Fix ACL

Admin/Admin.php

@@ -2002,11 +2002,18 @@ abstract class Admin implements AdminInterface, DomainObjectInterface
         );
     }
 
+    /**
+     * @param \Sonata\AdminBundle\Security\Handler\SecurityHandlerInterface $securityHandler
+     * @return void
+     */
     public function setSecurityHandler(SecurityHandlerInterface $securityHandler)
     {
         $this->securityHandler = $securityHandler;
     }
 
+    /**
+     * @return \Sonata\AdminBundle\Security\Handler\SecurityHandlerInterface|null
+     */
     public function getSecurityHandler()
     {
         return $this->securityHandler;
@@ -2014,11 +2021,12 @@ abstract class Admin implements AdminInterface, DomainObjectInterface
 
     /**
      * @param string $name
+     * @param object|null $object
      * @return boolean
      */
-    public function isGranted($name)
+    public function isGranted($name, $object = null)
     {
-        return $this->securityHandler->isGranted($name, $this);
+        return $this->securityHandler->isGranted($this, $name, $object ?: $this);
     }
 
     public function getNormalizedIdentifier($entity)

Resources/config/core.xml

@@ -24,14 +24,15 @@
 
         <service id="sonata.admin.security.handler.acl" class="Sonata\AdminBundle\Security\Handler\AclSecurityHandler">
             <argument type="service" id="security.context" on-invalid="null" />
+            <argument type="collection">
+                <argument>ROLE_SUPER_ADMIN</argument>
+            </argument>
         </service>
 
         <service id="sonata.admin.builder.filter.factory" class="Sonata\AdminBundle\Filter\FilterFactory">
             <argument type="service" id="service_container" />
             <argument />
         </service>
-
     </services>
-
 </container>
 

Security/Handler/AclSecurityHandler.php

@@ -17,16 +17,40 @@ use Sonata\AdminBundle\Admin\AdminInterface;
 
 class AclSecurityHandler implements SecurityHandlerInterface
 {
-    public function __construct(SecurityContextInterface $securityContext)
+    protected $securityContext;
+
+    protected $superAdminRoles;
+
+    /**
+     * @param \Symfony\Component\Security\Core\SecurityContextInterface $securityContext
+     * @param array $superAdminRoles
+     */
+    public function __construct(SecurityContextInterface $securityContext, array $superAdminRoles)
     {
         $this->securityContext = $securityContext;
+        $this->superAdminRoles = $superAdminRoles;
     }
 
     /**
      * {@inheritDoc}
      */
-    public function isGranted($attributes, $object = null)
+    public function isGranted(AdminInterface $admin, $attributes, $object = null)
     {
+        if (!is_array($attributes)) {
+            $attributes = array($attributes);
+        }
+
+        if ($object instanceof AdminInterface) {
+            foreach ($attributes as $pos => $attribute) {
+                $attributes[$pos] = sprintf('ROLE_%s_%s',
+                    str_replace('.', '_', strtoupper($admin->getCode())),
+                    $attribute
+                );
+            }
+        }
+
+        $attributes = array_merge($attributes, $this->superAdminRoles);
+
         try {
             return $this->securityContext->isGranted($attributes, $object);
         } catch (AuthenticationCredentialsNotFoundException $e) {

Security/Handler/NoopSecurityHandler.php

@@ -18,7 +18,7 @@ class NoopSecurityHandler implements SecurityHandlerInterface
     /**
      * {@inheritDoc}
      */
-    public function isGranted($attributes, $object = null)
+    public function isGranted(AdminInterface $admin, $attributes, $object = null)
     {
         return true;
     }

Security/Handler/SecurityHandlerInterface.php

@@ -21,7 +21,7 @@ interface SecurityHandlerInterface
      * @param null $object
      * @return boolean
      */
-    function isGranted($attributes, $object = null);
+    function isGranted(AdminInterface $admin, $attributes, $object = null);
 
     /**
      * @abstract

Tests/Security/Handler/AclSecurityHandlerTest.php

@@ -17,25 +17,30 @@ class AclSecurityHandlerTest extends \PHPUnit_Framework_TestCase
 {
     public function testAcl()
     {
+        $admin = $this->getMock('Sonata\AdminBundle\Admin\AdminInterface');
+        $admin->expects($this->any())
+            ->method('getCode')
+            ->will($this->returnValue('test'));
+
         $securityContext = $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface');
         $securityContext->expects($this->any())
             ->method('isGranted')
             ->will($this->returnValue(true));
 
-        $handler = new AclSecurityHandler($securityContext);
+        $handler = new AclSecurityHandler($securityContext, array());
 
-        $this->assertTrue($handler->isGranted(array('TOTO')));
-        $this->assertTrue($handler->isGranted('TOTO'));
+        $this->assertTrue($handler->isGranted($admin, array('TOTO')));
+        $this->assertTrue($handler->isGranted($admin, 'TOTO'));
 
         $securityContext = $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface');
         $securityContext->expects($this->any())
             ->method('isGranted')
             ->will($this->returnValue(false));
 
-        $handler = new AclSecurityHandler($securityContext);
+        $handler = new AclSecurityHandler($securityContext, array());
 
-        $this->assertFalse($handler->isGranted(array('TOTO')));
-        $this->assertFalse($handler->isGranted('TOTO'));
+        $this->assertFalse($handler->isGranted($admin, array('TOTO')));
+        $this->assertFalse($handler->isGranted($admin, 'TOTO'));
     }
 
     public function testBuildInformation()
@@ -54,7 +59,7 @@ class AclSecurityHandlerTest extends \PHPUnit_Framework_TestCase
             ->method('getSecurityInformation')
             ->will($this->returnValue($informations));
 
-        $handler = new AclSecurityHandler($securityContext);
+        $handler = new AclSecurityHandler($securityContext, array());
 
         $results = $handler->buildSecurityInformation($admin);
 
@@ -63,14 +68,19 @@ class AclSecurityHandlerTest extends \PHPUnit_Framework_TestCase
 
     public function testWithAuthenticationCredentialsNotFoundException()
     {
+        $admin = $this->getMock('Sonata\AdminBundle\Admin\AdminInterface');
+        $admin->expects($this->once())
+            ->method('getCode')
+            ->will($this->returnValue('test'));
+
         $securityContext = $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface');
         $securityContext->expects($this->any())
             ->method('isGranted')
             ->will($this->throwException(new AuthenticationCredentialsNotFoundException('FAIL')));
 
-        $handler = new AclSecurityHandler($securityContext);
+        $handler = new AclSecurityHandler($securityContext, array());
 
-        $this->assertFalse($handler->isGranted('raise exception'));
+        $this->assertFalse($handler->isGranted($admin, 'raise exception', $admin));
     }
 
     /**
@@ -78,13 +88,18 @@ class AclSecurityHandlerTest extends \PHPUnit_Framework_TestCase
      */
     public function testWithNonAuthenticationCredentialsNotFoundException()
     {
+        $admin = $this->getMock('Sonata\AdminBundle\Admin\AdminInterface');
+        $admin->expects($this->once())
+            ->method('getCode')
+            ->will($this->returnValue('test'));
+
         $securityContext = $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface');
         $securityContext->expects($this->any())
             ->method('isGranted')
             ->will($this->throwException(new \RunTimeException('FAIL')));
 
-        $handler = new AclSecurityHandler($securityContext);
+        $handler = new AclSecurityHandler($securityContext, array());
 
-        $this->assertFalse($handler->isGranted('raise exception'));
+        $this->assertFalse($handler->isGranted($admin, 'raise exception', $admin));
     }
 }