals($model->getMask(), $entry->getMask());
$this->assertEquals($model->getGranting(), $entry->isGranting());
$this->assertEquals($model->getGrantingStrategy(), $entry->getStrategy());
$this->assertEquals($model->getAuditFailure(), $entry->isAuditFailure());
$this->assertEquals($model->getAuditSuccess(), $entry->isAuditSuccess());
$this->assertEquals($this->getRoleSecurityIdentity(), $entry->getSecurityIdentity());
return $entry;
}
/**
* @depends testConstruct
*/
public function testSerializeUnserialize(Entry $entry)
{
$serialized = serialize($entry);
$unserialized = unserialize($serialized);
$this->assertNotEmpty($serialized);
$this->assertNotEmpty($unserialized);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $unserialized);
$this->assertEquals($entry->getMask(), $unserialized->getMask());
$this->assertEquals($entry->isGranting(), $unserialized->isGranting());
$this->assertEquals($entry->getStrategy(), $unserialized->getStrategy());
$this->assertEquals($entry->isAuditFailure(), $unserialized->isAuditFailure());
$this->assertEquals($entry->isAuditSuccess(), $unserialized->isAuditSuccess());
$this->assertEquals($entry->getSecurityIdentity(), $unserialized->getSecurityIdentity());
$this->assertEquals($serialized, serialize($unserialized));
}
}

73
Tests/Security/Acl/Domain/FieldEntryTest.php
View file

@ -1,73 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl\Domain;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Security\Acl\Domain\Acl;
use Propel\PropelBundle\Security\Acl\Domain\FieldEntry;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class FieldEntryTest extends AclTestCase
{
public function testConstruct()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$model = $this->createEntry();
$model->setFieldName('name');
$model->setAuditFailure(true);
$model->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()));
$entry = new FieldEntry($model, $acl);
$this->assertEquals($model->getMask(), $entry->getMask());
$this->assertEquals($model->getGranting(), $entry->isGranting());
$this->assertEquals($model->getGrantingStrategy(), $entry->getStrategy());
$this->assertEquals($model->getAuditFailure(), $entry->isAuditFailure());
$this->assertEquals($model->getAuditSuccess(), $entry->isAuditSuccess());
$this->assertEquals($model->getFieldName(), $entry->getField());
$this->assertEquals($this->getRoleSecurityIdentity(), $entry->getSecurityIdentity());
return $entry;
}
/**
* @depends testConstruct
*/
public function testSerializeUnserialize(FieldEntry $entry)
{
$serialized = serialize($entry);
$unserialized = unserialize($serialized);
$this->assertNotEmpty($serialized);
$this->assertNotEmpty($unserialized);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $unserialized);
$this->assertEquals($entry->getMask(), $unserialized->getMask());
$this->assertEquals($entry->isGranting(), $unserialized->isGranting());
$this->assertEquals($entry->getStrategy(), $unserialized->getStrategy());
$this->assertEquals($entry->isAuditFailure(), $unserialized->isAuditFailure());
$this->assertEquals($entry->isAuditSuccess(), $unserialized->isAuditSuccess());
$this->assertEquals($entry->getSecurityIdentity(), $unserialized->getSecurityIdentity());
$this->assertEquals($entry->getField(), $unserialized->getField());
$this->assertEquals($serialized, serialize($unserialized));
}
}

276
Tests/Security/Acl/Domain/MutableAclTest.php
View file

@ -1,276 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl\Domain;
use Propel\PropelBundle\Model\Acl\Entry;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Security\Acl\Domain\MutableAcl;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class MutableAclTest extends AclTestCase
{
public function testConstructorInvalidCollection()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\AclClass');
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\Exception');
new MutableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy(), array(), null, false, $this->con);
}
public function testConstructorEmptyCollection()
{
$acl = $this->createEmptyAcl(1, array(), null, false);
$this->assertEquals(1, $acl->getId());
$this->assertEmpty($acl->getClassAces());
$this->assertEmpty($acl->getObjectAces());
$this->assertEmpty($acl->getFields());
$this->assertNull($acl->getParentAcl());
$this->assertFalse($acl->isEntriesInheriting());
}
/**
* @depends testConstructorEmptyCollection
*/
public function testSetUnsetParentAcl()
{
$parentAcl = $this->createEmptyAcl(1);
$acl = $this->createEmptyAcl(2);
$acl->setParentAcl($parentAcl);
$acl->setEntriesInheriting(true);
$this->assertSame($parentAcl, $acl->getParentAcl());
$this->assertTrue($acl->isEntriesInheriting());
$this->assertEquals(1, $acl->getParentAcl()->getId());
$acl->setParentAcl(null);
$this->assertNull($acl->getParentAcl());
}
public function testInsertAceInvalidMask()
{
$acl = $this->createEmptyAcl();
$this->setExpectedException('InvalidArgumentException', 'The given mask is not valid. Please provide an integer.');
$acl->insertClassAce($this->getRoleSecurityIdentity(), 'foo');
}
public function testInsertAceOutofBounds()
{
$acl = $this->createEmptyAcl();
$this->setExpectedException('OutOfBoundsException', 'The index must be in the interval [0, 0].');
$acl->insertClassAce($this->getRoleSecurityIdentity(), 64, 1);
}
public function insertAceProvider()
{
return array(
array('ClassAce'),
array('ClassFieldAce', 'name'),
array('ObjectAce'),
array('ObjectFieldAce', 'name'),
);
}
/**
* @dataProvider insertAceProvider
*/
public function testInsertFirstAce($type, $field = null)
{
$acl = $this->createEmptyAcl();
if (null !== $field) {
$acl->{'insert'.$type}($field, $this->getRoleSecurityIdentity(), 64);
$aces = $acl->{'get'.$type.'s'}($field);
} else {
$acl->{'insert'.$type}($this->getRoleSecurityIdentity(), 64);
$aces = $acl->{'get'.$type.'s'}();
}
$this->assertNotEmpty($aces);
$this->assertCount(1, $aces);
$this->assertEquals($this->getRoleSecurityIdentity(), $aces[0]->getSecurityIdentity());
$this->assertEquals(64, $aces[0]->getMask());
$this->assertTrue($aces[0]->isGranting());
$this->assertNull($aces[0]->getId());
$this->assertEquals('all', $aces[0]->getStrategy());
if (null !== $field) {
$this->assertEquals($field, $aces[0]->getField());
}
}
public function testUpdateAceInvalidIndex()
{
$acl = $this->createEmptyAcl();
$this->setExpectedException('OutOfBoundsException');
$acl->updateClassAce(0, 64);
}
/**
* @depends testInsertFirstAce
*/
public function testUpdateFieldAceInvalidField()
{
$acl = $this->createEmptyAcl();
$acl->insertClassAce($this->getRoleSecurityIdentity(), 64);
$this->setExpectedException('InvalidArgumentException', 'The given field "name" does not exist.');
$acl->updateClassFieldAce(0, 'name', 128);
}
/**
* @depends testInsertFirstAce
*/
public function testInsertUpdateDelete()
{
$secIdentity = $this->getRoleSecurityIdentity();
$acl = $this->createEmptyAcl();
// insert
$acl->insertClassAce($secIdentity, 64);
$acl->insertClassFieldAce('name', $secIdentity, 32);
$acl->insertObjectAce($secIdentity, 128);
$acl->insertObjectFieldAce('name', $secIdentity, 16, 0, false);
$classAces = $acl->getClassAces();
$classFieldAces = $acl->getClassFieldAces('name');
$objectAces = $acl->getObjectAces();
$objectFieldAces = $acl->getObjectFieldAces('name');
$this->assertCount(1, $classAces);
$this->assertCount(1, $classFieldAces);
$this->assertCount(1, $objectAces);
$this->assertCount(1, $objectFieldAces);
$this->assertEquals(array('name'), $acl->getFields());
$this->assertEquals(64, $classAces[0]->getMask());
$this->assertEquals(32, $classFieldAces[0]->getMask());
$this->assertEquals(128, $objectAces[0]->getMask());
$this->assertEquals(16, $objectFieldAces[0]->getMask());
$this->assertEquals('all', $classAces[0]->getStrategy());
$this->assertEquals('all', $classFieldAces[0]->getStrategy());
$this->assertEquals('all', $objectAces[0]->getStrategy());
$this->assertEquals('any', $objectFieldAces[0]->getStrategy());
$this->assertFalse($objectFieldAces[0]->isGranting());
// update
$acl->updateClassAce(0, 256);
$acl->updateClassFieldAce(0, 'name', 128, 'any');
$acl->updateObjectAce(0, 64, 'equal');
$acl->updateObjectFieldAce(0, 'name', 32, 'all');
$this->assertCount(1, $classAces);
$this->assertCount(1, $classFieldAces);
$this->assertCount(1, $objectAces);
$this->assertCount(1, $objectFieldAces);
$classAces = $acl->getClassAces();
$classFieldAces = $acl->getClassFieldAces('name');
$objectAces = $acl->getObjectAces();
$objectFieldAces = $acl->getObjectFieldAces('name');
$this->assertEquals(256, $classAces[0]->getMask());
$this->assertEquals(128, $classFieldAces[0]->getMask());
$this->assertEquals(64, $objectAces[0]->getMask());
$this->assertEquals(32, $objectFieldAces[0]->getMask());
$this->assertEquals('all', $classAces[0]->getStrategy());
$this->assertEquals('any', $classFieldAces[0]->getStrategy());
$this->assertEquals('equal', $objectAces[0]->getStrategy());
$this->assertEquals('all', $objectFieldAces[0]->getStrategy());
// delete
$acl->deleteClassAce(0);
$acl->deleteClassFieldAce(0, 'name');
$acl->deleteObjectAce(0);
$acl->deleteObjectFieldAce(0, 'name');
$classAces = $acl->getClassAces();
$classFieldAces = $acl->getClassFieldAces('name');
$objectAces = $acl->getObjectAces();
$objectFieldAces = $acl->getObjectFieldAces('name');
$this->assertCount(0, $classAces);
$this->assertCount(0, $classFieldAces);
$this->assertCount(0, $objectAces);
$this->assertCount(0, $objectFieldAces);
}
/**
* @depends testInsertUpdateDelete
*/
public function testUpdatePersistedAceKeepsId()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$entry = $this->createEntry();
$entry
->setId(42)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN')))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new MutableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$acl->updateClassAce(0, 128);
$aces = $acl->getClassAces();
$this->assertEquals(42, $aces[0]->getId());
$this->assertEquals(128, $aces[0]->getMask());
}
public function testSerializeUnserialize()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN')))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new MutableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$serialized = serialize($acl);
$unserialized = unserialize($serialized);
$this->assertNotEmpty($serialized);
$this->assertNotEmpty($unserialized);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\MutableAcl', $unserialized);
$this->assertEquals($serialized, serialize($unserialized));
}
protected function createEmptyAcl($identifier = 1, array $securityIdentities = array(), AclInterface $parentAcl = null, $inherited = null)
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
return new MutableAcl($collection, $this->getAclObjectIdentity($identifier), new PermissionGrantingStrategy(), $securityIdentities, $parentAcl, $inherited, $this->con);
}
}

319
Tests/Security/Acl/MutableAclProviderTest.php
View file

@ -1,319 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl;
use Propel\PropelBundle\Model\Acl\EntryQuery;
use Propel\PropelBundle\Model\Acl\ObjectIdentityQuery;
use Propel\PropelBundle\Tests\AclTestCase;
use Propel\PropelBundle\Tests\Fixtures\Acl\ArrayCache as AclCache;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class MutableAclProviderTest extends AclTestCase
{
public function testCreateAcl()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$this->assertNotEmpty($acl);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\MutableAcl', $acl);
$this->assertEquals(1, $acl->getId());
$this->assertEmpty($acl->getClassAces());
$this->assertEmpty($acl->getObjectAces());
$this->assertEmpty($acl->getFields());
}
/**
* @depends testCreateAcl
*/
public function testUpdateAclCreatesInsertedAces()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$acl->insertClassFieldAce('name', $this->getRoleSecurityIdentity('ROLE_ADMIN'), 128);
$this->assertCount(1, $acl->getObjectAces());
$this->assertEquals(array('name'), $acl->getFields());
$this->assertCount(1, $acl->getClassFieldAces('name'));
$this->assertEquals(0, EntryQuery::create()->count($this->con));
$this->assertTrue($this->getAclProvider()->updateAcl($acl));
$this->assertEquals(2, EntryQuery::create()->count($this->con));
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1));
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\MutableAcl', $acl);
$objAces = $acl->getObjectAces();
$this->assertCount(1, $objAces);
$entry = $objAces[0];
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $entry);
$this->assertEquals(64, $entry->getMask());
$this->assertEquals($this->getRoleSecurityIdentity(), $entry->getSecurityIdentity());
$classFieldAces = $acl->getClassFieldAces('name');
$this->assertCount(1, $classFieldAces);
$entry = $classFieldAces[0];
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $entry);
$this->assertEquals('name', $entry->getField());
$this->assertEquals(128, $entry->getMask());
$this->assertEquals($this->getRoleSecurityIdentity('ROLE_ADMIN'), $entry->getSecurityIdentity());
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testCreateAclAlreadyExists()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$this->getAclProvider()->updateAcl($acl);
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\AclAlreadyExistsException');
$this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testCreateAclWithParent()
{
$parentAcl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$parentAcl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$this->getAclProvider()->updateAcl($parentAcl);
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(2));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 128);
$acl->setParentAcl($parentAcl);
$this->getAclProvider()->updateAcl($acl);
$entries = ObjectIdentityQuery::create()->orderById(\Criteria::ASC)->find($this->con);
$this->assertCount(2, $entries);
$this->assertNull($entries[0]->getParentObjectIdentityId());
$this->assertEquals($entries[0]->getId(), $entries[1]->getParentObjectIdentityId());
}
public function testUpdateAclInvalidAcl()
{
$acl = $this->getMock('Symfony\Component\Security\Acl\Model\MutableAclInterface');
$this->setExpectedException('InvalidArgumentException');
$this->getAclProvider()->updateAcl($acl);
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testUpdateAclRemovesDeletedEntries()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertObjectFieldAce('name', $this->getRoleSecurityIdentity(), 4);
$acl->insertObjectFieldAce('slug', $this->getRoleSecurityIdentity(), 1);
$this->getAclProvider()->updateAcl($acl);
$this->assertEquals(2, EntryQuery::create()->count($this->con));
$acl->deleteObjectFieldAce(0, 'slug');
$this->getAclProvider()->updateAcl($acl);
$this->assertEquals(1, EntryQuery::create()->count($this->con));
$entry = EntryQuery::create()->findOne($this->con);
$this->assertEquals('name', $entry->getFieldName());
$this->assertEquals(4, $entry->getMask());
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testUpdateAclCreatesMultipleAces()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertObjectFieldAce('name', $this->getRoleSecurityIdentity(), 16, 0, true, 'all');
$acl->insertObjectFieldAce('name', $this->getRoleSecurityIdentity(), 4);
$acl->insertObjectFieldAce('slug', $this->getRoleSecurityIdentity(), 1);
$this->assertCount(2, $acl->getObjectFieldAces('name'));
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->orderByMask(\Criteria::ASC)->find($this->con);
$this->assertCount(3, $entries);
$slugAce = $entries[0];
$this->assertEquals('slug', $slugAce->getFieldName());
$this->assertEquals(1, $slugAce->getMask());
$nameRead = $entries[1];
$this->assertEquals('name', $nameRead->getFieldName());
$this->assertEquals(0, $nameRead->getAceOrder());
$this->assertEquals(4, $nameRead->getMask());
$this->assertEquals('all', $nameRead->getGrantingStrategy());
$nameUndelete = $entries[2];
$this->assertEquals('name', $nameUndelete->getFieldName());
$this->assertEquals(1, $nameUndelete->getAceOrder());
$this->assertEquals(16, $nameUndelete->getMask());
$this->assertEquals('all', $nameUndelete->getGrantingStrategy());
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testUpdateAclReadsExistingAce()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$this->getAclProvider()->updateAcl($acl);
$entry = EntryQuery::create()->findOne($this->con);
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1));
$acl->updateObjectAce(0, 128);
$this->getAclProvider()->updateAcl($acl);
$updatedEntry = clone $entry;
$updatedEntry->reload(false, $this->con);
$this->assertEquals($entry->getId(), $updatedEntry->getId());
$this->assertEquals(128, $updatedEntry->getMask());
}
public function testDeleteAclNotExisting()
{
$this->assertTrue($this->getAclProvider()->deleteAcl($this->getAclObjectIdentity()));
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testDeleteAcl()
{
$aclObj = $this->getAclObjectIdentity(1);
$acl = $this->getAclProvider()->createAcl($aclObj);
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$acl->insertClassFieldAce('name', $this->getRoleSecurityIdentity('ROLE_ADMIN'), 128);
$this->assertTrue($this->getAclProvider()->deleteAcl($aclObj));
$this->assertEquals(0, ObjectIdentityQuery::create()->count($this->con));
$this->assertEquals(0, EntryQuery::create()->count($this->con));
}
/**
* @depends testCreateAclWithParent
*/
public function testDeleteAclRemovesChildAcl()
{
$parentAcl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$parentAcl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$this->getAclProvider()->updateAcl($parentAcl);
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(2));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 128);
$acl->setParentAcl($parentAcl);
$this->getAclProvider()->updateAcl($acl);
$this->getAclProvider()->deleteAcl($this->getAclObjectIdentity(1));
$this->assertEquals(0, ObjectIdentityQuery::create()->count($this->con));
}
/**
* @depends testDeleteAcl
*/
public function testDeleteAclRemovesClassEntriesIfLastObject()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertClassAce($this->getRoleSecurityIdentity(), 128);
$this->getAclProvider()->updateAcl($acl);
$this->getAclProvider()->deleteAcl($this->getAclObjectIdentity(1));
$this->assertEquals(0, EntryQuery::create()->count($this->con));
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testUpdateAclWritesCacheOfNewAcl()
{
$this->cache = new AclCache();
$this->assertEmpty($this->cache->content);
$acl = $this->getAcl();
$this->assertNotEmpty($this->cache->content);
$this->assertSame($acl, $this->cache->content[$acl->getId()]);
}
/**
* @depends testUpdateAclWritesCacheOfNewAcl
*/
public function testUpdateAclUpdatesCacheOfAcl()
{
$this->cache = new AclCache();
$acl = $this->getAcl(1);
$acl->updateObjectAce(0, 128);
$this->getAclProvider()->updateAcl($acl);
$objectAces = $this->cache->content[$acl->getId()]->getObjectAces();
$this->assertEquals(128, $objectAces[0]->getMask());
}
/**
* @depends testUpdateAclWritesCacheOfNewAcl
*/
public function testDeleteAclEvictsFromCache()
{
$this->cache = new AclCache();
$this->getAcl();
$this->getAclProvider()->deleteAcl($this->getAclObjectIdentity(1));
$this->assertEmpty($this->cache->content);
}
/**
* @depends testCreateAclWithParent
* @depends testDeleteAclEvictsFromCache
*/
public function testDeleteAclEvictsChildrenFromCache()
{
$this->cache = new AclCache();
$parentAcl = $this->getAcl(1);
$childAcl = $this->getAcl(2);
$grandChildAcl = $this->getAcl(3);
$grandChildAcl->setParentAcl($childAcl);
$childAcl->setParentAcl($parentAcl);
$this->getAclProvider()->updateAcl($grandChildAcl);
$this->getAclProvider()->updateAcl($childAcl);
$this->assertCount(3, $this->cache->content);
$this->getAclProvider()->deleteAcl($this->getAclObjectIdentity(1));
$this->assertEmpty($this->cache->content);
}
protected function getAcl($identifier = 1)
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity($identifier));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$this->getAclProvider()->updateAcl($acl);
return $acl;
}
}

2
composer.json
View file

@ -34,6 +34,6 @@
},
"suggest": {
"symfony/security-acl": "For using the Propel ACL implementation"
"propel/propel-acl-bundle": "For using the Propel ACL implementation"
}
}