Skip to content

Commit

Permalink
Merge dc11a76 into 0a00fb4
Browse files Browse the repository at this point in the history
  • Loading branch information
@acrobat
acrobat committed Sep 21, 2019
2 parents 0a00fb4 + dc11a76 commit 3f9a298
Show file tree
Hide file tree
Showing 4 changed files with 95 additions and 33 deletions.
20 changes: 15 additions & 5 deletions src/Kunstmaan/AdminBundle/Helper/Security/Acl/AclHelper.php
View file
Expand Up @@ -14,7 +14,6 @@
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
use Symfony\Component\Security\Core\Role\RoleInterface;

/**
* AclHelper is a helper class to help setting the permissions when querying using ORM
Expand Down Expand Up @@ -148,17 +147,28 @@ private function getPermittedAclIdsSQLForUser(Query $query)
$user = null;
if (!is_null($token)) {
$user = $token->getUser();
$userRoles = $this->roleHierarchy->getReachableRoles($token->getRoles());
if (method_exists($this->roleHierarchy, 'getReachableRoleNames')) {
$userRoles = $this->roleHierarchy->getReachableRoleNames($token->getRoleNames());
} else {
// Symfony 3.4 compatibility
$userRoles = $this->roleHierarchy->getReachableRoles($token->getRoles());
}
}

// Security context does not provide anonymous role automatically.
$uR = array('"IS_AUTHENTICATED_ANONYMOUSLY"');

/* @var $role RoleInterface */
foreach ($userRoles as $role) {
// The reason we ignore this is because by default FOSUserBundle adds ROLE_USER for every user
if ($role->getRole() !== 'ROLE_USER') {
$uR[] = '"' . $role->getRole() . '"';
if (is_string($role)) {
if ($role !== 'ROLE_USER') {
$uR[] = '"' . $role . '"';
}
} else {
// Symfony 3.4 compatibility
if ($role->getRole() !== 'ROLE_USER') {
$uR[] = '"' . $role->getRole() . '"';
}
}
}
$uR = array_unique($uR);
Expand Down
20 changes: 15 additions & 5 deletions src/Kunstmaan/AdminBundle/Helper/Security/Acl/AclNativeHelper.php
View file
Expand Up @@ -9,7 +9,6 @@
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
use Symfony\Component\Security\Core\Role\RoleInterface;

/**
* AclHelper is a helper class to help setting the permissions when querying using native queries
Expand Down Expand Up @@ -80,17 +79,28 @@ public function apply(QueryBuilder $queryBuilder, PermissionDefinition $permissi
$userRoles = array();
if (!is_null($token)) {
$user = $token->getUser();
$userRoles = $this->roleHierarchy->getReachableRoles($token->getRoles());
if (method_exists($this->roleHierarchy, 'getReachableRoleNames')) {
$userRoles = $this->roleHierarchy->getReachableRoleNames($token->getRoleNames());
} else {
// Symfony 3.4 compatibility
$userRoles = $this->roleHierarchy->getReachableRoles($token->getRoles());
}
}

// Security context does not provide anonymous role automatically.
$uR = array('"IS_AUTHENTICATED_ANONYMOUSLY"');

/* @var $role RoleInterface */
foreach ($userRoles as $role) {
// The reason we ignore this is because by default FOSUserBundle adds ROLE_USER for every user
if ($role->getRole() !== 'ROLE_USER') {
$uR[] = '"' . $role->getRole() . '"';
if (is_string($role)) {
if ($role !== 'ROLE_USER') {
$uR[] = '"' . $role . '"';
}
} else {
// Symfony 3.4 compatibility
if ($role->getRole() !== 'ROLE_USER') {
$uR[] = '"' . $role->getRole() . '"';
}
}
}
$uR = array_unique($uR);
Expand Down
48 changes: 34 additions & 14 deletions src/Kunstmaan/AdminBundle/Tests/unit/Helper/Security/Acl/AclHelperTest.php
View file
Expand Up @@ -17,6 +17,7 @@
use Kunstmaan\AdminBundle\Helper\Security\Acl\Permission\MaskBuilder;
use Kunstmaan\AdminBundle\Helper\Security\Acl\Permission\PermissionDefinition;
use PHPUnit\Framework\TestCase;
use Symfony\Component\HttpKernel\Kernel;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Role\Role;
Expand Down Expand Up @@ -134,8 +135,7 @@ protected function setUp()
$this->tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')
->getMock();

$this->token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')
->getMock();
$this->token = $this->createMock('Symfony\Component\Security\Core\Authentication\Token\AbstractToken');

$this->tokenStorage->expects($this->any())
->method('getToken')
Expand Down Expand Up @@ -180,15 +180,14 @@ public function testApply()
->method('getUser')
->will($this->returnValue($user));

$roles = array(new Role('ROLE_KING'));
$allRoles = array($roles[0], new Role('ROLE_SUBJECT'));
[$rolesMethodName, $roles, $reachableRolesMethodName, $allRoles,] = $this->getRoleMockData();

$this->token->expects($this->once())
->method('getRoles')
->method($rolesMethodName)
->will($this->returnValue($roles));

$this->rh->expects($this->once())
->method('getReachableRoles')
->method($reachableRolesMethodName)
->with($roles)
->will($this->returnValue($allRoles));

Expand Down Expand Up @@ -230,16 +229,16 @@ public function testApplyAnonymous()
->method('getRootAliases')
->will($this->returnValue(array('n')));

$roles = array();
[$rolesMethodName, $roles, $reachableRolesMethodName, $allRoles,] = $this->getRoleMockData(true);

$this->token->expects($this->once())
->method('getRoles')
->method($rolesMethodName)
->will($this->returnValue($roles));

$this->rh->expects($this->once())
->method('getReachableRoles')
->method($reachableRolesMethodName)
->with($roles)
->will($this->returnValue($roles));
->will($this->returnValue($allRoles));

$this->token->expects($this->any())
->method('getUser')
Expand All @@ -261,15 +260,14 @@ public function testApplyAnonymous()

public function testGetAllowedEntityIds()
{
$roles = array(new Role('ROLE_KING'));
$allRoles = array($roles[0], new Role('ROLE_SUBJECT'));
[$rolesMethodName, $roles, $reachableRolesMethodName, $allRoles,] = $this->getRoleMockData();

$this->token->expects($this->once())
->method('getRoles')
->method($rolesMethodName)
->will($this->returnValue($roles));

$this->rh->expects($this->once())
->method('getReachableRoles')
->method($reachableRolesMethodName)
->with($roles)
->will($this->returnValue($allRoles));

Expand Down Expand Up @@ -327,4 +325,26 @@ public function testGetTokenStorage()
{
$this->assertSame($this->tokenStorage, $this->object->getTokenStorage());
}

private function getRoleMockData($anonymous = false)
{
if (Kernel::VERSION_ID >= 40300) {
$rolesMethodName = 'getRoleNames';
$reachableRolesMethodName = 'getReachableRoleNames';
$roles = ['ROLE_KING'];
$allRoles = [$roles[0], 'ROLE_SUBJECT'];
} else {
$rolesMethodName = 'getRoles';
$reachableRolesMethodName = 'getReachableRoles';
$roles = $anonymous ? [] : [new Role('ROLE_KING')];
$allRoles = $anonymous ? [] : [$roles[0], new Role('ROLE_SUBJECT')];
}

return [
$rolesMethodName,
$roles,
$reachableRolesMethodName,
$allRoles,
];
}
}
40 changes: 31 additions & 9 deletions src/Kunstmaan/AdminBundle/Tests/unit/Helper/Security/Acl/AclNativeHelperTest.php
View file
Expand Up @@ -11,6 +11,7 @@
use Kunstmaan\AdminBundle\Helper\Security\Acl\AclNativeHelper;
use Kunstmaan\AdminBundle\Helper\Security\Acl\Permission\PermissionDefinition;
use PHPUnit\Framework\TestCase;
use Symfony\Component\HttpKernel\Kernel;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Role\Role;
Expand Down Expand Up @@ -95,7 +96,7 @@ protected function setUp()
$this->tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface')
->getMock();

$this->token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')
$this->token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\AbstractToken')
->getMock();

$this->tokenStorage->expects($this->any())
Expand All @@ -122,15 +123,14 @@ public function testApply()
)
);

$roles = array(new Role('ROLE_KING'));
$allRoles = array($roles[0], new Role('ROLE_SUBJECT'));
[$rolesMethodName, $roles, $reachableRolesMethodName, $allRoles,] = $this->getRoleMockData();

$this->token->expects($this->once())
->method('getRoles')
->method($rolesMethodName)
->will($this->returnValue($roles));

$this->rh->expects($this->once())
->method('getReachableRoles')
->method($reachableRolesMethodName)
->with($roles)
->will($this->returnValue($allRoles));

Expand Down Expand Up @@ -170,16 +170,16 @@ public function testApplyAnonymous()
)
);

$roles = array();
[$rolesMethodName, $roles, $reachableRolesMethodName, $allRoles,] = $this->getRoleMockData(true);

$this->token->expects($this->once())
->method('getRoles')
->method($rolesMethodName)
->will($this->returnValue($roles));

$this->rh->expects($this->once())
->method('getReachableRoles')
->method($reachableRolesMethodName)
->with($roles)
->will($this->returnValue($roles));
->will($this->returnValue($allRoles));

$this->token->expects($this->any())
->method('getUser')
Expand All @@ -198,4 +198,26 @@ public function testGetTokenStorage()
{
$this->assertSame($this->tokenStorage, $this->object->getTokenStorage());
}

private function getRoleMockData($anonymous = false)
{
if (Kernel::VERSION_ID >= 40300) {
$rolesMethodName = 'getRoleNames';
$reachableRolesMethodName = 'getReachableRoleNames';
$roles = ['ROLE_KING'];
$allRoles = [$roles[0], 'ROLE_SUBJECT'];
} else {
$rolesMethodName = 'getRoles';
$reachableRolesMethodName = 'getReachableRoles';
$roles = $anonymous ? [] : [new Role('ROLE_KING')];
$allRoles = $anonymous ? [] : [$roles[0], new Role('ROLE_SUBJECT')];
}

return [
$rolesMethodName,
$roles,
$reachableRolesMethodName,
$allRoles,
];
}
}

0 comments on commit 3f9a298

Please sign in to comment.