Removed hardcoded role names from code.

Signed-off-by: Gergely Polonkai <polesz@w00d5t0ck.info>
11 years ago · a8f1f85573
parent f220206de8
commit a8f1f85573
12 changed files with 74 additions and 1728 deletions
--- a/app/bootstrap.php.cache
+++ b/app/bootstrap.php.cache
--- a/src/KekRozsak/AdminBundle/Controller/DefaultController.php
+++ b/src/KekRozsak/AdminBundle/Controller/DefaultController.php
@ -6,8 +6,12 @@ use Symfony\Bundle\FrameworkBundle\Controller\Controller;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
+use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
 use JMS\DiExtraBundle\Annotation as DI;

+use KekRozsak\FrontBundle\Entity\Group;
+use KekRozsak\SecurityBundle\Entity\User;
+
 /**
 * @Route("/admin")
 */
@ -26,9 +30,12 @@ class DefaultController extends Controller
     */
    public function manageRegsAction()
    {
-        if (!$this->$securityContext->isGranted('ROLE_ADMIN')) {
+        $objectIdentity = new ObjectIdentity(User::ACL_OID, 'KekRozsak\\SecurityBundle\\Entity\\User');
+
+        if (!$this->securityContext->isGranted('OWNER', $objectIdentity)) {
            throw new AccessDeniedException('Ehhez a művelethez nincs jogosultságod.');
        }
+
        $users = $this->getDoctrine()->getEntityManager()->createQuery('SELECT u FROM KekRozsakSecurityBundle:User u WHERE u.acceptedBy IS NULL')->getResult();
        $request = $this->getRequest();

@ -59,9 +66,10 @@ class DefaultController extends Controller
    {
        $user = $this->securityContext->getToken()->getUser();
        $request = $this->getRequest();
+        $objectIdentity = new ObjectIdentity(Group::ACL_OID, 'KekRozsak\\FrontBundle\\Entity\\Group');
+	$groupRepo = $this->getDoctrine()->getRepository('KekRozsakFrontBundle:Group');

-        $groupRepo = $this->getDoctrine()->getRepository('KekRozsakFrontBundle:Group');
-        if ($this->securityContext->isGranted('ROLE_ADMIN') === false) {
+        if (!$this->securityContext->isGranted('OWNER', $objectIdentity)) {
            $myGroups = $groupRepo->findByLeader($user);
        } else {
            $myGroups = $groupRepo->findAll();
@ -75,7 +83,7 @@ class DefaultController extends Controller
                if ($aUser && $aGroup) {
                    if (
                            ($aGroup->getLeader() == $user)
-                            || $this->securityContext->isGranted('ROLE_ADMIN')
+                            || $this->securityContext->isGranted('OWNER', $objectIdentity)
                    ) {
                        $membershipRepo = $this->getDoctrine()->getRepository('KekRozsakFrontBundle:UserGroupMembership');
                        $membershipObject = $membershipRepo->findOneBy(array('user' => $aUser, 'group' => $aGroup));
--- a/src/KekRozsak/FrontBundle/Controller/ForumController.php
+++ b/src/KekRozsak/FrontBundle/Controller/ForumController.php
@ -8,6 +8,7 @@ use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter;
 use Symfony\Component\HttpFoundation\Response;
+use Symfony\Component\Security\Acl\Domain\ObjectIdentity;

 use KekRozsak\FrontBundle\Entity\ForumTopicGroup;
 use KekRozsak\FrontBundle\Entity\ForumTopic;
@ -29,6 +30,7 @@ class ForumController extends Controller
     */
    public function topicGroupListAction()
    {
+        $topicGroupOid = new ObjectIdentity(ForumTopicGroup::ACL_OID, 'KekRozsak\\FrontBundle\\Entity\\ForumTopicGroup');
        $groupRepo = $this->getDoctrine()->getRepository('KekRozsakFrontBundle:ForumTopicGroup');
        $request = $this->getRequest();
        $newTopicGroup = new ForumTopicGroup();
@ -61,6 +63,7 @@ class ForumController extends Controller
        return array(
            'topicGroups'       => $topicGroups,
            'newTopicGroupForm' => $newTopicGroupForm->createView(),
+            'oid'               => $topicGroupOid,
        );
    }

--- a/src/KekRozsak/FrontBundle/Entity/Article.php
+++ b/src/KekRozsak/FrontBundle/Entity/Article.php
@ -12,6 +12,13 @@ use KekRozsak\SecurityBundle\Entity\User;
 */
 class Article
 {
+    /**
+     * The ACL class OID for this class
+     *
+     * @const ACL_OID
+     */
+    const ACL_OID = 'articleClass';
+
    /**
     * The ID of the Article
     *
--- a/src/KekRozsak/FrontBundle/Entity/ForumTopicGroup.php
+++ b/src/KekRozsak/FrontBundle/Entity/ForumTopicGroup.php
@ -18,6 +18,13 @@ use KekRozsak\SecurityBundle\Entity\User;
 */
 class ForumTopicGroup
 {
+    /**
+     * The ACL class OID for this class
+     *
+     * @const ACL_OID
+     */
+    const ACL_OID = 'forumTopicGroupClass';
+
    public function __construct()
    {
        $this->topics = new ArrayCollection();
--- a/src/KekRozsak/FrontBundle/Entity/Group.php
+++ b/src/KekRozsak/FrontBundle/Entity/Group.php
@ -19,6 +19,13 @@ use KekRozsak\FrontBundle\Entity\Document;
 */
 class Group
 {
+    /**
+     * The ACL class OID for this class
+     *
+     * @const ACL_OID
+     */
+    const ACL_OID = 'groupClass';
+
    public function __construct()
    {
        $this->members = new ArrayCollection();
--- a/src/KekRozsak/FrontBundle/Entity/News.php
+++ b/src/KekRozsak/FrontBundle/Entity/News.php
@ -12,6 +12,13 @@ use KekRozsak\SecurityBundle\Entity\User;
 */
 class News
 {
+    /**
+     * The ACL class OID for this class
+     *
+     * @const ACL_OID
+     */
+    const ACL_OID = 'newsClass';
+
    public function __construct()
    {
        $this->public = false;
--- a/src/KekRozsak/FrontBundle/Resources/views/Forum/topicGroupList.html.twig
+++ b/src/KekRozsak/FrontBundle/Resources/views/Forum/topicGroupList.html.twig
@ -7,7 +7,7 @@

 {% block content %}
 <h3>Fórum</h3>
-{% if is_granted('ROLE_ADMIN') %}
+{% if is_granted('OWNER', oid) %}
 <span class="gomb" id="new-topic-group-button">[Új témakör]</span><br />
 <div id="new-topic-group">
 {# TODO: make this an AJAX form #}
--- a/src/KekRozsak/SecurityBundle/Command/SecurityInitCommand.php
+++ b/src/KekRozsak/SecurityBundle/Command/SecurityInitCommand.php
@ -47,14 +47,21 @@ EOF

        $securityContext = $container->get('security.context');
        $aclProvider = $container->get('security.acl.provider');
+        $roleRepo = $container->get('doctrine')->getRepository('KekRozsakSecurityBundle:Role');
+        $adminRole = $roleRepo->findOneByName('ROLE_ADMIN');

        $classNames = array(
-            'newsClass'     => 'KekRozsak\\FrontBundle\\Entity\\News',
-            'articlesClass' => 'KekRozsak\\FrontBundle\\Entity\\Articles',
+            'KekRozsak\\FrontBundle\\Entity\\News',
+            'KekRozsak\\FrontBundle\\Entity\\Article',
+            'KekRozsak\\FrontBundle\\Entity\\Group',
+            'KekRozsak\\FrontBundle\\Entity\\ForumTopicGroup',
+            'KekRozsak\\SecurityBundle\\Entity\\User',
        );

-        $securityIdentity = new RoleSecurityIdentity('ROLE_ADMIN');
-        foreach ($classNames as $id => $className) {
+        $securityIdentity = new RoleSecurityIdentity($adminRole);
+        foreach ($classNames as $className) {
+            $id = $className::ACL_OID;
+
            $objectIdentity = new ObjectIdentity($id, $className);
            try {
                $acl = $aclProvider->findAcl($objectIdentity, array($securityIdentity));
--- a/src/KekRozsak/SecurityBundle/Controller/DefaultController.php
+++ b/src/KekRozsak/SecurityBundle/Controller/DefaultController.php
@ -9,6 +9,7 @@ use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter;
 use Symfony\Component\Security\Core\SecurityContext;
 use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Acl\Domain\ObjectIdentity;

 use KekRozsak\SecurityBundle\Entity\User;
 use KekRozsak\SecurityBundle\Form\Type\UserType;
@ -146,7 +147,9 @@ class DefaultController extends Controller
     */
    public function ajaxUserdataAction(User $user)
    {
+        $userOid = new ObjectIdentity(User::ACL_OID, get_class($user));
        return array(
+            'oid'  => $userOid,
            'user' => $user,
        );
    }
--- a/src/KekRozsak/SecurityBundle/Entity/User.php
+++ b/src/KekRozsak/SecurityBundle/Entity/User.php
@ -23,6 +23,13 @@ use KekRozsak\SecurityBundle\Entity\Role;
 */
 class User implements UserInterface, AdvancedUserInterface
 {
+    /**
+     * The ACL class OID for this class
+     *
+     * @const ACL_OID
+     */
+    const ACL_OID = 'userClass';
+
    public function __construct()
    {
        $this->groups = new ArrayCollection();
--- a/src/KekRozsak/SecurityBundle/Resources/views/Default/ajaxUserdata.html.twig
+++ b/src/KekRozsak/SecurityBundle/Resources/views/Default/ajaxUserdata.html.twig
@ -6,25 +6,25 @@
    </head>
    <body>
        <strong>Tagság kezdete</strong>: {{ user.registeredAt|date('Y-m-d') }}<br />
-{% if is_granted('ROLE_ADMIN') %}
+{% if is_granted('OWNER', oid) %}
        <strong>Felhasználónév</strong>: {{ user.username }}<br />
 {% endif %}
-{% if is_granted('ROLE_ADMIN') or (user.userData and user.userData.emailPublic) %}
+{% if is_granted('OWNER', oid) or (user.userData and user.userData.emailPublic) %}
        <strong>E-mail</strong>: {{ user.email }}<br />
 {% endif %}
-{% if user.userData and (is_granted('ROLE_ADMIN') or (user.userData.realNamePublic and (user.userData.realName == ''))) %}
+{% if user.userData and (is_granted('OWNER', oid) or (user.userData.realNamePublic and (user.userData.realName == ''))) %}
        <strong>Valódi név</strong>: {{ user.userData.realName }}<br />
 {% endif %}
-{% if user.userData and user.userData.msnAddress != '' and (is_granted('ROLE_ADMIN') or user.userData.msnAddressPublic) %}
+{% if user.userData and user.userData.msnAddress != '' and (is_granted('OWNER', oid) or user.userData.msnAddressPublic) %}
        <strong>MSN cím</strong>: {{ user.userData.msnAddress }}<br />
 {% endif %}
-{% if user.userData and user.userData.googleTalk != '' and (is_granted('ROLE_ADMIN') or user.userData.googleTalkPublic) %}
+{% if user.userData and user.userData.googleTalk != '' and (is_granted('OWNER', oid) or user.userData.googleTalkPublic) %}
        <strong>Google Talk cím</strong>: {{ user.userData.googleTalk }}<br />
 {% endif %}
-{% if user.userData and user.userData.skype != '' and (is_granted('ROLE_ADMIN') or user.userData.skypePublic) %}
+{% if user.userData and user.userData.skype != '' and (is_granted('OWNER', oid) or user.userData.skypePublic) %}
        <strong>Skype név</strong>: {{ user.userData.skype}}<br />
 {% endif %}
-{% if user.userData and user.userData.phoneNumber != '' and (is_granted('ROLE_ADMIN') or user.userData.phoneNumberPublic) %}
+{% if user.userData and user.userData.phoneNumber != '' and (is_granted('OWNER', oid) or user.userData.phoneNumberPublic) %}
        <strong>Telefonszám</strong>: {{ user.userData.phoneNumber }}<br />
 {% endif %}
 {% if user.userData and user.userData.selfDescription != '' %}
@ -34,7 +34,7 @@
        <strong>Csoportok</strong>:<br />
 {% set groupCount = 0 %}
 {% for group in user.allGroups %}
-{#% if is_granted('ROLE_ADMIN') or group.isMember(app.user) or group.open %#}
+{#% if is_granted('OWNER', oid) or group.isMember(app.user) or group.open %#}
 {% set groupCount = groupCount + 1 %}
 {{ group.name }}<br />
 {#% endif %#}
@ -42,7 +42,7 @@
 {% if groupCount == 0 %}
 Egy csoportnak sem tagja.<br />
 {% endif %}
-{% if is_granted('ROLE_ADMIN') %}
+{% if is_granted('OWNER', oid) %}
        <strong>Jóváhagyta</strong>: {{ user.acceptedBy.displayName }}<br />
        <strong>Utolsó bejelentkezés</strong>: {{ user.lastLoginAt|date('Y-m-d H:i') }}<br />
        <strong>Jogok</strong>:<br />