Removed hardcoded role names from code.
Signed-off-by: Gergely Polonkai <polesz@w00d5t0ck.info>
This commit is contained in:
Polonkai Gergely
parent
f220206de8
commit
a8f1f85573
File diff suppressed because it is too large
Load Diff
@ -6,8 +6,12 @@ use Symfony\Bundle\FrameworkBundle\Controller\Controller;
|
|||||||
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
|
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
|
||||||
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
|
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
|
||||||
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
|
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
|
||||||
|
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
|
||||||
use JMS\DiExtraBundle\Annotation as DI;
|
use JMS\DiExtraBundle\Annotation as DI;
|
||||||
|
|
||||||
|
use KekRozsak\FrontBundle\Entity\Group;
|
||||||
|
use KekRozsak\SecurityBundle\Entity\User;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @Route("/admin")
|
* @Route("/admin")
|
||||||
*/
|
*/
|
||||||
@ -26,9 +30,12 @@ class DefaultController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function manageRegsAction()
|
public function manageRegsAction()
|
||||||
{
|
{
|
||||||
if (!$this->$securityContext->isGranted('ROLE_ADMIN')) {
|
$objectIdentity = new ObjectIdentity(User::ACL_OID, 'KekRozsak\\SecurityBundle\\Entity\\User');
|
||||||
|
|
||||||
|
if (!$this->securityContext->isGranted('OWNER', $objectIdentity)) {
|
||||||
throw new AccessDeniedException('Ehhez a művelethez nincs jogosultságod.');
|
throw new AccessDeniedException('Ehhez a művelethez nincs jogosultságod.');
|
||||||
}
|
}
|
||||||
|
|
||||||
$users = $this->getDoctrine()->getEntityManager()->createQuery('SELECT u FROM KekRozsakSecurityBundle:User u WHERE u.acceptedBy IS NULL')->getResult();
|
$users = $this->getDoctrine()->getEntityManager()->createQuery('SELECT u FROM KekRozsakSecurityBundle:User u WHERE u.acceptedBy IS NULL')->getResult();
|
||||||
$request = $this->getRequest();
|
$request = $this->getRequest();
|
||||||
|
|
||||||
@ -59,9 +66,10 @@ class DefaultController extends Controller
|
|||||||
{
|
{
|
||||||
$user = $this->securityContext->getToken()->getUser();
|
$user = $this->securityContext->getToken()->getUser();
|
||||||
$request = $this->getRequest();
|
$request = $this->getRequest();
|
||||||
|
$objectIdentity = new ObjectIdentity(Group::ACL_OID, 'KekRozsak\\FrontBundle\\Entity\\Group');
|
||||||
$groupRepo = $this->getDoctrine()->getRepository('KekRozsakFrontBundle:Group');
|
$groupRepo = $this->getDoctrine()->getRepository('KekRozsakFrontBundle:Group');
|
||||||
if ($this->securityContext->isGranted('ROLE_ADMIN') === false) {
|
|
||||||
|
if (!$this->securityContext->isGranted('OWNER', $objectIdentity)) {
|
||||||
$myGroups = $groupRepo->findByLeader($user);
|
$myGroups = $groupRepo->findByLeader($user);
|
||||||
} else {
|
} else {
|
||||||
$myGroups = $groupRepo->findAll();
|
$myGroups = $groupRepo->findAll();
|
||||||
@ -75,7 +83,7 @@ class DefaultController extends Controller
|
|||||||
if ($aUser && $aGroup) {
|
if ($aUser && $aGroup) {
|
||||||
if (
|
if (
|
||||||
($aGroup->getLeader() == $user)
|
($aGroup->getLeader() == $user)
|
||||||
|| $this->securityContext->isGranted('ROLE_ADMIN')
|
|| $this->securityContext->isGranted('OWNER', $objectIdentity)
|
||||||
) {
|
) {
|
||||||
$membershipRepo = $this->getDoctrine()->getRepository('KekRozsakFrontBundle:UserGroupMembership');
|
$membershipRepo = $this->getDoctrine()->getRepository('KekRozsakFrontBundle:UserGroupMembership');
|
||||||
$membershipObject = $membershipRepo->findOneBy(array('user' => $aUser, 'group' => $aGroup));
|
$membershipObject = $membershipRepo->findOneBy(array('user' => $aUser, 'group' => $aGroup));
|
||||||
|
|||||||
@ -8,6 +8,7 @@ use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
|
|||||||
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
|
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
|
||||||
use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter;
|
use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter;
|
||||||
use Symfony\Component\HttpFoundation\Response;
|
use Symfony\Component\HttpFoundation\Response;
|
||||||
|
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
|
||||||
|
|
||||||
use KekRozsak\FrontBundle\Entity\ForumTopicGroup;
|
use KekRozsak\FrontBundle\Entity\ForumTopicGroup;
|
||||||
use KekRozsak\FrontBundle\Entity\ForumTopic;
|
use KekRozsak\FrontBundle\Entity\ForumTopic;
|
||||||
@ -29,6 +30,7 @@ class ForumController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function topicGroupListAction()
|
public function topicGroupListAction()
|
||||||
{
|
{
|
||||||
|
$topicGroupOid = new ObjectIdentity(ForumTopicGroup::ACL_OID, 'KekRozsak\\FrontBundle\\Entity\\ForumTopicGroup');
|
||||||
$groupRepo = $this->getDoctrine()->getRepository('KekRozsakFrontBundle:ForumTopicGroup');
|
$groupRepo = $this->getDoctrine()->getRepository('KekRozsakFrontBundle:ForumTopicGroup');
|
||||||
$request = $this->getRequest();
|
$request = $this->getRequest();
|
||||||
$newTopicGroup = new ForumTopicGroup();
|
$newTopicGroup = new ForumTopicGroup();
|
||||||
@ -61,6 +63,7 @@ class ForumController extends Controller
|
|||||||
return array(
|
return array(
|
||||||
'topicGroups' => $topicGroups,
|
'topicGroups' => $topicGroups,
|
||||||
'newTopicGroupForm' => $newTopicGroupForm->createView(),
|
'newTopicGroupForm' => $newTopicGroupForm->createView(),
|
||||||
|
'oid' => $topicGroupOid,
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -12,6 +12,13 @@ use KekRozsak\SecurityBundle\Entity\User;
|
|||||||
*/
|
*/
|
||||||
class Article
|
class Article
|
||||||
{
|
{
|
||||||
|
/**
|
||||||
|
* The ACL class OID for this class
|
||||||
|
*
|
||||||
|
* @const ACL_OID
|
||||||
|
*/
|
||||||
|
const ACL_OID = 'articleClass';
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The ID of the Article
|
* The ID of the Article
|
||||||
*
|
*
|
||||||
|
|||||||
@ -18,6 +18,13 @@ use KekRozsak\SecurityBundle\Entity\User;
|
|||||||
*/
|
*/
|
||||||
class ForumTopicGroup
|
class ForumTopicGroup
|
||||||
{
|
{
|
||||||
|
/**
|
||||||
|
* The ACL class OID for this class
|
||||||
|
*
|
||||||
|
* @const ACL_OID
|
||||||
|
*/
|
||||||
|
const ACL_OID = 'forumTopicGroupClass';
|
||||||
|
|
||||||
public function __construct()
|
public function __construct()
|
||||||
{
|
{
|
||||||
$this->topics = new ArrayCollection();
|
$this->topics = new ArrayCollection();
|
||||||
|
|||||||
@ -19,6 +19,13 @@ use KekRozsak\FrontBundle\Entity\Document;
|
|||||||
*/
|
*/
|
||||||
class Group
|
class Group
|
||||||
{
|
{
|
||||||
|
/**
|
||||||
|
* The ACL class OID for this class
|
||||||
|
*
|
||||||
|
* @const ACL_OID
|
||||||
|
*/
|
||||||
|
const ACL_OID = 'groupClass';
|
||||||
|
|
||||||
public function __construct()
|
public function __construct()
|
||||||
{
|
{
|
||||||
$this->members = new ArrayCollection();
|
$this->members = new ArrayCollection();
|
||||||
|
|||||||
@ -12,6 +12,13 @@ use KekRozsak\SecurityBundle\Entity\User;
|
|||||||
*/
|
*/
|
||||||
class News
|
class News
|
||||||
{
|
{
|
||||||
|
/**
|
||||||
|
* The ACL class OID for this class
|
||||||
|
*
|
||||||
|
* @const ACL_OID
|
||||||
|
*/
|
||||||
|
const ACL_OID = 'newsClass';
|
||||||
|
|
||||||
public function __construct()
|
public function __construct()
|
||||||
{
|
{
|
||||||
$this->public = false;
|
$this->public = false;
|
||||||
|
|||||||
@ -7,7 +7,7 @@
|
|||||||
|
|
||||||
{% block content %}
|
{% block content %}
|
||||||
<h3>Fórum</h3>
|
<h3>Fórum</h3>
|
||||||
{% if is_granted('ROLE_ADMIN') %}
|
{% if is_granted('OWNER', oid) %}
|
||||||
<span class="gomb" id="new-topic-group-button">[Új témakör]</span><br />
|
<span class="gomb" id="new-topic-group-button">[Új témakör]</span><br />
|
||||||
<div id="new-topic-group">
|
<div id="new-topic-group">
|
||||||
{# TODO: make this an AJAX form #}
|
{# TODO: make this an AJAX form #}
|
||||||
|
|||||||
@ -47,14 +47,21 @@ EOF
|
|||||||
|
|
||||||
$securityContext = $container->get('security.context');
|
$securityContext = $container->get('security.context');
|
||||||
$aclProvider = $container->get('security.acl.provider');
|
$aclProvider = $container->get('security.acl.provider');
|
||||||
|
$roleRepo = $container->get('doctrine')->getRepository('KekRozsakSecurityBundle:Role');
|
||||||
|
$adminRole = $roleRepo->findOneByName('ROLE_ADMIN');
|
||||||
|
|
||||||
$classNames = array(
|
$classNames = array(
|
||||||
'newsClass' => 'KekRozsak\\FrontBundle\\Entity\\News',
|
'KekRozsak\\FrontBundle\\Entity\\News',
|
||||||
'articlesClass' => 'KekRozsak\\FrontBundle\\Entity\\Articles',
|
'KekRozsak\\FrontBundle\\Entity\\Article',
|
||||||
|
'KekRozsak\\FrontBundle\\Entity\\Group',
|
||||||
|
'KekRozsak\\FrontBundle\\Entity\\ForumTopicGroup',
|
||||||
|
'KekRozsak\\SecurityBundle\\Entity\\User',
|
||||||
);
|
);
|
||||||
|
|
||||||
$securityIdentity = new RoleSecurityIdentity('ROLE_ADMIN');
|
$securityIdentity = new RoleSecurityIdentity($adminRole);
|
||||||
foreach ($classNames as $id => $className) {
|
foreach ($classNames as $className) {
|
||||||
|
$id = $className::ACL_OID;
|
||||||
|
|
||||||
$objectIdentity = new ObjectIdentity($id, $className);
|
$objectIdentity = new ObjectIdentity($id, $className);
|
||||||
try {
|
try {
|
||||||
$acl = $aclProvider->findAcl($objectIdentity, array($securityIdentity));
|
$acl = $aclProvider->findAcl($objectIdentity, array($securityIdentity));
|
||||||
|
|||||||
@ -9,6 +9,7 @@ use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
|
|||||||
use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter;
|
use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter;
|
||||||
use Symfony\Component\Security\Core\SecurityContext;
|
use Symfony\Component\Security\Core\SecurityContext;
|
||||||
use Symfony\Component\Security\Core\User\UserInterface;
|
use Symfony\Component\Security\Core\User\UserInterface;
|
||||||
|
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
|
||||||
|
|
||||||
use KekRozsak\SecurityBundle\Entity\User;
|
use KekRozsak\SecurityBundle\Entity\User;
|
||||||
use KekRozsak\SecurityBundle\Form\Type\UserType;
|
use KekRozsak\SecurityBundle\Form\Type\UserType;
|
||||||
@ -146,7 +147,9 @@ class DefaultController extends Controller
|
|||||||
*/
|
*/
|
||||||
public function ajaxUserdataAction(User $user)
|
public function ajaxUserdataAction(User $user)
|
||||||
{
|
{
|
||||||
|
$userOid = new ObjectIdentity(User::ACL_OID, get_class($user));
|
||||||
return array(
|
return array(
|
||||||
|
'oid' => $userOid,
|
||||||
'user' => $user,
|
'user' => $user,
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|||||||
@ -23,6 +23,13 @@ use KekRozsak\SecurityBundle\Entity\Role;
|
|||||||
*/
|
*/
|
||||||
class User implements UserInterface, AdvancedUserInterface
|
class User implements UserInterface, AdvancedUserInterface
|
||||||
{
|
{
|
||||||
|
/**
|
||||||
|
* The ACL class OID for this class
|
||||||
|
*
|
||||||
|
* @const ACL_OID
|
||||||
|
*/
|
||||||
|
const ACL_OID = 'userClass';
|
||||||
|
|
||||||
public function __construct()
|
public function __construct()
|
||||||
{
|
{
|
||||||
$this->groups = new ArrayCollection();
|
$this->groups = new ArrayCollection();
|
||||||
|
|||||||
@ -6,25 +6,25 @@
|
|||||||
</head>
|
</head>
|
||||||
<body>
|
<body>
|
||||||
<strong>Tagság kezdete</strong>: {{ user.registeredAt|date('Y-m-d') }}<br />
|
<strong>Tagság kezdete</strong>: {{ user.registeredAt|date('Y-m-d') }}<br />
|
||||||
{% if is_granted('ROLE_ADMIN') %}
|
{% if is_granted('OWNER', oid) %}
|
||||||
<strong>Felhasználónév</strong>: {{ user.username }}<br />
|
<strong>Felhasználónév</strong>: {{ user.username }}<br />
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if is_granted('ROLE_ADMIN') or (user.userData and user.userData.emailPublic) %}
|
{% if is_granted('OWNER', oid) or (user.userData and user.userData.emailPublic) %}
|
||||||
<strong>E-mail</strong>: {{ user.email }}<br />
|
<strong>E-mail</strong>: {{ user.email }}<br />
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if user.userData and (is_granted('ROLE_ADMIN') or (user.userData.realNamePublic and (user.userData.realName == ''))) %}
|
{% if user.userData and (is_granted('OWNER', oid) or (user.userData.realNamePublic and (user.userData.realName == ''))) %}
|
||||||
<strong>Valódi név</strong>: {{ user.userData.realName }}<br />
|
<strong>Valódi név</strong>: {{ user.userData.realName }}<br />
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if user.userData and user.userData.msnAddress != '' and (is_granted('ROLE_ADMIN') or user.userData.msnAddressPublic) %}
|
{% if user.userData and user.userData.msnAddress != '' and (is_granted('OWNER', oid) or user.userData.msnAddressPublic) %}
|
||||||
<strong>MSN cím</strong>: {{ user.userData.msnAddress }}<br />
|
<strong>MSN cím</strong>: {{ user.userData.msnAddress }}<br />
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if user.userData and user.userData.googleTalk != '' and (is_granted('ROLE_ADMIN') or user.userData.googleTalkPublic) %}
|
{% if user.userData and user.userData.googleTalk != '' and (is_granted('OWNER', oid) or user.userData.googleTalkPublic) %}
|
||||||
<strong>Google Talk cím</strong>: {{ user.userData.googleTalk }}<br />
|
<strong>Google Talk cím</strong>: {{ user.userData.googleTalk }}<br />
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if user.userData and user.userData.skype != '' and (is_granted('ROLE_ADMIN') or user.userData.skypePublic) %}
|
{% if user.userData and user.userData.skype != '' and (is_granted('OWNER', oid) or user.userData.skypePublic) %}
|
||||||
<strong>Skype név</strong>: {{ user.userData.skype}}<br />
|
<strong>Skype név</strong>: {{ user.userData.skype}}<br />
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if user.userData and user.userData.phoneNumber != '' and (is_granted('ROLE_ADMIN') or user.userData.phoneNumberPublic) %}
|
{% if user.userData and user.userData.phoneNumber != '' and (is_granted('OWNER', oid) or user.userData.phoneNumberPublic) %}
|
||||||
<strong>Telefonszám</strong>: {{ user.userData.phoneNumber }}<br />
|
<strong>Telefonszám</strong>: {{ user.userData.phoneNumber }}<br />
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if user.userData and user.userData.selfDescription != '' %}
|
{% if user.userData and user.userData.selfDescription != '' %}
|
||||||
@ -34,7 +34,7 @@
|
|||||||
<strong>Csoportok</strong>:<br />
|
<strong>Csoportok</strong>:<br />
|
||||||
{% set groupCount = 0 %}
|
{% set groupCount = 0 %}
|
||||||
{% for group in user.allGroups %}
|
{% for group in user.allGroups %}
|
||||||
{#% if is_granted('ROLE_ADMIN') or group.isMember(app.user) or group.open %#}
|
{#% if is_granted('OWNER', oid) or group.isMember(app.user) or group.open %#}
|
||||||
{% set groupCount = groupCount + 1 %}
|
{% set groupCount = groupCount + 1 %}
|
||||||
{{ group.name }}<br />
|
{{ group.name }}<br />
|
||||||
{#% endif %#}
|
{#% endif %#}
|
||||||
@ -42,7 +42,7 @@
|
|||||||
{% if groupCount == 0 %}
|
{% if groupCount == 0 %}
|
||||||
Egy csoportnak sem tagja.<br />
|
Egy csoportnak sem tagja.<br />
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if is_granted('ROLE_ADMIN') %}
|
{% if is_granted('OWNER', oid) %}
|
||||||
<strong>Jóváhagyta</strong>: {{ user.acceptedBy.displayName }}<br />
|
<strong>Jóváhagyta</strong>: {{ user.acceptedBy.displayName }}<br />
|
||||||
<strong>Utolsó bejelentkezés</strong>: {{ user.lastLoginAt|date('Y-m-d H:i') }}<br />
|
<strong>Utolsó bejelentkezés</strong>: {{ user.lastLoginAt|date('Y-m-d H:i') }}<br />
|
||||||
<strong>Jogok</strong>:<br />
|
<strong>Jogok</strong>:<br />
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user