deblan/propel-bundle
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

remove Symfony Security ACL integration

Browse source 
The PropelAclBundle will provide integration of the Symfony Security ACL component.
This commit is contained in:
Toni Uebernickel 2016-01-23 18:48:43 +01:00
commit 13b34567f5
42 changed files with 1 additions and 5159 deletions
Download patch file Download diff file Expand all files Collapse all files

95
Command/AclInitCommand.php
View file

@ -1,95 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Command;
use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Output\Output;
use Symfony\Component\Filesystem\Filesystem;
use Symfony\Component\HttpKernel\Bundle\BundleInterface;
use Symfony\Component\HttpKernel\KernelInterface;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AclInitCommand extends SqlInsertCommand
{
protected function configure()
{
$this
->setDescription('Initialize "Access Control Lists" model and SQL')
->addOption('force', null, InputOption::VALUE_NONE, 'Set this parameter to execute this action.')
->addOption('connection', null, InputOption::VALUE_OPTIONAL, 'Set this parameter to define a connection to use')
->setHelp(<<<EOT
The <info>%command.name%</info> command connects to the database and executes all SQL statements required to setup the ACL database, it also generates the ACL model.
<info>php %command.full_name%</info>
The <info>--force</info> parameter has to be used to actually insert SQL.
The <info>--connection</info> parameter allows you to change the connection to use.
The default connection is the active connection (propel.dbal.default_connection).
EOT
)
->setName('propel:acl:init')
;
}
protected function execute(InputInterface $input, OutputInterface $output)
{
// Generate ACL model
if (true == $result = $this->callPhing('om')) {
$output->writeln(sprintf(
'>> <info>%20s</info> Generated model classes from <comment>%s</comment>',
$this->getApplication()->getKernel()->getBundle('PropelBundle')->getName(),
'acl_schema.xml'
));
} else {
$this->writeTaskError($output, 'om');
return 1;
}
// Prepare SQL directory
$sqlDirectory = $this->getSqlDir();
$filesystem = new Filesystem();
$filesystem->remove($sqlDirectory);
$filesystem->mkdir($sqlDirectory);
if (true == $result = $this->callPhing('build-sql', array('propel.sql.dir' => $sqlDirectory))) {
$this->writeSection(
$output,
'<comment>1</comment> <info>SQL file has been generated.</info>'
);
} else {
$this->writeTaskError($output, 'build-sql');
return 2;
}
return parent::execute($input, $output);
}
protected function getFinalSchemas(KernelInterface $kernel, BundleInterface $bundle = null)
{
$aclSchema = new \SplFileInfo($kernel->locateResource('@PropelBundle/Resources/acl_schema.xml'));
return array((string) $aclSchema => array($kernel->getBundle('PropelBundle'), $aclSchema));
}
protected function getSqlDir()
{
return sprintf('%s/cache/%s/propel/acl/sql',
$this->getApplication()->getKernel()->getRootDir(),
$this->getApplication()->getKernel()->getEnvironment()
);
}
}

42
Model/Acl/AclClass.php
View file

@ -1,42 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseAclClass;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
class AclClass extends BaseAclClass
{
/**
* Return an AclClass for the given ACL ObjectIdentity.
*
* If none can be found, a new one will be saved.
*
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
* @param \PropelPDO $con
*
* @return \Propel\PropelBundle\Model\Acl\AclClass
*/
public static function fromAclObjectIdentity(ObjectIdentityInterface $objectIdentity, \PropelPDO $con = null)
{
$obj = AclClassQuery::create()
->filterByType($objectIdentity->getType())
->findOneOrCreate($con)
;
if ($obj->isNew()) {
$obj->save($con);
}
return $obj;
}
}

18
Model/Acl/AclClassPeer.php
View file

@ -1,18 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseAclClassPeer;
class AclClassPeer extends BaseAclClassPeer
{
}

18
Model/Acl/AclClassQuery.php
View file

@ -1,18 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseAclClassQuery;
class AclClassQuery extends BaseAclClassQuery
{
}

80
Model/Acl/Entry.php
View file

@ -1,80 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseEntry;
use Propel\PropelBundle\Security\Acl\Domain\Entry as AclEntry;
use Propel\PropelBundle\Security\Acl\Domain\FieldEntry as AclFieldEntry;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\EntryInterface;
use Symfony\Component\Security\Acl\Model\AuditableEntryInterface;
use Symfony\Component\Security\Acl\Model\FieldEntryInterface;
class Entry extends BaseEntry
{
/**
* Transform a given ACL entry into a Entry model.
*
* The entry will not be persisted!
*
* @param \Symfony\Component\Security\Acl\Model\EntryInterface $aclEntry
*
* @return \Propel\PropelBundle\Model\Acl\Entry
*/
public static function fromAclEntry(EntryInterface $aclEntry)
{
$entry = new self();
// Already persisted before?
if ($aclEntry->getId()) {
$entry->setId($aclEntry->getId());
}
$entry
->setMask($aclEntry->getMask())
->setGranting($aclEntry->isGranting())
->setGrantingStrategy($aclEntry->getStrategy())
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($aclEntry->getSecurityIdentity()))
;
if ($aclEntry instanceof FieldEntryInterface) {
$entry->setFieldName($aclEntry->getField());
}
if ($aclEntry instanceof AuditableEntryInterface) {
$entry
->setAuditFailure($aclEntry->isAuditFailure())
->setAuditSuccess($aclEntry->isAuditSuccess())
;
}
return $entry;
}
/**
* Transform a given model entry into an ACL related Entry (ACE).
*
* @param \Propel\PropelBundle\Model\Acl\Entry $modelEntry
* @param \Symfony\Component\Security\Acl\Model\AclInterface $acl
*
* @return \Symfony\Component\Security\Acl\Model\EntryInterface
*/
public static function toAclEntry(Entry $modelEntry, AclInterface $acl)
{
if (null === $modelEntry->getFieldName()) {
return new AclEntry($modelEntry, $acl);
}
return new AclFieldEntry($modelEntry, $acl);
}
}

18
Model/Acl/EntryPeer.php
View file

@ -1,18 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseEntryPeer;
class EntryPeer extends BaseEntryPeer
{
}

66
Model/Acl/EntryQuery.php
View file

@ -1,66 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseEntryQuery;
use Propel\PropelBundle\Model\Acl\EntryPeer;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
class EntryQuery extends BaseEntryQuery
{
/**
* Return Entry objects filtered by an ACL related ObjectIdentity.
*
* @see find()
*
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity An ACL related ObjectIdentity.
* @param array $securityIdentities A list of SecurityIdentity to filter by.
* @param \PropelPDO $con
*
* @return \PropelObjectCollection
*/
public function findByAclIdentity(ObjectIdentityInterface $objectIdentity, array $securityIdentities = array(), \PropelPDO $con = null)
{
$securityIds = array();
foreach ($securityIdentities as $eachIdentity) {
if (!$eachIdentity instanceof SecurityIdentityInterface) {
if (is_object($eachIdentity)) {
$errorMessage = sprintf('The list of security identities contains at least one invalid entry of class "%s". Please provide objects of classes implementing "Symfony\Component\Security\Acl\Model\SecurityIdentityInterface" only.', get_class($eachIdentity));
} else {
$errorMessage = sprintf('The list of security identities contains at least one invalid entry "%s". Please provide objects of classes implementing "Symfony\Component\Security\Acl\Model\SecurityIdentityInterface" only.', $eachIdentity);
}
throw new \InvalidArgumentException($errorMessage);
}
if ($securityIdentity = SecurityIdentity::fromAclIdentity($eachIdentity)) {
$securityIds[$securityIdentity->getId()] = $securityIdentity->getId();
}
}
$this
->useAclClassQuery(null, \Criteria::INNER_JOIN)
->filterByType((string) $objectIdentity->getType())
->endUse()
->leftJoinObjectIdentity()
->add(ObjectIdentityPeer::OBJECT_IDENTIFIER, (string) $objectIdentity->getIdentifier(), \Criteria::EQUAL)
->addOr(EntryPeer::OBJECT_IDENTITY_ID, null, \Criteria::ISNULL)
;
if (!empty($securityIdentities)) {
$this->filterBySecurityIdentityId($securityIds);
}
return $this->find($con);
}
}

137
Model/Acl/ObjectIdentity.php
View file

@ -1,137 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseObjectIdentity;
class ObjectIdentity extends BaseObjectIdentity
{
public function preInsert(\PropelPDO $con = null)
{
// Compatibility with default implementation.
$ancestor = new ObjectIdentityAncestor();
$ancestor->setObjectIdentityRelatedByObjectIdentityId($this);
$ancestor->setObjectIdentityRelatedByAncestorId($this);
$this->addObjectIdentityAncestorRelatedByAncestorId($ancestor);
if ($this->getParentObjectIdentityId()) {
$this->updateAncestorsTree($con);
}
return true;
}
public function preUpdate(\PropelPDO $con = null)
{
if ($this->isColumnModified(ObjectIdentityPeer::PARENT_OBJECT_IDENTITY_ID)) {
$this->updateAncestorsTree($con);
}
return true;
}
public function preDelete(\PropelPDO $con = null)
{
// Only retrieve direct children, it's faster and grand children will be retrieved recursively.
$children = ObjectIdentityQuery::create()->findChildren($this, $con);
$objIds = $children->getPrimaryKeys(false);
$objIds[] = $this->getId();
$children->delete($con);
// Manually delete those for DBAdapter not capable of cascading the DELETE.
ObjectIdentityAncestorQuery::create()
->filterByObjectIdentityId($objIds, \Criteria::IN)
->delete($con)
;
return true;
}
/**
* Update all ancestor entries to reflect changes on this instance.
*
* @param \PropelPDO $con
*
* @return \Propel\PropelBundle\Model\Acl\ObjectIdentity $this
*/
protected function updateAncestorsTree(\PropelPDO $con = null)
{
$con->beginTransaction();
$oldAncestors = ObjectIdentityQuery::create()->findAncestors($this, $con);
$children = ObjectIdentityQuery::create()->findGrandChildren($this, $con);
$children->append($this);
if (count($oldAncestors)) {
foreach ($children as $eachChild) {
/*
* Delete only those entries, that are ancestors based on the parent relation.
* Ancestors of grand children up to the current node will be kept.
*/
$query = ObjectIdentityAncestorQuery::create()
->filterByObjectIdentityId($eachChild->getId())
->filterByObjectIdentityRelatedByAncestorId($oldAncestors, \Criteria::IN)
;
if ($eachChild->getId() !== $this->getId()) {
$query->filterByAncestorId(array($eachChild->getId(), $this->getId()), \Criteria::NOT_IN);
} else {
$query->filterByAncestorId($this->getId(), \Criteria::NOT_EQUAL);
}
$query->delete($con);
}
}
// This is the new parent object identity!
$parent = $this->getObjectIdentityRelatedByParentObjectIdentityId($con);
if (null !== $parent) {
$newAncestors = ObjectIdentityQuery::create()->findAncestors($parent, $con);
$newAncestors->append($parent);
foreach ($newAncestors as $eachAncestor) {
// This collection contains the current object identity!
foreach ($children as $eachChild) {
$ancestor = ObjectIdentityAncestorQuery::create()
->filterByObjectIdentityId($eachChild->getId())
->filterByAncestorId($eachAncestor->getId())
->findOneOrCreate($con)
;
// If the entry already exists, next please.
if (!$ancestor->isNew()) {
continue;
}
if ($eachChild->getId() === $this->getId()) {
// Do not save() here, as it would result in an infinite recursion loop!
$this->addObjectIdentityAncestorRelatedByObjectIdentityId($ancestor);
} else {
// Save the new ancestor to avoid integrity constraint violation.
$ancestor->save($con);
$eachChild
->addObjectIdentityAncestorRelatedByObjectIdentityId($ancestor)
->save($con)
;
}
}
}
}
$con->commit();
return $this;
}
}

18
Model/Acl/ObjectIdentityAncestor.php
View file

@ -1,18 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseObjectIdentityAncestor;
class ObjectIdentityAncestor extends BaseObjectIdentityAncestor
{
}

18
Model/Acl/ObjectIdentityAncestorPeer.php
View file

@ -1,18 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseObjectIdentityAncestorPeer;
class ObjectIdentityAncestorPeer extends BaseObjectIdentityAncestorPeer
{
}

18
Model/Acl/ObjectIdentityAncestorQuery.php
View file

@ -1,18 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseObjectIdentityAncestorQuery;
class ObjectIdentityAncestorQuery extends BaseObjectIdentityAncestorQuery
{
}

18
Model/Acl/ObjectIdentityPeer.php
View file

@ -1,18 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseObjectIdentityPeer;
class ObjectIdentityPeer extends BaseObjectIdentityPeer
{
}

112
Model/Acl/ObjectIdentityQuery.php
View file

@ -1,112 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\ObjectIdentity;
use Propel\PropelBundle\Model\Acl\om\BaseObjectIdentityQuery;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
class ObjectIdentityQuery extends BaseObjectIdentityQuery
{
/**
* Filter by an ObjectIdentity object belonging to the given ACL related ObjectIdentity.
*
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
* @param \PropelPDO $con
*
* @return \Propel\PropelBundle\Model\Acl\ObjectIdentityQuery $this
*/
public function filterByAclObjectIdentity(ObjectIdentityInterface $objectIdentity, \PropelPDO $con = null)
{
/*
* Not using a JOIN here, because the filter may be applied on 'findOneOrCreate',
* which is currently (Propel 1.6.4-dev) not working.
*/
$aclClass = AclClass::fromAclObjectIdentity($objectIdentity, $con);
$this
->filterByClassId($aclClass->getId())
->filterByIdentifier($objectIdentity->getIdentifier())
;
return $this;
}
/**
* Return an ObjectIdentity object belonging to the given ACL related ObjectIdentity.
*
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
* @param \PropelPDO $con
*
* @return \Propel\PropelBundle\Model\Acl\ObjectIdentity
*/
public function findOneByAclObjectIdentity(ObjectIdentityInterface $objectIdentity, \PropelPDO $con = null)
{
return $this
->filterByAclObjectIdentity($objectIdentity, $con)
->findOne($con)
;
}
/**
* Return all children of the given object identity.
*
* @param \Propel\PropelBundle\Model\Acl\ObjectIdentity $objectIdentity
* @param \PropelPDO $con
*
* @return \PropelObjectCollection
*/
public function findChildren(ObjectIdentity $objectIdentity, \PropelPDO $con = null)
{
return $this
->filterByObjectIdentityRelatedByParentObjectIdentityId($objectIdentity)
->find($con)
;
}
/**
* Return all children and grand-children of the given object identity.
*
* @param \Propel\PropelBundle\Model\Acl\ObjectIdentity $objectIdentity
* @param \PropelPDO $con
*
* @return \PropelObjectCollection
*/
public function findGrandChildren(ObjectIdentity $objectIdentity, \PropelPDO $con = null)
{
return $this
->useObjectIdentityAncestorRelatedByObjectIdentityIdQuery()
->filterByObjectIdentityRelatedByAncestorId($objectIdentity)
->filterByObjectIdentityRelatedByObjectIdentityId($objectIdentity, \Criteria::NOT_EQUAL)
->endUse()
->find($con)
;
}
/**
* Return all ancestors of the given object identity.
*
* @param ObjectIdentity $objectIdentity
* @param \PropelPDO $con
*
* @return \PropelObjectCollection
*/
public function findAncestors(ObjectIdentity $objectIdentity, \PropelPDO $con = null)
{
return $this
->useObjectIdentityAncestorRelatedByAncestorIdQuery()
->filterByObjectIdentityRelatedByObjectIdentityId($objectIdentity)
->filterByObjectIdentityRelatedByAncestorId($objectIdentity, \Criteria::NOT_EQUAL)
->endUse()
->find($con)
;
}
}

85
Model/Acl/SecurityIdentity.php
View file

@ -1,85 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseSecurityIdentity;
use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity;
use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity;
use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
class SecurityIdentity extends BaseSecurityIdentity
{
/**
* Transform a given mode security identity into an ACL related SecurityIdentity.
*
* @param \Propel\PropelBundle\Model\Acl\SecurityIdentity $securityIdentity
*
* @return \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface
*/
public static function toAclIdentity(SecurityIdentity $securityIdentity)
{
$identifier = $securityIdentity->getIdentifier();
if ($securityIdentity->getUsername()) {
if (false === strpos($identifier, '-')) {
throw new \InvalidArgumentException('The given identifier does not resolve to a UserSecurityIdentity.');
}
list($class, $username) = explode('-', $identifier, 2);
return new UserSecurityIdentity($username, $class);
}
if (0 === strpos($identifier, 'ROLE_') or 0 === strpos($identifier, 'IS_AUTHENTICATED_')) {
return new RoleSecurityIdentity($identifier);
}
throw new \InvalidArgumentException('The security identity does not resolve to either UserSecurityIdentity or RoleSecurityIdentity.');
}
/**
* Transform a given ACL security identity into a SecurityIdentity model.
*
* If there is no model entry given, a new one will be created and saved to the database.
*
* @throws \InvalidArgumentException
*
* @param \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface $aclIdentity
* @param \PropelPDO $con
*
* @return \Propel\PropelBundle\Model\Acl\SecurityIdentity
*/
public static function fromAclIdentity(SecurityIdentityInterface $aclIdentity, \PropelPDO $con = null)
{
if ($aclIdentity instanceof UserSecurityIdentity) {
$identifier = $aclIdentity->getClass().'-'.$aclIdentity->getUsername();
$username = true;
} elseif ($aclIdentity instanceof RoleSecurityIdentity) {
$identifier = $aclIdentity->getRole();
$username = false;
} else {
throw new \InvalidArgumentException('The ACL identity must either be an instance of UserSecurityIdentity or RoleSecurityIdentity.');
}
$obj = SecurityIdentityQuery::create()
->filterByIdentifier($identifier)
->filterByUsername($username)
->findOneOrCreate($con)
;
if ($obj->isNew()) {
$obj->save($con);
}
return $obj;
}
}

18
Model/Acl/SecurityIdentityPeer.php
View file

@ -1,18 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseSecurityIdentityPeer;
class SecurityIdentityPeer extends BaseSecurityIdentityPeer
{
}

18
Model/Acl/SecurityIdentityQuery.php
View file

@ -1,18 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Model\Acl;
use Propel\PropelBundle\Model\Acl\om\BaseSecurityIdentityQuery;
class SecurityIdentityQuery extends BaseSecurityIdentityQuery
{
}

104
Resources/acl_schema.xml
View file

@ -1,104 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<database name="default" namespace="Propel\PropelBundle\Model\Acl" defaultIdMethod="native" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:noNamespaceSchemaLocation="http://xsd.propelorm.org/1.6/database.xsd">
<table name="acl_classes" phpName="AclClass">
<column name="id" type="integer" autoIncrement="true" primaryKey="true" />
<column name="class_type" type="varchar" size="200" required="true" phpName="Type" />
<unique>
<unique-column name="class_type" />
</unique>
</table>
<table name="acl_security_identities" phpName="SecurityIdentity">
<column name="id" type="integer" autoIncrement="true" primaryKey="true" />
<column name="identifier" type="varchar" size="200" required="true" />
<column name="username" type="boolean" required="true" />
<unique>
<unique-column name="identifier" />
<unique-column name="username" />
</unique>
</table>
<table name="acl_object_identities" phpName="ObjectIdentity">
<column name="id" type="integer" autoIncrement="true" primaryKey="true" />
<column name="class_id" type="integer" required="true" />
<column name="object_identifier" type="varchar" size="200" required="true" phpName="Identifier" />
<column name="parent_object_identity_id" type="integer" required="false" defaultValue="null" />
<column name="entries_inheriting" type="boolean" required="true" defaultValue="true" />
<unique>
<unique-column name="class_id" />
<unique-column name="object_identifier" />
</unique>
<index>
<index-column name="parent_object_identity_id" />
</index>
<foreign-key foreignTable="acl_classes" onDelete="RESTRICT" onUpdate="CASCADE">
<reference local="class_id" foreign="id" />
</foreign-key>
<foreign-key foreignTable="acl_object_identities" onDelete="RESTRICT" onUpdate="CASCADE">
<reference local="parent_object_identity_id" foreign="id" />
</foreign-key>
</table>
<table name="acl_object_identity_ancestors" phpName="ObjectIdentityAncestor" heavyIndexing="true">
<column name="object_identity_id" type="integer" primaryKey="true" />
<column name="ancestor_id" type="integer" primaryKey="true" />
<foreign-key foreignTable="acl_object_identities" onDelete="CASCADE" onUpdate="CASCADE">
<reference local="object_identity_id" foreign="id" />
</foreign-key>
<foreign-key foreignTable="acl_object_identities" onDelete="CASCADE" onUpdate="CASCADE">
<reference local="ancestor_id" foreign="id" />
</foreign-key>
</table>
<table name="acl_entries" phpName="Entry">
<column name="id" type="integer" autoIncrement="true" primaryKey="true" />
<column name="class_id" type="integer" required="true" />
<column name="object_identity_id" type="integer" required="false" defaultValue="null" />
<column name="security_identity_id" type="integer" required="true" />
<column name="field_name" type="varchar" size="50" />
<column name="ace_order" type="integer" required="true" />
<column name="mask" type="integer" required="true" />
<column name="granting" type="boolean" required="true" />
<column name="granting_strategy" type="varchar" size="30" required="true" />
<column name="audit_success" type="boolean" required="true" defaultValue="false" />
<column name="audit_failure" type="boolean" required="true" defaultValue="true" />
<unique>
<unique-column name="class_id" />
<unique-column name="object_identity_id" />
<unique-column name="field_name" />
<unique-column name="ace_order" />
</unique>
<index>
<index-column name="class_id" />
<index-column name="object_identity_id" />
<index-column name="security_identity_id" />
</index>
<index>
<index-column name="class_id" />
</index>
<index>
<index-column name="object_identity_id" />
</index>
<index>
<index-column name="security_identity_id" />
</index>
<foreign-key foreignTable="acl_classes" onDelete="CASCADE" onUpdate="CASCADE">
<reference local="class_id" foreign="id" />
</foreign-key>
<foreign-key foreignTable="acl_object_identities" onDelete="CASCADE" onUpdate="CASCADE">
<reference local="object_identity_id" foreign="id" />
</foreign-key>
<foreign-key foreignTable="acl_security_identities" onDelete="CASCADE" onUpdate="CASCADE">
<reference local="security_identity_id" foreign="id" />
</foreign-key>
</table>
</database>

178
Security/Acl/AclProvider.php
View file

@ -1,178 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Security\Acl;
use Propel\PropelBundle\Model\Acl\EntryQuery;
use Propel\PropelBundle\Model\Acl\ObjectIdentityQuery;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Security\Acl\Domain\Acl;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use Symfony\Component\Security\Acl\Exception\AclNotFoundException;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\AclCacheInterface;
use Symfony\Component\Security\Acl\Model\AclProviderInterface;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
use Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface;
/**
* An implementation of the AclProviderInterface using Propel ORM.
*
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AclProvider implements AclProviderInterface
{
protected $permissionGrantingStrategy;
protected $connection;
protected $cache;
/**
* Constructor.
*
* @param \Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface $permissionGrantingStrategy
* @param \PropelPDO $con
* @param \Symfony\Component\Security\Acl\Model\AclCacheInterface $cache
*/
public function __construct(PermissionGrantingStrategyInterface $permissionGrantingStrategy, \PropelPDO $connection = null, AclCacheInterface $cache = null)
{
$this->permissionGrantingStrategy = $permissionGrantingStrategy;
$this->connection = $connection;
$this->cache = $cache;
}
/**
* Retrieves all child object identities from the database.
*
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $parentObjectIdentity
* @param bool $directChildrenOnly
*
* @return array
*/
public function findChildren(ObjectIdentityInterface $parentObjectIdentity, $directChildrenOnly = false)
{
$modelIdentity = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($parentObjectIdentity, $this->connection);
if (empty($modelIdentity)) {
return array();
}
if ($directChildrenOnly) {
$collection = ObjectIdentityQuery::create()->findChildren($modelIdentity, $this->connection);
} else {
$collection = ObjectIdentityQuery::create()->findGrandChildren($modelIdentity, $this->connection);
}
$children = array();
foreach ($collection as $eachChild) {
$children[] = new ObjectIdentity($eachChild->getIdentifier(), $eachChild->getAclClass($this->connection)->getType());
}
return $children;
}
/**
* Returns the ACL that belongs to the given object identity
*
* @throws \Symfony\Component\Security\Acl\Exception\AclNotFoundException
*
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
* @param array $securityIdentities
*
* @return \Symfony\Component\Security\Acl\Model\AclInterface
*/
public function findAcl(ObjectIdentityInterface $objectIdentity, array $securityIdentities = array())
{
$modelObj = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($objectIdentity, $this->connection);
if (null !== $this->cache and null !== $modelObj) {
$cachedAcl = $this->cache->getFromCacheById($modelObj->getId());
if ($cachedAcl instanceof AclInterface) {
return $cachedAcl;
}
}
$collection = EntryQuery::create()->findByAclIdentity($objectIdentity, $securityIdentities, $this->connection);
if (0 === count($collection)) {
if (empty($securityIdentities)) {
$errorMessage = 'There is no ACL available for this object identity. Please create one using the MutableAclProvider.';
} else {
$errorMessage = 'There is at least no ACL for this object identity and the given security identities. Try retrieving the ACL without security identity filter and add ACEs for the security identities.';
}
throw new AclNotFoundException($errorMessage);
}
$loadedSecurityIdentities = array();
foreach ($collection as $eachEntry) {
if (!isset($loadedSecurityIdentities[$eachEntry->getSecurityIdentity()->getId()])) {
$loadedSecurityIdentities[$eachEntry->getSecurityIdentity()->getId()] = SecurityIdentity::toAclIdentity($eachEntry->getSecurityIdentity());
}
}
$parentAcl = null;
$entriesInherited = true;
if (null !== $modelObj) {
$entriesInherited = $modelObj->getEntriesInheriting();
if (null !== $modelObj->getParentObjectIdentityId()) {
$parentObj = $modelObj->getObjectIdentityRelatedByParentObjectIdentityId($this->connection);
try {
$parentAcl = $this->findAcl(new ObjectIdentity($parentObj->getIdentifier(), $parentObj->getAclClass($this->connection)->getType()));
} catch (AclNotFoundException $e) {
/*
* This happens e.g. if the parent ACL is created, but does not contain any ACE by now.
* The ACEs may be applied later on.
*/
}
}
}
return $this->getAcl($collection, $objectIdentity, $loadedSecurityIdentities, $parentAcl, $entriesInherited);
}
/**
* Returns the ACLs that belong to the given object identities
*
* @throws \Symfony\Component\Security\Acl\Exception\AclNotFoundException When at least one object identity is missing its ACL.
*
* @param array $objectIdentities an array of ObjectIdentityInterface implementations
* @param array $securityIdentities an array of SecurityIdentityInterface implementations
*
* @return \SplObjectStorage mapping the passed object identities to ACLs
*/
public function findAcls(array $objectIdentities, array $securityIdentities = array())
{
$result = new \SplObjectStorage();
foreach ($objectIdentities as $eachIdentity) {
$result[$eachIdentity] = $this->findAcl($eachIdentity, $securityIdentities);
}
return $result;
}
/**
* Create an ACL.
*
* @param \PropelObjectCollection $collection
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
* @param array $loadedSecurityIdentities
* @param \Symfony\Component\Security\Acl\Model\AclInterface $parentAcl
* @param bool $inherited
*
* @return \Propel\PropelBundle\Security\Acl\Domain\Acl
*/
protected function getAcl(\PropelObjectCollection $collection, ObjectIdentityInterface $objectIdentity, array $loadedSecurityIdentities = array(), AclInterface $parentAcl = null, $inherited = true)
{
return new Acl($collection, $objectIdentity, $this->permissionGrantingStrategy, $loadedSecurityIdentities, $parentAcl, $inherited);
}
}

38
Security/Acl/AuditableAclProvider.php
View file

@ -1,38 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Security\Acl;
use Propel\PropelBundle\Security\Acl\Domain\AuditableAcl;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AuditableAclProvider extends MutableAclProvider
{
/**
* Get an ACL for this provider.
*
* @param \PropelObjectCollection $collection
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
* @param array $loadedSecurityIdentities
* @param \Symfony\Component\Security\Acl\Model\AclInterface $parentAcl
* @param bool $inherited
*
* @return \Propel\PropelBundle\Security\Acl\Domain\AuditableAcl
*/
protected function getAcl(\PropelObjectCollection $collection, ObjectIdentityInterface $objectIdentity, array $loadedSecurityIdentities = array(), AclInterface $parentAcl = null, $inherited = true)
{
return new AuditableAcl($collection, $objectIdentity, $this->permissionGrantingStrategy, $loadedSecurityIdentities, $parentAcl, $inherited, $this->connection);
}
}

314
Security/Acl/Domain/Acl.php
View file

@ -1,314 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Security\Acl\Domain;
use Symfony\Component\Security\Acl\Exception\Exception as AclException;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
use Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface;
use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
/**
* An ACL implementation that is immutable based on data from a PropelObjectCollection of Propel\PropelBundle\Model\Acl\Entry.
*
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class Acl implements AclInterface
{
protected $model = 'Propel\PropelBundle\Model\Acl\Entry';
protected $classAces = array();
protected $classFieldAces = array();
protected $objectAces = array();
protected $objectFieldAces = array();
protected $objectIdentity;
protected $parentAcl;
protected $permissionGrantingStrategy;
protected $inherited;
protected $loadedSecurityIdentities = array();
/**
* A list of known associated fields on this ACL.
*
* @var array
*/
protected $fields = array();
/**
* Constructor.
*
* @param \PropelObjectCollection $entries
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
* @param \Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface $permissionGrantingStrategy
* @param array $loadedSecurityIdentities
* @param \Symfony\Component\Security\Acl\Model\AclInterface $parentAcl
* @param bool $inherited
*/
public function __construct(\PropelObjectCollection $entries, ObjectIdentityInterface $objectIdentity, PermissionGrantingStrategyInterface $permissionGrantingStrategy, array $loadedSecurityIdentities = array(), AclInterface $parentAcl = null, $inherited = true)
{
if ($entries->getModel() !== $this->model) {
throw new AclException(sprintf('The given collection does not contain models of class "%s" but of class "%s".', $this->model, $entries->getModel()));
}
foreach ($entries as $eachEntry) {
if (null === $eachEntry->getFieldName() and null === $eachEntry->getObjectIdentityId()) {
$this->classAces[] = new Entry($eachEntry, $this);
}
if (null !== $eachEntry->getFieldName() and null === $eachEntry->getObjectIdentityId()) {
if (empty($this->classFieldAces[$eachEntry->getFieldName()])) {
$this->classFieldAces[$eachEntry->getFieldName()] = array();
$this->updateFields($eachEntry->getFieldName());
}
$this->classFieldAces[$eachEntry->getFieldName()][] = new FieldEntry($eachEntry, $this);
}
if (null === $eachEntry->getFieldName() and null !== $eachEntry->getObjectIdentityId()) {
$this->objectAces[] = new Entry($eachEntry, $this);
}
if (null !== $eachEntry->getFieldName() and null !== $eachEntry->getObjectIdentityId()) {
if (empty($this->objectFieldAces[$eachEntry->getFieldName()])) {
$this->objectFieldAces[$eachEntry->getFieldName()] = array();
$this->updateFields($eachEntry->getFieldName());
}
$this->objectFieldAces[$eachEntry->getFieldName()][] = new FieldEntry($eachEntry, $this);
}
}
$this->objectIdentity = $objectIdentity;
$this->permissionGrantingStrategy = $permissionGrantingStrategy;
$this->parentAcl = $parentAcl;
$this->inherited = $inherited;
$this->loadedSecurityIdentities = $loadedSecurityIdentities;
$this->fields = array_unique($this->fields);
}
/**
* Returns all class-based ACEs associated with this ACL
*
* @return array
*/
public function getClassAces()
{
return $this->classAces;
}
/**
* Returns all class-field-based ACEs associated with this ACL
*
* @param string $field
*
* @return array
*/
public function getClassFieldAces($field)
{
return isset($this->classFieldAces[$field]) ? $this->classFieldAces[$field] : array();
}
/**
* Returns all object-based ACEs associated with this ACL
*
* @return array
*/
public function getObjectAces()
{
return $this->objectAces;
}
/**
* Returns all object-field-based ACEs associated with this ACL
*
* @param string $field
*
* @return array
*/
public function getObjectFieldAces($field)
{
return isset($this->objectFieldAces[$field]) ? $this->objectFieldAces[$field] : array();
}
/**
* Returns the object identity associated with this ACL
*
* @return \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface
*/
public function getObjectIdentity()
{
return $this->objectIdentity;
}
/**
* Returns the parent ACL, or null if there is none.
*
* @return \Symfony\Component\Security\Acl\Model\AclInterface|null
*/
public function getParentAcl()
{
return $this->parentAcl;
}
/**
* Whether this ACL is inheriting ACEs from a parent ACL.
*
* @return bool
*/
public function isEntriesInheriting()
{
return $this->inherited;
}
/**
* Determines whether field access is granted
*
* @param string $field
* @param array $masks
* @param array $securityIdentities
* @param bool $administrativeMode
*
* @return bool
*/
public function isFieldGranted($field, array $masks, array $securityIdentities, $administrativeMode = false)
{
return $this->permissionGrantingStrategy->isFieldGranted($this, $field, $masks, $securityIdentities, $administrativeMode);
}
/**
* Determines whether access is granted
*
* @throws \Symfony\Component\Security\Acl\Exception\NoAceFoundException when no ACE was applicable for this request
*
* @param array $masks
* @param array $securityIdentities
* @param bool $administrativeMode
*
* @return bool
*/
public function isGranted(array $masks, array $securityIdentities, $administrativeMode = false)
{
return $this->permissionGrantingStrategy->isGranted($this, $masks, $securityIdentities, $administrativeMode);
}
/**
* Whether the ACL has loaded ACEs for all of the passed security identities
*
* @throws \InvalidArgumentException
*
* @param mixed $securityIdentities an implementation of SecurityIdentityInterface, or an array thereof
*
* @return bool
*/
public function isSidLoaded($securityIdentities)
{
if (!is_array($securityIdentities)) {
$securityIdentities = array($securityIdentities);
}
$found = 0;
foreach ($securityIdentities as $eachSecurityIdentity) {
if (!$eachSecurityIdentity instanceof SecurityIdentityInterface) {
throw new \InvalidArgumentException('At least one entry of the given list is not implementing the "SecurityIdentityInterface".');
}
foreach ($this->loadedSecurityIdentities as $eachLoadedIdentity) {
if ($eachSecurityIdentity->equals($eachLoadedIdentity)) {
$found++;
break;
}
}
}
return ($found === count($securityIdentities));
}
/**
* String representation of object
*
* @link http://php.net/manual/en/serializable.serialize.php
*
* @return string the string representation of the object or &null;
*/
public function serialize()
{
return serialize(array(
$this->model,
$this->classAces,
$this->classFieldAces,
$this->objectAces,
$this->objectFieldAces,
$this->objectIdentity,
$this->parentAcl,
$this->permissionGrantingStrategy,
$this->inherited,
$this->loadedSecurityIdentities,
));
}
/**
* Constructs the object
*
* @link http://php.net/manual/en/serializable.unserialize.php
*
* @param string $serialized
*
* @return mixed the original value unserialized.
*/
public function unserialize($serialized)
{
list(
$this->model,
$this->classAces,
$this->classFieldAces,
$this->objectAces,
$this->objectFieldAces,
$this->objectIdentity,
$this->parentAcl,
$this->permissionGrantingStrategy,
$this->inherited,
$this->loadedSecurityIdentities,
) = unserialize($serialized);
return $this;
}
/**
* Returns a list of associated fields on this ACL.
*
* @return array
*/
public function getFields()
{
return $this->fields;
}
/**
* Update the internal list of associated fields on this ACL.
*
* @param string $field
*
* @return \Propel\PropelBundle\Security\Acl\Domain\Acl $this
*/
protected function updateFields($field)
{
if (!in_array($field, $this->fields)) {
$this->fields[] = $field;
}
return $this;
}
}

103
Security/Acl/Domain/AuditableAcl.php
View file

@ -1,103 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Security\Acl\Domain;
use Propel\PropelBundle\Model\Acl\Entry as ModelEntry;
use Symfony\Component\Security\Acl\Model\AuditableAclInterface;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AuditableAcl extends MutableAcl implements AuditableAclInterface
{
/**
* Updates auditing for class-based ACE
*
* @param integer $index
* @param bool $auditSuccess
* @param bool $auditFailure
*/
public function updateClassAuditing($index, $auditSuccess, $auditFailure)
{
$this->updateAuditing($this->classAces, $index, $auditSuccess, $auditFailure);
}
/**
* Updates auditing for class-field-based ACE
*
* @param integer $index
* @param string $field
* @param bool $auditSuccess
* @param bool $auditFailure
*/
public function updateClassFieldAuditing($index, $field, $auditSuccess, $auditFailure)
{
$this->validateField($this->classFieldAces, $field);
$this->updateAuditing($this->classFieldAces[$field], $index, $auditSuccess, $auditFailure);
}
/**
* Updates auditing for object-based ACE
*
* @param integer $index
* @param bool $auditSuccess
* @param bool $auditFailure
*/
public function updateObjectAuditing($index, $auditSuccess, $auditFailure)
{
$this->updateAuditing($this->objectAces, $index, $auditSuccess, $auditFailure);
}
/**
* Updates auditing for object-field-based ACE
*
* @param integer $index
* @param string $field
* @param bool $auditSuccess
* @param bool $auditFailure
*/
public function updateObjectFieldAuditing($index, $field, $auditSuccess, $auditFailure)
{
$this->validateField($this->objectFieldAces, $field);
$this->updateAuditing($this->objectFieldAces[$field], $index, $auditSuccess, $auditFailure);
}
/**
* Update auditing on a single ACE.
*
* @throws \InvalidArgumentException
*
* @param array $list
* @param int $index
* @param bool $auditSuccess
* @param bool $auditFailure
*
* @return \Propel\PropelBundle\Security\Acl\Domain\AuditableAcl $this
*/
protected function updateAuditing(array &$list, $index, $auditSuccess, $auditFailure)
{
if (!is_bool($auditSuccess) or !is_bool($auditFailure)) {
throw new \InvalidArgumentException('The given auditing flags are invalid. Please provide boolean only.');
}
$this->validateIndex($list, $index);
$entry = ModelEntry::fromAclEntry($list[$index])
->setAuditSuccess($auditSuccess)
->setAuditFailure($auditFailure)
;
$list[$index] = ModelEntry::toAclEntry($entry, $this);
return $this;
}
}

192
Security/Acl/Domain/Entry.php
View file

@ -1,192 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Security\Acl\Domain;
use Propel\PropelBundle\Model\Acl\Entry as ModelEntry;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\AuditableEntryInterface;
use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
/**
* An ACE implementation retrieving data from a given Propel\PropelBundle\Model\Acl\Entry.
*
* The entry is only used to grab a "snapshot" of its data as an EntryInterface is immutable!
*
* @see \Symfony\Component\Security\Acl\Model\EntryInterface
*
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class Entry implements AuditableEntryInterface
{
protected $acl;
protected $id;
protected $securityIdentity;
protected $mask;
protected $isGranting;
protected $strategy;
protected $auditSuccess;
protected $auditFailure;
/**
* Constructor.
*
* @param \Propel\PropelBundle\Model\Acl\Entry $entry
* @param \Symfony\Component\Security\Acl\Model\AclInterface $acl
*/
public function __construct(ModelEntry $entry, AclInterface $acl)
{
$this->acl = $acl;
$this->securityIdentity = SecurityIdentity::toAclIdentity($entry->getSecurityIdentity());
/*
* A new ACE (from a MutableAcl) does not have an ID,
* but will be persisted by the MutableAclProvider afterwards, if issued.
*/
if ($entry->getId()) {
$this->id = $entry->getId();
}
$this->mask = $entry->getMask();
$this->isGranting = $entry->getGranting();
$this->strategy = $entry->getGrantingStrategy();
$this->auditFailure = $entry->getAuditFailure();
$this->auditSuccess = $entry->getAuditSuccess();
}
/**
* String representation of object
*
* @link http://php.net/manual/en/serializable.serialize.php
*
* @return string the string representation of the object or &null;
*/
public function serialize()
{
return serialize(array(
$this->acl,
$this->securityIdentity,
$this->id,
$this->mask,
$this->isGranting,
$this->strategy,
$this->auditFailure,
$this->auditSuccess,
));
}
/**
* Constructs the object
*
* @link http://php.net/manual/en/serializable.unserialize.php
*
* @param string $serialized
*
* @return mixed the original value unserialized.
*/
public function unserialize($serialized)
{
list(
$this->acl,
$this->securityIdentity,
$this->id,
$this->mask,
$this->isGranting,
$this->strategy,
$this->auditFailure,
$this->auditSuccess,
) = unserialize($serialized);
return $this;
}
/**
* The ACL this ACE is associated with.
*
* @return \Symfony\Component\Security\Acl\Model\AclInterface
*/
public function getAcl()
{
return $this->acl;
}
/**
* The security identity associated with this ACE
*
* @return \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface
*/
public function getSecurityIdentity()
{
return $this->securityIdentity;
}
/**
* The primary key of this ACE
*
* @return integer
*/
public function getId()
{
return $this->id;
}
/**
* The permission mask of this ACE
*
* @return integer
*/
public function getMask()
{
return $this->mask;
}
/**
* The strategy for comparing masks
*
* @return string
*/
public function getStrategy()
{
return $this->strategy;
}
/**
* Returns whether this ACE is granting, or denying
*
* @return bool
*/
public function isGranting()
{
return $this->isGranting;
}
/**
* Whether auditing for successful grants is turned on
*
* @return bool
*/
public function isAuditFailure()
{
return $this->auditFailure;
}
/**
* Whether auditing for successful denies is turned on
*
* @return bool
*/
public function isAuditSuccess()
{
return $this->auditSuccess;
}
}

101
Security/Acl/Domain/FieldEntry.php
View file

@ -1,101 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Security\Acl\Domain;
use Propel\PropelBundle\Model\Acl\Entry as ModelEntry;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\FieldEntryInterface;
/**
* An ACE implementation retrieving data from a given \Propel\PropelBundle\Model\Acl\Entry.
*
* The entry is only used to grab a "snapshot" of its data as an \Symfony\Component\Security\Acl\Model\EntryInterface is immutable!
*
* @see \Symfony\Component\Security\Acl\Model\EntryInterface
*
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class FieldEntry extends Entry implements FieldEntryInterface
{
protected $field;
/**
* Constructor.
*
* @param \Propel\PropelBundle\Model\Acl\Entry $entry
* @param \Symfony\Component\Security\Acl\Model\AclInterface $acl
*/
public function __construct(ModelEntry $entry, AclInterface $acl)
{
$this->field = $entry->getFieldName();
parent::__construct($entry, $acl);
}
/**
* Returns the field used for this entry.
*
* @return string
*/
public function getField()
{
return $this->field;
}
/**
* String representation of object
*
* @link http://php.net/manual/en/serializable.serialize.php
*
* @return string the string representation of the object or &null;
*/
public function serialize()
{
return serialize(array(
$this->acl,
$this->securityIdentity,
$this->id,
$this->mask,
$this->isGranting,
$this->strategy,
$this->auditFailure,
$this->auditSuccess,
$this->field,
));
}
/**
* Constructs the object
*
* @link http://php.net/manual/en/serializable.unserialize.php
*
* @param string $serialized
*
* @return mixed the original value unserialized.
*/
public function unserialize($serialized)
{
list(
$this->acl,
$this->securityIdentity,
$this->id,
$this->mask,
$this->isGranting,
$this->strategy,
$this->auditFailure,
$this->auditSuccess,
$this->field,
) = unserialize($serialized);
return $this;
}
}

528
Security/Acl/Domain/MutableAcl.php
View file

@ -1,528 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Security\Acl\Domain;
use Propel\PropelBundle\Model\Acl\Entry as ModelEntry;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Model\Acl\ObjectIdentity;
use Propel\PropelBundle\Model\Acl\ObjectIdentityQuery;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\MutableAclInterface;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
use Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface;
use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class MutableAcl extends Acl implements MutableAclInterface
{
/**
* The id of the current ACL.
*
* It's the id of the ObjectIdentity model.
*
* @var int
*/
protected $id;
/**
* A reference to the ObjectIdentity this ACL is mapped to.
*
* @var \Propel\PropelBundle\Model\Acl\ObjectIdentity
*/
protected $modelObjectIdentity;
/**
* A connection to be used for all changes on the ACL.
*
* @var \PropelPDO
*/
protected $con;
/**
* Constructor.
*
* @param \PropelObjectCollection $entries
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
* @param \Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface $permissionGrantingStrategy
* @param array $loadedSecurityIdentities
* @param \Symfony\Component\Security\Acl\Model\AclInterface $parentAcl
* @param bool $inherited
* @param \PropelPDO $con
*/
public function __construct(\PropelObjectCollection $entries, ObjectIdentityInterface $objectIdentity, PermissionGrantingStrategyInterface $permissionGrantingStrategy, array $loadedSecurityIdentities = array(), AclInterface $parentAcl = null, $inherited = true, \PropelPDO $con = null)
{
parent::__construct($entries, $objectIdentity, $permissionGrantingStrategy, $loadedSecurityIdentities, $parentAcl, $inherited);
$this->modelObjectIdentity = ObjectIdentityQuery::create()
->filterByAclObjectIdentity($objectIdentity, $con)
->findOneOrCreate($con)
;
if ($this->modelObjectIdentity->isNew()) {
$this->modelObjectIdentity->save($con);
}
$this->id = $this->modelObjectIdentity->getId();
$this->con = $con;
}
/**
* Returns the primary key of this ACL
*
* @return integer
*/
public function getId()
{
return $this->id;
}
/**
* Sets whether entries are inherited
*
* @param bool $boolean
*/
public function setEntriesInheriting($boolean)
{
$this->inherited = $boolean;
}
/**
* Sets the parent ACL
*
* @param \Symfony\Component\Security\Acl\Model\AclInterface|null $acl
*/
public function setParentAcl(AclInterface $acl = null)
{
$this->parentAcl = $acl;
}
/**
* Deletes a class-based ACE
*
* @param integer $index
*/
public function deleteClassAce($index)
{
$this->deleteIndex($this->classAces, $index);
}
/**
* Deletes a class-field-based ACE
*
* @param integer $index
* @param string $field
*/
public function deleteClassFieldAce($index, $field)
{
$this
->validateField($this->classFieldAces, $field)
->deleteIndex($this->classFieldAces[$field], $index)
;
}
/**
* Deletes an object-based ACE
*
* @param integer $index
*/
public function deleteObjectAce($index)
{
$this->deleteIndex($this->objectAces, $index);
}
/**
* Deletes an object-field-based ACE
*
* @param integer $index
* @param string $field
*/
public function deleteObjectFieldAce($index, $field)
{
$this
->validateField($this->objectFieldAces, $field)
->deleteIndex($this->objectFieldAces[$field], $index)
;
}
/**
* Inserts a class-based ACE
*
* @param \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface $securityIdentity
* @param integer $mask
* @param integer $index
* @param bool $granting
* @param string $strategy
*/
public function insertClassAce(SecurityIdentityInterface $securityIdentity, $mask, $index = 0, $granting = true, $strategy = null)
{
$this->insertToList($this->classAces, $index, $this->createAce($mask, $index, $securityIdentity, $strategy, $granting));
}
/**
* Inserts a class-field-based ACE
*
* @param string $field
* @param \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface $securityIdentity
* @param integer $mask
* @param integer $index
* @param boolean $granting
* @param string $strategy
*/
public function insertClassFieldAce($field, SecurityIdentityInterface $securityIdentity, $mask, $index = 0, $granting = true, $strategy = null)
{
if (!isset($this->classFieldAces[$field])) {
$this->classFieldAces[$field] = array();
}
$this->insertToList($this->classFieldAces[$field], $index, $this->createAce($mask, $index, $securityIdentity, $strategy, $granting, $field));
}
/**
* Inserts an object-based ACE
*
* @param \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface $securityIdentity
* @param integer $mask
* @param integer $index
* @param boolean $granting
* @param string $strategy
*/
public function insertObjectAce(SecurityIdentityInterface $securityIdentity, $mask, $index = 0, $granting = true, $strategy = null)
{
$this->insertToList($this->objectAces, $index, $this->createAce($mask, $index, $securityIdentity, $strategy, $granting));
}
/**
* Inserts an object-field-based ACE
*
* @param string $field
* @param \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface $securityIdentity
* @param integer $mask
* @param integer $index
* @param boolean $granting
* @param string $strategy
*/
public function insertObjectFieldAce($field, SecurityIdentityInterface $securityIdentity, $mask, $index = 0, $granting = true, $strategy = null)
{
if (!isset($this->objectFieldAces[$field])) {
$this->objectFieldAces[$field] = array();
}
$this->insertToList($this->objectFieldAces[$field], $index, $this->createAce($mask, $index, $securityIdentity, $strategy, $granting, $field));
}
/**
* Updates a class-based ACE
*
* @param integer $index
* @param integer $mask
* @param string $strategy if null the strategy should not be changed
*/
public function updateClassAce($index, $mask, $strategy = null)
{
$this->updateAce($this->classAces, $index, $mask, $strategy);
}
/**
* Updates a class-field-based ACE
*
* @param integer $index
* @param string $field
* @param integer $mask
* @param string $strategy if null the strategy should not be changed
*/
public function updateClassFieldAce($index, $field, $mask, $strategy = null)
{
$this
->validateField($this->classFieldAces, $field)
->updateAce($this->classFieldAces[$field], $index, $mask, $strategy)
;
}
/**
* Updates an object-based ACE
*
* @param integer $index
* @param integer $mask
* @param string $strategy if null the strategy should not be changed
*/
public function updateObjectAce($index, $mask, $strategy = null)
{
$this->updateAce($this->objectAces, $index, $mask, $strategy);
}
/**
* Updates an object-field-based ACE
*
* @param integer $index
* @param string $field
* @param integer $mask
* @param string $strategy if null the strategy should not be changed
*/
public function updateObjectFieldAce($index, $field, $mask, $strategy = null)
{
$this->validateField($this->objectFieldAces, $field);
$this->updateAce($this->objectFieldAces[$field], $index, $mask, $strategy);
}
/**
* String representation of object
*
* @link http://php.net/manual/en/serializable.serialize.php
*
* @return string the string representation of the object or &null;
*/
public function serialize()
{
return serialize(array(
$this->id,
$this->modelObjectIdentity,
$this->model,
$this->classAces,
$this->classFieldAces,
$this->objectAces,
$this->objectFieldAces,
$this->objectIdentity,
$this->parentAcl,
$this->permissionGrantingStrategy,
$this->inherited,
$this->loadedSecurityIdentities,
));
}
/**
* Constructs the object
*
* @link http://php.net/manual/en/serializable.unserialize.php
*
* @param string $serialized
*
* @return mixed the original value unserialized.
*/
public function unserialize($serialized)
{
list(
$this->id,
$this->modelObjectIdentity,
$this->model,
$this->classAces,
$this->classFieldAces,
$this->objectAces,
$this->objectFieldAces,
$this->objectIdentity,
$this->parentAcl,
$this->permissionGrantingStrategy,
$this->inherited,
$this->loadedSecurityIdentities,
) = unserialize($serialized);
return $this;
}
/**
* Insert a given entry into the list on the given index by shifting all others.
*
* @param array $list
* @param int $index
* @param \Propel\PropelBundle\Model\Acl\Entry\Entry $entry
*
* @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this
*/
protected function insertToList(array &$list, $index, Entry $entry)
{
$this->isWithinBounds($list, $index);
if ($entry instanceof FieldEntry) {
$this->updateFields($entry->getField());
}
$list = array_merge(
array_slice($list, 0, $index),
array($entry),
array_splice($list, $index)
);
return $this;
}
/**
* Update a single ACE of this ACL.
*
* @param array $list
* @param int $index
* @param int $mask
* @param string $strategy
* @param string $field
*
* @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this
*/
protected function updateAce(array &$list, $index, $mask, $strategy = null)
{
$this->validateIndex($list, $index);
$entry = ModelEntry::fromAclEntry($list[$index]);
// Apply updates
$entry->setMask($mask);
if (null !== $strategy) {
$entry->setGrantingStrategy($strategy);
}
$list[$index] = ModelEntry::toAclEntry($entry, $this);
return $this;
}
/**
* Delete the ACE of the given list and index.
*
* The list will be re-ordered to have a valid 0..x list.
*
* @param array $list
* @param $index
*
* @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this
*/
protected function deleteIndex(array &$list, $index)
{
$this->validateIndex($list, $index);
unset($list[$index]);
$this->reorderList($list, $index-1);
return $this;
}
/**
* Validate the index on the given list of ACEs.
*
* @throws \OutOfBoundsException
*
* @param array $list
* @param int $index
*
* @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this
*/
protected function isWithinBounds(array &$list, $index)
{
// No count()-1, the count is one ahead of index, and could create the next valid entry!
if ($index < 0 or $index > count($list)) {
throw new \OutOfBoundsException(sprintf('The index must be in the interval [0, %d].', count($list)));
}
return $this;
}
/**
* Check the index for existence in the given list.
*
* @throws \OutOfBoundsException
*
* @param array $list
* @param $index
*
* @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this
*/
protected function validateIndex(array &$list, $index)
{
if (!isset($list[$index])) {
throw new \OutOfBoundsException(sprintf('The index "%d" does not exist.', $index));
}
return $this;
}
/**
* Validate the given field to be present.
*
* @throws \InvalidArgumentException
*
* @param array $list
* @param string $field
*
* @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this
*/
protected function validateField(array &$list, $field)
{
if (!isset($list[$field])) {
throw new \InvalidArgumentException(sprintf('The given field "%s" does not exist.', $field));
}
return $this;
}
/**
* Order the given list to have numeric indexes from 0..x
*
* @param array $list
* @param int $index The right boundary to which the list is valid.
*
* @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl $this
*/
protected function reorderList(array &$list, $index)
{
$list = array_merge(
array_slice($list, 0, $index+1), // +1 to get length
array_splice($list, $index+1) // +1 to get first index to re-order
);
return $this;
}
/**
* Create a new ACL Entry.
*
* @param int $mask
* @param int $index
* @param \Symfony\Component\Security\Acl\Model\SecurityIdentityInterface $securityIdentity
* @param string $strategy
* @param bool $granting
* @param string $field
*
* @return \Propel\PropelBundle\Security\Acl\Domain\Entry|\Propel\PropelBundle\Security\Acl\Domain\FieldEntry
*/
protected function createAce($mask, $index, SecurityIdentityInterface $securityIdentity, $strategy = null, $granting = true, $field = null)
{
if (!is_int($mask)) {
throw new \InvalidArgumentException('The given mask is not valid. Please provide an integer.');
}
// Compatibility with default implementation
if (null === $strategy) {
if (true === $granting) {
$strategy = PermissionGrantingStrategy::ALL;
} else {
$strategy = PermissionGrantingStrategy::ANY;
}
}
$model = new ModelEntry();
$model
->setAceOrder($index)
->setMask($mask)
->setGrantingStrategy($strategy)
->setGranting($granting)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($securityIdentity))
;
if (null !== $field) {
$model->setFieldName($field);
return new FieldEntry($model, $this);
}
return new Entry($model, $this);
}
}

334
Security/Acl/MutableAclProvider.php
View file

@ -1,334 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Security\Acl;
use Propel\PropelBundle\Model\Acl\Entry as ModelEntry;
use Propel\PropelBundle\Model\Acl\EntryPeer;
use Propel\PropelBundle\Model\Acl\EntryQuery;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Model\Acl\ObjectIdentity;
use Propel\PropelBundle\Model\Acl\ObjectIdentityQuery;
use Propel\PropelBundle\Security\Acl\Domain\Acl;
use Propel\PropelBundle\Security\Acl\Domain\MutableAcl;
use Propel\PropelBundle\Security\Acl\Domain\Entry;
use Symfony\Component\Security\Acl\Exception\AclAlreadyExistsException;
use Symfony\Component\Security\Acl\Exception\Exception as AclException;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\EntryInterface;
use Symfony\Component\Security\Acl\Model\FieldEntryInterface;
use Symfony\Component\Security\Acl\Model\AuditableEntryInterface;
use Symfony\Component\Security\Acl\Model\AclCacheInterface;
use Symfony\Component\Security\Acl\Model\MutableAclInterface;
use Symfony\Component\Security\Acl\Model\MutableAclProviderInterface;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
use Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface;
/**
* An implementation of the MutableAclProviderInterface using Propel ORM.
*
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class MutableAclProvider extends AclProvider implements MutableAclProviderInterface
{
/**
* Constructor.
*
* @param \Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface $permissionGrantingStrategy
* @param \PropelPDO $connection
* @param \Symfony\Component\Security\Acl\Model\AclCacheInterface $cache
*/
public function __construct(PermissionGrantingStrategyInterface $permissionGrantingStrategy, \PropelPDO $connection = null, AclCacheInterface $cache = null)
{
// @codeCoverageIgnoreStart
if (null === $connection) {
$connection = \Propel::getConnection(EntryPeer::DATABASE_NAME, \Propel::CONNECTION_WRITE);
}
// @codeCoverageIgnoreEnd
parent::__construct($permissionGrantingStrategy, $connection, $cache);
}
/**
* Creates a new ACL for the given object identity.
*
* @throws \Symfony\Component\Security\Acl\Exception\AclAlreadyExistsException When there already is an ACL for the given object identity.
*
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
*
* @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl
*/
public function createAcl(ObjectIdentityInterface $objectIdentity)
{
$entries = EntryQuery::create()->findByAclIdentity($objectIdentity, array(), $this->connection);
if (count($entries)) {
throw new AclAlreadyExistsException('An ACL for the given object identity already exists, find and update that one.');
}
$objIdentity = ObjectIdentityQuery::create()
->filterByAclObjectIdentity($objectIdentity, $this->connection)
->findOneOrCreate($this->connection)
;
if ($objIdentity->isNew()) {
// This is safe to do, it makes the ID available and does not affect changes to any ACL.
$objIdentity->save($this->connection);
}
return $this->getAcl($entries, $objectIdentity, array(), null, false);
}
/**
* Deletes the ACL for a given object identity.
*
* This will automatically trigger a delete for any child ACLs. If you don't
* want child ACLs to be deleted, you will have to set their parent ACL to null.
*
* @throws \Symfony\Component\Security\Acl\Exception\Exception
*
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
*
* @return bool
*/
public function deleteAcl(ObjectIdentityInterface $objectIdentity)
{
try {
$objIdentity = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($objectIdentity, $this->connection);
if (null === $objIdentity) {
// No object identity, no ACL, so deletion is successful (expected result is given).
return true;
}
$this->connection->beginTransaction();
// Retrieve all class and class-field ACEs, if any.
$aces = EntryQuery::create()->findByAclIdentity($objectIdentity, array(), $this->connection);
if (count($aces)) {
// In case this is the last of its kind, delete the class and class-field ACEs.
$count = ObjectIdentityQuery::create()->filterByClassId($objIdentity->getClassId())->count($this->connection);
if (1 === $count) {
$aces->delete($this->connection);
}
}
/*
* If caching is enabled, retrieve the (grand-)children of this ACL.
* Those will be removed from the cache as well, as their parents do not exist anymore.
*/
if (null !== $this->cache) {
$children = ObjectIdentityQuery::create()->findGrandChildren($objIdentity, $this->connection);
}
// This deletes all object and object-field ACEs, too.
$objIdentity->delete($this->connection);
$this->connection->commit();
if (null !== $this->cache) {
$this->cache->evictFromCacheById($objIdentity->getId());
foreach ($children as $eachChild) {
$this->cache->evictFromCacheById($eachChild->getId());
}
}
return true;
// @codeCoverageIgnoreStart
} catch (Exception $e) {
throw new AclException('An error occurred while deleting the ACL.', 1, $e);
}
// @codeCoverageIgnoreEnd
}
/**
* Persists any changes which were made to the ACL, or any associated access control entries.
*
* Changes to parent ACLs are not persisted.
*
* @throws \Symfony\Component\Security\Acl\Exception\Exception
*
* @param \Symfony\Component\Security\Acl\Model\MutableAclInterface $acl
*
* @return bool
*/
public function updateAcl(MutableAclInterface $acl)
{
if (!$acl instanceof MutableAcl) {
throw new \InvalidArgumentException('The given ACL is not tracked by this provider. Please provide \Propel\PropelBundle\Security\Acl\Domain\MutableAcl only.');
}
try {
$modelEntries = EntryQuery::create()->findByAclIdentity($acl->getObjectIdentity(), array(), $this->connection);
$objectIdentity = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($acl->getObjectIdentity(), $this->connection);
$this->connection->beginTransaction();
$keepEntries = array_merge(
$this->persistAcl($acl->getClassAces(), $objectIdentity),
$this->persistAcl($acl->getObjectAces(), $objectIdentity, true)
);
foreach ($acl->getFields() as $eachField) {
$keepEntries = array_merge($keepEntries,
$this->persistAcl($acl->getClassFieldAces($eachField), $objectIdentity),
$this->persistAcl($acl->getObjectFieldAces($eachField), $objectIdentity, true)
);
}
foreach ($modelEntries as &$eachEntry) {
if (!in_array($eachEntry->getId(), $keepEntries)) {
$eachEntry->delete($this->connection);
}
}
if (null === $acl->getParentAcl()) {
$objectIdentity
->setParentObjectIdentityId(null)
->save($this->connection)
;
} else {
$objectIdentity
->setParentObjectIdentityId($acl->getParentAcl()->getId())
->save($this->connection)
;
}
$this->connection->commit();
// After successfully committing the transaction, we are good to update the cache.
if (null !== $this->cache) {
$this->cache->evictFromCacheById($objectIdentity->getId());
$this->cache->putInCache($acl);
}
return true;
// @codeCoverageIgnoreStart
} catch (Exception $e) {
$this->connection->rollBack();
throw new AclException('An error occurred while updating the ACL.', 0, $e);
}
// @codeCoverageIgnoreEnd
}
/**
* Persist the given ACEs.
*
* @param array $accessControlEntries
* @param \Propel\PropelBundle\Model\Acl\ObjectIdentity $objectIdentity
* @param bool $object
*
* @return array The IDs of the persisted ACEs.
*/
protected function persistAcl(array $accessControlEntries, ObjectIdentity $objectIdentity, $object = false)
{
$entries = array();
/* @var $eachAce \Symfony\Component\Security\Acl\Model\EntryInterface */
foreach ($accessControlEntries as $order => $eachAce) {
// If the given ACE has never been persisted, create a new one.
if (null === $entry = $this->getPersistedAce($eachAce, $objectIdentity, $object)) {
$entry = ModelEntry::fromAclEntry($eachAce);
}
if (in_array($entry->getId(), $entries)) {
$entry = ModelEntry::fromAclEntry($eachAce);
}
// Apply possible changes from local ACE.
$entry
->setAceOrder($order)
->setAclClass($objectIdentity->getAclClass())
->setMask($eachAce->getMask())
;
if ($eachAce instanceof AuditableEntryInterface) {
if (is_bool($eachAce->isAuditSuccess())) {
$entry->setAuditSuccess($eachAce->isAuditSuccess());
}
if (is_bool($eachAce->isAuditFailure())) {
$entry->setAuditFailure($eachAce->isAuditFailure());
}
}
if (true === $object) {
$entry->setObjectIdentity($objectIdentity);
}
$entry->save($this->connection);
$entries[] = $entry->getId();
}
return $entries;
}
/**
* Retrieve the persisted model for the given ACE.
*
* If none is given, null is returned.
*
* @param \Symfony\Component\Security\Acl\Model\EntryInterface $ace
*
* @return \Propel\PropelBundle\Model\Acl\Entry|null
*/
protected function getPersistedAce(EntryInterface $ace, ObjectIdentity $objectIdentity, $object = false)
{
if (null !== $ace->getId() and null !== $entry = EntryQuery::create()->findPk($ace->getId(), $this->connection)) {
$entry->reload(true, $this->connection);
return $entry;
}
/*
* The id is not set, but there may be an ACE in the database.
*
* This happens if the ACL has created new ACEs, but was not reloaded.
* We try to retrieve one by the unique key.
*/
$ukQuery = EntryQuery::create()
->filterByAclClass($objectIdentity->getAclClass($this->connection))
->filterBySecurityIdentity(SecurityIdentity::fromAclIdentity($ace->getSecurityIdentity(), $this->connection))
;
if (true === $object) {
$ukQuery->filterByObjectIdentity($objectIdentity);
} else {
$ukQuery->filterByObjectIdentityId(null, \Criteria::ISNULL);
}
if ($ace instanceof FieldEntryInterface) {
$ukQuery->filterByFieldName($ace->getField());
} else {
$ukQuery->filterByFieldName(null, \Criteria::ISNULL);
}
return $ukQuery->findOne($this->connection);
}
/**
* Get an ACL for this provider.
*
* @param \PropelObjectCollection $collection
* @param \Symfony\Component\Security\Acl\Model\ObjectIdentityInterface $objectIdentity
* @param array $loadedSecurityIdentities
* @param \Symfony\Component\Security\Acl\Model\AclInterface $parentAcl
* @param bool $inherited
*
* @return \Propel\PropelBundle\Security\Acl\Domain\MutableAcl
*/
protected function getAcl(\PropelObjectCollection $collection, ObjectIdentityInterface $objectIdentity, array $loadedSecurityIdentities = array(), AclInterface $parentAcl = null, $inherited = true)
{
return new MutableAcl($collection, $objectIdentity, $this->permissionGrantingStrategy, $loadedSecurityIdentities, $parentAcl, $inherited, $this->connection);
}
}

103
Tests/AclTestCase.php
View file

@ -1,103 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests;
use Propel\PropelBundle\Model\Acl\AclClass;
use Propel\PropelBundle\Model\Acl\Entry;
use Propel\PropelBundle\Model\Acl\ObjectIdentity as ModelObjectIdentity;
use Propel\PropelBundle\Security\Acl\MutableAclProvider;
use Symfony\Component\Security\Core\Role\Role;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
/**
* AclTestCase
*
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AclTestCase extends TestCase
{
protected $con = null;
protected $cache = null;
public function setUp()
{
parent::setUp();
$this->loadPropelQuickBuilder();
$schema = file_get_contents(__DIR__.'/../Resources/acl_schema.xml');
$builder = new \PropelQuickBuilder();
$builder->setSchema($schema);
if (!class_exists('Propel\PropelBundle\Model\Acl\map\AclClassTableMap')) {
$builder->setClassTargets(array('tablemap', 'peer', 'object', 'query'));
} else {
$builder->setClassTargets(array());
}
$this->con = $builder->build();
}
/**
* @return \Propel\PropelBundle\Model\Acl\ObjectIdentity
*/
protected function createModelObjectIdentity($identifier)
{
$aclClass = $this->getAclClass();
$objIdentity = new ModelObjectIdentity();
$this->assertTrue((bool) $objIdentity
->setAclClass($aclClass)
->setIdentifier($identifier)
->save($this->con)
);
return $objIdentity;
}
protected function createEntry()
{
$entry = new Entry();
$entry
->setAuditSuccess(false)
->setAuditFailure(false)
->setMask(64)
->setGranting(true)
->setGrantingStrategy('all')
->setAceOrder(0)
;
return $entry;
}
protected function getAclClass()
{
return AclClass::fromAclObjectIdentity($this->getAclObjectIdentity(), $this->con);
}
protected function getAclProvider()
{
return new MutableAclProvider(new PermissionGrantingStrategy(), $this->con, $this->cache);
}
protected function getAclObjectIdentity($identifier = 1)
{
return new ObjectIdentity($identifier, 'Propel\PropelBundle\Tests\Fixtures\Model\Book');
}
protected function getRoleSecurityIdentity($role = 'ROLE_USER')
{
return new RoleSecurityIdentity(new Role($role));
}
}

60
Tests/Fixtures/Acl/ArrayCache.php
View file

@ -1,60 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Fixtures\Acl;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\AclCacheInterface;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
class ArrayCache implements AclCacheInterface
{
public $content = array();
public function evictFromCacheById($primaryKey)
{
if (isset($this->content[$primaryKey])) {
unset($this->content[$primaryKey]);
}
}
public function evictFromCacheByIdentity(ObjectIdentityInterface $oid)
{
// Propel ACL does not make use of those.
}
public function getFromCacheById($primaryKey)
{
if (isset($this->content[$primaryKey])) {
return $this->content[$primaryKey];
}
return null;
}
public function getFromCacheByIdentity(ObjectIdentityInterface $oid)
{
// Propel ACL does not make use of those.
}
public function putInCache(AclInterface $acl)
{
if (null === $acl->getId()) {
throw new \InvalidArgumentException('The given ACL does not have an ID.');
}
$this->content[$acl->getId()] = $acl;
}
public function clearCache()
{
$this->content = array();
}
}

41
Tests/Model/Acl/AclClassTest.php
View file

@ -1,41 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Model\Acl;
use Criteria;
use Propel\PropelBundle\Model\Acl\AclClass;
use Propel\PropelBundle\Model\Acl\AclClassPeer;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AclClassTest extends AclTestCase
{
public function testFromAclObjectIdentity()
{
$type = 'Merchant';
$aclClass = AclClass::fromAclObjectIdentity(new ObjectIdentity(5, $type), $this->con);
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\AclClass', $aclClass);
$this->assertEquals($type, $aclClass->getType());
$dbEntry = AclClassPeer::doSelectOne(new Criteria(), $this->con);
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\AclClass', $dbEntry);
$this->assertEquals($type, $dbEntry->getType());
$this->assertEquals($dbEntry->getId(), $aclClass->getId());
}
}

135
Tests/Model/Acl/EntryQueryTest.php
View file

@ -1,135 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Model\Acl;
use Propel\PropelBundle\Model\Acl\Entry;
use Propel\PropelBundle\Model\Acl\EntryQuery;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class EntryQueryTest extends AclTestCase
{
public function setUp()
{
parent::setUp();
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
}
public function testFindByAclIdentityInvalidSecurityIdentity()
{
$this->setExpectedException('InvalidArgumentException');
EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(), array('foo'), $this->con);
}
public function testFindByAclIdentityInvalidSecurityIdentityObject()
{
$this->setExpectedException('InvalidArgumentException');
EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(), array(new \stdClass()), $this->con);
}
public function testFindByAclIdentityNotExists()
{
$this->assertCount(0, EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(2), array(), $this->con));
}
public function testFindByAclIdentitySecurityIdentityNotFound()
{
$this->assertCount(0, EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_ADMIN')), $this->con));
}
public function testFindByAclIdentity()
{
// Another Entry, should not be found (different ObjectIdentity).
$obj = $this->createModelObjectIdentity(2);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
$entries = EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(1), array(), $this->con);
$this->assertCount(1, $entries);
$this->assertEquals(1, $entries[0]->getObjectIdentityId());
// A class based entry for the wrong ObjectIdentity.
$classEntry = $this->createEntry();
$classEntry
->setObjectIdentityId(2)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($obj->getAclClass())
->setMask(64)
->save($this->con)
;
// A class based entry for the correct ObjectIdentity.
$classEntry = $this->createEntry();
$classEntry
->setObjectIdentityId(null)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
->setMask(64)
->save($this->con)
;
$this->assertEquals(4, EntryQuery::create()->count($this->con));
$entries = EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(1), array(), $this->con);
$this->assertCount(2, $entries);
$this->assertEquals($obj->getClassId(), $entries[0]->getClassId());
$this->assertEquals($obj->getClassId(), $entries[1]->getClassId());
}
public function testFindByAclIdentityFilterSecurityIdentity()
{
// Another Entry, should not be found (different SecurityIdentity).
$entry = $this->createEntry();
$entry
->setObjectIdentityId(1)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN')))
->setAclClass($this->getAclClass())
->setMask(64)
->save($this->con)
;
$this->assertEquals(2, EntryQuery::create()->count($this->con));
$entries = EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')), $this->con);
$this->assertCount(1, $entries);
$this->assertEquals(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER'))->getId(), $entries[0]->getSecurityIdentityId());
}
public function testFindByAclIdentityOnlyClassEntries()
{
$this->assertEquals(1, EntryQuery::create()->count($this->con));
EntryQuery::create()->findOne($this->con)
->setObjectIdentity(null)
->save($this->con);
$entries = EntryQuery::create()->findByAclIdentity($this->getAclObjectIdentity(1), array(), $this->con);
$this->assertCount(1, $entries);
}
}

88
Tests/Model/Acl/EntryTest.php
View file

@ -1,88 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Model\Acl;
use Propel\PropelBundle\Model\Acl\Entry as ModelEntry;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Security\Acl\Domain\Entry as AclEntry;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class EntryTest extends AclTestCase
{
public function testToAclEntry()
{
$acl = $this->getMock('Propel\PropelBundle\Security\Acl\Domain\AuditableAcl', array(), array(), '', false, false);
$entry = $this->createModelEntry();
$aclEntry = ModelEntry::toAclEntry($entry, $acl);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $aclEntry);
$this->assertSame($acl, $aclEntry->getAcl());
$this->assertEquals(42, $aclEntry->getId());
$this->assertTrue($aclEntry->isAuditFailure());
$this->assertFalse($aclEntry->isAuditSuccess());
$this->assertEquals('all', $aclEntry->getStrategy());
$this->assertTrue($aclEntry->isGranting());
$this->assertEquals(64, $aclEntry->getMask());
return $aclEntry;
}
/**
* @depends testToAclEntry
*/
public function testToAclEntryFieldEntry()
{
$acl = $this->getMock('Propel\PropelBundle\Security\Acl\Domain\AuditableAcl', array(), array(), '', false, false);
$entry = $this->createModelEntry();
$entry->setFieldName('name');
$aclEntry = ModelEntry::toAclEntry($entry, $acl);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $aclEntry);
}
/**
* @depends testToAclEntry
*/
public function testFromAclEntry($aclEntry)
{
$modelEntry = ModelEntry::fromAclEntry($aclEntry);
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\Entry', $modelEntry);
$this->assertEquals(42, $modelEntry->getId());
$this->assertTrue($modelEntry->getAuditFailure());
$this->assertFalse($modelEntry->getAuditSuccess());
$this->assertEquals('all', $modelEntry->getGrantingStrategy());
$this->assertTrue($modelEntry->getGranting());
$this->assertEquals(64, $modelEntry->getMask());
}
protected function createModelEntry()
{
$entry = new ModelEntry();
$entry
->setId(42)
->setAclClass($this->getAclClass())
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAuditFailure(true)
->setAuditSuccess(false)
->setGrantingStrategy('all')
->setGranting(true)
->setMask(64)
;
return $entry;
}
}

134
Tests/Model/Acl/ObjectIdentityQueryTest.php
View file

@ -1,134 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Model\Acl;
use Propel\PropelBundle\Model\Acl\AclClass;
use Propel\PropelBundle\Model\Acl\ObjectIdentityQuery;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class ObjectIdentityQueryTest extends AclTestCase
{
public function testFilterByAclObjectIdentity()
{
$aclObj = new ObjectIdentity(1, 'Propel\PropelBundle\Tests\Fixtures\Model\Book');
$aclClass = AclClass::fromAclObjectIdentity($aclObj, $this->con);
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\AclClass', $aclClass);
// None given.
$result = ObjectIdentityQuery::create()->filterByAclObjectIdentity($aclObj, $this->con)->find($this->con);
$this->assertCount(0, $result);
$this->createModelObjectIdentity(1);
$result = ObjectIdentityQuery::create()->filterByAclObjectIdentity($aclObj, $this->con)->find($this->con);
$this->assertCount(1, $result);
$this->assertEquals($aclClass->getId(), $result->getFirst()->getClassId());
$this->assertEquals(1, $result->getFirst()->getIdentifier());
// Change the entity.
$aclObj = new ObjectIdentity(2, 'Propel\PropelBundle\Tests\Fixtures\Model\Book');
$result = ObjectIdentityQuery::create()->filterByAclObjectIdentity($aclObj, $this->con)->find($this->con);
$this->assertCount(0, $result);
}
/**
* @depends testFilterByAclObjectIdentity
*/
public function testFindOneByAclObjectIdentity()
{
$aclObj = new ObjectIdentity(1, 'Propel\PropelBundle\Tests\Fixtures\Model\Book');
$result = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($aclObj, $this->con);
$this->assertEmpty($result);
$objIdentity = $this->createModelObjectIdentity(1);
$result = ObjectIdentityQuery::create()->findOneByAclObjectIdentity($aclObj, $this->con);
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\ObjectIdentity', $result);
$this->assertSame($objIdentity, $result);
}
/**
* @depends testFindOneByAclObjectIdentity
*/
public function testFindChildren()
{
list($objIdentity, $childObjIdentity) = $this->createObjectIdentities();
// Parent not set, yet.
$result = ObjectIdentityQuery::create()->findChildren($objIdentity, $this->con);
$this->assertCount(0, $result);
$childObjIdentity->setObjectIdentityRelatedByParentObjectIdentityId($objIdentity)->save($this->con);
$result = ObjectIdentityQuery::create()->findChildren($objIdentity, $this->con);
$this->assertCount(1, $result);
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\ObjectIdentity', $result->getFirst());
$this->assertSame($childObjIdentity, $result->getFirst());
$this->assertSame($objIdentity, $result->getFirst()->getObjectIdentityRelatedByParentObjectIdentityId());
}
/**
* @depends testFindOneByAclObjectIdentity
*/
public function testFindGrandChildren()
{
list($objIdentity, $childObjIdentity, $grandChildObjIdentity) = $this->createObjectIdentities();
// Parents not set, yet.
$result = ObjectIdentityQuery::create()->findGrandChildren($objIdentity, $this->con);
$this->assertCount(0, $result);
$childObjIdentity->setObjectIdentityRelatedByParentObjectIdentityId($objIdentity)->save($this->con);
$result = ObjectIdentityQuery::create()->findGrandChildren($objIdentity, $this->con);
$this->assertCount(1, $result);
$grandChildObjIdentity->setObjectIdentityRelatedByParentObjectIdentityId($childObjIdentity)->save($this->con);
$result = ObjectIdentityQuery::create()->findGrandChildren($objIdentity, $this->con);
$this->assertCount(2, $result);
}
/**
* @depends testFindOneByAclObjectIdentity
*/
public function testFindAncestors()
{
list($objIdentity, $childObjIdentity) = $this->createObjectIdentities();
// Parents not set, yet.
$result = ObjectIdentityQuery::create()->findAncestors($childObjIdentity, $this->con);
$this->assertCount(0, $result);
$childObjIdentity->setObjectIdentityRelatedByParentObjectIdentityId($objIdentity)->save($this->con);
$result = ObjectIdentityQuery::create()->findAncestors($childObjIdentity, $this->con);
$this->assertCount(1, $result);
}
protected function createObjectIdentities()
{
return array(
$this->createModelObjectIdentity(1),
$this->createModelObjectIdentity(2),
$this->createModelObjectIdentity(3),
);
}
}

302
Tests/Model/Acl/ObjectIdentityTest.php
View file

@ -1,302 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Model\Acl;
use Criteria;
use Propel\PropelBundle\Model\Acl\ObjectIdentity;
use Propel\PropelBundle\Model\Acl\ObjectIdentityQuery;
use Propel\PropelBundle\Model\Acl\ObjectIdentityAncestorQuery;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class ObjectIdentityTest extends AclTestCase
{
public function testCompatibleDefaultImplementation()
{
$objIdenity = $this->createModelObjectIdentity(1);
$ancestorEntries = ObjectIdentityAncestorQuery::create()->find($this->con);
$this->assertCount(1, $ancestorEntries);
$this->assertEquals($objIdenity->getId(), $ancestorEntries->getFirst()->getAncestorId());
$this->assertEquals($objIdenity->getId(), $ancestorEntries->getFirst()->getObjectIdentityId());
$anotherIdenity = $this->createModelObjectIdentity(2);
$ancestorEntries = ObjectIdentityAncestorQuery::create()->orderByAncestorId(Criteria::ASC)->find($this->con);
$this->assertCount(2, $ancestorEntries);
$this->assertEquals($objIdenity->getId(), $ancestorEntries[0]->getAncestorId());
$this->assertEquals($objIdenity->getId(), $ancestorEntries[0]->getObjectIdentityId());
$this->assertEquals($anotherIdenity->getId(), $ancestorEntries[1]->getAncestorId());
$this->assertEquals($anotherIdenity->getId(), $ancestorEntries[1]->getObjectIdentityId());
}
public function testTreeSimpleParent()
{
$parent = $this->createModelObjectIdentity(1);
$obj = $this->createModelObjectIdentity(2);
$this->assertTrue((bool) $obj->setObjectIdentityRelatedByParentObjectIdentityId($parent)->save($this->con));
$entries = ObjectIdentityAncestorQuery::create()
->filterByObjectIdentityId($obj->getId())
->orderByAncestorId(Criteria::ASC)
->find($this->con)
;
$this->assertCount(2, $entries);
$this->assertEquals($obj->getId(), $entries[0]->getObjectIdentityId());
$this->assertEquals($parent->getId(), $entries[0]->getAncestorId());
$this->assertEquals($obj->getId(), $entries[1]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[1]->getAncestorId());
$this->assertTrue((bool) $obj->setObjectIdentityRelatedByParentObjectIdentityId(null)->save($this->con));
$entries = ObjectIdentityAncestorQuery::create()
->filterByObjectIdentityId($obj->getId())
->orderByAncestorId(Criteria::ASC)
->find($this->con)
;
$this->assertCount(1, $entries);
$this->assertEquals($obj->getId(), $entries[0]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[0]->getAncestorId());
}
/**
* @depends testTreeSimpleParent
*/
public function testTreeAddParentChildHavingChild()
{
$parent = $this->createModelObjectIdentity(1);
$obj = $this->createModelObjectIdentity(2);
$child = $this->createModelObjectIdentity(3);
$child->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con);
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parent)->save($this->con);
$entries = ObjectIdentityAncestorQuery::create()
->orderByObjectIdentityId(Criteria::ASC)
->orderByAncestorId(Criteria::ASC)
->find($this->con)
;
$this->assertCount(6, $entries);
$this->assertEquals($parent->getId(), $entries[0]->getObjectIdentityId());
$this->assertEquals($parent->getId(), $entries[0]->getAncestorId());
$this->assertEquals($obj->getId(), $entries[1]->getObjectIdentityId());
$this->assertEquals($parent->getId(), $entries[1]->getAncestorId());
$this->assertEquals($obj->getId(), $entries[2]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[2]->getAncestorId());
$this->assertEquals($child->getId(), $entries[3]->getObjectIdentityId());
$this->assertEquals($parent->getId(), $entries[3]->getAncestorId());
$this->assertEquals($child->getId(), $entries[4]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[4]->getAncestorId());
$this->assertEquals($child->getId(), $entries[5]->getObjectIdentityId());
$this->assertEquals($child->getId(), $entries[5]->getAncestorId());
}
/**
* Tree splitted:
* 1-2
* 3-4-5
*
* Tree merged:
* 1-2-3-4-5
*
* @depends testTreeAddParentChildHavingChild
*/
public function testTreeAddParentChildHavingGrandchildrenAndParentHavingParent()
{
// Part I, before.
$grandParent = $this->createModelObjectIdentity(1);
$parent = $this->createModelObjectIdentity(2);
$parent->setObjectIdentityRelatedByParentObjectIdentityId($grandParent)->save($this->con);
// Part II, before.
$obj = $this->createModelObjectIdentity(3);
$child = $this->createModelObjectIdentity(4);
$grandChild = $this->createModelObjectIdentity(5);
$grandChild->setObjectIdentityRelatedByParentObjectIdentityId($child)->save($this->con);
$child->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con);
// Verify "before"
$entries = ObjectIdentityAncestorQuery::create()
->orderByObjectIdentityId(Criteria::ASC)
->orderByAncestorId(Criteria::ASC)
->find($this->con)
;
$this->assertCount(9, $entries);
$this->assertEquals($grandParent->getId(), $entries[0]->getObjectIdentityId());
$this->assertEquals($grandParent->getId(), $entries[0]->getAncestorId());
$this->assertEquals($parent->getId(), $entries[1]->getObjectIdentityId());
$this->assertEquals($grandParent->getId(), $entries[1]->getAncestorId());
$this->assertEquals($parent->getId(), $entries[2]->getObjectIdentityId());
$this->assertEquals($parent->getId(), $entries[2]->getAncestorId());
$this->assertEquals($obj->getId(), $entries[3]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[3]->getAncestorId());
$this->assertEquals($child->getId(), $entries[4]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[4]->getAncestorId());
$this->assertEquals($child->getId(), $entries[5]->getObjectIdentityId());
$this->assertEquals($child->getId(), $entries[5]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[6]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[6]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[7]->getObjectIdentityId());
$this->assertEquals($child->getId(), $entries[7]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[8]->getObjectIdentityId());
$this->assertEquals($grandChild->getId(), $entries[8]->getAncestorId());
// Merge Trees
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parent)->save($this->con);
$entries = ObjectIdentityAncestorQuery::create()
->orderByObjectIdentityId(Criteria::ASC)
->orderByAncestorId(Criteria::ASC)
->find($this->con)
;
$this->assertCount(15, $entries);
$this->assertEquals($grandParent->getId(), $entries[0]->getObjectIdentityId());
$this->assertEquals($grandParent->getId(), $entries[0]->getAncestorId());
$this->assertEquals($parent->getId(), $entries[1]->getObjectIdentityId());
$this->assertEquals($grandParent->getId(), $entries[1]->getAncestorId());
$this->assertEquals($parent->getId(), $entries[2]->getObjectIdentityId());
$this->assertEquals($parent->getId(), $entries[2]->getAncestorId());
$this->assertEquals($obj->getId(), $entries[3]->getObjectIdentityId());
$this->assertEquals($grandParent->getId(), $entries[3]->getAncestorId());
$this->assertEquals($obj->getId(), $entries[4]->getObjectIdentityId());
$this->assertEquals($parent->getId(), $entries[4]->getAncestorId());
$this->assertEquals($obj->getId(), $entries[5]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[5]->getAncestorId());
$this->assertEquals($child->getId(), $entries[6]->getObjectIdentityId());
$this->assertEquals($grandParent->getId(), $entries[6]->getAncestorId());
$this->assertEquals($child->getId(), $entries[7]->getObjectIdentityId());
$this->assertEquals($parent->getId(), $entries[7]->getAncestorId());
$this->assertEquals($child->getId(), $entries[8]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[8]->getAncestorId());
$this->assertEquals($child->getId(), $entries[9]->getObjectIdentityId());
$this->assertEquals($child->getId(), $entries[9]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[10]->getObjectIdentityId());
$this->assertEquals($grandParent->getId(), $entries[10]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[11]->getObjectIdentityId());
$this->assertEquals($parent->getId(), $entries[11]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[12]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[12]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[13]->getObjectIdentityId());
$this->assertEquals($child->getId(), $entries[13]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[14]->getObjectIdentityId());
$this->assertEquals($grandChild->getId(), $entries[14]->getAncestorId());
// Split Tree
$obj->setObjectIdentityRelatedByParentObjectIdentityId(null)->save($this->con);
$entries = ObjectIdentityAncestorQuery::create()
->orderByObjectIdentityId(Criteria::ASC)
->orderByAncestorId(Criteria::ASC)
->find($this->con)
;
$this->assertCount(9, $entries);
$this->assertEquals($grandParent->getId(), $entries[0]->getObjectIdentityId());
$this->assertEquals($grandParent->getId(), $entries[0]->getAncestorId());
$this->assertEquals($parent->getId(), $entries[1]->getObjectIdentityId());
$this->assertEquals($grandParent->getId(), $entries[1]->getAncestorId());
$this->assertEquals($parent->getId(), $entries[2]->getObjectIdentityId());
$this->assertEquals($parent->getId(), $entries[2]->getAncestorId());
$this->assertEquals($obj->getId(), $entries[3]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[3]->getAncestorId());
$this->assertEquals($child->getId(), $entries[4]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[4]->getAncestorId());
$this->assertEquals($child->getId(), $entries[5]->getObjectIdentityId());
$this->assertEquals($child->getId(), $entries[5]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[6]->getObjectIdentityId());
$this->assertEquals($obj->getId(), $entries[6]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[7]->getObjectIdentityId());
$this->assertEquals($child->getId(), $entries[7]->getAncestorId());
$this->assertEquals($grandChild->getId(), $entries[8]->getObjectIdentityId());
$this->assertEquals($grandChild->getId(), $entries[8]->getAncestorId());
}
/**
* @depends testTreeAddParentChildHavingChild
*/
public function testDeleteRemovesGrandchildren()
{
$parent = $this->createModelObjectIdentity(1);
$obj = $this->createModelObjectIdentity(2);
$child = $this->createModelObjectIdentity(3);
$child->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con);
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parent)->save($this->con);
$parent->delete($this->con);
$this->assertEquals(0, ObjectIdentityQuery::create()->count($this->con));
$this->assertEquals(0, ObjectIdentityAncestorQuery::create()->count($this->con));
}
public function testInsertWithAssignedParent()
{
$parent = $this->createModelObjectIdentity(1);
$obj = new ObjectIdentity();
$obj
->setAclClass($this->getAclClass())
->setIdentifier(2)
->setObjectIdentityRelatedByParentObjectIdentityId($parent)
->save($this->con)
;
$entries = ObjectIdentityQuery::create()->orderByParentObjectIdentityId(Criteria::ASC)->find($this->con);
$this->assertCount(2, $entries);
$this->assertNull($entries[0]->getParentObjectIdentityId());
$this->assertEquals($entries[0]->getId(), $entries[1]->getParentObjectIdentityId());
}
}

122
Tests/Model/Acl/SecurityIdentityTest.php
View file

@ -1,122 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Model\Acl;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Model\Acl\SecurityIdentityQuery;
use Symfony\Component\Security\Core\Role\Role;
use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity;
use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class SecurityIdentityTest extends AclTestCase
{
public function testToAclIdentityUserWithInvalidIdentifier()
{
$identity = new SecurityIdentity();
$identity->setIdentifier('invalidIdentifier');
$identity->setUsername(true);
$this->setExpectedException('InvalidArgumentException');
SecurityIdentity::toAclIdentity($identity);
}
public function testToAclIdentityUnknownSecurityIdentity()
{
$identity = new SecurityIdentity();
$identity->setIdentifier('invalidIdentifier');
$identity->setUsername(false);
$this->setExpectedException('InvalidArgumentException');
SecurityIdentity::toAclIdentity($identity);
}
public function testToAclIdentityValidUser()
{
$identity = new SecurityIdentity();
$identity->setIdentifier('Propel\PropelBundle\Tests\Fixtures\UserProxy-propel');
$identity->setUsername(true);
$secIdentity = SecurityIdentity::toAclIdentity($identity);
$this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\UserSecurityIdentity', $secIdentity);
}
public function testToAclIdentityMultipleDashes()
{
$identity = new SecurityIdentity();
$identity->setIdentifier('Propel\PropelBundle\Tests\Fixtures\UserProxy-some-username@domain.com');
$identity->setUsername(true);
$secIdentity = SecurityIdentity::toAclIdentity($identity);
$this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\UserSecurityIdentity', $secIdentity);
$this->assertEquals('some-username@domain.com', $secIdentity->getUsername());
}
public function testToAclIdentityValidRole()
{
$identity = new SecurityIdentity();
$identity->setIdentifier('ROLE_ADMIN');
$identity->setUsername(false);
$secIdentity = SecurityIdentity::toAclIdentity($identity);
$this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity', $secIdentity);
$identity = new SecurityIdentity();
$identity->setIdentifier('IS_AUTHENTICATED_ANONYMOUSLY');
$identity->setUsername(false);
$secIdentity = SecurityIdentity::toAclIdentity($identity);
$this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity', $secIdentity);
}
public function testFromAclIdentityWithInvalid()
{
$secIdentity = $this->getMock('Symfony\Component\Security\Acl\Model\SecurityIdentityInterface');
$this->setExpectedException('InvalidArgumentException');
SecurityIdentity::fromAclIdentity($secIdentity, $this->con);
}
public function testFromAclIdentityWithUser()
{
$secIdentity = new UserSecurityIdentity('propel', 'Propel\PropelBundle\Tests\Fixtures\UserProxy');
$identity = SecurityIdentity::fromAclIdentity($secIdentity, $this->con);
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\SecurityIdentity', $identity);
$this->assertEquals(true, $identity->getUsername());
$this->assertEquals('Propel\PropelBundle\Tests\Fixtures\UserProxy-propel', $identity->getIdentifier());
$this->assertGreaterThan(0, $identity->getId());
$dbEntry = SecurityIdentityQuery::create()->findPk($identity->getId());
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\SecurityIdentity', $dbEntry);
}
public function testFromAclIdentityWithRole()
{
$secIdentity = new RoleSecurityIdentity(new Role('ROLE_USER'));
$identity = SecurityIdentity::fromAclIdentity($secIdentity, $this->con);
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\SecurityIdentity', $identity);
$this->assertEquals(false, $identity->getUsername());
$this->assertEquals('ROLE_USER', $identity->getIdentifier());
$this->assertGreaterThan(0, $identity->getId());
$dbEntry = SecurityIdentityQuery::create()->findPk($identity->getId());
$this->assertInstanceOf('Propel\PropelBundle\Model\Acl\SecurityIdentity', $dbEntry);
}
}

259
Tests/Security/Acl/AclProviderTest.php
View file

@ -1,259 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Model\Acl\EntryQuery;
use Propel\PropelBundle\Model\Acl\EntryPeer;
use Propel\PropelBundle\Security\Acl\AclProvider;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
use Propel\PropelBundle\Tests\AclTestCase;
use Propel\PropelBundle\Tests\Fixtures\Acl\ArrayCache as AclCache;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AclProviderTest extends AclTestCase
{
public function testFindAclNoneGiven()
{
$provider = $this->getAclProvider();
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\AclNotFoundException', 'There is no ACL available for this object identity. Please create one using the MutableAclProvider.');
$provider->findAcl($this->getAclObjectIdentity());
}
public function testFindAclNoneGivenFilterSecurityIdentity()
{
$provider = $this->getAclProvider();
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\AclNotFoundException', 'There is at least no ACL for this object identity and the given security identities. Try retrieving the ACL without security identity filter and add ACEs for the security identities.');
$provider->findAcl($this->getAclObjectIdentity(), array($this->getRoleSecurityIdentity()));
}
public function testFindAclWithEntries()
{
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')));
$this->assertNotEmpty($acl);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Acl', $acl);
$this->assertEmpty($acl->getFields());
$this->assertEmpty($acl->getClassAces());
$this->assertNotEmpty($acl->getObjectAces());
$this->assertCount(1, $acl->getObjectAces());
$this->assertNull($acl->getParentAcl());
$this->assertTrue($acl->isEntriesInheriting());
$this->assertFalse($acl->isSidLoaded($this->getRoleSecurityIdentity('ROLE_ADMIN')));
$this->assertTrue($acl->isSidLoaded($this->getRoleSecurityIdentity('ROLE_USER')));
$this->assertTrue($acl->isGranted(array(1, 2, 4, 8, 16, 32, 64), array($this->getRoleSecurityIdentity('ROLE_USER'))));
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\NoAceFoundException');
$acl->isGranted(array(128), array($this->getRoleSecurityIdentity('ROLE_USER')));
}
/**
* @depends testFindAclWithEntries
*/
public function testFindAclWithParent()
{
$parent = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($parent->getAclClass())
->setMask(128)
;
$parent->addEntry($entry)->save($this->con);
$obj = $this->createModelObjectIdentity(2);
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parent);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(2), array($this->getRoleSecurityIdentity('ROLE_USER')));
$parent = $acl->getParentAcl();
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Acl', $acl);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Acl', $parent);
$aces = $acl->getObjectAces();
$parentAces = $parent->getObjectAces();
$this->assertEquals(64, $aces[0]->getMask());
$this->assertEquals(128, $parentAces[0]->getMask());
}
/**
* @depends testFindAclWithEntries
*/
public function testFindAcls()
{
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
;
$obj->addEntry($entry)->save($this->con);
$aclObj = $this->getAclObjectIdentity(1);
$acls = $this->getAclProvider()->findAcls(array($aclObj), array($this->getRoleSecurityIdentity('ROLE_USER')));
$acl = $this->getAclProvider()->findAcl($aclObj, array($this->getRoleSecurityIdentity('ROLE_USER')));
$this->assertNotEmpty($acls);
$this->assertCount(1, $acls);
$this->assertTrue($acls->contains($aclObj));
$this->assertEquals($acl, $acls[$aclObj]);
}
public function testFindChildrenParentNotExists()
{
$this->assertEmpty($this->getAclProvider()->findChildren(new ObjectIdentity(5, 'Book')));
}
/**
* @depends testFindAclWithEntries
*/
public function testFindChildrenWithoutChildren()
{
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
$childrenAcl = $this->getAclProvider()->findChildren($this->getAclObjectIdentity(1));
$this->assertEmpty($childrenAcl);
}
public function testFindChildrenDirectOnly()
{
list($parentObj, $obj, $childObj) = $this->createObjectIdentities();
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parentObj)->save($this->con);
$childObj->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con);
$children = $this->getAclProvider()->findChildren($this->getAclObjectIdentity(1), true);
$this->assertNotEmpty($children);
$this->assertCount(1, $children);
$this->assertEquals(2, $children[0]->getIdentifier());
}
public function testFindChildrenWithGrandChildren()
{
list($parentObj, $obj, $childObj) = $this->createObjectIdentities();
$obj->setObjectIdentityRelatedByParentObjectIdentityId($parentObj)->save($this->con);
$childObj->setObjectIdentityRelatedByParentObjectIdentityId($obj)->save($this->con);
$children = $this->getAclProvider()->findChildren($this->getAclObjectIdentity(1));
$this->assertNotEmpty($children);
$this->assertCount(2, $children);
$this->assertEquals(2, $children[0]->getIdentifier());
$this->assertEquals(3, $children[1]->getIdentifier());
}
protected function createObjectIdentities()
{
$parentObj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($parentObj->getAclClass())
->setMask(64)
;
$parentObj->addEntry($entry)->save($this->con);
$obj = $this->createModelObjectIdentity(2);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
$childObj = $this->createModelObjectIdentity(3);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($childObj->getAclClass())
->setMask(64)
;
$childObj->addEntry($entry)->save($this->con);
return array($parentObj, $obj, $childObj);
}
/**
* @depends testFindAclWithEntries
*/
public function testFindAclReadsFromCache()
{
$this->cache = new AclCache();
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_USER')))
->setAclClass($obj->getAclClass())
->setMask(64)
;
$obj->addEntry($entry)->save($this->con);
// Read and put into cache
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')));
$this->cache->content[1] = $acl;
// Change database
EntryQuery::create()->update(array(EntryPeer::translateFieldName(EntryPeer::MASK, \BasePeer::TYPE_COLNAME, \BasePeer::TYPE_PHPNAME) => 128), $this->con);
$this->assertEquals(0, EntryQuery::create()->filterByMask(64)->count($this->con));
// Verify cache has been read
$cachedAcl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1), array($this->getRoleSecurityIdentity('ROLE_USER')));
$cachedObjectAces = $cachedAcl->getObjectAces();
$this->assertSame($acl, $cachedAcl);
$this->assertEquals(64, $cachedObjectAces[0]->getMask());
}
protected function getAclProvider()
{
return new AclProvider(new PermissionGrantingStrategy(), $this->con, $this->cache);
}
}

87
Tests/Security/Acl/AuditableAclProviderTest.php
View file

@ -1,87 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl;
use Propel\PropelBundle\Model\Acl\EntryQuery;
use Propel\PropelBundle\Security\Acl\AuditableAclProvider;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AuditableAclProviderTest extends AclTestCase
{
public function testCreateAcl()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$this->assertNotEmpty($acl);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\AuditableAcl', $acl);
$this->assertEquals(1, $acl->getId());
}
/**
* @depends testCreateAcl
*/
public function testUpdatePersistsAuditing()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->find($this->con);
$this->assertCount(1, $entries);
// default values
$this->assertFalse($entries[0]->getAuditSuccess());
$this->assertTrue($entries[0]->getAuditFailure());
$acl->updateObjectAuditing(0, true, true);
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->find($this->con);
$this->assertCount(1, $entries);
$this->assertTrue($entries[0]->getAuditSuccess());
$this->assertTrue($entries[0]->getAuditFailure());
$acl->updateObjectAuditing(0, false, true);
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->find($this->con);
$this->assertCount(1, $entries);
$this->assertFalse($entries[0]->getAuditSuccess());
$this->assertTrue($entries[0]->getAuditFailure());
$acl->updateObjectAuditing(0, true, false);
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->find($this->con);
$this->assertCount(1, $entries);
$this->assertTrue($entries[0]->getAuditSuccess());
$this->assertFalse($entries[0]->getAuditFailure());
$acl->updateObjectAuditing(0, false, false);
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->find($this->con);
$this->assertCount(1, $entries);
$this->assertFalse($entries[0]->getAuditSuccess());
$this->assertFalse($entries[0]->getAuditFailure());
}
protected function getAclProvider()
{
return new AuditableAclProvider(new PermissionGrantingStrategy(), $this->con);
}
}

206
Tests/Security/Acl/Domain/AclTest.php
View file

@ -1,206 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl\Domain;
use Propel\PropelBundle\Model\Acl\Entry;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Security\Acl\Domain\Acl;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AclTest extends AclTestCase
{
public function testConstructorInvalidCollection()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\AclClass');
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\Exception');
new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
}
public function testConstructorEmptyCollection()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$aclObj = $this->getAclObjectIdentity();
$acl = new Acl($collection, $aclObj, new PermissionGrantingStrategy());
$this->assertEmpty($acl->getClassAces());
$this->assertEmpty($acl->getObjectAces());
$this->assertEmpty($acl->getFields());
$this->assertNull($acl->getParentAcl());
$this->assertSame($aclObj, $acl->getObjectIdentity());
$this->assertTrue($acl->isEntriesInheriting());
}
/**
* @depends testConstructorEmptyCollection
*/
public function testConstructorWithAces()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$obj = $this->createModelObjectIdentity(1);
// object based ACE
$entry = $this->createEntry();
$entry
->setObjectIdentity($obj)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
// object field based ACE
$entry = $this->createEntry();
$entry
->setObjectIdentity($obj)
->setFieldName('name')
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
// class based ACE
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
// class field based ACE
$entry = $this->createEntry();
$entry
->setFieldName('name')
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->assertNotEmpty($acl->getClassAces());
$this->assertNotEmpty($acl->getObjectAces());
$this->assertEquals(array('name'), $acl->getFields());
$this->assertNotEmpty($acl->getClassFieldAces('name'));
$this->assertNotEmpty($acl->getObjectFieldAces('name'));
$classAces = $acl->getClassAces();
$objectAces = $acl->getObjectAces();
$classFieldAces = $acl->getClassFieldAces('name');
$objectFieldAces = $acl->getObjectFieldAces('name');
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $classAces[0]);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $objectAces[0]);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $classFieldAces[0]);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $objectFieldAces[0]);
$this->assertSame($acl, $classAces[0]->getAcl());
$this->assertSame($acl, $objectAces[0]->getAcl());
$this->assertSame($acl, $classFieldAces[0]->getAcl());
$this->assertSame($acl, $objectFieldAces[0]->getAcl());
$this->assertEquals('name', $classFieldAces[0]->getField());
$this->assertEquals('name', $objectFieldAces[0]->getField());
}
public function testIsSidLoadedNoneLoaded()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->assertFalse($acl->isSidLoaded($this->getRoleSecurityIdentity()));
}
public function testIsSidLoadedInvalid()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$aclObj = $this->getAclObjectIdentity();
$acl = new Acl($collection, $aclObj, new PermissionGrantingStrategy());
$this->setExpectedException('InvalidArgumentException');
$acl->isSidLoaded('foo');
}
public function testIsGrantedNoAces()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\NoAceFoundException');
$acl->isGranted(array(64), array($this->getRoleSecurityIdentity()));
}
public function testIsGrantedNoMatchingSecurityIdentity()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN')))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\NoAceFoundException');
$acl->isGranted(array(64), array($this->getRoleSecurityIdentity('ROLE_USER')));
}
public function testIsFieldGrantedNoAces()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\NoAceFoundException');
$acl->isFieldGranted('name', array(64), array($this->getRoleSecurityIdentity()));
}
public function testSerializeUnserialize()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN')))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$serialized = serialize($acl);
$unserialized = unserialize($serialized);
$this->assertNotEmpty($serialized);
$this->assertNotEmpty($unserialized);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Acl', $unserialized);
$this->assertEquals($serialized, serialize($unserialized));
}
}

212
Tests/Security/Acl/Domain/AuditableAclTest.php
View file

@ -1,212 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl\Domain;
use Propel\PropelBundle\Model\Acl\Entry;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Security\Acl\Domain\AuditableAcl;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class AuditableAclTest extends AclTestCase
{
public function testUpdateAuditingInvalidIndex()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->setExpectedException('OutOfBoundsException');
$acl->updateObjectAuditing(0, false, false);
}
public function testUpdateAuditingInvalidField()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setObjectIdentity($obj)
->setFieldName('name')
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->setExpectedException('InvalidArgumentException');
$acl->updateObjectFieldAuditing(0, 'foo', false, false);
}
public function testUpdateAuditingInvalidFlag()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setObjectIdentity($obj)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$this->setExpectedException('InvalidArgumentException');
$acl->updateObjectAuditing(0, 'foo', 'bar');
}
public function testUpdateObjectAuditing()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setObjectIdentity($obj)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$aces = $acl->getObjectAces();
$this->assertCount(1, $aces);
$acl->updateObjectAuditing(0, true, true);
$aces = $acl->getObjectAces();
$this->assertTrue($aces[0]->isAuditSuccess());
$this->assertTrue($aces[0]->isAuditFailure());
$acl->updateObjectAuditing(0, false, true);
$aces = $acl->getObjectAces();
$this->assertFalse($aces[0]->isAuditSuccess());
$this->assertTrue($aces[0]->isAuditFailure());
$acl->updateObjectAuditing(0, true, false);
$aces = $acl->getObjectAces();
$this->assertTrue($aces[0]->isAuditSuccess());
$this->assertFalse($aces[0]->isAuditFailure());
$acl->updateObjectAuditing(0, false, false);
$aces = $acl->getObjectAces();
$this->assertFalse($aces[0]->isAuditSuccess());
$this->assertFalse($aces[0]->isAuditFailure());
}
/**
* @depends testUpdateObjectAuditing
*/
public function testUpdateObjectFieldAuditing()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$obj = $this->createModelObjectIdentity(1);
$entry = $this->createEntry();
$entry
->setFieldName('name')
->setObjectIdentity($obj)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$aces = $acl->getObjectFieldAces('name');
$this->assertCount(1, $aces);
$acl->updateObjectFieldAuditing(0, 'name', true, true);
$aces = $acl->getObjectFieldAces('name');
$this->assertTrue($aces[0]->isAuditSuccess());
$this->assertTrue($aces[0]->isAuditFailure());
$acl->updateObjectFieldAuditing(0, 'name', false, false);
$aces = $acl->getObjectFieldAces('name');
$this->assertFalse($aces[0]->isAuditSuccess());
$this->assertFalse($aces[0]->isAuditFailure());
}
/**
* @depends testUpdateObjectAuditing
*/
public function testUpdateClassAuditing()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$aces = $acl->getClassAces();
$this->assertCount(1, $aces);
$acl->updateClassAuditing(0, true, true);
$aces = $acl->getClassAces('name');
$this->assertTrue($aces[0]->isAuditSuccess());
$this->assertTrue($aces[0]->isAuditFailure());
$acl->updateClassAuditing(0, false, false);
$aces = $acl->getClassAces();
$this->assertFalse($aces[0]->isAuditSuccess());
$this->assertFalse($aces[0]->isAuditFailure());
}
/**
* @depends testUpdateObjectAuditing
*/
public function testUpdateClassFieldAuditing()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$entry = $this->createEntry();
$entry
->setFieldName('name')
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new AuditableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$aces = $acl->getClassFieldAces('name');
$this->assertCount(1, $aces);
$acl->updateClassFieldAuditing(0, 'name', true, true);
$aces = $acl->getClassFieldAces('name');
$this->assertTrue($aces[0]->isAuditSuccess());
$this->assertTrue($aces[0]->isAuditFailure());
$acl->updateClassFieldAuditing(0, 'name', false, false);
$aces = $acl->getClassFieldAces('name');
$this->assertFalse($aces[0]->isAuditSuccess());
$this->assertFalse($aces[0]->isAuditFailure());
}
}

70
Tests/Security/Acl/Domain/EntryTest.php
View file

@ -1,70 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl\Domain;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Security\Acl\Domain\Acl;
use Propel\PropelBundle\Security\Acl\Domain\Entry;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class EntryTest extends AclTestCase
{
public function testConstruct()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$model = $this->createEntry();
$model->setAuditFailure(true);
$model->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()));
$entry = new Entry($model, $acl);
$this->assertEquals($model->getMask(), $entry->getMask());
$this->assertEquals($model->getGranting(), $entry->isGranting());
$this->assertEquals($model->getGrantingStrategy(), $entry->getStrategy());
$this->assertEquals($model->getAuditFailure(), $entry->isAuditFailure());
$this->assertEquals($model->getAuditSuccess(), $entry->isAuditSuccess());
$this->assertEquals($this->getRoleSecurityIdentity(), $entry->getSecurityIdentity());
return $entry;
}
/**
* @depends testConstruct
*/
public function testSerializeUnserialize(Entry $entry)
{
$serialized = serialize($entry);
$unserialized = unserialize($serialized);
$this->assertNotEmpty($serialized);
$this->assertNotEmpty($unserialized);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $unserialized);
$this->assertEquals($entry->getMask(), $unserialized->getMask());
$this->assertEquals($entry->isGranting(), $unserialized->isGranting());
$this->assertEquals($entry->getStrategy(), $unserialized->getStrategy());
$this->assertEquals($entry->isAuditFailure(), $unserialized->isAuditFailure());
$this->assertEquals($entry->isAuditSuccess(), $unserialized->isAuditSuccess());
$this->assertEquals($entry->getSecurityIdentity(), $unserialized->getSecurityIdentity());
$this->assertEquals($serialized, serialize($unserialized));
}
}

73
Tests/Security/Acl/Domain/FieldEntryTest.php
View file

@ -1,73 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl\Domain;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Security\Acl\Domain\Acl;
use Propel\PropelBundle\Security\Acl\Domain\FieldEntry;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class FieldEntryTest extends AclTestCase
{
public function testConstruct()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$acl = new Acl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$model = $this->createEntry();
$model->setFieldName('name');
$model->setAuditFailure(true);
$model->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity()));
$entry = new FieldEntry($model, $acl);
$this->assertEquals($model->getMask(), $entry->getMask());
$this->assertEquals($model->getGranting(), $entry->isGranting());
$this->assertEquals($model->getGrantingStrategy(), $entry->getStrategy());
$this->assertEquals($model->getAuditFailure(), $entry->isAuditFailure());
$this->assertEquals($model->getAuditSuccess(), $entry->isAuditSuccess());
$this->assertEquals($model->getFieldName(), $entry->getField());
$this->assertEquals($this->getRoleSecurityIdentity(), $entry->getSecurityIdentity());
return $entry;
}
/**
* @depends testConstruct
*/
public function testSerializeUnserialize(FieldEntry $entry)
{
$serialized = serialize($entry);
$unserialized = unserialize($serialized);
$this->assertNotEmpty($serialized);
$this->assertNotEmpty($unserialized);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $unserialized);
$this->assertEquals($entry->getMask(), $unserialized->getMask());
$this->assertEquals($entry->isGranting(), $unserialized->isGranting());
$this->assertEquals($entry->getStrategy(), $unserialized->getStrategy());
$this->assertEquals($entry->isAuditFailure(), $unserialized->isAuditFailure());
$this->assertEquals($entry->isAuditSuccess(), $unserialized->isAuditSuccess());
$this->assertEquals($entry->getSecurityIdentity(), $unserialized->getSecurityIdentity());
$this->assertEquals($entry->getField(), $unserialized->getField());
$this->assertEquals($serialized, serialize($unserialized));
}
}

276
Tests/Security/Acl/Domain/MutableAclTest.php
View file

@ -1,276 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl\Domain;
use Propel\PropelBundle\Model\Acl\Entry;
use Propel\PropelBundle\Model\Acl\SecurityIdentity;
use Propel\PropelBundle\Security\Acl\Domain\MutableAcl;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy;
use Propel\PropelBundle\Tests\AclTestCase;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class MutableAclTest extends AclTestCase
{
public function testConstructorInvalidCollection()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\AclClass');
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\Exception');
new MutableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy(), array(), null, false, $this->con);
}
public function testConstructorEmptyCollection()
{
$acl = $this->createEmptyAcl(1, array(), null, false);
$this->assertEquals(1, $acl->getId());
$this->assertEmpty($acl->getClassAces());
$this->assertEmpty($acl->getObjectAces());
$this->assertEmpty($acl->getFields());
$this->assertNull($acl->getParentAcl());
$this->assertFalse($acl->isEntriesInheriting());
}
/**
* @depends testConstructorEmptyCollection
*/
public function testSetUnsetParentAcl()
{
$parentAcl = $this->createEmptyAcl(1);
$acl = $this->createEmptyAcl(2);
$acl->setParentAcl($parentAcl);
$acl->setEntriesInheriting(true);
$this->assertSame($parentAcl, $acl->getParentAcl());
$this->assertTrue($acl->isEntriesInheriting());
$this->assertEquals(1, $acl->getParentAcl()->getId());
$acl->setParentAcl(null);
$this->assertNull($acl->getParentAcl());
}
public function testInsertAceInvalidMask()
{
$acl = $this->createEmptyAcl();
$this->setExpectedException('InvalidArgumentException', 'The given mask is not valid. Please provide an integer.');
$acl->insertClassAce($this->getRoleSecurityIdentity(), 'foo');
}
public function testInsertAceOutofBounds()
{
$acl = $this->createEmptyAcl();
$this->setExpectedException('OutOfBoundsException', 'The index must be in the interval [0, 0].');
$acl->insertClassAce($this->getRoleSecurityIdentity(), 64, 1);
}
public function insertAceProvider()
{
return array(
array('ClassAce'),
array('ClassFieldAce', 'name'),
array('ObjectAce'),
array('ObjectFieldAce', 'name'),
);
}
/**
* @dataProvider insertAceProvider
*/
public function testInsertFirstAce($type, $field = null)
{
$acl = $this->createEmptyAcl();
if (null !== $field) {
$acl->{'insert'.$type}($field, $this->getRoleSecurityIdentity(), 64);
$aces = $acl->{'get'.$type.'s'}($field);
} else {
$acl->{'insert'.$type}($this->getRoleSecurityIdentity(), 64);
$aces = $acl->{'get'.$type.'s'}();
}
$this->assertNotEmpty($aces);
$this->assertCount(1, $aces);
$this->assertEquals($this->getRoleSecurityIdentity(), $aces[0]->getSecurityIdentity());
$this->assertEquals(64, $aces[0]->getMask());
$this->assertTrue($aces[0]->isGranting());
$this->assertNull($aces[0]->getId());
$this->assertEquals('all', $aces[0]->getStrategy());
if (null !== $field) {
$this->assertEquals($field, $aces[0]->getField());
}
}
public function testUpdateAceInvalidIndex()
{
$acl = $this->createEmptyAcl();
$this->setExpectedException('OutOfBoundsException');
$acl->updateClassAce(0, 64);
}
/**
* @depends testInsertFirstAce
*/
public function testUpdateFieldAceInvalidField()
{
$acl = $this->createEmptyAcl();
$acl->insertClassAce($this->getRoleSecurityIdentity(), 64);
$this->setExpectedException('InvalidArgumentException', 'The given field "name" does not exist.');
$acl->updateClassFieldAce(0, 'name', 128);
}
/**
* @depends testInsertFirstAce
*/
public function testInsertUpdateDelete()
{
$secIdentity = $this->getRoleSecurityIdentity();
$acl = $this->createEmptyAcl();
// insert
$acl->insertClassAce($secIdentity, 64);
$acl->insertClassFieldAce('name', $secIdentity, 32);
$acl->insertObjectAce($secIdentity, 128);
$acl->insertObjectFieldAce('name', $secIdentity, 16, 0, false);
$classAces = $acl->getClassAces();
$classFieldAces = $acl->getClassFieldAces('name');
$objectAces = $acl->getObjectAces();
$objectFieldAces = $acl->getObjectFieldAces('name');
$this->assertCount(1, $classAces);
$this->assertCount(1, $classFieldAces);
$this->assertCount(1, $objectAces);
$this->assertCount(1, $objectFieldAces);
$this->assertEquals(array('name'), $acl->getFields());
$this->assertEquals(64, $classAces[0]->getMask());
$this->assertEquals(32, $classFieldAces[0]->getMask());
$this->assertEquals(128, $objectAces[0]->getMask());
$this->assertEquals(16, $objectFieldAces[0]->getMask());
$this->assertEquals('all', $classAces[0]->getStrategy());
$this->assertEquals('all', $classFieldAces[0]->getStrategy());
$this->assertEquals('all', $objectAces[0]->getStrategy());
$this->assertEquals('any', $objectFieldAces[0]->getStrategy());
$this->assertFalse($objectFieldAces[0]->isGranting());
// update
$acl->updateClassAce(0, 256);
$acl->updateClassFieldAce(0, 'name', 128, 'any');
$acl->updateObjectAce(0, 64, 'equal');
$acl->updateObjectFieldAce(0, 'name', 32, 'all');
$this->assertCount(1, $classAces);
$this->assertCount(1, $classFieldAces);
$this->assertCount(1, $objectAces);
$this->assertCount(1, $objectFieldAces);
$classAces = $acl->getClassAces();
$classFieldAces = $acl->getClassFieldAces('name');
$objectAces = $acl->getObjectAces();
$objectFieldAces = $acl->getObjectFieldAces('name');
$this->assertEquals(256, $classAces[0]->getMask());
$this->assertEquals(128, $classFieldAces[0]->getMask());
$this->assertEquals(64, $objectAces[0]->getMask());
$this->assertEquals(32, $objectFieldAces[0]->getMask());
$this->assertEquals('all', $classAces[0]->getStrategy());
$this->assertEquals('any', $classFieldAces[0]->getStrategy());
$this->assertEquals('equal', $objectAces[0]->getStrategy());
$this->assertEquals('all', $objectFieldAces[0]->getStrategy());
// delete
$acl->deleteClassAce(0);
$acl->deleteClassFieldAce(0, 'name');
$acl->deleteObjectAce(0);
$acl->deleteObjectFieldAce(0, 'name');
$classAces = $acl->getClassAces();
$classFieldAces = $acl->getClassFieldAces('name');
$objectAces = $acl->getObjectAces();
$objectFieldAces = $acl->getObjectFieldAces('name');
$this->assertCount(0, $classAces);
$this->assertCount(0, $classFieldAces);
$this->assertCount(0, $objectAces);
$this->assertCount(0, $objectFieldAces);
}
/**
* @depends testInsertUpdateDelete
*/
public function testUpdatePersistedAceKeepsId()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$entry = $this->createEntry();
$entry
->setId(42)
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN')))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new MutableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$acl->updateClassAce(0, 128);
$aces = $acl->getClassAces();
$this->assertEquals(42, $aces[0]->getId());
$this->assertEquals(128, $aces[0]->getMask());
}
public function testSerializeUnserialize()
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
$entry = $this->createEntry();
$entry
->setSecurityIdentity(SecurityIdentity::fromAclIdentity($this->getRoleSecurityIdentity('ROLE_ADMIN')))
->setAclClass($this->getAclClass())
;
$collection->append($entry);
$acl = new MutableAcl($collection, $this->getAclObjectIdentity(), new PermissionGrantingStrategy());
$serialized = serialize($acl);
$unserialized = unserialize($serialized);
$this->assertNotEmpty($serialized);
$this->assertNotEmpty($unserialized);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\MutableAcl', $unserialized);
$this->assertEquals($serialized, serialize($unserialized));
}
protected function createEmptyAcl($identifier = 1, array $securityIdentities = array(), AclInterface $parentAcl = null, $inherited = null)
{
$collection = new \PropelObjectCollection();
$collection->setModel('Propel\PropelBundle\Model\Acl\Entry');
return new MutableAcl($collection, $this->getAclObjectIdentity($identifier), new PermissionGrantingStrategy(), $securityIdentities, $parentAcl, $inherited, $this->con);
}
}

319
Tests/Security/Acl/MutableAclProviderTest.php
View file

@ -1,319 +0,0 @@
<?php
/**
* This file is part of the PropelBundle package.
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*
* @license MIT License
*/
namespace Propel\PropelBundle\Tests\Security\Acl;
use Propel\PropelBundle\Model\Acl\EntryQuery;
use Propel\PropelBundle\Model\Acl\ObjectIdentityQuery;
use Propel\PropelBundle\Tests\AclTestCase;
use Propel\PropelBundle\Tests\Fixtures\Acl\ArrayCache as AclCache;
/**
* @author Toni Uebernickel <tuebernickel@gmail.com>
*/
class MutableAclProviderTest extends AclTestCase
{
public function testCreateAcl()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$this->assertNotEmpty($acl);
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\MutableAcl', $acl);
$this->assertEquals(1, $acl->getId());
$this->assertEmpty($acl->getClassAces());
$this->assertEmpty($acl->getObjectAces());
$this->assertEmpty($acl->getFields());
}
/**
* @depends testCreateAcl
*/
public function testUpdateAclCreatesInsertedAces()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$acl->insertClassFieldAce('name', $this->getRoleSecurityIdentity('ROLE_ADMIN'), 128);
$this->assertCount(1, $acl->getObjectAces());
$this->assertEquals(array('name'), $acl->getFields());
$this->assertCount(1, $acl->getClassFieldAces('name'));
$this->assertEquals(0, EntryQuery::create()->count($this->con));
$this->assertTrue($this->getAclProvider()->updateAcl($acl));
$this->assertEquals(2, EntryQuery::create()->count($this->con));
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1));
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\MutableAcl', $acl);
$objAces = $acl->getObjectAces();
$this->assertCount(1, $objAces);
$entry = $objAces[0];
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\Entry', $entry);
$this->assertEquals(64, $entry->getMask());
$this->assertEquals($this->getRoleSecurityIdentity(), $entry->getSecurityIdentity());
$classFieldAces = $acl->getClassFieldAces('name');
$this->assertCount(1, $classFieldAces);
$entry = $classFieldAces[0];
$this->assertInstanceOf('Propel\PropelBundle\Security\Acl\Domain\FieldEntry', $entry);
$this->assertEquals('name', $entry->getField());
$this->assertEquals(128, $entry->getMask());
$this->assertEquals($this->getRoleSecurityIdentity('ROLE_ADMIN'), $entry->getSecurityIdentity());
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testCreateAclAlreadyExists()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$this->getAclProvider()->updateAcl($acl);
$this->setExpectedException('Symfony\Component\Security\Acl\Exception\AclAlreadyExistsException');
$this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testCreateAclWithParent()
{
$parentAcl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$parentAcl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$this->getAclProvider()->updateAcl($parentAcl);
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(2));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 128);
$acl->setParentAcl($parentAcl);
$this->getAclProvider()->updateAcl($acl);
$entries = ObjectIdentityQuery::create()->orderById(\Criteria::ASC)->find($this->con);
$this->assertCount(2, $entries);
$this->assertNull($entries[0]->getParentObjectIdentityId());
$this->assertEquals($entries[0]->getId(), $entries[1]->getParentObjectIdentityId());
}
public function testUpdateAclInvalidAcl()
{
$acl = $this->getMock('Symfony\Component\Security\Acl\Model\MutableAclInterface');
$this->setExpectedException('InvalidArgumentException');
$this->getAclProvider()->updateAcl($acl);
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testUpdateAclRemovesDeletedEntries()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertObjectFieldAce('name', $this->getRoleSecurityIdentity(), 4);
$acl->insertObjectFieldAce('slug', $this->getRoleSecurityIdentity(), 1);
$this->getAclProvider()->updateAcl($acl);
$this->assertEquals(2, EntryQuery::create()->count($this->con));
$acl->deleteObjectFieldAce(0, 'slug');
$this->getAclProvider()->updateAcl($acl);
$this->assertEquals(1, EntryQuery::create()->count($this->con));
$entry = EntryQuery::create()->findOne($this->con);
$this->assertEquals('name', $entry->getFieldName());
$this->assertEquals(4, $entry->getMask());
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testUpdateAclCreatesMultipleAces()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertObjectFieldAce('name', $this->getRoleSecurityIdentity(), 16, 0, true, 'all');
$acl->insertObjectFieldAce('name', $this->getRoleSecurityIdentity(), 4);
$acl->insertObjectFieldAce('slug', $this->getRoleSecurityIdentity(), 1);
$this->assertCount(2, $acl->getObjectFieldAces('name'));
$this->getAclProvider()->updateAcl($acl);
$entries = EntryQuery::create()->orderByMask(\Criteria::ASC)->find($this->con);
$this->assertCount(3, $entries);
$slugAce = $entries[0];
$this->assertEquals('slug', $slugAce->getFieldName());
$this->assertEquals(1, $slugAce->getMask());
$nameRead = $entries[1];
$this->assertEquals('name', $nameRead->getFieldName());
$this->assertEquals(0, $nameRead->getAceOrder());
$this->assertEquals(4, $nameRead->getMask());
$this->assertEquals('all', $nameRead->getGrantingStrategy());
$nameUndelete = $entries[2];
$this->assertEquals('name', $nameUndelete->getFieldName());
$this->assertEquals(1, $nameUndelete->getAceOrder());
$this->assertEquals(16, $nameUndelete->getMask());
$this->assertEquals('all', $nameUndelete->getGrantingStrategy());
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testUpdateAclReadsExistingAce()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$this->getAclProvider()->updateAcl($acl);
$entry = EntryQuery::create()->findOne($this->con);
$acl = $this->getAclProvider()->findAcl($this->getAclObjectIdentity(1));
$acl->updateObjectAce(0, 128);
$this->getAclProvider()->updateAcl($acl);
$updatedEntry = clone $entry;
$updatedEntry->reload(false, $this->con);
$this->assertEquals($entry->getId(), $updatedEntry->getId());
$this->assertEquals(128, $updatedEntry->getMask());
}
public function testDeleteAclNotExisting()
{
$this->assertTrue($this->getAclProvider()->deleteAcl($this->getAclObjectIdentity()));
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testDeleteAcl()
{
$aclObj = $this->getAclObjectIdentity(1);
$acl = $this->getAclProvider()->createAcl($aclObj);
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$acl->insertClassFieldAce('name', $this->getRoleSecurityIdentity('ROLE_ADMIN'), 128);
$this->assertTrue($this->getAclProvider()->deleteAcl($aclObj));
$this->assertEquals(0, ObjectIdentityQuery::create()->count($this->con));
$this->assertEquals(0, EntryQuery::create()->count($this->con));
}
/**
* @depends testCreateAclWithParent
*/
public function testDeleteAclRemovesChildAcl()
{
$parentAcl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$parentAcl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$this->getAclProvider()->updateAcl($parentAcl);
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(2));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 128);
$acl->setParentAcl($parentAcl);
$this->getAclProvider()->updateAcl($acl);
$this->getAclProvider()->deleteAcl($this->getAclObjectIdentity(1));
$this->assertEquals(0, ObjectIdentityQuery::create()->count($this->con));
}
/**
* @depends testDeleteAcl
*/
public function testDeleteAclRemovesClassEntriesIfLastObject()
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity(1));
$acl->insertClassAce($this->getRoleSecurityIdentity(), 128);
$this->getAclProvider()->updateAcl($acl);
$this->getAclProvider()->deleteAcl($this->getAclObjectIdentity(1));
$this->assertEquals(0, EntryQuery::create()->count($this->con));
}
/**
* @depends testUpdateAclCreatesInsertedAces
*/
public function testUpdateAclWritesCacheOfNewAcl()
{
$this->cache = new AclCache();
$this->assertEmpty($this->cache->content);
$acl = $this->getAcl();
$this->assertNotEmpty($this->cache->content);
$this->assertSame($acl, $this->cache->content[$acl->getId()]);
}
/**
* @depends testUpdateAclWritesCacheOfNewAcl
*/
public function testUpdateAclUpdatesCacheOfAcl()
{
$this->cache = new AclCache();
$acl = $this->getAcl(1);
$acl->updateObjectAce(0, 128);
$this->getAclProvider()->updateAcl($acl);
$objectAces = $this->cache->content[$acl->getId()]->getObjectAces();
$this->assertEquals(128, $objectAces[0]->getMask());
}
/**
* @depends testUpdateAclWritesCacheOfNewAcl
*/
public function testDeleteAclEvictsFromCache()
{
$this->cache = new AclCache();
$this->getAcl();
$this->getAclProvider()->deleteAcl($this->getAclObjectIdentity(1));
$this->assertEmpty($this->cache->content);
}
/**
* @depends testCreateAclWithParent
* @depends testDeleteAclEvictsFromCache
*/
public function testDeleteAclEvictsChildrenFromCache()
{
$this->cache = new AclCache();
$parentAcl = $this->getAcl(1);
$childAcl = $this->getAcl(2);
$grandChildAcl = $this->getAcl(3);
$grandChildAcl->setParentAcl($childAcl);
$childAcl->setParentAcl($parentAcl);
$this->getAclProvider()->updateAcl($grandChildAcl);
$this->getAclProvider()->updateAcl($childAcl);
$this->assertCount(3, $this->cache->content);
$this->getAclProvider()->deleteAcl($this->getAclObjectIdentity(1));
$this->assertEmpty($this->cache->content);
}
protected function getAcl($identifier = 1)
{
$acl = $this->getAclProvider()->createAcl($this->getAclObjectIdentity($identifier));
$acl->insertObjectAce($this->getRoleSecurityIdentity(), 64);
$this->getAclProvider()->updateAcl($acl);
return $acl;
}
}

2
composer.json
View file

@ -34,6 +34,6 @@
},
"suggest": {
"symfony/security-acl": "For using the Propel ACL implementation"
"propel/propel-acl-bundle": "For using the Propel ACL implementation"
}
}