|
|
@@ -30,8 +30,16 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
|
|
|
const ALL = 'all';
|
|
|
const ANY = 'any';
|
|
|
|
|
|
+ protected static $noAceException;
|
|
|
protected $auditLogger;
|
|
|
|
|
|
+ public function __construct()
|
|
|
+ {
|
|
|
+ if (null === static::$noAceException) {
|
|
|
+ static::$noAceException = new NoAceFoundException('No ACE.');
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
/**
|
|
|
* Sets the audit logger
|
|
|
*
|
|
|
@@ -62,16 +70,16 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
|
|
|
try {
|
|
|
$aces = $acl->getObjectAces();
|
|
|
|
|
|
- if (0 === count($aces)) {
|
|
|
- throw new NoAceFoundException('No applicable ACE was found.');
|
|
|
+ if (!$aces) {
|
|
|
+ throw static::$noAceException;
|
|
|
}
|
|
|
|
|
|
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
|
|
|
} catch (NoAceFoundException $noObjectAce) {
|
|
|
$aces = $acl->getClassAces();
|
|
|
|
|
|
- if (0 === count($aces)) {
|
|
|
- throw new NoAceFoundException('No applicable ACE was found.');
|
|
|
+ if (!$aces) {
|
|
|
+ throw static::$noAceException;
|
|
|
}
|
|
|
|
|
|
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
|
|
|
@@ -93,15 +101,15 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
|
|
|
try {
|
|
|
try {
|
|
|
$aces = $acl->getObjectFieldAces($field);
|
|
|
- if (0 === count($aces)) {
|
|
|
- throw new NoAceFoundException('No applicable ACE was found.');
|
|
|
+ if (!$aces) {
|
|
|
+ throw static::$noAceException;
|
|
|
}
|
|
|
|
|
|
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
|
|
|
} catch (NoAceFoundException $noObjectAces) {
|
|
|
$aces = $acl->getClassFieldAces($field);
|
|
|
- if (0 === count($aces)) {
|
|
|
- throw new NoAceFoundException('No applicable ACE was found.');
|
|
|
+ if (!$aces) {
|
|
|
+ throw static::$noAceException;
|
|
|
}
|
|
|
|
|
|
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
|
|
|
@@ -151,12 +159,8 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
|
|
|
|
|
|
foreach ($masks as $requiredMask) {
|
|
|
foreach ($sids as $sid) {
|
|
|
- if (!$acl->isSidLoaded($sid)) {
|
|
|
- throw new SidNotLoadedException(sprintf('The SID "%s" has not been loaded.', $sid));
|
|
|
- }
|
|
|
-
|
|
|
foreach ($aces as $ace) {
|
|
|
- if ($this->isAceApplicable($requiredMask, $sid, $ace)) {
|
|
|
+ if ($sid->equals($ace->getSecurityIdentity()) && $this->isAceApplicable($requiredMask, $ace)) {
|
|
|
if ($ace->isGranting()) {
|
|
|
if (!$administrativeMode && null !== $this->auditLogger) {
|
|
|
$this->auditLogger->logIfNeeded(true, $ace);
|
|
|
@@ -183,7 +187,7 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
|
|
|
return false;
|
|
|
}
|
|
|
|
|
|
- throw new NoAceFoundException('No applicable ACE was found.');
|
|
|
+ throw static::$noAceException;
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -203,17 +207,12 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
|
|
|
* Strategy EQUAL:
|
|
|
* The ACE will be considered applicable when the bitmasks are equal.
|
|
|
*
|
|
|
- * @param SecurityIdentityInterface $sid
|
|
|
+ * @param integer $requiredMask
|
|
|
* @param EntryInterface $ace
|
|
|
- * @param int $requiredMask
|
|
|
* @return Boolean
|
|
|
*/
|
|
|
- protected function isAceApplicable($requiredMask, SecurityIdentityInterface $sid, EntryInterface $ace)
|
|
|
+ protected function isAceApplicable($requiredMask, EntryInterface $ace)
|
|
|
{
|
|
|
- if (false === $ace->getSecurityIdentity()->equals($sid)) {
|
|
|
- return false;
|
|
|
- }
|
|
|
-
|
|
|
$strategy = $ace->getStrategy();
|
|
|
if (self::ALL === $strategy) {
|
|
|
return $requiredMask === ($ace->getMask() & $requiredMask);
|
Johannes Schmitt