diff --git a/Command/AclInitCommand.php b/Command/AclInitCommand.php deleted file mode 100644 index 31ed74f..0000000 --- a/Command/AclInitCommand.php +++ /dev/null @@ -1,95 +0,0 @@ - - */ -class AclInitCommand extends SqlInsertCommand -{ - protected function configure() - { - $this - ->setDescription('Initialize "Access Control Lists" model and SQL') - ->addOption('force', null, InputOption::VALUE_NONE, 'Set this parameter to execute this action.') - ->addOption('connection', null, InputOption::VALUE_OPTIONAL, 'Set this parameter to define a connection to use') - ->setHelp(<<%command.name% command connects to the database and executes all SQL statements required to setup the ACL database, it also generates the ACL model. - - php %command.full_name% - -The --force parameter has to be used to actually insert SQL. -The --connection parameter allows you to change the connection to use. -The default connection is the active connection (propel.dbal.default_connection). -EOT - ) - ->setName('propel:acl:init') - ; - } - - protected function execute(InputInterface $input, OutputInterface $output) - { - // Generate ACL model - if (true == $result = $this->callPhing('om')) { - $output->writeln(sprintf( - '>> %20s Generated model classes from %s', - $this->getApplication()->getKernel()->getBundle('PropelBundle')->getName(), - 'acl_schema.xml' - )); - } else { - $this->writeTaskError($output, 'om'); - - return 1; - } - - // Prepare SQL directory - $sqlDirectory = $this->getSqlDir(); - $filesystem = new Filesystem(); - $filesystem->remove($sqlDirectory); - $filesystem->mkdir($sqlDirectory); - - if (true == $result = $this->callPhing('build-sql', array('propel.sql.dir' => $sqlDirectory))) { - $this->writeSection( - $output, - '1 SQL file has been generated.' - ); - } else { - $this->writeTaskError($output, 'build-sql'); - - return 2; - } - - return parent::execute($input, $output); - } - - protected function getFinalSchemas(KernelInterface $kernel, BundleInterface $bundle = null) - { - $aclSchema = new \SplFileInfo($kernel->locateResource('@PropelBundle/Resources/acl_schema.xml')); - - return array((string) $aclSchema => array($kernel->getBundle('PropelBundle'), $aclSchema)); - } - - protected function getSqlDir() - { - return sprintf('%s/cache/%s/propel/acl/sql', - $this->getApplication()->getKernel()->getRootDir(), - $this->getApplication()->getKernel()->getEnvironment() - ); - } -} diff --git a/Model/Acl/AclClass.php b/Model/Acl/AclClass.php deleted file mode 100644 index 1290b6b..0000000 --- a/Model/Acl/AclClass.php +++ /dev/null @@ -1,42 +0,0 @@ -filterByType($objectIdentity->getType()) - ->findOneOrCreate($con) - ; - - if ($obj->isNew()) { - $obj->save($con); - } - - return $obj; - } -} diff --git a/Model/Acl/AclClassPeer.php b/Model/Acl/AclClassPeer.php deleted file mode 100644 index 850652f..0000000 --- a/Model/Acl/AclClassPeer.php +++ /dev/null @@ -1,18 +0,0 @@ -getId()) { - $entry->setId($aclEntry->getId()); - } - - $entry - ->setMask($aclEntry->getMask()) - ->setGranting($aclEntry->isGranting()) - ->setGrantingStrategy($aclEntry->getStrategy()) - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($aclEntry->getSecurityIdentity())) - ; - - if ($aclEntry instanceof FieldEntryInterface) { - $entry->setFieldName($aclEntry->getField()); - } - - if ($aclEntry instanceof AuditableEntryInterface) { - $entry - ->setAuditFailure($aclEntry->isAuditFailure()) - ->setAuditSuccess($aclEntry->isAuditSuccess()) - ; - } - - return $entry; - } - - /** - * Transform a given model entry into an ACL related Entry (ACE). - * - * @param \Propel\PropelBundle\Model\Acl\Entry $modelEntry - * @param \Symfony\Component\Security\Acl\Model\AclInterface $acl - * - * @return \Symfony\Component\Security\Acl\Model\EntryInterface - */ - public static function toAclEntry(Entry $modelEntry, AclInterface $acl) - { - if (null === $modelEntry->getFieldName()) { - return new AclEntry($modelEntry, $acl); - } - - return new AclFieldEntry($modelEntry, $acl); - } -} diff --git a/Model/Acl/EntryPeer.php b/Model/Acl/EntryPeer.php deleted file mode 100644 index ed3da93..0000000 --- a/Model/Acl/EntryPeer.php +++ /dev/null @@ -1,18 +0,0 @@ -getId()] = $securityIdentity->getId(); - } - } - - $this - ->useAclClassQuery(null, \Criteria::INNER_JOIN) - ->filterByType((string) $objectIdentity->getType()) - ->endUse() - ->leftJoinObjectIdentity() - ->add(ObjectIdentityPeer::OBJECT_IDENTIFIER, (string) $objectIdentity->getIdentifier(), \Criteria::EQUAL) - ->addOr(EntryPeer::OBJECT_IDENTITY_ID, null, \Criteria::ISNULL) - ; - - if (!empty($securityIdentities)) { - $this->filterBySecurityIdentityId($securityIds); - } - - return $this->find($con); - } -} diff --git a/Model/Acl/ObjectIdentity.php b/Model/Acl/ObjectIdentity.php deleted file mode 100644 index 02ca953..0000000 --- a/Model/Acl/ObjectIdentity.php +++ /dev/null @@ -1,137 +0,0 @@ -setObjectIdentityRelatedByObjectIdentityId($this); - $ancestor->setObjectIdentityRelatedByAncestorId($this); - - $this->addObjectIdentityAncestorRelatedByAncestorId($ancestor); - - if ($this->getParentObjectIdentityId()) { - $this->updateAncestorsTree($con); - } - - return true; - } - - public function preUpdate(\PropelPDO $con = null) - { - if ($this->isColumnModified(ObjectIdentityPeer::PARENT_OBJECT_IDENTITY_ID)) { - $this->updateAncestorsTree($con); - } - - return true; - } - - public function preDelete(\PropelPDO $con = null) - { - // Only retrieve direct children, it's faster and grand children will be retrieved recursively. - $children = ObjectIdentityQuery::create()->findChildren($this, $con); - - $objIds = $children->getPrimaryKeys(false); - $objIds[] = $this->getId(); - - $children->delete($con); - - // Manually delete those for DBAdapter not capable of cascading the DELETE. - ObjectIdentityAncestorQuery::create() - ->filterByObjectIdentityId($objIds, \Criteria::IN) - ->delete($con) - ; - - return true; - } - - /** - * Update all ancestor entries to reflect changes on this instance. - * - * @param \PropelPDO $con - * - * @return \Propel\PropelBundle\Model\Acl\ObjectIdentity $this - */ - protected function updateAncestorsTree(\PropelPDO $con = null) - { - $con->beginTransaction(); - - $oldAncestors = ObjectIdentityQuery::create()->findAncestors($this, $con); - - $children = ObjectIdentityQuery::create()->findGrandChildren($this, $con); - $children->append($this); - - if (count($oldAncestors)) { - foreach ($children as $eachChild) { - /* - * Delete only those entries, that are ancestors based on the parent relation. - * Ancestors of grand children up to the current node will be kept. - */ - $query = ObjectIdentityAncestorQuery::create() - ->filterByObjectIdentityId($eachChild->getId()) - ->filterByObjectIdentityRelatedByAncestorId($oldAncestors, \Criteria::IN) - ; - - if ($eachChild->getId() !== $this->getId()) { - $query->filterByAncestorId(array($eachChild->getId(), $this->getId()), \Criteria::NOT_IN); - } else { - $query->filterByAncestorId($this->getId(), \Criteria::NOT_EQUAL); - } - - $query->delete($con); - } - } - - // This is the new parent object identity! - $parent = $this->getObjectIdentityRelatedByParentObjectIdentityId($con); - if (null !== $parent) { - $newAncestors = ObjectIdentityQuery::create()->findAncestors($parent, $con); - $newAncestors->append($parent); - foreach ($newAncestors as $eachAncestor) { - // This collection contains the current object identity! - foreach ($children as $eachChild) { - $ancestor = ObjectIdentityAncestorQuery::create() - ->filterByObjectIdentityId($eachChild->getId()) - ->filterByAncestorId($eachAncestor->getId()) - ->findOneOrCreate($con) - ; - - // If the entry already exists, next please. - if (!$ancestor->isNew()) { - continue; - } - - if ($eachChild->getId() === $this->getId()) { - // Do not save() here, as it would result in an infinite recursion loop! - $this->addObjectIdentityAncestorRelatedByObjectIdentityId($ancestor); - } else { - // Save the new ancestor to avoid integrity constraint violation. - $ancestor->save($con); - - $eachChild - ->addObjectIdentityAncestorRelatedByObjectIdentityId($ancestor) - ->save($con) - ; - } - } - } - } - - $con->commit(); - - return $this; - } -} diff --git a/Model/Acl/ObjectIdentityAncestor.php b/Model/Acl/ObjectIdentityAncestor.php deleted file mode 100644 index 01712f0..0000000 --- a/Model/Acl/ObjectIdentityAncestor.php +++ /dev/null @@ -1,18 +0,0 @@ -filterByClassId($aclClass->getId()) - ->filterByIdentifier($objectIdentity->getIdentifier()) - ; - - return $this; - } - - /** - * Return an ObjectIdentity object belonging to the given ACL related ObjectIdentity. - * - * @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity - * @param \PropelPDO $con - * - * @return \Propel\PropelBundle\Model\Acl\ObjectIdentity - */ - public function findOneByAclObjectIdentity(ObjectIdentityInterface $objectIdentity, \PropelPDO $con = null) - { - return $this - ->filterByAclObjectIdentity($objectIdentity, $con) - ->findOne($con) - ; - } - - /** - * Return all children of the given object identity. - * - * @param \Propel\PropelBundle\Model\Acl\ObjectIdentity $objectIdentity - * @param \PropelPDO $con - * - * @return \PropelObjectCollection - */ - public function findChildren(ObjectIdentity $objectIdentity, \PropelPDO $con = null) - { - return $this - ->filterByObjectIdentityRelatedByParentObjectIdentityId($objectIdentity) - ->find($con) - ; - } - - /** - * Return all children and grand-children of the given object identity. - * - * @param \Propel\PropelBundle\Model\Acl\ObjectIdentity $objectIdentity - * @param \PropelPDO $con - * - * @return \PropelObjectCollection - */ - public function findGrandChildren(ObjectIdentity $objectIdentity, \PropelPDO $con = null) - { - return $this - ->useObjectIdentityAncestorRelatedByObjectIdentityIdQuery() - ->filterByObjectIdentityRelatedByAncestorId($objectIdentity) - ->filterByObjectIdentityRelatedByObjectIdentityId($objectIdentity, \Criteria::NOT_EQUAL) - ->endUse() - ->find($con) - ; - } - - /** - * Return all ancestors of the given object identity. - * - * @param ObjectIdentity $objectIdentity - * @param \PropelPDO $con - * - * @return \PropelObjectCollection - */ - public function findAncestors(ObjectIdentity $objectIdentity, \PropelPDO $con = null) - { - return $this - ->useObjectIdentityAncestorRelatedByAncestorIdQuery() - ->filterByObjectIdentityRelatedByObjectIdentityId($objectIdentity) - ->filterByObjectIdentityRelatedByAncestorId($objectIdentity, \Criteria::NOT_EQUAL) - ->endUse() - ->find($con) - ; - } -} diff --git a/Model/Acl/SecurityIdentity.php b/Model/Acl/SecurityIdentity.php deleted file mode 100644 index 7922c68..0000000 --- a/Model/Acl/SecurityIdentity.php +++ /dev/null @@ -1,85 +0,0 @@ -getIdentifier(); - - if ($securityIdentity->getUsername()) { - if (false === strpos($identifier, '-')) { - throw new \InvalidArgumentException('The given identifier does not resolve to a UserSecurityIdentity.'); - } - - list($class, $username) = explode('-', $identifier, 2); - - return new UserSecurityIdentity($username, $class); - } - - if (0 === strpos($identifier, 'ROLE_') or 0 === strpos($identifier, 'IS_AUTHENTICATED_')) { - return new RoleSecurityIdentity($identifier); - } - - throw new \InvalidArgumentException('The security identity does not resolve to either UserSecurityIdentity or RoleSecurityIdentity.'); - } - - /** - * Transform a given ACL security identity into a SecurityIdentity model. - * - * If there is no model entry given, a new one will be created and saved to the database. - * - * @throws \InvalidArgumentException - * - * @param \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface $aclIdentity - * @param \PropelPDO $con - * - * @return \Propel\PropelBundle\Model\Acl\SecurityIdentity - */ - public static function fromAclIdentity(SecurityIdentityInterface $aclIdentity, \PropelPDO $con = null) - { - if ($aclIdentity instanceof UserSecurityIdentity) { - $identifier = $aclIdentity->getClass().'-'.$aclIdentity->getUsername(); - $username = true; - } elseif ($aclIdentity instanceof RoleSecurityIdentity) { - $identifier = $aclIdentity->getRole(); - $username = false; - } else { - throw new \InvalidArgumentException('The ACL identity must either be an instance of UserSecurityIdentity or RoleSecurityIdentity.'); - } - - $obj = SecurityIdentityQuery::create() - ->filterByIdentifier($identifier) - ->filterByUsername($username) - ->findOneOrCreate($con) - ; - - if ($obj->isNew()) { - $obj->save($con); - } - - return $obj; - } -} diff --git a/Model/Acl/SecurityIdentityPeer.php b/Model/Acl/SecurityIdentityPeer.php deleted file mode 100644 index 27f245a..0000000 --- a/Model/Acl/SecurityIdentityPeer.php +++ /dev/null @@ -1,18 +0,0 @@ - - - - - - - - - -
- - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - -
- - - - - - - - - - - -
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
- diff --git a/Security/Acl/AclProvider.php b/Security/Acl/AclProvider.php deleted file mode 100644 index 0edbeb5..0000000 --- a/Security/Acl/AclProvider.php +++ /dev/null @@ -1,178 +0,0 @@ - - */ -class AclProvider implements AclProviderInterface -{ - protected $permissionGrantingStrategy; - protected $connection; - protected $cache; - - /** - * Constructor. - * - * @param \Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface $permissionGrantingStrategy - * @param \PropelPDO $con - * @param \Symfony\Component\Security\Acl\Model\AclCacheInterface $cache - */ - public function __construct(PermissionGrantingStrategyInterface $permissionGrantingStrategy, \PropelPDO $connection = null, AclCacheInterface $cache = null) - { - $this->permissionGrantingStrategy = $permissionGrantingStrategy; - $this->connection = $connection; - $this->cache = $cache; - } - - /** - * Retrieves all child object identities from the database. - * - * @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $parentObjectIdentity - * @param bool $directChildrenOnly - * - * @return array - */ - public function findChildren(ObjectIdentityInterface $parentObjectIdentity, $directChildrenOnly = false) - { - $modelIdentity = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($parentObjectIdentity, $this->connection); - if (empty($modelIdentity)) { - return array(); - } - - if ($directChildrenOnly) { - $collection = ObjectIdentityQuery::create()->findChildren($modelIdentity, $this->connection); - } else { - $collection = ObjectIdentityQuery::create()->findGrandChildren($modelIdentity, $this->connection); - } - - $children = array(); - foreach ($collection as $eachChild) { - $children[] = new ObjectIdentity($eachChild->getIdentifier(), $eachChild->getAclClass($this->connection)->getType()); - } - - return $children; - } - - /** - * Returns the ACL that belongs to the given object identity - * - * @throws \Symfony\Component\Security\Acl\Exception\AclNotFoundException - * - * @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity - * @param array $securityIdentities - * - * @return \Symfony\Component\Security\Acl\Model\AclInterface - */ - public function findAcl(ObjectIdentityInterface $objectIdentity, array $securityIdentities = array()) - { - $modelObj = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($objectIdentity, $this->connection); - if (null !== $this->cache and null !== $modelObj) { - $cachedAcl = $this->cache->getFromCacheById($modelObj->getId()); - if ($cachedAcl instanceof AclInterface) { - return $cachedAcl; - } - } - - $collection = EntryQuery::create()->findByAclIdentity($objectIdentity, $securityIdentities, $this->connection); - - if (0 === count($collection)) { - if (empty($securityIdentities)) { - $errorMessage = 'There is no ACL available for this object identity. Please create one using the MutableAclProvider.'; - } else { - $errorMessage = 'There is at least no ACL for this object identity and the given security identities. Try retrieving the ACL without security identity filter and add ACEs for the security identities.'; - } - - throw new AclNotFoundException($errorMessage); - } - - $loadedSecurityIdentities = array(); - foreach ($collection as $eachEntry) { - if (!isset($loadedSecurityIdentities[$eachEntry->getSecurityIdentity()->getId()])) { - $loadedSecurityIdentities[$eachEntry->getSecurityIdentity()->getId()] = SecurityIdentity::toAclIdentity($eachEntry->getSecurityIdentity()); - } - } - - $parentAcl = null; - $entriesInherited = true; - - if (null !== $modelObj) { - $entriesInherited = $modelObj->getEntriesInheriting(); - if (null !== $modelObj->getParentObjectIdentityId()) { - $parentObj = $modelObj->getObjectIdentityRelatedByParentObjectIdentityId($this->connection); - try { - $parentAcl = $this->findAcl(new ObjectIdentity($parentObj->getIdentifier(), $parentObj->getAclClass($this->connection)->getType())); - } catch (AclNotFoundException $e) { - /* - * This happens e.g. if the parent ACL is created, but does not contain any ACE by now. - * The ACEs may be applied later on. - */ - } - } - } - - return $this->getAcl($collection, $objectIdentity, $loadedSecurityIdentities, $parentAcl, $entriesInherited); - } - - /** - * Returns the ACLs that belong to the given object identities - * - * @throws \Symfony\Component\Security\Acl\Exception\AclNotFoundException When at least one object identity is missing its ACL. - * - * @param array $objectIdentities an array of ObjectIdentityInterface implementations - * @param array $securityIdentities an array of SecurityIdentityInterface implementations - * - * @return \SplObjectStorage mapping the passed object identities to ACLs - */ - public function findAcls(array $objectIdentities, array $securityIdentities = array()) - { - $result = new \SplObjectStorage(); - foreach ($objectIdentities as $eachIdentity) { - $result[$eachIdentity] = $this->findAcl($eachIdentity, $securityIdentities); - } - - return $result; - } - - /** - * Create an ACL. - * - * @param \PropelObjectCollection $collection - * @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity - * @param array $loadedSecurityIdentities - * @param \Symfony\Component\Security\Acl\Model\AclInterface $parentAcl - * @param bool $inherited - * - * @return \Propel\PropelBundle\Security\Acl\Domain\Acl - */ - protected function getAcl(\PropelObjectCollection $collection, ObjectIdentityInterface $objectIdentity, array $loadedSecurityIdentities = array(), AclInterface $parentAcl = null, $inherited = true) - { - return new Acl($collection, $objectIdentity, $this->permissionGrantingStrategy, $loadedSecurityIdentities, $parentAcl, $inherited); - } -} diff --git a/Security/Acl/AuditableAclProvider.php b/Security/Acl/AuditableAclProvider.php deleted file mode 100644 index 15cf133..0000000 --- a/Security/Acl/AuditableAclProvider.php +++ /dev/null @@ -1,38 +0,0 @@ - - */ -class AuditableAclProvider extends MutableAclProvider -{ - /** - * Get an ACL for this provider. - * - * @param \PropelObjectCollection $collection - * @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity - * @param array $loadedSecurityIdentities - * @param \Symfony\Component\Security\Acl\Model\AclInterface $parentAcl - * @param bool $inherited - * - * @return \Propel\PropelBundle\Security\Acl\Domain\AuditableAcl - */ - protected function getAcl(\PropelObjectCollection $collection, ObjectIdentityInterface $objectIdentity, array $loadedSecurityIdentities = array(), AclInterface $parentAcl = null, $inherited = true) - { - return new AuditableAcl($collection, $objectIdentity, $this->permissionGrantingStrategy, $loadedSecurityIdentities, $parentAcl, $inherited, $this->connection); - } -} diff --git a/Security/Acl/Domain/Acl.php b/Security/Acl/Domain/Acl.php deleted file mode 100644 index a076d54..0000000 --- a/Security/Acl/Domain/Acl.php +++ /dev/null @@ -1,314 +0,0 @@ - - */ -class Acl implements AclInterface -{ - protected $model = 'Propel\PropelBundle\Model\Acl\Entry'; - - protected $classAces = array(); - protected $classFieldAces = array(); - protected $objectAces = array(); - protected $objectFieldAces = array(); - - protected $objectIdentity; - protected $parentAcl; - protected $permissionGrantingStrategy; - protected $inherited; - - protected $loadedSecurityIdentities = array(); - - /** - * A list of known associated fields on this ACL. - * - * @var array - */ - protected $fields = array(); - - /** - * Constructor. - * - * @param \PropelObjectCollection $entries - * @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity - * @param \Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface $permissionGrantingStrategy - * @param array $loadedSecurityIdentities - * @param \Symfony\Component\Security\Acl\Model\AclInterface $parentAcl - * @param bool $inherited - */ - public function __construct(\PropelObjectCollection $entries, ObjectIdentityInterface $objectIdentity, PermissionGrantingStrategyInterface $permissionGrantingStrategy, array $loadedSecurityIdentities = array(), AclInterface $parentAcl = null, $inherited = true) - { - if ($entries->getModel() !== $this->model) { - throw new AclException(sprintf('The given collection does not contain models of class "%s" but of class "%s".', $this->model, $entries->getModel())); - } - - foreach ($entries as $eachEntry) { - if (null === $eachEntry->getFieldName() and null === $eachEntry->getObjectIdentityId()) { - $this->classAces[] = new Entry($eachEntry, $this); - } - - if (null !== $eachEntry->getFieldName() and null === $eachEntry->getObjectIdentityId()) { - if (empty($this->classFieldAces[$eachEntry->getFieldName()])) { - $this->classFieldAces[$eachEntry->getFieldName()] = array(); - $this->updateFields($eachEntry->getFieldName()); - } - - $this->classFieldAces[$eachEntry->getFieldName()][] = new FieldEntry($eachEntry, $this); - } - - if (null === $eachEntry->getFieldName() and null !== $eachEntry->getObjectIdentityId()) { - $this->objectAces[] = new Entry($eachEntry, $this); - } - - if (null !== $eachEntry->getFieldName() and null !== $eachEntry->getObjectIdentityId()) { - if (empty($this->objectFieldAces[$eachEntry->getFieldName()])) { - $this->objectFieldAces[$eachEntry->getFieldName()] = array(); - $this->updateFields($eachEntry->getFieldName()); - } - - $this->objectFieldAces[$eachEntry->getFieldName()][] = new FieldEntry($eachEntry, $this); - } - } - - $this->objectIdentity = $objectIdentity; - $this->permissionGrantingStrategy = $permissionGrantingStrategy; - $this->parentAcl = $parentAcl; - $this->inherited = $inherited; - $this->loadedSecurityIdentities = $loadedSecurityIdentities; - - $this->fields = array_unique($this->fields); - } - - /** - * Returns all class-based ACEs associated with this ACL - * - * @return array - */ - public function getClassAces() - { - return $this->classAces; - } - - /** - * Returns all class-field-based ACEs associated with this ACL - * - * @param string $field - * - * @return array - */ - public function getClassFieldAces($field) - { - return isset($this->classFieldAces[$field]) ? $this->classFieldAces[$field] : array(); - } - - /** - * Returns all object-based ACEs associated with this ACL - * - * @return array - */ - public function getObjectAces() - { - return $this->objectAces; - } - - /** - * Returns all object-field-based ACEs associated with this ACL - * - * @param string $field - * - * @return array - */ - public function getObjectFieldAces($field) - { - return isset($this->objectFieldAces[$field]) ? $this->objectFieldAces[$field] : array(); - } - - /** - * Returns the object identity associated with this ACL - * - * @return \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface - */ - public function getObjectIdentity() - { - return $this->objectIdentity; - } - - /** - * Returns the parent ACL, or null if there is none. - * - * @return \Symfony\Component\Security\Acl\Model\AclInterface|null - */ - public function getParentAcl() - { - return $this->parentAcl; - } - - /** - * Whether this ACL is inheriting ACEs from a parent ACL. - * - * @return bool - */ - public function isEntriesInheriting() - { - return $this->inherited; - } - - /** - * Determines whether field access is granted - * - * @param string $field - * @param array $masks - * @param array $securityIdentities - * @param bool $administrativeMode - * - * @return bool - */ - public function isFieldGranted($field, array $masks, array $securityIdentities, $administrativeMode = false) - { - return $this->permissionGrantingStrategy->isFieldGranted($this, $field, $masks, $securityIdentities, $administrativeMode); - } - - /** - * Determines whether access is granted - * - * @throws \Symfony\Component\Security\Acl\Exception\NoAceFoundException when no ACE was applicable for this request - * - * @param array $masks - * @param array $securityIdentities - * @param bool $administrativeMode - * - * @return bool - */ - public function isGranted(array $masks, array $securityIdentities, $administrativeMode = false) - { - return $this->permissionGrantingStrategy->isGranted($this, $masks, $securityIdentities, $administrativeMode); - } - - /** - * Whether the ACL has loaded ACEs for all of the passed security identities - * - * @throws \InvalidArgumentException - * - * @param mixed $securityIdentities an implementation of SecurityIdentityInterface, or an array thereof - * - * @return bool - */ - public function isSidLoaded($securityIdentities) - { - if (!is_array($securityIdentities)) { - $securityIdentities = array($securityIdentities); - } - - $found = 0; - foreach ($securityIdentities as $eachSecurityIdentity) { - if (!$eachSecurityIdentity instanceof SecurityIdentityInterface) { - throw new \InvalidArgumentException('At least one entry of the given list is not implementing the "SecurityIdentityInterface".'); - } - - foreach ($this->loadedSecurityIdentities as $eachLoadedIdentity) { - if ($eachSecurityIdentity->equals($eachLoadedIdentity)) { - $found++; - - break; - } - } - } - - return ($found === count($securityIdentities)); - } - - /** - * String representation of object - * - * @link http://php.net/manual/en/serializable.serialize.php - * - * @return string the string representation of the object or &null; - */ - public function serialize() - { - return serialize(array( - $this->model, - $this->classAces, - $this->classFieldAces, - $this->objectAces, - $this->objectFieldAces, - $this->objectIdentity, - $this->parentAcl, - $this->permissionGrantingStrategy, - $this->inherited, - $this->loadedSecurityIdentities, - )); - } - - /** - * Constructs the object - * - * @link http://php.net/manual/en/serializable.unserialize.php - * - * @param string $serialized - * - * @return mixed the original value unserialized. - */ - public function unserialize($serialized) - { - list( - $this->model, - $this->classAces, - $this->classFieldAces, - $this->objectAces, - $this->objectFieldAces, - $this->objectIdentity, - $this->parentAcl, - $this->permissionGrantingStrategy, - $this->inherited, - $this->loadedSecurityIdentities, - ) = unserialize($serialized); - - return $this; - } - - /** - * Returns a list of associated fields on this ACL. - * - * @return array - */ - public function getFields() - { - return $this->fields; - } - - /** - * Update the internal list of associated fields on this ACL. - * - * @param string $field - * - * @return \Propel\PropelBundle\Security\Acl\Domain\Acl $this - */ - protected function updateFields($field) - { - if (!in_array($field, $this->fields)) { - $this->fields[] = $field; - } - - return $this; - } -} diff --git a/Security/Acl/Domain/AuditableAcl.php b/Security/Acl/Domain/AuditableAcl.php deleted file mode 100644 index 1eef18e..0000000 --- a/Security/Acl/Domain/AuditableAcl.php +++ /dev/null @@ -1,103 +0,0 @@ - - */ -class AuditableAcl extends MutableAcl implements AuditableAclInterface -{ - /** - * Updates auditing for class-based ACE - * - * @param integer $index - * @param bool $auditSuccess - * @param bool $auditFailure - */ - public function updateClassAuditing($index, $auditSuccess, $auditFailure) - { - $this->updateAuditing($this->classAces, $index, $auditSuccess, $auditFailure); - } - - /** - * Updates auditing for class-field-based ACE - * - * @param integer $index - * @param string $field - * @param bool $auditSuccess - * @param bool $auditFailure - */ - public function updateClassFieldAuditing($index, $field, $auditSuccess, $auditFailure) - { - $this->validateField($this->classFieldAces, $field); - $this->updateAuditing($this->classFieldAces[$field], $index, $auditSuccess, $auditFailure); - } - - /** - * Updates auditing for object-based ACE - * - * @param integer $index - * @param bool $auditSuccess - * @param bool $auditFailure - */ - public function updateObjectAuditing($index, $auditSuccess, $auditFailure) - { - $this->updateAuditing($this->objectAces, $index, $auditSuccess, $auditFailure); - } - - /** - * Updates auditing for object-field-based ACE - * - * @param integer $index - * @param string $field - * @param bool $auditSuccess - * @param bool $auditFailure - */ - public function updateObjectFieldAuditing($index, $field, $auditSuccess, $auditFailure) - { - $this->validateField($this->objectFieldAces, $field); - $this->updateAuditing($this->objectFieldAces[$field], $index, $auditSuccess, $auditFailure); - } - - /** - * Update auditing on a single ACE. - * - * @throws \InvalidArgumentException - * - * @param array $list - * @param int $index - * @param bool $auditSuccess - * @param bool $auditFailure - * - * @return \Propel\PropelBundle\Security\Acl\Domain\AuditableAcl $this - */ - protected function updateAuditing(array &$list, $index, $auditSuccess, $auditFailure) - { - if (!is_bool($auditSuccess) or !is_bool($auditFailure)) { - throw new \InvalidArgumentException('The given auditing flags are invalid. Please provide boolean only.'); - } - - $this->validateIndex($list, $index); - - $entry = ModelEntry::fromAclEntry($list[$index]) - ->setAuditSuccess($auditSuccess) - ->setAuditFailure($auditFailure) - ; - - $list[$index] = ModelEntry::toAclEntry($entry, $this); - - return $this; - } -} diff --git a/Security/Acl/Domain/Entry.php b/Security/Acl/Domain/Entry.php deleted file mode 100644 index b9a641d..0000000 --- a/Security/Acl/Domain/Entry.php +++ /dev/null @@ -1,192 +0,0 @@ - - */ -class Entry implements AuditableEntryInterface -{ - protected $acl; - - protected $id; - protected $securityIdentity; - protected $mask; - protected $isGranting; - protected $strategy; - protected $auditSuccess; - protected $auditFailure; - - /** - * Constructor. - * - * @param \Propel\PropelBundle\Model\Acl\Entry $entry - * @param \Symfony\Component\Security\Acl\Model\AclInterface $acl - */ - public function __construct(ModelEntry $entry, AclInterface $acl) - { - $this->acl = $acl; - $this->securityIdentity = SecurityIdentity::toAclIdentity($entry->getSecurityIdentity()); - - /* - * A new ACE (from a MutableAcl) does not have an ID, - * but will be persisted by the MutableAclProvider afterwards, if issued. - */ - if ($entry->getId()) { - $this->id = $entry->getId(); - } - - $this->mask = $entry->getMask(); - $this->isGranting = $entry->getGranting(); - $this->strategy = $entry->getGrantingStrategy(); - $this->auditFailure = $entry->getAuditFailure(); - $this->auditSuccess = $entry->getAuditSuccess(); - } - - /** - * String representation of object - * - * @link http://php.net/manual/en/serializable.serialize.php - * - * @return string the string representation of the object or &null; - */ - public function serialize() - { - return serialize(array( - $this->acl, - $this->securityIdentity, - $this->id, - $this->mask, - $this->isGranting, - $this->strategy, - $this->auditFailure, - $this->auditSuccess, - )); - } - - /** - * Constructs the object - * - * @link http://php.net/manual/en/serializable.unserialize.php - * - * @param string $serialized - * - * @return mixed the original value unserialized. - */ - public function unserialize($serialized) - { - list( - $this->acl, - $this->securityIdentity, - $this->id, - $this->mask, - $this->isGranting, - $this->strategy, - $this->auditFailure, - $this->auditSuccess, - ) = unserialize($serialized); - - return $this; - } - - /** - * The ACL this ACE is associated with. - * - * @return \Symfony\Component\Security\Acl\Model\AclInterface - */ - public function getAcl() - { - return $this->acl; - } - - /** - * The security identity associated with this ACE - * - * @return \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface - */ - public function getSecurityIdentity() - { - return $this->securityIdentity; - } - - /** - * The primary key of this ACE - * - * @return integer - */ - public function getId() - { - return $this->id; - } - - /** - * The permission mask of this ACE - * - * @return integer - */ - public function getMask() - { - return $this->mask; - } - - /** - * The strategy for comparing masks - * - * @return string - */ - public function getStrategy() - { - return $this->strategy; - } - - /** - * Returns whether this ACE is granting, or denying - * - * @return bool - */ - public function isGranting() - { - return $this->isGranting; - } - - /** - * Whether auditing for successful grants is turned on - * - * @return bool - */ - public function isAuditFailure() - { - return $this->auditFailure; - } - - /** - * Whether auditing for successful denies is turned on - * - * @return bool - */ - public function isAuditSuccess() - { - return $this->auditSuccess; - } -} diff --git a/Security/Acl/Domain/FieldEntry.php b/Security/Acl/Domain/FieldEntry.php deleted file mode 100644 index 89e517d..0000000 --- a/Security/Acl/Domain/FieldEntry.php +++ /dev/null @@ -1,101 +0,0 @@ - - */ -class FieldEntry extends Entry implements FieldEntryInterface -{ - protected $field; - - /** - * Constructor. - * - * @param \Propel\PropelBundle\Model\Acl\Entry $entry - * @param \Symfony\Component\Security\Acl\Model\AclInterface $acl - */ - public function __construct(ModelEntry $entry, AclInterface $acl) - { - $this->field = $entry->getFieldName(); - - parent::__construct($entry, $acl); - } - - /** - * Returns the field used for this entry. - * - * @return string - */ - public function getField() - { - return $this->field; - } - - /** - * String representation of object - * - * @link http://php.net/manual/en/serializable.serialize.php - * - * @return string the string representation of the object or &null; - */ - public function serialize() - { - return serialize(array( - $this->acl, - $this->securityIdentity, - $this->id, - $this->mask, - $this->isGranting, - $this->strategy, - $this->auditFailure, - $this->auditSuccess, - $this->field, - )); - } - - /** - * Constructs the object - * - * @link http://php.net/manual/en/serializable.unserialize.php - * - * @param string $serialized - * - * @return mixed the original value unserialized. - */ - public function unserialize($serialized) - { - list( - $this->acl, - $this->securityIdentity, - $this->id, - $this->mask, - $this->isGranting, - $this->strategy, - $this->auditFailure, - $this->auditSuccess, - $this->field, - ) = unserialize($serialized); - - return $this; - } -} diff --git a/Security/Acl/Domain/MutableAcl.php b/Security/Acl/Domain/MutableAcl.php deleted file mode 100644 index 7c46d5d..0000000 --- a/Security/Acl/Domain/MutableAcl.php +++ /dev/null @@ -1,528 +0,0 @@ - - */ -class MutableAcl extends Acl implements MutableAclInterface -{ - /** - * The id of the current ACL. - * - * It's the id of the ObjectIdentity model. - * - * @var int - */ - protected $id; - - /** - * A reference to the ObjectIdentity this ACL is mapped to. - * - * @var \Propel\PropelBundle\Model\Acl\ObjectIdentity - */ - protected $modelObjectIdentity; - - /** - * A connection to be used for all changes on the ACL. - * - * @var \PropelPDO - */ - protected $con; - - /** - * Constructor. - * - * @param \PropelObjectCollection $entries - * @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity - * @param \Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface $permissionGrantingStrategy - * @param array $loadedSecurityIdentities - * @param \Symfony\Component\Security\Acl\Model\AclInterface $parentAcl - * @param bool $inherited - * @param \PropelPDO $con - */ - public function __construct(\PropelObjectCollection $entries, ObjectIdentityInterface $objectIdentity, PermissionGrantingStrategyInterface $permissionGrantingStrategy, array $loadedSecurityIdentities = array(), AclInterface $parentAcl = null, $inherited = true, \PropelPDO $con = null) - { - parent::__construct($entries, $objectIdentity, $permissionGrantingStrategy, $loadedSecurityIdentities, $parentAcl, $inherited); - - $this->modelObjectIdentity = ObjectIdentityQuery::create() - ->filterByAclObjectIdentity($objectIdentity, $con) - ->findOneOrCreate($con) - ; - - if ($this->modelObjectIdentity->isNew()) { - $this->modelObjectIdentity->save($con); - } - - $this->id = $this->modelObjectIdentity->getId(); - - $this->con = $con; - } - - /** - * Returns the primary key of this ACL - * - * @return integer - */ - public function getId() - { - return $this->id; - } - - /** - * Sets whether entries are inherited - * - * @param bool $boolean - */ - public function setEntriesInheriting($boolean) - { - $this->inherited = $boolean; - } - - /** - * Sets the parent ACL - * - * @param \Symfony\Component\Security\Acl\Model\AclInterface|null $acl - */ - public function setParentAcl(AclInterface $acl = null) - { - $this->parentAcl = $acl; - } - - /** - * Deletes a class-based ACE - * - * @param integer $index - */ - public function deleteClassAce($index) - { - $this->deleteIndex($this->classAces, $index); - } - - /** - * Deletes a class-field-based ACE - * - * @param integer $index - * @param string $field - */ - public function deleteClassFieldAce($index, $field) - { - $this - ->validateField($this->classFieldAces, $field) - ->deleteIndex($this->classFieldAces[$field], $index) - ; - } - - /** - * Deletes an object-based ACE - * - * @param integer $index - */ - public function deleteObjectAce($index) - { - $this->deleteIndex($this->objectAces, $index); - } - - /** - * Deletes an object-field-based ACE - * - * @param integer $index - * @param string $field - */ - public function deleteObjectFieldAce($index, $field) - { - $this - ->validateField($this->objectFieldAces, $field) - ->deleteIndex($this->objectFieldAces[$field], $index) - ; - } - - /** - * Inserts a class-based ACE - * - * @param \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface $securityIdentity - * @param integer $mask - * @param integer $index - * @param bool $granting - * @param string $strategy - */ - public function insertClassAce(SecurityIdentityInterface $securityIdentity, $mask, $index = 0, $granting = true, $strategy = null) - { - $this->insertToList($this->classAces, $index, $this->createAce($mask, $index, $securityIdentity, $strategy, $granting)); - } - - /** - * Inserts a class-field-based ACE - * - * @param string $field - * @param \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface $securityIdentity - * @param integer $mask - * @param integer $index - * @param boolean $granting - * @param string $strategy - */ - public function insertClassFieldAce($field, SecurityIdentityInterface $securityIdentity, $mask, $index = 0, $granting = true, $strategy = null) - { - if (!isset($this->classFieldAces[$field])) { - $this->classFieldAces[$field] = array(); - } - - $this->insertToList($this->classFieldAces[$field], $index, $this->createAce($mask, $index, $securityIdentity, $strategy, $granting, $field)); - } - - /** - * Inserts an object-based ACE - * - * @param \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface $securityIdentity - * @param integer $mask - * @param integer $index - * @param boolean $granting - * @param string $strategy - */ - public function insertObjectAce(SecurityIdentityInterface $securityIdentity, $mask, $index = 0, $granting = true, $strategy = null) - { - $this->insertToList($this->objectAces, $index, $this->createAce($mask, $index, $securityIdentity, $strategy, $granting)); - } - - /** - * Inserts an object-field-based ACE - * - * @param string $field - * @param \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface $securityIdentity - * @param integer $mask - * @param integer $index - * @param boolean $granting - * @param string $strategy - */ - public function insertObjectFieldAce($field, SecurityIdentityInterface $securityIdentity, $mask, $index = 0, $granting = true, $strategy = null) - { - if (!isset($this->objectFieldAces[$field])) { - $this->objectFieldAces[$field] = array(); - } - - $this->insertToList($this->objectFieldAces[$field], $index, $this->createAce($mask, $index, $securityIdentity, $strategy, $granting, $field)); - } - - /** - * Updates a class-based ACE - * - * @param integer $index - * @param integer $mask - * @param string $strategy if null the strategy should not be changed - */ - public function updateClassAce($index, $mask, $strategy = null) - { - $this->updateAce($this->classAces, $index, $mask, $strategy); - } - - /** - * Updates a class-field-based ACE - * - * @param integer $index - * @param string $field - * @param integer $mask - * @param string $strategy if null the strategy should not be changed - */ - public function updateClassFieldAce($index, $field, $mask, $strategy = null) - { - $this - ->validateField($this->classFieldAces, $field) - ->updateAce($this->classFieldAces[$field], $index, $mask, $strategy) - ; - } - - /** - * Updates an object-based ACE - * - * @param integer $index - * @param integer $mask - * @param string $strategy if null the strategy should not be changed - */ - public function updateObjectAce($index, $mask, $strategy = null) - { - $this->updateAce($this->objectAces, $index, $mask, $strategy); - } - - /** - * Updates an object-field-based ACE - * - * @param integer $index - * @param string $field - * @param integer $mask - * @param string $strategy if null the strategy should not be changed - */ - public function updateObjectFieldAce($index, $field, $mask, $strategy = null) - { - $this->validateField($this->objectFieldAces, $field); - $this->updateAce($this->objectFieldAces[$field], $index, $mask, $strategy); - } - - /** - * String representation of object - * - * @link http://php.net/manual/en/serializable.serialize.php - * - * @return string the string representation of the object or &null; - */ - public function serialize() - { - return serialize(array( - $this->id, - $this->modelObjectIdentity, - $this->model, - $this->classAces, - $this->classFieldAces, - $this->objectAces, - $this->objectFieldAces, - $this->objectIdentity, - $this->parentAcl, - $this->permissionGrantingStrategy, - $this->inherited, - $this->loadedSecurityIdentities, - )); - } - - /** - * Constructs the object - * - * @link http://php.net/manual/en/serializable.unserialize.php - * - * @param string $serialized - * - * @return mixed the original value unserialized. - */ - public function unserialize($serialized) - { - list( - $this->id, - $this->modelObjectIdentity, - $this->model, - $this->classAces, - $this->classFieldAces, - $this->objectAces, - $this->objectFieldAces, - $this->objectIdentity, - $this->parentAcl, - $this->permissionGrantingStrategy, - $this->inherited, - $this->loadedSecurityIdentities, - ) = unserialize($serialized); - - return $this; - } - - /** - * Insert a given entry into the list on the given index by shifting all others. - * - * @param array $list - * @param int $index - * @param \Propel\PropelBundle\Model\Acl\Entry\Entry $entry - * - * @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this - */ - protected function insertToList(array &$list, $index, Entry $entry) - { - $this->isWithinBounds($list, $index); - - if ($entry instanceof FieldEntry) { - $this->updateFields($entry->getField()); - } - - $list = array_merge( - array_slice($list, 0, $index), - array($entry), - array_splice($list, $index) - ); - - return $this; - } - - /** - * Update a single ACE of this ACL. - * - * @param array $list - * @param int $index - * @param int $mask - * @param string $strategy - * @param string $field - * - * @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this - */ - protected function updateAce(array &$list, $index, $mask, $strategy = null) - { - $this->validateIndex($list, $index); - - $entry = ModelEntry::fromAclEntry($list[$index]); - - // Apply updates - $entry->setMask($mask); - if (null !== $strategy) { - $entry->setGrantingStrategy($strategy); - } - - $list[$index] = ModelEntry::toAclEntry($entry, $this); - - return $this; - } - - /** - * Delete the ACE of the given list and index. - * - * The list will be re-ordered to have a valid 0..x list. - * - * @param array $list - * @param $index - * - * @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this - */ - protected function deleteIndex(array &$list, $index) - { - $this->validateIndex($list, $index); - unset($list[$index]); - $this->reorderList($list, $index-1); - - return $this; - } - - /** - * Validate the index on the given list of ACEs. - * - * @throws \OutOfBoundsException - * - * @param array $list - * @param int $index - * - * @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this - */ - protected function isWithinBounds(array &$list, $index) - { - // No count()-1, the count is one ahead of index, and could create the next valid entry! - if ($index < 0 or $index > count($list)) { - throw new \OutOfBoundsException(sprintf('The index must be in the interval [0, %d].', count($list))); - } - - return $this; - } - - /** - * Check the index for existence in the given list. - * - * @throws \OutOfBoundsException - * - * @param array $list - * @param $index - * - * @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this - */ - protected function validateIndex(array &$list, $index) - { - if (!isset($list[$index])) { - throw new \OutOfBoundsException(sprintf('The index "%d" does not exist.', $index)); - } - - return $this; - } - - /** - * Validate the given field to be present. - * - * @throws \InvalidArgumentException - * - * @param array $list - * @param string $field - * - * @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this - */ - protected function validateField(array &$list, $field) - { - if (!isset($list[$field])) { - throw new \InvalidArgumentException(sprintf('The given field "%s" does not exist.', $field)); - } - - return $this; - } - - /** - * Order the given list to have numeric indexes from 0..x - * - * @param array $list - * @param int $index The right boundary to which the list is valid. - * - * @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this - */ - protected function reorderList(array &$list, $index) - { - $list = array_merge( - array_slice($list, 0, $index+1), // +1 to get length - array_splice($list, $index+1) // +1 to get first index to re-order - ); - - return $this; - } - - /** - * Create a new ACL Entry. - * - * @param int $mask - * @param int $index - * @param \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface $securityIdentity - * @param string $strategy - * @param bool $granting - * @param string $field - * - * @return \Propel\PropelBundle\Security\Acl\Domain\Entry|\Propel\PropelBundle\Security\Acl\Domain\FieldEntry - */ - protected function createAce($mask, $index, SecurityIdentityInterface $securityIdentity, $strategy = null, $granting = true, $field = null) - { - if (!is_int($mask)) { - throw new \InvalidArgumentException('The given mask is not valid. Please provide an integer.'); - } - - // Compatibility with default implementation - if (null === $strategy) { - if (true === $granting) { - $strategy = PermissionGrantingStrategy::ALL; - } else { - $strategy = PermissionGrantingStrategy::ANY; - } - } - - $model = new ModelEntry(); - $model - ->setAceOrder($index) - ->setMask($mask) - ->setGrantingStrategy($strategy) - ->setGranting($granting) - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($securityIdentity)) - ; - - if (null !== $field) { - $model->setFieldName($field); - - return new FieldEntry($model, $this); - } - - return new Entry($model, $this); - } -} diff --git a/Security/Acl/MutableAclProvider.php b/Security/Acl/MutableAclProvider.php deleted file mode 100644 index de28775..0000000 --- a/Security/Acl/MutableAclProvider.php +++ /dev/null @@ -1,334 +0,0 @@ - - */ -class MutableAclProvider extends AclProvider implements MutableAclProviderInterface -{ - /** - * Constructor. - * - * @param \Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface $permissionGrantingStrategy - * @param \PropelPDO $connection - * @param \Symfony\Component\Security\Acl\Model\AclCacheInterface $cache - */ - public function __construct(PermissionGrantingStrategyInterface $permissionGrantingStrategy, \PropelPDO $connection = null, AclCacheInterface $cache = null) - { - // @codeCoverageIgnoreStart - if (null === $connection) { - $connection = \Propel::getConnection(EntryPeer::DATABASE_NAME, \Propel::CONNECTION_WRITE); - } - // @codeCoverageIgnoreEnd - - parent::__construct($permissionGrantingStrategy, $connection, $cache); - } - - /** - * Creates a new ACL for the given object identity. - * - * @throws \Symfony\Component\Security\Acl\Exception\AclAlreadyExistsException When there already is an ACL for the given object identity. - * - * @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity - * - * @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl - */ - public function createAcl(ObjectIdentityInterface $objectIdentity) - { - $entries = EntryQuery::create()->findByAclIdentity($objectIdentity, array(), $this->connection); - if (count($entries)) { - throw new AclAlreadyExistsException('An ACL for the given object identity already exists, find and update that one.'); - } - - $objIdentity = ObjectIdentityQuery::create() - ->filterByAclObjectIdentity($objectIdentity, $this->connection) - ->findOneOrCreate($this->connection) - ; - - if ($objIdentity->isNew()) { - // This is safe to do, it makes the ID available and does not affect changes to any ACL. - $objIdentity->save($this->connection); - } - - return $this->getAcl($entries, $objectIdentity, array(), null, false); - } - - /** - * Deletes the ACL for a given object identity. - * - * This will automatically trigger a delete for any child ACLs. If you don't - * want child ACLs to be deleted, you will have to set their parent ACL to null. - * - * @throws \Symfony\Component\Security\Acl\Exception\Exception - * - * @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity - * - * @return bool - */ - public function deleteAcl(ObjectIdentityInterface $objectIdentity) - { - try { - $objIdentity = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($objectIdentity, $this->connection); - if (null === $objIdentity) { - // No object identity, no ACL, so deletion is successful (expected result is given). - return true; - } - - $this->connection->beginTransaction(); - - // Retrieve all class and class-field ACEs, if any. - $aces = EntryQuery::create()->findByAclIdentity($objectIdentity, array(), $this->connection); - if (count($aces)) { - // In case this is the last of its kind, delete the class and class-field ACEs. - $count = ObjectIdentityQuery::create()->filterByClassId($objIdentity->getClassId())->count($this->connection); - if (1 === $count) { - $aces->delete($this->connection); - } - } - - /* - * If caching is enabled, retrieve the (grand-)children of this ACL. - * Those will be removed from the cache as well, as their parents do not exist anymore. - */ - if (null !== $this->cache) { - $children = ObjectIdentityQuery::create()->findGrandChildren($objIdentity, $this->connection); - } - - // This deletes all object and object-field ACEs, too. - $objIdentity->delete($this->connection); - - $this->connection->commit(); - - if (null !== $this->cache) { - $this->cache->evictFromCacheById($objIdentity->getId()); - foreach ($children as $eachChild) { - $this->cache->evictFromCacheById($eachChild->getId()); - } - } - - return true; - // @codeCoverageIgnoreStart - } catch (Exception $e) { - throw new AclException('An error occurred while deleting the ACL.', 1, $e); - } - // @codeCoverageIgnoreEnd - } - - /** - * Persists any changes which were made to the ACL, or any associated access control entries. - * - * Changes to parent ACLs are not persisted. - * - * @throws \Symfony\Component\Security\Acl\Exception\Exception - * - * @param \Symfony\Component\Security\Acl\Model\MutableAclInterface $acl - * - * @return bool - */ - public function updateAcl(MutableAclInterface $acl) - { - if (!$acl instanceof MutableAcl) { - throw new \InvalidArgumentException('The given ACL is not tracked by this provider. Please provide \Propel\PropelBundle\Security\Acl\Domain\MutableAcl only.'); - } - - try { - $modelEntries = EntryQuery::create()->findByAclIdentity($acl->getObjectIdentity(), array(), $this->connection); - $objectIdentity = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($acl->getObjectIdentity(), $this->connection); - - $this->connection->beginTransaction(); - - $keepEntries = array_merge( - $this->persistAcl($acl->getClassAces(), $objectIdentity), - $this->persistAcl($acl->getObjectAces(), $objectIdentity, true) - ); - - foreach ($acl->getFields() as $eachField) { - $keepEntries = array_merge($keepEntries, - $this->persistAcl($acl->getClassFieldAces($eachField), $objectIdentity), - $this->persistAcl($acl->getObjectFieldAces($eachField), $objectIdentity, true) - ); - } - - foreach ($modelEntries as &$eachEntry) { - if (!in_array($eachEntry->getId(), $keepEntries)) { - $eachEntry->delete($this->connection); - } - } - - if (null === $acl->getParentAcl()) { - $objectIdentity - ->setParentObjectIdentityId(null) - ->save($this->connection) - ; - } else { - $objectIdentity - ->setParentObjectIdentityId($acl->getParentAcl()->getId()) - ->save($this->connection) - ; - } - - $this->connection->commit(); - - // After successfully committing the transaction, we are good to update the cache. - if (null !== $this->cache) { - $this->cache->evictFromCacheById($objectIdentity->getId()); - $this->cache->putInCache($acl); - } - - return true; - // @codeCoverageIgnoreStart - } catch (Exception $e) { - $this->connection->rollBack(); - - throw new AclException('An error occurred while updating the ACL.', 0, $e); - } - // @codeCoverageIgnoreEnd - } - - /** - * Persist the given ACEs. - * - * @param array $accessControlEntries - * @param \Propel\PropelBundle\Model\Acl\ObjectIdentity $objectIdentity - * @param bool $object - * - * @return array The IDs of the persisted ACEs. - */ - protected function persistAcl(array $accessControlEntries, ObjectIdentity $objectIdentity, $object = false) - { - $entries = array(); - - /* @var $eachAce \Symfony\Component\Security\Acl\Model\EntryInterface */ - foreach ($accessControlEntries as $order => $eachAce) { - // If the given ACE has never been persisted, create a new one. - if (null === $entry = $this->getPersistedAce($eachAce, $objectIdentity, $object)) { - $entry = ModelEntry::fromAclEntry($eachAce); - } - - if (in_array($entry->getId(), $entries)) { - $entry = ModelEntry::fromAclEntry($eachAce); - } - - // Apply possible changes from local ACE. - $entry - ->setAceOrder($order) - ->setAclClass($objectIdentity->getAclClass()) - ->setMask($eachAce->getMask()) - ; - - if ($eachAce instanceof AuditableEntryInterface) { - if (is_bool($eachAce->isAuditSuccess())) { - $entry->setAuditSuccess($eachAce->isAuditSuccess()); - } - - if (is_bool($eachAce->isAuditFailure())) { - $entry->setAuditFailure($eachAce->isAuditFailure()); - } - } - - if (true === $object) { - $entry->setObjectIdentity($objectIdentity); - } - - $entry->save($this->connection); - - $entries[] = $entry->getId(); - } - - return $entries; - } - - /** - * Retrieve the persisted model for the given ACE. - * - * If none is given, null is returned. - * - * @param \Symfony\Component\Security\Acl\Model\EntryInterface $ace - * - * @return \Propel\PropelBundle\Model\Acl\Entry|null - */ - protected function getPersistedAce(EntryInterface $ace, ObjectIdentity $objectIdentity, $object = false) - { - if (null !== $ace->getId() and null !== $entry = EntryQuery::create()->findPk($ace->getId(), $this->connection)) { - $entry->reload(true, $this->connection); - - return $entry; - } - - /* - * The id is not set, but there may be an ACE in the database. - * - * This happens if the ACL has created new ACEs, but was not reloaded. - * We try to retrieve one by the unique key. - */ - $ukQuery = EntryQuery::create() - ->filterByAclClass($objectIdentity->getAclClass($this->connection)) - ->filterBySecurityIdentity(SecurityIdentity::fromAclIdentity($ace->getSecurityIdentity(), $this->connection)) - ; - - if (true === $object) { - $ukQuery->filterByObjectIdentity($objectIdentity); - } else { - $ukQuery->filterByObjectIdentityId(null, \Criteria::ISNULL); - } - - if ($ace instanceof FieldEntryInterface) { - $ukQuery->filterByFieldName($ace->getField()); - } else { - $ukQuery->filterByFieldName(null, \Criteria::ISNULL); - } - - return $ukQuery->findOne($this->connection); - } - - /** - * Get an ACL for this provider. - * - * @param \PropelObjectCollection $collection - * @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity - * @param array $loadedSecurityIdentities - * @param \Symfony\Component\Security\Acl\Model\AclInterface $parentAcl - * @param bool $inherited - * - * @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl - */ - protected function getAcl(\PropelObjectCollection $collection, ObjectIdentityInterface $objectIdentity, array $loadedSecurityIdentities = array(), AclInterface $parentAcl = null, $inherited = true) - { - return new MutableAcl($collection, $objectIdentity, $this->permissionGrantingStrategy, $loadedSecurityIdentities, $parentAcl, $inherited, $this->connection); - } -} diff --git a/Tests/AclTestCase.php b/Tests/AclTestCase.php deleted file mode 100644 index 190ede4..0000000 --- a/Tests/AclTestCase.php +++ /dev/null @@ -1,103 +0,0 @@ - - */ -class AclTestCase extends TestCase -{ - protected $con = null; - protected $cache = null; - - public function setUp() - { - parent::setUp(); - - $this->loadPropelQuickBuilder(); - - $schema = file_get_contents(__DIR__.'/../Resources/acl_schema.xml'); - - $builder = new \PropelQuickBuilder(); - $builder->setSchema($schema); - if (!class_exists('Propel\PropelBundle\Model\Acl\map\AclClassTableMap')) { - $builder->setClassTargets(array('tablemap', 'peer', 'object', 'query')); - } else { - $builder->setClassTargets(array()); - } - - $this->con = $builder->build(); - } - - /** - * @return \Propel\PropelBundle\Model\Acl\ObjectIdentity - */ - protected function createModelObjectIdentity($identifier) - { - $aclClass = $this->getAclClass(); - $objIdentity = new ModelObjectIdentity(); - - $this->assertTrue((bool) $objIdentity - ->setAclClass($aclClass) - ->setIdentifier($identifier) - ->save($this->con) - ); - - return $objIdentity; - } - - protected function createEntry() - { - $entry = new Entry(); - $entry - ->setAuditSuccess(false) - ->setAuditFailure(false) - ->setMask(64) - ->setGranting(true) - ->setGrantingStrategy('all') - ->setAceOrder(0) - ; - - return $entry; - } - - protected function getAclClass() - { - return AclClass::fromAclObjectIdentity($this->getAclObjectIdentity(), $this->con); - } - - protected function getAclProvider() - { - return new MutableAclProvider(new PermissionGrantingStrategy(), $this->con, $this->cache); - } - - protected function getAclObjectIdentity($identifier = 1) - { - return new ObjectIdentity($identifier, 'Propel\PropelBundle\Tests\Fixtures\Model\Book'); - } - - protected function getRoleSecurityIdentity($role = 'ROLE_USER') - { - return new RoleSecurityIdentity(new Role($role)); - } -} diff --git a/Tests/Fixtures/Acl/ArrayCache.php b/Tests/Fixtures/Acl/ArrayCache.php deleted file mode 100644 index 0a74dd1..0000000 --- a/Tests/Fixtures/Acl/ArrayCache.php +++ /dev/null @@ -1,60 +0,0 @@ -content[$primaryKey])) { - unset($this->content[$primaryKey]); - } - } - - public function evictFromCacheByIdentity(ObjectIdentityInterface $oid) - { - // Propel ACL does not make use of those. - } - - public function getFromCacheById($primaryKey) - { - if (isset($this->content[$primaryKey])) { - return $this->content[$primaryKey]; - } - - return null; - } - - public function getFromCacheByIdentity(ObjectIdentityInterface $oid) - { - // Propel ACL does not make use of those. - } - - public function putInCache(AclInterface $acl) - { - if (null === $acl->getId()) { - throw new \InvalidArgumentException('The given ACL does not have an ID.'); - } - - $this->content[$acl->getId()] = $acl; - } - - public function clearCache() - { - $this->content = array(); - } -} diff --git a/Tests/Model/Acl/AclClassTest.php b/Tests/Model/Acl/AclClassTest.php deleted file mode 100644 index d362f83..0000000 --- a/Tests/Model/Acl/AclClassTest.php +++ /dev/null @@ -1,41 +0,0 @@ - - */ -class AclClassTest extends AclTestCase -{ - public function testFromAclObjectIdentity() - { - $type = 'Merchant'; - - $aclClass = AclClass::fromAclObjectIdentity(new ObjectIdentity(5, $type), $this->con); - $this->assertInstanceOf('Propel\PropelBundle\Model\Acl\AclClass', $aclClass); - $this->assertEquals($type, $aclClass->getType()); - - $dbEntry = AclClassPeer::doSelectOne(new Criteria(), $this->con); - $this->assertInstanceOf('Propel\PropelBundle\Model\Acl\AclClass', $dbEntry); - $this->assertEquals($type, $dbEntry->getType()); - - $this->assertEquals($dbEntry->getId(), $aclClass->getId()); - } -} diff --git a/Tests/Model/Acl/EntryQueryTest.php b/Tests/Model/Acl/EntryQueryTest.php deleted file mode 100644 index d875ee6..0000000 --- a/Tests/Model/Acl/EntryQueryTest.php +++ /dev/null @@ -1,135 +0,0 @@ - - */ -class EntryQueryTest extends AclTestCase -{ - public function setUp() - { - parent::setUp(); - - $obj = $this->createModelObjectIdentity(1); - $entry = $this->createEntry(); - $entry - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER'))) - ->setAclClass($obj->getAclClass()) - ->setMask(64) - ; - $obj->addEntry($entry)->save($this->con); - } - - public function testFindByAclIdentityInvalidSecurityIdentity() - { - $this->setExpectedException('InvalidArgumentException'); - EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(), array('foo'), $this->con); - } - - public function testFindByAclIdentityInvalidSecurityIdentityObject() - { - $this->setExpectedException('InvalidArgumentException'); - EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(), array(new \stdClass()), $this->con); - } - - public function testFindByAclIdentityNotExists() - { - $this->assertCount(0, EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(2), array(), $this->con)); - } - - public function testFindByAclIdentitySecurityIdentityNotFound() - { - $this->assertCount(0, EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_ADMIN')), $this->con)); - } - - public function testFindByAclIdentity() - { - // Another Entry, should not be found (different ObjectIdentity). - $obj = $this->createModelObjectIdentity(2); - $entry = $this->createEntry(); - $entry - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity())) - ->setAclClass($obj->getAclClass()) - ->setMask(64) - ; - $obj->addEntry($entry)->save($this->con); - - $entries = EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(1), array(), $this->con); - $this->assertCount(1, $entries); - $this->assertEquals(1, $entries[0]->getObjectIdentityId()); - - // A class based entry for the wrong ObjectIdentity. - $classEntry = $this->createEntry(); - $classEntry - ->setObjectIdentityId(2) - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity())) - ->setAclClass($obj->getAclClass()) - ->setMask(64) - ->save($this->con) - ; - - // A class based entry for the correct ObjectIdentity. - $classEntry = $this->createEntry(); - $classEntry - ->setObjectIdentityId(null) - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity())) - ->setAclClass($this->getAclClass()) - ->setMask(64) - ->save($this->con) - ; - - $this->assertEquals(4, EntryQuery::create()->count($this->con)); - - $entries = EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(1), array(), $this->con); - $this->assertCount(2, $entries); - $this->assertEquals($obj->getClassId(), $entries[0]->getClassId()); - $this->assertEquals($obj->getClassId(), $entries[1]->getClassId()); - } - - public function testFindByAclIdentityFilterSecurityIdentity() - { - // Another Entry, should not be found (different SecurityIdentity). - $entry = $this->createEntry(); - $entry - ->setObjectIdentityId(1) - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN'))) - ->setAclClass($this->getAclClass()) - ->setMask(64) - ->save($this->con) - ; - - $this->assertEquals(2, EntryQuery::create()->count($this->con)); - - $entries = EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')), $this->con); - $this->assertCount(1, $entries); - $this->assertEquals(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER'))->getId(), $entries[0]->getSecurityIdentityId()); - } - - public function testFindByAclIdentityOnlyClassEntries() - { - $this->assertEquals(1, EntryQuery::create()->count($this->con)); - EntryQuery::create()->findOne($this->con) - ->setObjectIdentity(null) - ->save($this->con); - - $entries = EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(1), array(), $this->con); - $this->assertCount(1, $entries); - } -} diff --git a/Tests/Model/Acl/EntryTest.php b/Tests/Model/Acl/EntryTest.php deleted file mode 100644 index a2271f8..0000000 --- a/Tests/Model/Acl/EntryTest.php +++ /dev/null @@ -1,88 +0,0 @@ - - */ -class EntryTest extends AclTestCase -{ - public function testToAclEntry() - { - $acl = $this->getMock('Propel\PropelBundle\Security\Acl\Domain\AuditableAcl', array(), array(), '', false, false); - $entry = $this->createModelEntry(); - - $aclEntry = ModelEntry::toAclEntry($entry, $acl); - $this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $aclEntry); - $this->assertSame($acl, $aclEntry->getAcl()); - $this->assertEquals(42, $aclEntry->getId()); - $this->assertTrue($aclEntry->isAuditFailure()); - $this->assertFalse($aclEntry->isAuditSuccess()); - $this->assertEquals('all', $aclEntry->getStrategy()); - $this->assertTrue($aclEntry->isGranting()); - $this->assertEquals(64, $aclEntry->getMask()); - - return $aclEntry; - } - - /** - * @depends testToAclEntry - */ - public function testToAclEntryFieldEntry() - { - $acl = $this->getMock('Propel\PropelBundle\Security\Acl\Domain\AuditableAcl', array(), array(), '', false, false); - $entry = $this->createModelEntry(); - $entry->setFieldName('name'); - - $aclEntry = ModelEntry::toAclEntry($entry, $acl); - $this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $aclEntry); - } - - /** - * @depends testToAclEntry - */ - public function testFromAclEntry($aclEntry) - { - $modelEntry = ModelEntry::fromAclEntry($aclEntry); - - $this->assertInstanceOf('Propel\PropelBundle\Model\Acl\Entry', $modelEntry); - $this->assertEquals(42, $modelEntry->getId()); - $this->assertTrue($modelEntry->getAuditFailure()); - $this->assertFalse($modelEntry->getAuditSuccess()); - $this->assertEquals('all', $modelEntry->getGrantingStrategy()); - $this->assertTrue($modelEntry->getGranting()); - $this->assertEquals(64, $modelEntry->getMask()); - } - - protected function createModelEntry() - { - $entry = new ModelEntry(); - $entry - ->setId(42) - ->setAclClass($this->getAclClass()) - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity())) - ->setAuditFailure(true) - ->setAuditSuccess(false) - ->setGrantingStrategy('all') - ->setGranting(true) - ->setMask(64) - ; - - return $entry; - } -} diff --git a/Tests/Model/Acl/ObjectIdentityQueryTest.php b/Tests/Model/Acl/ObjectIdentityQueryTest.php deleted file mode 100644 index d6a7a73..0000000 --- a/Tests/Model/Acl/ObjectIdentityQueryTest.php +++ /dev/null @@ -1,134 +0,0 @@ - - */ -class ObjectIdentityQueryTest extends AclTestCase -{ - public function testFilterByAclObjectIdentity() - { - $aclObj = new ObjectIdentity(1, 'Propel\PropelBundle\Tests\Fixtures\Model\Book'); - - $aclClass = AclClass::fromAclObjectIdentity($aclObj, $this->con); - $this->assertInstanceOf('Propel\PropelBundle\Model\Acl\AclClass', $aclClass); - - // None given. - $result = ObjectIdentityQuery::create()->filterByAclObjectIdentity($aclObj, $this->con)->find($this->con); - $this->assertCount(0, $result); - - $this->createModelObjectIdentity(1); - - $result = ObjectIdentityQuery::create()->filterByAclObjectIdentity($aclObj, $this->con)->find($this->con); - $this->assertCount(1, $result); - - $this->assertEquals($aclClass->getId(), $result->getFirst()->getClassId()); - $this->assertEquals(1, $result->getFirst()->getIdentifier()); - - // Change the entity. - $aclObj = new ObjectIdentity(2, 'Propel\PropelBundle\Tests\Fixtures\Model\Book'); - $result = ObjectIdentityQuery::create()->filterByAclObjectIdentity($aclObj, $this->con)->find($this->con); - $this->assertCount(0, $result); - } - - /** - * @depends testFilterByAclObjectIdentity - */ - public function testFindOneByAclObjectIdentity() - { - $aclObj = new ObjectIdentity(1, 'Propel\PropelBundle\Tests\Fixtures\Model\Book'); - - $result = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($aclObj, $this->con); - $this->assertEmpty($result); - - $objIdentity = $this->createModelObjectIdentity(1); - - $result = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($aclObj, $this->con); - $this->assertInstanceOf('Propel\PropelBundle\Model\Acl\ObjectIdentity', $result); - $this->assertSame($objIdentity, $result); - } - - /** - * @depends testFindOneByAclObjectIdentity - */ - public function testFindChildren() - { - list($objIdentity, $childObjIdentity) = $this->createObjectIdentities(); - - // Parent not set, yet. - $result = ObjectIdentityQuery::create()->findChildren($objIdentity, $this->con); - $this->assertCount(0, $result); - - $childObjIdentity->setObjectIdentityRelatedByParentObjectIdentityId($objIdentity)->save($this->con); - - $result = ObjectIdentityQuery::create()->findChildren($objIdentity, $this->con); - $this->assertCount(1, $result); - $this->assertInstanceOf('Propel\PropelBundle\Model\Acl\ObjectIdentity', $result->getFirst()); - $this->assertSame($childObjIdentity, $result->getFirst()); - $this->assertSame($objIdentity, $result->getFirst()->getObjectIdentityRelatedByParentObjectIdentityId()); - } - - /** - * @depends testFindOneByAclObjectIdentity - */ - public function testFindGrandChildren() - { - list($objIdentity, $childObjIdentity, $grandChildObjIdentity) = $this->createObjectIdentities(); - - // Parents not set, yet. - $result = ObjectIdentityQuery::create()->findGrandChildren($objIdentity, $this->con); - $this->assertCount(0, $result); - - $childObjIdentity->setObjectIdentityRelatedByParentObjectIdentityId($objIdentity)->save($this->con); - - $result = ObjectIdentityQuery::create()->findGrandChildren($objIdentity, $this->con); - $this->assertCount(1, $result); - - $grandChildObjIdentity->setObjectIdentityRelatedByParentObjectIdentityId($childObjIdentity)->save($this->con); - - $result = ObjectIdentityQuery::create()->findGrandChildren($objIdentity, $this->con); - $this->assertCount(2, $result); - } - - /** - * @depends testFindOneByAclObjectIdentity - */ - public function testFindAncestors() - { - list($objIdentity, $childObjIdentity) = $this->createObjectIdentities(); - - // Parents not set, yet. - $result = ObjectIdentityQuery::create()->findAncestors($childObjIdentity, $this->con); - $this->assertCount(0, $result); - - $childObjIdentity->setObjectIdentityRelatedByParentObjectIdentityId($objIdentity)->save($this->con); - - $result = ObjectIdentityQuery::create()->findAncestors($childObjIdentity, $this->con); - $this->assertCount(1, $result); - } - - protected function createObjectIdentities() - { - return array( - $this->createModelObjectIdentity(1), - $this->createModelObjectIdentity(2), - $this->createModelObjectIdentity(3), - ); - } -} diff --git a/Tests/Model/Acl/ObjectIdentityTest.php b/Tests/Model/Acl/ObjectIdentityTest.php deleted file mode 100644 index c695a8a..0000000 --- a/Tests/Model/Acl/ObjectIdentityTest.php +++ /dev/null @@ -1,302 +0,0 @@ - - */ -class ObjectIdentityTest extends AclTestCase -{ - public function testCompatibleDefaultImplementation() - { - $objIdenity = $this->createModelObjectIdentity(1); - - $ancestorEntries = ObjectIdentityAncestorQuery::create()->find($this->con); - $this->assertCount(1, $ancestorEntries); - $this->assertEquals($objIdenity->getId(), $ancestorEntries->getFirst()->getAncestorId()); - $this->assertEquals($objIdenity->getId(), $ancestorEntries->getFirst()->getObjectIdentityId()); - - $anotherIdenity = $this->createModelObjectIdentity(2); - - $ancestorEntries = ObjectIdentityAncestorQuery::create()->orderByAncestorId(Criteria::ASC)->find($this->con); - $this->assertCount(2, $ancestorEntries); - $this->assertEquals($objIdenity->getId(), $ancestorEntries[0]->getAncestorId()); - $this->assertEquals($objIdenity->getId(), $ancestorEntries[0]->getObjectIdentityId()); - $this->assertEquals($anotherIdenity->getId(), $ancestorEntries[1]->getAncestorId()); - $this->assertEquals($anotherIdenity->getId(), $ancestorEntries[1]->getObjectIdentityId()); - } - - public function testTreeSimpleParent() - { - $parent = $this->createModelObjectIdentity(1); - $obj = $this->createModelObjectIdentity(2); - - $this->assertTrue((bool) $obj->setObjectIdentityRelatedByParentObjectIdentityId($parent)->save($this->con)); - - $entries = ObjectIdentityAncestorQuery::create() - ->filterByObjectIdentityId($obj->getId()) - ->orderByAncestorId(Criteria::ASC) - ->find($this->con) - ; - $this->assertCount(2, $entries); - $this->assertEquals($obj->getId(), $entries[0]->getObjectIdentityId()); - $this->assertEquals($parent->getId(), $entries[0]->getAncestorId()); - $this->assertEquals($obj->getId(), $entries[1]->getObjectIdentityId()); - $this->assertEquals($obj->getId(), $entries[1]->getAncestorId()); - - $this->assertTrue((bool) $obj->setObjectIdentityRelatedByParentObjectIdentityId(null)->save($this->con)); - - $entries = ObjectIdentityAncestorQuery::create() - ->filterByObjectIdentityId($obj->getId()) - ->orderByAncestorId(Criteria::ASC) - ->find($this->con) - ; - $this->assertCount(1, $entries); - $this->assertEquals($obj->getId(), $entries[0]->getObjectIdentityId()); - $this->assertEquals($obj->getId(), $entries[0]->getAncestorId()); - } - - /** - * @depends testTreeSimpleParent - */ - public function testTreeAddParentChildHavingChild() - { - $parent = $this->createModelObjectIdentity(1); - $obj = $this->createModelObjectIdentity(2); - $child = $this->createModelObjectIdentity(3); - - $child->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con); - $obj->setObjectIdentityRelatedByParentObjectIdentityId($parent)->save($this->con); - - $entries = ObjectIdentityAncestorQuery::create() - ->orderByObjectIdentityId(Criteria::ASC) - ->orderByAncestorId(Criteria::ASC) - ->find($this->con) - ; - $this->assertCount(6, $entries); - - $this->assertEquals($parent->getId(), $entries[0]->getObjectIdentityId()); - $this->assertEquals($parent->getId(), $entries[0]->getAncestorId()); - - $this->assertEquals($obj->getId(), $entries[1]->getObjectIdentityId()); - $this->assertEquals($parent->getId(), $entries[1]->getAncestorId()); - - $this->assertEquals($obj->getId(), $entries[2]->getObjectIdentityId()); - $this->assertEquals($obj->getId(), $entries[2]->getAncestorId()); - - $this->assertEquals($child->getId(), $entries[3]->getObjectIdentityId()); - $this->assertEquals($parent->getId(), $entries[3]->getAncestorId()); - - $this->assertEquals($child->getId(), $entries[4]->getObjectIdentityId()); - $this->assertEquals($obj->getId(), $entries[4]->getAncestorId()); - - $this->assertEquals($child->getId(), $entries[5]->getObjectIdentityId()); - $this->assertEquals($child->getId(), $entries[5]->getAncestorId()); - } - - /** - * Tree splitted: - * 1-2 - * 3-4-5 - * - * Tree merged: - * 1-2-3-4-5 - * - * @depends testTreeAddParentChildHavingChild - */ - public function testTreeAddParentChildHavingGrandchildrenAndParentHavingParent() - { - // Part I, before. - $grandParent = $this->createModelObjectIdentity(1); - $parent = $this->createModelObjectIdentity(2); - - $parent->setObjectIdentityRelatedByParentObjectIdentityId($grandParent)->save($this->con); - - // Part II, before. - $obj = $this->createModelObjectIdentity(3); - $child = $this->createModelObjectIdentity(4); - $grandChild = $this->createModelObjectIdentity(5); - - $grandChild->setObjectIdentityRelatedByParentObjectIdentityId($child)->save($this->con); - $child->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con); - - // Verify "before" - $entries = ObjectIdentityAncestorQuery::create() - ->orderByObjectIdentityId(Criteria::ASC) - ->orderByAncestorId(Criteria::ASC) - ->find($this->con) - ; - $this->assertCount(9, $entries); - - $this->assertEquals($grandParent->getId(), $entries[0]->getObjectIdentityId()); - $this->assertEquals($grandParent->getId(), $entries[0]->getAncestorId()); - - $this->assertEquals($parent->getId(), $entries[1]->getObjectIdentityId()); - $this->assertEquals($grandParent->getId(), $entries[1]->getAncestorId()); - - $this->assertEquals($parent->getId(), $entries[2]->getObjectIdentityId()); - $this->assertEquals($parent->getId(), $entries[2]->getAncestorId()); - - $this->assertEquals($obj->getId(), $entries[3]->getObjectIdentityId()); - $this->assertEquals($obj->getId(), $entries[3]->getAncestorId()); - - $this->assertEquals($child->getId(), $entries[4]->getObjectIdentityId()); - $this->assertEquals($obj->getId(), $entries[4]->getAncestorId()); - - $this->assertEquals($child->getId(), $entries[5]->getObjectIdentityId()); - $this->assertEquals($child->getId(), $entries[5]->getAncestorId()); - - $this->assertEquals($grandChild->getId(), $entries[6]->getObjectIdentityId()); - $this->assertEquals($obj->getId(), $entries[6]->getAncestorId()); - - $this->assertEquals($grandChild->getId(), $entries[7]->getObjectIdentityId()); - $this->assertEquals($child->getId(), $entries[7]->getAncestorId()); - - $this->assertEquals($grandChild->getId(), $entries[8]->getObjectIdentityId()); - $this->assertEquals($grandChild->getId(), $entries[8]->getAncestorId()); - - // Merge Trees - $obj->setObjectIdentityRelatedByParentObjectIdentityId($parent)->save($this->con); - - $entries = ObjectIdentityAncestorQuery::create() - ->orderByObjectIdentityId(Criteria::ASC) - ->orderByAncestorId(Criteria::ASC) - ->find($this->con) - ; - $this->assertCount(15, $entries); - - $this->assertEquals($grandParent->getId(), $entries[0]->getObjectIdentityId()); - $this->assertEquals($grandParent->getId(), $entries[0]->getAncestorId()); - - $this->assertEquals($parent->getId(), $entries[1]->getObjectIdentityId()); - $this->assertEquals($grandParent->getId(), $entries[1]->getAncestorId()); - - $this->assertEquals($parent->getId(), $entries[2]->getObjectIdentityId()); - $this->assertEquals($parent->getId(), $entries[2]->getAncestorId()); - - $this->assertEquals($obj->getId(), $entries[3]->getObjectIdentityId()); - $this->assertEquals($grandParent->getId(), $entries[3]->getAncestorId()); - - $this->assertEquals($obj->getId(), $entries[4]->getObjectIdentityId()); - $this->assertEquals($parent->getId(), $entries[4]->getAncestorId()); - - $this->assertEquals($obj->getId(), $entries[5]->getObjectIdentityId()); - $this->assertEquals($obj->getId(), $entries[5]->getAncestorId()); - - $this->assertEquals($child->getId(), $entries[6]->getObjectIdentityId()); - $this->assertEquals($grandParent->getId(), $entries[6]->getAncestorId()); - - $this->assertEquals($child->getId(), $entries[7]->getObjectIdentityId()); - $this->assertEquals($parent->getId(), $entries[7]->getAncestorId()); - - $this->assertEquals($child->getId(), $entries[8]->getObjectIdentityId()); - $this->assertEquals($obj->getId(), $entries[8]->getAncestorId()); - - $this->assertEquals($child->getId(), $entries[9]->getObjectIdentityId()); - $this->assertEquals($child->getId(), $entries[9]->getAncestorId()); - - $this->assertEquals($grandChild->getId(), $entries[10]->getObjectIdentityId()); - $this->assertEquals($grandParent->getId(), $entries[10]->getAncestorId()); - - $this->assertEquals($grandChild->getId(), $entries[11]->getObjectIdentityId()); - $this->assertEquals($parent->getId(), $entries[11]->getAncestorId()); - - $this->assertEquals($grandChild->getId(), $entries[12]->getObjectIdentityId()); - $this->assertEquals($obj->getId(), $entries[12]->getAncestorId()); - - $this->assertEquals($grandChild->getId(), $entries[13]->getObjectIdentityId()); - $this->assertEquals($child->getId(), $entries[13]->getAncestorId()); - - $this->assertEquals($grandChild->getId(), $entries[14]->getObjectIdentityId()); - $this->assertEquals($grandChild->getId(), $entries[14]->getAncestorId()); - - // Split Tree - $obj->setObjectIdentityRelatedByParentObjectIdentityId(null)->save($this->con); - - $entries = ObjectIdentityAncestorQuery::create() - ->orderByObjectIdentityId(Criteria::ASC) - ->orderByAncestorId(Criteria::ASC) - ->find($this->con) - ; - $this->assertCount(9, $entries); - - $this->assertEquals($grandParent->getId(), $entries[0]->getObjectIdentityId()); - $this->assertEquals($grandParent->getId(), $entries[0]->getAncestorId()); - - $this->assertEquals($parent->getId(), $entries[1]->getObjectIdentityId()); - $this->assertEquals($grandParent->getId(), $entries[1]->getAncestorId()); - - $this->assertEquals($parent->getId(), $entries[2]->getObjectIdentityId()); - $this->assertEquals($parent->getId(), $entries[2]->getAncestorId()); - - $this->assertEquals($obj->getId(), $entries[3]->getObjectIdentityId()); - $this->assertEquals($obj->getId(), $entries[3]->getAncestorId()); - - $this->assertEquals($child->getId(), $entries[4]->getObjectIdentityId()); - $this->assertEquals($obj->getId(), $entries[4]->getAncestorId()); - - $this->assertEquals($child->getId(), $entries[5]->getObjectIdentityId()); - $this->assertEquals($child->getId(), $entries[5]->getAncestorId()); - - $this->assertEquals($grandChild->getId(), $entries[6]->getObjectIdentityId()); - $this->assertEquals($obj->getId(), $entries[6]->getAncestorId()); - - $this->assertEquals($grandChild->getId(), $entries[7]->getObjectIdentityId()); - $this->assertEquals($child->getId(), $entries[7]->getAncestorId()); - - $this->assertEquals($grandChild->getId(), $entries[8]->getObjectIdentityId()); - $this->assertEquals($grandChild->getId(), $entries[8]->getAncestorId()); - } - - /** - * @depends testTreeAddParentChildHavingChild - */ - public function testDeleteRemovesGrandchildren() - { - $parent = $this->createModelObjectIdentity(1); - $obj = $this->createModelObjectIdentity(2); - $child = $this->createModelObjectIdentity(3); - - $child->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con); - $obj->setObjectIdentityRelatedByParentObjectIdentityId($parent)->save($this->con); - - $parent->delete($this->con); - $this->assertEquals(0, ObjectIdentityQuery::create()->count($this->con)); - $this->assertEquals(0, ObjectIdentityAncestorQuery::create()->count($this->con)); - } - - public function testInsertWithAssignedParent() - { - $parent = $this->createModelObjectIdentity(1); - - $obj = new ObjectIdentity(); - $obj - ->setAclClass($this->getAclClass()) - ->setIdentifier(2) - ->setObjectIdentityRelatedByParentObjectIdentityId($parent) - ->save($this->con) - ; - - $entries = ObjectIdentityQuery::create()->orderByParentObjectIdentityId(Criteria::ASC)->find($this->con); - - $this->assertCount(2, $entries); - $this->assertNull($entries[0]->getParentObjectIdentityId()); - $this->assertEquals($entries[0]->getId(), $entries[1]->getParentObjectIdentityId()); - } -} diff --git a/Tests/Model/Acl/SecurityIdentityTest.php b/Tests/Model/Acl/SecurityIdentityTest.php deleted file mode 100644 index 3f27ba0..0000000 --- a/Tests/Model/Acl/SecurityIdentityTest.php +++ /dev/null @@ -1,122 +0,0 @@ - - */ -class SecurityIdentityTest extends AclTestCase -{ - public function testToAclIdentityUserWithInvalidIdentifier() - { - $identity = new SecurityIdentity(); - $identity->setIdentifier('invalidIdentifier'); - $identity->setUsername(true); - - $this->setExpectedException('InvalidArgumentException'); - SecurityIdentity::toAclIdentity($identity); - } - - public function testToAclIdentityUnknownSecurityIdentity() - { - $identity = new SecurityIdentity(); - $identity->setIdentifier('invalidIdentifier'); - $identity->setUsername(false); - - $this->setExpectedException('InvalidArgumentException'); - SecurityIdentity::toAclIdentity($identity); - } - - public function testToAclIdentityValidUser() - { - $identity = new SecurityIdentity(); - $identity->setIdentifier('Propel\PropelBundle\Tests\Fixtures\UserProxy-propel'); - $identity->setUsername(true); - - $secIdentity = SecurityIdentity::toAclIdentity($identity); - $this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\UserSecurityIdentity', $secIdentity); - } - - public function testToAclIdentityMultipleDashes() - { - $identity = new SecurityIdentity(); - $identity->setIdentifier('Propel\PropelBundle\Tests\Fixtures\UserProxy-some-username@domain.com'); - $identity->setUsername(true); - - $secIdentity = SecurityIdentity::toAclIdentity($identity); - $this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\UserSecurityIdentity', $secIdentity); - $this->assertEquals('some-username@domain.com', $secIdentity->getUsername()); - } - - public function testToAclIdentityValidRole() - { - $identity = new SecurityIdentity(); - $identity->setIdentifier('ROLE_ADMIN'); - $identity->setUsername(false); - - $secIdentity = SecurityIdentity::toAclIdentity($identity); - $this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity', $secIdentity); - - $identity = new SecurityIdentity(); - $identity->setIdentifier('IS_AUTHENTICATED_ANONYMOUSLY'); - $identity->setUsername(false); - - $secIdentity = SecurityIdentity::toAclIdentity($identity); - $this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity', $secIdentity); - } - - public function testFromAclIdentityWithInvalid() - { - $secIdentity = $this->getMock('Symfony\Component\Security\Acl\Model\SecurityIdentityInterface'); - - $this->setExpectedException('InvalidArgumentException'); - SecurityIdentity::fromAclIdentity($secIdentity, $this->con); - } - - public function testFromAclIdentityWithUser() - { - $secIdentity = new UserSecurityIdentity('propel', 'Propel\PropelBundle\Tests\Fixtures\UserProxy'); - - $identity = SecurityIdentity::fromAclIdentity($secIdentity, $this->con); - - $this->assertInstanceOf('Propel\PropelBundle\Model\Acl\SecurityIdentity', $identity); - $this->assertEquals(true, $identity->getUsername()); - $this->assertEquals('Propel\PropelBundle\Tests\Fixtures\UserProxy-propel', $identity->getIdentifier()); - $this->assertGreaterThan(0, $identity->getId()); - - $dbEntry = SecurityIdentityQuery::create()->findPk($identity->getId()); - $this->assertInstanceOf('Propel\PropelBundle\Model\Acl\SecurityIdentity', $dbEntry); - } - - public function testFromAclIdentityWithRole() - { - $secIdentity = new RoleSecurityIdentity(new Role('ROLE_USER')); - - $identity = SecurityIdentity::fromAclIdentity($secIdentity, $this->con); - - $this->assertInstanceOf('Propel\PropelBundle\Model\Acl\SecurityIdentity', $identity); - $this->assertEquals(false, $identity->getUsername()); - $this->assertEquals('ROLE_USER', $identity->getIdentifier()); - $this->assertGreaterThan(0, $identity->getId()); - - $dbEntry = SecurityIdentityQuery::create()->findPk($identity->getId()); - $this->assertInstanceOf('Propel\PropelBundle\Model\Acl\SecurityIdentity', $dbEntry); - } -} diff --git a/Tests/Security/Acl/AclProviderTest.php b/Tests/Security/Acl/AclProviderTest.php deleted file mode 100644 index 596fdf6..0000000 --- a/Tests/Security/Acl/AclProviderTest.php +++ /dev/null @@ -1,259 +0,0 @@ - - */ -class AclProviderTest extends AclTestCase -{ - public function testFindAclNoneGiven() - { - $provider = $this->getAclProvider(); - - $this->setExpectedException('Symfony\Component\Security\Acl\Exception\AclNotFoundException', 'There is no ACL available for this object identity. Please create one using the MutableAclProvider.'); - $provider->findAcl($this->getAclObjectIdentity()); - } - - public function testFindAclNoneGivenFilterSecurityIdentity() - { - $provider = $this->getAclProvider(); - - $this->setExpectedException('Symfony\Component\Security\Acl\Exception\AclNotFoundException', 'There is at least no ACL for this object identity and the given security identities. Try retrieving the ACL without security identity filter and add ACEs for the security identities.'); - $provider->findAcl($this->getAclObjectIdentity(), array($this->getRoleSecurityIdentity())); - } - - public function testFindAclWithEntries() - { - $obj = $this->createModelObjectIdentity(1); - $entry = $this->createEntry(); - $entry - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER'))) - ->setAclClass($obj->getAclClass()) - ->setMask(64) - ; - $obj->addEntry($entry)->save($this->con); - - $acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER'))); - - $this->assertNotEmpty($acl); - $this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Acl', $acl); - - $this->assertEmpty($acl->getFields()); - $this->assertEmpty($acl->getClassAces()); - $this->assertNotEmpty($acl->getObjectAces()); - $this->assertCount(1, $acl->getObjectAces()); - - $this->assertNull($acl->getParentAcl()); - $this->assertTrue($acl->isEntriesInheriting()); - - $this->assertFalse($acl->isSidLoaded($this->getRoleSecurityIdentity('ROLE_ADMIN'))); - $this->assertTrue($acl->isSidLoaded($this->getRoleSecurityIdentity('ROLE_USER'))); - - $this->assertTrue($acl->isGranted(array(1, 2, 4, 8, 16, 32, 64), array($this->getRoleSecurityIdentity('ROLE_USER')))); - - $this->setExpectedException('Symfony\Component\Security\Acl\Exception\NoAceFoundException'); - $acl->isGranted(array(128), array($this->getRoleSecurityIdentity('ROLE_USER'))); - } - - /** - * @depends testFindAclWithEntries - */ - public function testFindAclWithParent() - { - $parent = $this->createModelObjectIdentity(1); - $entry = $this->createEntry(); - $entry - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER'))) - ->setAclClass($parent->getAclClass()) - ->setMask(128) - ; - $parent->addEntry($entry)->save($this->con); - - $obj = $this->createModelObjectIdentity(2); - $obj->setObjectIdentityRelatedByParentObjectIdentityId($parent); - - $entry = $this->createEntry(); - $entry - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER'))) - ->setAclClass($obj->getAclClass()) - ->setMask(64) - ; - $obj->addEntry($entry)->save($this->con); - - $acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(2), array($this->getRoleSecurityIdentity('ROLE_USER'))); - $parent = $acl->getParentAcl(); - - $this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Acl', $acl); - $this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Acl', $parent); - - $aces = $acl->getObjectAces(); - $parentAces = $parent->getObjectAces(); - $this->assertEquals(64, $aces[0]->getMask()); - $this->assertEquals(128, $parentAces[0]->getMask()); - } - - /** - * @depends testFindAclWithEntries - */ - public function testFindAcls() - { - $obj = $this->createModelObjectIdentity(1); - $entry = $this->createEntry(); - $entry - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER'))) - ->setAclClass($obj->getAclClass()) - ; - $obj->addEntry($entry)->save($this->con); - - $aclObj = $this->getAclObjectIdentity(1); - - $acls = $this->getAclProvider()->findAcls(array($aclObj), array($this->getRoleSecurityIdentity('ROLE_USER'))); - $acl = $this->getAclProvider()->findAcl($aclObj, array($this->getRoleSecurityIdentity('ROLE_USER'))); - - $this->assertNotEmpty($acls); - $this->assertCount(1, $acls); - $this->assertTrue($acls->contains($aclObj)); - $this->assertEquals($acl, $acls[$aclObj]); - } - - public function testFindChildrenParentNotExists() - { - $this->assertEmpty($this->getAclProvider()->findChildren(new ObjectIdentity(5, 'Book'))); - } - - /** - * @depends testFindAclWithEntries - */ - public function testFindChildrenWithoutChildren() - { - $obj = $this->createModelObjectIdentity(1); - $entry = $this->createEntry(); - $entry - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER'))) - ->setAclClass($obj->getAclClass()) - ->setMask(64) - ; - $obj->addEntry($entry)->save($this->con); - - $childrenAcl = $this->getAclProvider()->findChildren($this->getAclObjectIdentity(1)); - $this->assertEmpty($childrenAcl); - } - - public function testFindChildrenDirectOnly() - { - list($parentObj, $obj, $childObj) = $this->createObjectIdentities(); - - $obj->setObjectIdentityRelatedByParentObjectIdentityId($parentObj)->save($this->con); - $childObj->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con); - - $children = $this->getAclProvider()->findChildren($this->getAclObjectIdentity(1), true); - - $this->assertNotEmpty($children); - $this->assertCount(1, $children); - $this->assertEquals(2, $children[0]->getIdentifier()); - } - - public function testFindChildrenWithGrandChildren() - { - list($parentObj, $obj, $childObj) = $this->createObjectIdentities(); - - $obj->setObjectIdentityRelatedByParentObjectIdentityId($parentObj)->save($this->con); - $childObj->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con); - - $children = $this->getAclProvider()->findChildren($this->getAclObjectIdentity(1)); - - $this->assertNotEmpty($children); - $this->assertCount(2, $children); - $this->assertEquals(2, $children[0]->getIdentifier()); - $this->assertEquals(3, $children[1]->getIdentifier()); - } - - protected function createObjectIdentities() - { - $parentObj = $this->createModelObjectIdentity(1); - $entry = $this->createEntry(); - $entry - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER'))) - ->setAclClass($parentObj->getAclClass()) - ->setMask(64) - ; - $parentObj->addEntry($entry)->save($this->con); - - $obj = $this->createModelObjectIdentity(2); - $entry = $this->createEntry(); - $entry - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER'))) - ->setAclClass($obj->getAclClass()) - ->setMask(64) - ; - $obj->addEntry($entry)->save($this->con); - - $childObj = $this->createModelObjectIdentity(3); - $entry = $this->createEntry(); - $entry - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER'))) - ->setAclClass($childObj->getAclClass()) - ->setMask(64) - ; - $childObj->addEntry($entry)->save($this->con); - - return array($parentObj, $obj, $childObj); - } - - /** - * @depends testFindAclWithEntries - */ - public function testFindAclReadsFromCache() - { - $this->cache = new AclCache(); - - $obj = $this->createModelObjectIdentity(1); - $entry = $this->createEntry(); - $entry - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER'))) - ->setAclClass($obj->getAclClass()) - ->setMask(64) - ; - $obj->addEntry($entry)->save($this->con); - - // Read and put into cache - $acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER'))); - $this->cache->content[1] = $acl; - - // Change database - EntryQuery::create()->update(array(EntryPeer::translateFieldName(EntryPeer::MASK, \BasePeer::TYPE_COLNAME, \BasePeer::TYPE_PHPNAME) => 128), $this->con); - $this->assertEquals(0, EntryQuery::create()->filterByMask(64)->count($this->con)); - - // Verify cache has been read - $cachedAcl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER'))); - $cachedObjectAces = $cachedAcl->getObjectAces(); - $this->assertSame($acl, $cachedAcl); - $this->assertEquals(64, $cachedObjectAces[0]->getMask()); - } - - protected function getAclProvider() - { - return new AclProvider(new PermissionGrantingStrategy(), $this->con, $this->cache); - } -} diff --git a/Tests/Security/Acl/AuditableAclProviderTest.php b/Tests/Security/Acl/AuditableAclProviderTest.php deleted file mode 100644 index 7a0fa1c..0000000 --- a/Tests/Security/Acl/AuditableAclProviderTest.php +++ /dev/null @@ -1,87 +0,0 @@ - - */ -class AuditableAclProviderTest extends AclTestCase -{ - public function testCreateAcl() - { - $acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1)); - - $this->assertNotEmpty($acl); - $this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\AuditableAcl', $acl); - $this->assertEquals(1, $acl->getId()); - } - - /** - * @depends testCreateAcl - */ - public function testUpdatePersistsAuditing() - { - $acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1)); - $acl->insertObjectAce($this->getRoleSecurityIdentity(), 64); - $this->getAclProvider()->updateAcl($acl); - - $entries = EntryQuery::create()->find($this->con); - $this->assertCount(1, $entries); - // default values - $this->assertFalse($entries[0]->getAuditSuccess()); - $this->assertTrue($entries[0]->getAuditFailure()); - - $acl->updateObjectAuditing(0, true, true); - $this->getAclProvider()->updateAcl($acl); - - $entries = EntryQuery::create()->find($this->con); - $this->assertCount(1, $entries); - $this->assertTrue($entries[0]->getAuditSuccess()); - $this->assertTrue($entries[0]->getAuditFailure()); - - $acl->updateObjectAuditing(0, false, true); - $this->getAclProvider()->updateAcl($acl); - - $entries = EntryQuery::create()->find($this->con); - $this->assertCount(1, $entries); - $this->assertFalse($entries[0]->getAuditSuccess()); - $this->assertTrue($entries[0]->getAuditFailure()); - - $acl->updateObjectAuditing(0, true, false); - $this->getAclProvider()->updateAcl($acl); - - $entries = EntryQuery::create()->find($this->con); - $this->assertCount(1, $entries); - $this->assertTrue($entries[0]->getAuditSuccess()); - $this->assertFalse($entries[0]->getAuditFailure()); - - $acl->updateObjectAuditing(0, false, false); - $this->getAclProvider()->updateAcl($acl); - - $entries = EntryQuery::create()->find($this->con); - $this->assertCount(1, $entries); - $this->assertFalse($entries[0]->getAuditSuccess()); - $this->assertFalse($entries[0]->getAuditFailure()); - } - - protected function getAclProvider() - { - return new AuditableAclProvider(new PermissionGrantingStrategy(), $this->con); - } -} diff --git a/Tests/Security/Acl/Domain/AclTest.php b/Tests/Security/Acl/Domain/AclTest.php deleted file mode 100644 index 2dbde2d..0000000 --- a/Tests/Security/Acl/Domain/AclTest.php +++ /dev/null @@ -1,206 +0,0 @@ - - */ -class AclTest extends AclTestCase -{ - public function testConstructorInvalidCollection() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\AclClass'); - - $this->setExpectedException('Symfony\Component\Security\Acl\Exception\Exception'); - new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy()); - } - - public function testConstructorEmptyCollection() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\Entry'); - - $aclObj = $this->getAclObjectIdentity(); - $acl = new Acl($collection, $aclObj, new PermissionGrantingStrategy()); - - $this->assertEmpty($acl->getClassAces()); - $this->assertEmpty($acl->getObjectAces()); - $this->assertEmpty($acl->getFields()); - $this->assertNull($acl->getParentAcl()); - $this->assertSame($aclObj, $acl->getObjectIdentity()); - $this->assertTrue($acl->isEntriesInheriting()); - } - - /** - * @depends testConstructorEmptyCollection - */ - public function testConstructorWithAces() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\Entry'); - - $obj = $this->createModelObjectIdentity(1); - - // object based ACE - $entry = $this->createEntry(); - $entry - ->setObjectIdentity($obj) - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity())) - ->setAclClass($this->getAclClass()) - ; - $collection->append($entry); - - // object field based ACE - $entry = $this->createEntry(); - $entry - ->setObjectIdentity($obj) - ->setFieldName('name') - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity())) - ->setAclClass($this->getAclClass()) - ; - $collection->append($entry); - - // class based ACE - $entry = $this->createEntry(); - $entry - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity())) - ->setAclClass($this->getAclClass()) - ; - $collection->append($entry); - - // class field based ACE - $entry = $this->createEntry(); - $entry - ->setFieldName('name') - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity())) - ->setAclClass($this->getAclClass()) - ; - $collection->append($entry); - - $acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy()); - $this->assertNotEmpty($acl->getClassAces()); - $this->assertNotEmpty($acl->getObjectAces()); - $this->assertEquals(array('name'), $acl->getFields()); - $this->assertNotEmpty($acl->getClassFieldAces('name')); - $this->assertNotEmpty($acl->getObjectFieldAces('name')); - - $classAces = $acl->getClassAces(); - $objectAces = $acl->getObjectAces(); - $classFieldAces = $acl->getClassFieldAces('name'); - $objectFieldAces = $acl->getObjectFieldAces('name'); - - $this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $classAces[0]); - $this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $objectAces[0]); - $this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $classFieldAces[0]); - $this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $objectFieldAces[0]); - - $this->assertSame($acl, $classAces[0]->getAcl()); - $this->assertSame($acl, $objectAces[0]->getAcl()); - $this->assertSame($acl, $classFieldAces[0]->getAcl()); - $this->assertSame($acl, $objectFieldAces[0]->getAcl()); - - $this->assertEquals('name', $classFieldAces[0]->getField()); - $this->assertEquals('name', $objectFieldAces[0]->getField()); - } - - public function testIsSidLoadedNoneLoaded() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\Entry'); - $acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy()); - - $this->assertFalse($acl->isSidLoaded($this->getRoleSecurityIdentity())); - } - - public function testIsSidLoadedInvalid() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\Entry'); - - $aclObj = $this->getAclObjectIdentity(); - $acl = new Acl($collection, $aclObj, new PermissionGrantingStrategy()); - - $this->setExpectedException('InvalidArgumentException'); - $acl->isSidLoaded('foo'); - } - - public function testIsGrantedNoAces() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\Entry'); - - $acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy()); - - $this->setExpectedException('Symfony\Component\Security\Acl\Exception\NoAceFoundException'); - $acl->isGranted(array(64), array($this->getRoleSecurityIdentity())); - } - - public function testIsGrantedNoMatchingSecurityIdentity() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\Entry'); - - $entry = $this->createEntry(); - $entry - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN'))) - ->setAclClass($this->getAclClass()) - ; - $collection->append($entry); - - $acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy()); - - $this->setExpectedException('Symfony\Component\Security\Acl\Exception\NoAceFoundException'); - $acl->isGranted(array(64), array($this->getRoleSecurityIdentity('ROLE_USER'))); - } - - public function testIsFieldGrantedNoAces() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\Entry'); - - $acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy()); - - $this->setExpectedException('Symfony\Component\Security\Acl\Exception\NoAceFoundException'); - $acl->isFieldGranted('name', array(64), array($this->getRoleSecurityIdentity())); - } - - public function testSerializeUnserialize() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\Entry'); - - $entry = $this->createEntry(); - $entry - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN'))) - ->setAclClass($this->getAclClass()) - ; - $collection->append($entry); - - $acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy()); - $serialized = serialize($acl); - $unserialized = unserialize($serialized); - - $this->assertNotEmpty($serialized); - $this->assertNotEmpty($unserialized); - $this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Acl', $unserialized); - $this->assertEquals($serialized, serialize($unserialized)); - } -} diff --git a/Tests/Security/Acl/Domain/AuditableAclTest.php b/Tests/Security/Acl/Domain/AuditableAclTest.php deleted file mode 100644 index 15eeaa1..0000000 --- a/Tests/Security/Acl/Domain/AuditableAclTest.php +++ /dev/null @@ -1,212 +0,0 @@ - - */ -class AuditableAclTest extends AclTestCase -{ - public function testUpdateAuditingInvalidIndex() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\Entry'); - - $acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy()); - - $this->setExpectedException('OutOfBoundsException'); - $acl->updateObjectAuditing(0, false, false); - } - - public function testUpdateAuditingInvalidField() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\Entry'); - - $obj = $this->createModelObjectIdentity(1); - $entry = $this->createEntry(); - $entry - ->setObjectIdentity($obj) - ->setFieldName('name') - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity())) - ->setAclClass($this->getAclClass()) - ; - $collection->append($entry); - $acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy()); - - $this->setExpectedException('InvalidArgumentException'); - $acl->updateObjectFieldAuditing(0, 'foo', false, false); - } - - public function testUpdateAuditingInvalidFlag() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\Entry'); - - $obj = $this->createModelObjectIdentity(1); - $entry = $this->createEntry(); - $entry - ->setObjectIdentity($obj) - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity())) - ->setAclClass($this->getAclClass()) - ; - $collection->append($entry); - $acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy()); - - $this->setExpectedException('InvalidArgumentException'); - $acl->updateObjectAuditing(0, 'foo', 'bar'); - } - - public function testUpdateObjectAuditing() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\Entry'); - - $obj = $this->createModelObjectIdentity(1); - $entry = $this->createEntry(); - $entry - ->setObjectIdentity($obj) - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity())) - ->setAclClass($this->getAclClass()) - ; - $collection->append($entry); - $acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy()); - - $aces = $acl->getObjectAces(); - $this->assertCount(1, $aces); - - $acl->updateObjectAuditing(0, true, true); - $aces = $acl->getObjectAces(); - $this->assertTrue($aces[0]->isAuditSuccess()); - $this->assertTrue($aces[0]->isAuditFailure()); - - $acl->updateObjectAuditing(0, false, true); - $aces = $acl->getObjectAces(); - $this->assertFalse($aces[0]->isAuditSuccess()); - $this->assertTrue($aces[0]->isAuditFailure()); - - $acl->updateObjectAuditing(0, true, false); - $aces = $acl->getObjectAces(); - $this->assertTrue($aces[0]->isAuditSuccess()); - $this->assertFalse($aces[0]->isAuditFailure()); - - $acl->updateObjectAuditing(0, false, false); - $aces = $acl->getObjectAces(); - $this->assertFalse($aces[0]->isAuditSuccess()); - $this->assertFalse($aces[0]->isAuditFailure()); - } - - /** - * @depends testUpdateObjectAuditing - */ - public function testUpdateObjectFieldAuditing() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\Entry'); - - $obj = $this->createModelObjectIdentity(1); - $entry = $this->createEntry(); - $entry - ->setFieldName('name') - ->setObjectIdentity($obj) - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity())) - ->setAclClass($this->getAclClass()) - ; - $collection->append($entry); - - $acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy()); - - $aces = $acl->getObjectFieldAces('name'); - $this->assertCount(1, $aces); - - $acl->updateObjectFieldAuditing(0, 'name', true, true); - $aces = $acl->getObjectFieldAces('name'); - $this->assertTrue($aces[0]->isAuditSuccess()); - $this->assertTrue($aces[0]->isAuditFailure()); - - $acl->updateObjectFieldAuditing(0, 'name', false, false); - $aces = $acl->getObjectFieldAces('name'); - $this->assertFalse($aces[0]->isAuditSuccess()); - $this->assertFalse($aces[0]->isAuditFailure()); - } - - /** - * @depends testUpdateObjectAuditing - */ - public function testUpdateClassAuditing() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\Entry'); - - $entry = $this->createEntry(); - $entry - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity())) - ->setAclClass($this->getAclClass()) - ; - $collection->append($entry); - - $acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy()); - - $aces = $acl->getClassAces(); - $this->assertCount(1, $aces); - - $acl->updateClassAuditing(0, true, true); - $aces = $acl->getClassAces('name'); - $this->assertTrue($aces[0]->isAuditSuccess()); - $this->assertTrue($aces[0]->isAuditFailure()); - - $acl->updateClassAuditing(0, false, false); - $aces = $acl->getClassAces(); - $this->assertFalse($aces[0]->isAuditSuccess()); - $this->assertFalse($aces[0]->isAuditFailure()); - } - - /** - * @depends testUpdateObjectAuditing - */ - public function testUpdateClassFieldAuditing() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\Entry'); - - $entry = $this->createEntry(); - $entry - ->setFieldName('name') - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity())) - ->setAclClass($this->getAclClass()) - ; - $collection->append($entry); - - $acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy()); - - $aces = $acl->getClassFieldAces('name'); - $this->assertCount(1, $aces); - - $acl->updateClassFieldAuditing(0, 'name', true, true); - $aces = $acl->getClassFieldAces('name'); - $this->assertTrue($aces[0]->isAuditSuccess()); - $this->assertTrue($aces[0]->isAuditFailure()); - - $acl->updateClassFieldAuditing(0, 'name', false, false); - $aces = $acl->getClassFieldAces('name'); - $this->assertFalse($aces[0]->isAuditSuccess()); - $this->assertFalse($aces[0]->isAuditFailure()); - } -} diff --git a/Tests/Security/Acl/Domain/EntryTest.php b/Tests/Security/Acl/Domain/EntryTest.php deleted file mode 100644 index d73d479..0000000 --- a/Tests/Security/Acl/Domain/EntryTest.php +++ /dev/null @@ -1,70 +0,0 @@ - - */ -class EntryTest extends AclTestCase -{ - public function testConstruct() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\Entry'); - $acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy()); - - $model = $this->createEntry(); - $model->setAuditFailure(true); - $model->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity())); - - $entry = new Entry($model, $acl); - - $this->assertEquals($model->getMask(), $entry->getMask()); - $this->assertEquals($model->getGranting(), $entry->isGranting()); - $this->assertEquals($model->getGrantingStrategy(), $entry->getStrategy()); - $this->assertEquals($model->getAuditFailure(), $entry->isAuditFailure()); - $this->assertEquals($model->getAuditSuccess(), $entry->isAuditSuccess()); - $this->assertEquals($this->getRoleSecurityIdentity(), $entry->getSecurityIdentity()); - - return $entry; - } - - /** - * @depends testConstruct - */ - public function testSerializeUnserialize(Entry $entry) - { - $serialized = serialize($entry); - $unserialized = unserialize($serialized); - - $this->assertNotEmpty($serialized); - $this->assertNotEmpty($unserialized); - $this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $unserialized); - - $this->assertEquals($entry->getMask(), $unserialized->getMask()); - $this->assertEquals($entry->isGranting(), $unserialized->isGranting()); - $this->assertEquals($entry->getStrategy(), $unserialized->getStrategy()); - $this->assertEquals($entry->isAuditFailure(), $unserialized->isAuditFailure()); - $this->assertEquals($entry->isAuditSuccess(), $unserialized->isAuditSuccess()); - $this->assertEquals($entry->getSecurityIdentity(), $unserialized->getSecurityIdentity()); - - $this->assertEquals($serialized, serialize($unserialized)); - } -} diff --git a/Tests/Security/Acl/Domain/FieldEntryTest.php b/Tests/Security/Acl/Domain/FieldEntryTest.php deleted file mode 100644 index c591218..0000000 --- a/Tests/Security/Acl/Domain/FieldEntryTest.php +++ /dev/null @@ -1,73 +0,0 @@ - - */ -class FieldEntryTest extends AclTestCase -{ - public function testConstruct() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\Entry'); - $acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy()); - - $model = $this->createEntry(); - $model->setFieldName('name'); - $model->setAuditFailure(true); - $model->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity())); - - $entry = new FieldEntry($model, $acl); - - $this->assertEquals($model->getMask(), $entry->getMask()); - $this->assertEquals($model->getGranting(), $entry->isGranting()); - $this->assertEquals($model->getGrantingStrategy(), $entry->getStrategy()); - $this->assertEquals($model->getAuditFailure(), $entry->isAuditFailure()); - $this->assertEquals($model->getAuditSuccess(), $entry->isAuditSuccess()); - $this->assertEquals($model->getFieldName(), $entry->getField()); - $this->assertEquals($this->getRoleSecurityIdentity(), $entry->getSecurityIdentity()); - - return $entry; - } - - /** - * @depends testConstruct - */ - public function testSerializeUnserialize(FieldEntry $entry) - { - $serialized = serialize($entry); - $unserialized = unserialize($serialized); - - $this->assertNotEmpty($serialized); - $this->assertNotEmpty($unserialized); - $this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $unserialized); - - $this->assertEquals($entry->getMask(), $unserialized->getMask()); - $this->assertEquals($entry->isGranting(), $unserialized->isGranting()); - $this->assertEquals($entry->getStrategy(), $unserialized->getStrategy()); - $this->assertEquals($entry->isAuditFailure(), $unserialized->isAuditFailure()); - $this->assertEquals($entry->isAuditSuccess(), $unserialized->isAuditSuccess()); - $this->assertEquals($entry->getSecurityIdentity(), $unserialized->getSecurityIdentity()); - $this->assertEquals($entry->getField(), $unserialized->getField()); - - $this->assertEquals($serialized, serialize($unserialized)); - } -} diff --git a/Tests/Security/Acl/Domain/MutableAclTest.php b/Tests/Security/Acl/Domain/MutableAclTest.php deleted file mode 100644 index f70d06c..0000000 --- a/Tests/Security/Acl/Domain/MutableAclTest.php +++ /dev/null @@ -1,276 +0,0 @@ - - */ -class MutableAclTest extends AclTestCase -{ - public function testConstructorInvalidCollection() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\AclClass'); - - $this->setExpectedException('Symfony\Component\Security\Acl\Exception\Exception'); - new MutableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy(), array(), null, false, $this->con); - } - - public function testConstructorEmptyCollection() - { - $acl = $this->createEmptyAcl(1, array(), null, false); - - $this->assertEquals(1, $acl->getId()); - $this->assertEmpty($acl->getClassAces()); - $this->assertEmpty($acl->getObjectAces()); - $this->assertEmpty($acl->getFields()); - $this->assertNull($acl->getParentAcl()); - $this->assertFalse($acl->isEntriesInheriting()); - } - - /** - * @depends testConstructorEmptyCollection - */ - public function testSetUnsetParentAcl() - { - $parentAcl = $this->createEmptyAcl(1); - $acl = $this->createEmptyAcl(2); - - $acl->setParentAcl($parentAcl); - $acl->setEntriesInheriting(true); - - $this->assertSame($parentAcl, $acl->getParentAcl()); - $this->assertTrue($acl->isEntriesInheriting()); - $this->assertEquals(1, $acl->getParentAcl()->getId()); - - $acl->setParentAcl(null); - $this->assertNull($acl->getParentAcl()); - } - - public function testInsertAceInvalidMask() - { - $acl = $this->createEmptyAcl(); - $this->setExpectedException('InvalidArgumentException', 'The given mask is not valid. Please provide an integer.'); - $acl->insertClassAce($this->getRoleSecurityIdentity(), 'foo'); - } - - public function testInsertAceOutofBounds() - { - $acl = $this->createEmptyAcl(); - $this->setExpectedException('OutOfBoundsException', 'The index must be in the interval [0, 0].'); - $acl->insertClassAce($this->getRoleSecurityIdentity(), 64, 1); - } - - public function insertAceProvider() - { - return array( - array('ClassAce'), - array('ClassFieldAce', 'name'), - array('ObjectAce'), - array('ObjectFieldAce', 'name'), - ); - } - - /** - * @dataProvider insertAceProvider - */ - public function testInsertFirstAce($type, $field = null) - { - $acl = $this->createEmptyAcl(); - - if (null !== $field) { - $acl->{'insert'.$type}($field, $this->getRoleSecurityIdentity(), 64); - $aces = $acl->{'get'.$type.'s'}($field); - } else { - $acl->{'insert'.$type}($this->getRoleSecurityIdentity(), 64); - $aces = $acl->{'get'.$type.'s'}(); - } - - $this->assertNotEmpty($aces); - $this->assertCount(1, $aces); - $this->assertEquals($this->getRoleSecurityIdentity(), $aces[0]->getSecurityIdentity()); - $this->assertEquals(64, $aces[0]->getMask()); - $this->assertTrue($aces[0]->isGranting()); - $this->assertNull($aces[0]->getId()); - $this->assertEquals('all', $aces[0]->getStrategy()); - - if (null !== $field) { - $this->assertEquals($field, $aces[0]->getField()); - } - } - - public function testUpdateAceInvalidIndex() - { - $acl = $this->createEmptyAcl(); - $this->setExpectedException('OutOfBoundsException'); - $acl->updateClassAce(0, 64); - } - - /** - * @depends testInsertFirstAce - */ - public function testUpdateFieldAceInvalidField() - { - $acl = $this->createEmptyAcl(); - $acl->insertClassAce($this->getRoleSecurityIdentity(), 64); - - $this->setExpectedException('InvalidArgumentException', 'The given field "name" does not exist.'); - $acl->updateClassFieldAce(0, 'name', 128); - } - - /** - * @depends testInsertFirstAce - */ - public function testInsertUpdateDelete() - { - $secIdentity = $this->getRoleSecurityIdentity(); - - $acl = $this->createEmptyAcl(); - - // insert - - $acl->insertClassAce($secIdentity, 64); - $acl->insertClassFieldAce('name', $secIdentity, 32); - $acl->insertObjectAce($secIdentity, 128); - $acl->insertObjectFieldAce('name', $secIdentity, 16, 0, false); - - $classAces = $acl->getClassAces(); - $classFieldAces = $acl->getClassFieldAces('name'); - $objectAces = $acl->getObjectAces(); - $objectFieldAces = $acl->getObjectFieldAces('name'); - - $this->assertCount(1, $classAces); - $this->assertCount(1, $classFieldAces); - $this->assertCount(1, $objectAces); - $this->assertCount(1, $objectFieldAces); - $this->assertEquals(array('name'), $acl->getFields()); - - $this->assertEquals(64, $classAces[0]->getMask()); - $this->assertEquals(32, $classFieldAces[0]->getMask()); - $this->assertEquals(128, $objectAces[0]->getMask()); - $this->assertEquals(16, $objectFieldAces[0]->getMask()); - - $this->assertEquals('all', $classAces[0]->getStrategy()); - $this->assertEquals('all', $classFieldAces[0]->getStrategy()); - $this->assertEquals('all', $objectAces[0]->getStrategy()); - $this->assertEquals('any', $objectFieldAces[0]->getStrategy()); - - $this->assertFalse($objectFieldAces[0]->isGranting()); - - // update - - $acl->updateClassAce(0, 256); - $acl->updateClassFieldAce(0, 'name', 128, 'any'); - $acl->updateObjectAce(0, 64, 'equal'); - $acl->updateObjectFieldAce(0, 'name', 32, 'all'); - - $this->assertCount(1, $classAces); - $this->assertCount(1, $classFieldAces); - $this->assertCount(1, $objectAces); - $this->assertCount(1, $objectFieldAces); - - $classAces = $acl->getClassAces(); - $classFieldAces = $acl->getClassFieldAces('name'); - $objectAces = $acl->getObjectAces(); - $objectFieldAces = $acl->getObjectFieldAces('name'); - - $this->assertEquals(256, $classAces[0]->getMask()); - $this->assertEquals(128, $classFieldAces[0]->getMask()); - $this->assertEquals(64, $objectAces[0]->getMask()); - $this->assertEquals(32, $objectFieldAces[0]->getMask()); - - $this->assertEquals('all', $classAces[0]->getStrategy()); - $this->assertEquals('any', $classFieldAces[0]->getStrategy()); - $this->assertEquals('equal', $objectAces[0]->getStrategy()); - $this->assertEquals('all', $objectFieldAces[0]->getStrategy()); - - // delete - - $acl->deleteClassAce(0); - $acl->deleteClassFieldAce(0, 'name'); - $acl->deleteObjectAce(0); - $acl->deleteObjectFieldAce(0, 'name'); - - $classAces = $acl->getClassAces(); - $classFieldAces = $acl->getClassFieldAces('name'); - $objectAces = $acl->getObjectAces(); - $objectFieldAces = $acl->getObjectFieldAces('name'); - - $this->assertCount(0, $classAces); - $this->assertCount(0, $classFieldAces); - $this->assertCount(0, $objectAces); - $this->assertCount(0, $objectFieldAces); - } - - /** - * @depends testInsertUpdateDelete - */ - public function testUpdatePersistedAceKeepsId() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\Entry'); - - $entry = $this->createEntry(); - $entry - ->setId(42) - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN'))) - ->setAclClass($this->getAclClass()) - ; - $collection->append($entry); - - $acl = new MutableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy()); - $acl->updateClassAce(0, 128); - - $aces = $acl->getClassAces(); - $this->assertEquals(42, $aces[0]->getId()); - $this->assertEquals(128, $aces[0]->getMask()); - } - - public function testSerializeUnserialize() - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\Entry'); - - $entry = $this->createEntry(); - $entry - ->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN'))) - ->setAclClass($this->getAclClass()) - ; - $collection->append($entry); - - $acl = new MutableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy()); - $serialized = serialize($acl); - $unserialized = unserialize($serialized); - - $this->assertNotEmpty($serialized); - $this->assertNotEmpty($unserialized); - $this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\MutableAcl', $unserialized); - $this->assertEquals($serialized, serialize($unserialized)); - } - - protected function createEmptyAcl($identifier = 1, array $securityIdentities = array(), AclInterface $parentAcl = null, $inherited = null) - { - $collection = new \PropelObjectCollection(); - $collection->setModel('Propel\PropelBundle\Model\Acl\Entry'); - - return new MutableAcl($collection, $this->getAclObjectIdentity($identifier), new PermissionGrantingStrategy(), $securityIdentities, $parentAcl, $inherited, $this->con); - } -} diff --git a/Tests/Security/Acl/MutableAclProviderTest.php b/Tests/Security/Acl/MutableAclProviderTest.php deleted file mode 100644 index 5a498e4..0000000 --- a/Tests/Security/Acl/MutableAclProviderTest.php +++ /dev/null @@ -1,319 +0,0 @@ - - */ -class MutableAclProviderTest extends AclTestCase -{ - public function testCreateAcl() - { - $acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1)); - - $this->assertNotEmpty($acl); - $this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\MutableAcl', $acl); - $this->assertEquals(1, $acl->getId()); - - $this->assertEmpty($acl->getClassAces()); - $this->assertEmpty($acl->getObjectAces()); - $this->assertEmpty($acl->getFields()); - } - - /** - * @depends testCreateAcl - */ - public function testUpdateAclCreatesInsertedAces() - { - $acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1)); - $acl->insertObjectAce($this->getRoleSecurityIdentity(), 64); - $acl->insertClassFieldAce('name', $this->getRoleSecurityIdentity('ROLE_ADMIN'), 128); - - $this->assertCount(1, $acl->getObjectAces()); - $this->assertEquals(array('name'), $acl->getFields()); - $this->assertCount(1, $acl->getClassFieldAces('name')); - - $this->assertEquals(0, EntryQuery::create()->count($this->con)); - $this->assertTrue($this->getAclProvider()->updateAcl($acl)); - $this->assertEquals(2, EntryQuery::create()->count($this->con)); - - $acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1)); - $this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\MutableAcl', $acl); - - $objAces = $acl->getObjectAces(); - $this->assertCount(1, $objAces); - - $entry = $objAces[0]; - $this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $entry); - $this->assertEquals(64, $entry->getMask()); - $this->assertEquals($this->getRoleSecurityIdentity(), $entry->getSecurityIdentity()); - - $classFieldAces = $acl->getClassFieldAces('name'); - $this->assertCount(1, $classFieldAces); - - $entry = $classFieldAces[0]; - $this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $entry); - $this->assertEquals('name', $entry->getField()); - $this->assertEquals(128, $entry->getMask()); - $this->assertEquals($this->getRoleSecurityIdentity('ROLE_ADMIN'), $entry->getSecurityIdentity()); - } - - /** - * @depends testUpdateAclCreatesInsertedAces - */ - public function testCreateAclAlreadyExists() - { - $acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1)); - $acl->insertObjectAce($this->getRoleSecurityIdentity(), 64); - $this->getAclProvider()->updateAcl($acl); - - $this->setExpectedException('Symfony\Component\Security\Acl\Exception\AclAlreadyExistsException'); - $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1)); - } - - /** - * @depends testUpdateAclCreatesInsertedAces - */ - public function testCreateAclWithParent() - { - $parentAcl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1)); - $parentAcl->insertObjectAce($this->getRoleSecurityIdentity(), 64); - $this->getAclProvider()->updateAcl($parentAcl); - - $acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(2)); - $acl->insertObjectAce($this->getRoleSecurityIdentity(), 128); - $acl->setParentAcl($parentAcl); - $this->getAclProvider()->updateAcl($acl); - - $entries = ObjectIdentityQuery::create()->orderById(\Criteria::ASC)->find($this->con); - $this->assertCount(2, $entries); - $this->assertNull($entries[0]->getParentObjectIdentityId()); - $this->assertEquals($entries[0]->getId(), $entries[1]->getParentObjectIdentityId()); - } - - public function testUpdateAclInvalidAcl() - { - $acl = $this->getMock('Symfony\Component\Security\Acl\Model\MutableAclInterface'); - - $this->setExpectedException('InvalidArgumentException'); - $this->getAclProvider()->updateAcl($acl); - } - - /** - * @depends testUpdateAclCreatesInsertedAces - */ - public function testUpdateAclRemovesDeletedEntries() - { - $acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1)); - - $acl->insertObjectFieldAce('name', $this->getRoleSecurityIdentity(), 4); - $acl->insertObjectFieldAce('slug', $this->getRoleSecurityIdentity(), 1); - $this->getAclProvider()->updateAcl($acl); - $this->assertEquals(2, EntryQuery::create()->count($this->con)); - - $acl->deleteObjectFieldAce(0, 'slug'); - $this->getAclProvider()->updateAcl($acl); - $this->assertEquals(1, EntryQuery::create()->count($this->con)); - - $entry = EntryQuery::create()->findOne($this->con); - $this->assertEquals('name', $entry->getFieldName()); - $this->assertEquals(4, $entry->getMask()); - } - - /** - * @depends testUpdateAclCreatesInsertedAces - */ - public function testUpdateAclCreatesMultipleAces() - { - $acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1)); - - $acl->insertObjectFieldAce('name', $this->getRoleSecurityIdentity(), 16, 0, true, 'all'); - $acl->insertObjectFieldAce('name', $this->getRoleSecurityIdentity(), 4); - $acl->insertObjectFieldAce('slug', $this->getRoleSecurityIdentity(), 1); - $this->assertCount(2, $acl->getObjectFieldAces('name')); - - $this->getAclProvider()->updateAcl($acl); - - $entries = EntryQuery::create()->orderByMask(\Criteria::ASC)->find($this->con); - $this->assertCount(3, $entries); - - $slugAce = $entries[0]; - - $this->assertEquals('slug', $slugAce->getFieldName()); - $this->assertEquals(1, $slugAce->getMask()); - - $nameRead = $entries[1]; - $this->assertEquals('name', $nameRead->getFieldName()); - $this->assertEquals(0, $nameRead->getAceOrder()); - $this->assertEquals(4, $nameRead->getMask()); - $this->assertEquals('all', $nameRead->getGrantingStrategy()); - - $nameUndelete = $entries[2]; - $this->assertEquals('name', $nameUndelete->getFieldName()); - $this->assertEquals(1, $nameUndelete->getAceOrder()); - $this->assertEquals(16, $nameUndelete->getMask()); - $this->assertEquals('all', $nameUndelete->getGrantingStrategy()); - } - - /** - * @depends testUpdateAclCreatesInsertedAces - */ - public function testUpdateAclReadsExistingAce() - { - $acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1)); - $acl->insertObjectAce($this->getRoleSecurityIdentity(), 64); - $this->getAclProvider()->updateAcl($acl); - - $entry = EntryQuery::create()->findOne($this->con); - - $acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1)); - $acl->updateObjectAce(0, 128); - $this->getAclProvider()->updateAcl($acl); - - $updatedEntry = clone $entry; - $updatedEntry->reload(false, $this->con); - - $this->assertEquals($entry->getId(), $updatedEntry->getId()); - $this->assertEquals(128, $updatedEntry->getMask()); - } - - public function testDeleteAclNotExisting() - { - $this->assertTrue($this->getAclProvider()->deleteAcl($this->getAclObjectIdentity())); - } - - /** - * @depends testUpdateAclCreatesInsertedAces - */ - public function testDeleteAcl() - { - $aclObj = $this->getAclObjectIdentity(1); - $acl = $this->getAclProvider()->createAcl($aclObj); - $acl->insertObjectAce($this->getRoleSecurityIdentity(), 64); - $acl->insertClassFieldAce('name', $this->getRoleSecurityIdentity('ROLE_ADMIN'), 128); - - $this->assertTrue($this->getAclProvider()->deleteAcl($aclObj)); - $this->assertEquals(0, ObjectIdentityQuery::create()->count($this->con)); - $this->assertEquals(0, EntryQuery::create()->count($this->con)); - } - - /** - * @depends testCreateAclWithParent - */ - public function testDeleteAclRemovesChildAcl() - { - $parentAcl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1)); - $parentAcl->insertObjectAce($this->getRoleSecurityIdentity(), 64); - $this->getAclProvider()->updateAcl($parentAcl); - - $acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(2)); - $acl->insertObjectAce($this->getRoleSecurityIdentity(), 128); - $acl->setParentAcl($parentAcl); - $this->getAclProvider()->updateAcl($acl); - - $this->getAclProvider()->deleteAcl($this->getAclObjectIdentity(1)); - - $this->assertEquals(0, ObjectIdentityQuery::create()->count($this->con)); - } - - /** - * @depends testDeleteAcl - */ - public function testDeleteAclRemovesClassEntriesIfLastObject() - { - $acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1)); - $acl->insertClassAce($this->getRoleSecurityIdentity(), 128); - $this->getAclProvider()->updateAcl($acl); - - $this->getAclProvider()->deleteAcl($this->getAclObjectIdentity(1)); - $this->assertEquals(0, EntryQuery::create()->count($this->con)); - } - - /** - * @depends testUpdateAclCreatesInsertedAces - */ - public function testUpdateAclWritesCacheOfNewAcl() - { - $this->cache = new AclCache(); - $this->assertEmpty($this->cache->content); - - $acl = $this->getAcl(); - - $this->assertNotEmpty($this->cache->content); - $this->assertSame($acl, $this->cache->content[$acl->getId()]); - } - - /** - * @depends testUpdateAclWritesCacheOfNewAcl - */ - public function testUpdateAclUpdatesCacheOfAcl() - { - $this->cache = new AclCache(); - $acl = $this->getAcl(1); - - $acl->updateObjectAce(0, 128); - $this->getAclProvider()->updateAcl($acl); - - $objectAces = $this->cache->content[$acl->getId()]->getObjectAces(); - $this->assertEquals(128, $objectAces[0]->getMask()); - } - - /** - * @depends testUpdateAclWritesCacheOfNewAcl - */ - public function testDeleteAclEvictsFromCache() - { - $this->cache = new AclCache(); - - $this->getAcl(); - $this->getAclProvider()->deleteAcl($this->getAclObjectIdentity(1)); - - $this->assertEmpty($this->cache->content); - } - - /** - * @depends testCreateAclWithParent - * @depends testDeleteAclEvictsFromCache - */ - public function testDeleteAclEvictsChildrenFromCache() - { - $this->cache = new AclCache(); - - $parentAcl = $this->getAcl(1); - $childAcl = $this->getAcl(2); - $grandChildAcl = $this->getAcl(3); - $grandChildAcl->setParentAcl($childAcl); - $childAcl->setParentAcl($parentAcl); - - $this->getAclProvider()->updateAcl($grandChildAcl); - $this->getAclProvider()->updateAcl($childAcl); - - $this->assertCount(3, $this->cache->content); - - $this->getAclProvider()->deleteAcl($this->getAclObjectIdentity(1)); - $this->assertEmpty($this->cache->content); - } - - protected function getAcl($identifier = 1) - { - $acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity($identifier)); - $acl->insertObjectAce($this->getRoleSecurityIdentity(), 64); - $this->getAclProvider()->updateAcl($acl); - - return $acl; - } -} diff --git a/composer.json b/composer.json index 2d5cb40..6ac302e 100644 --- a/composer.json +++ b/composer.json @@ -34,6 +34,6 @@ }, "suggest": { - "symfony/security-acl": "For using the Propel ACL implementation" + "propel/propel-acl-bundle": "For using the Propel ACL implementation" } }