From 21366f7f75ceb102e808a7194ac57beb23c5c19c Mon Sep 17 00:00:00 2001
From: Polonkai Gergely <polesz@w00d5t0ck.info>
Date: Tue, 21 Aug 2012 13:35:09 +0200
Subject: [PATCH] Added kekrozsak:security:init command to initialize ACLs

Maybe it should be done via Doctrine fixtures?

Signed-off-by: Gergely Polonkai <polesz@w00d5t0ck.info>
---
 .../Command/SecurityInitCommand.php           | 57 +++++++++++++++++++
 1 file changed, 57 insertions(+)
 create mode 100644 src/KekRozsak/SecurityBundle/Command/SecurityInitCommand.php

diff --git a/src/KekRozsak/SecurityBundle/Command/SecurityInitCommand.php b/src/KekRozsak/SecurityBundle/Command/SecurityInitCommand.php
new file mode 100644
index 0000000..fdea37b
--- /dev/null
+++ b/src/KekRozsak/SecurityBundle/Command/SecurityInitCommand.php
@@ -0,0 +1,57 @@
+<?php
+namespace KekRozsak\SecurityBundle\Command;
+
+use Symfony\Bundle\FrameworkBundle\Command\ContainerAwareCommand;
+use Symfony\Component\Console\Input\InputInterface;
+use Symfony\Component\Console\Output\OutputInterface;
+use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity;
+use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
+use Symfony\Component\Security\Acl\Permission\MaskBuilder;
+
+class SecurityInitCommand extends ContainerAwareCommand
+{
+    private $verbose;
+
+    /**
+     * @see Command
+     */
+    protected function configure()
+    {
+        $this
+            ->setName('kekrozsak:security:init')
+            ->setDescription('Initializes ACLs')
+            ->setHelp(<<<EOF
+The <info>%command.full_name%</info> command fills up the ACL tables with default ACLs.
+
+<info>php %command.full_name%</info>
+
+ACL lists are currently hard-coded.
+EOF
+            )
+        ;
+    }
+
+    protected function initialize(InputInterface $input, OutputInterface $output)
+    {
+        parent::initialize($input, $output);
+        $this->verbose = $input->getOption('verbose');
+    }
+
+    /**
+     * @see Command
+     */
+    protected function execute(InputInterface $input, OutputInterface $output)
+    {
+        $container = $this->getContainer();
+
+        $securityContext = $container->get('security.context');
+        $aclProvider = $container->get('security.acl.provider');
+
+        $securityIdentity = new RoleSecurityIdentity('ADMIN');
+        $objectIdentity = new ObjectIdentity('class', 'KekRozsak\\FrontBundle\\Entity\\News');
+	// TODO: Check if the ACL exists, and if so, if it has the same permission mask
+        $acl = $aclProvider->createAcl($objectIdentity);
+        $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OWNER);
+        $aclProvider->updateAcl($acl);
+    }
+}