Removed hardcoded role names from code.

Signed-off-by: Gergely Polonkai <polesz@w00d5t0ck.info>
This commit is contained in:
Polonkai Gergely 2012-09-10 14:00:02 +02:00
parent f220206de8
commit a8f1f85573
12 changed files with 74 additions and 1728 deletions

File diff suppressed because it is too large Load Diff

View File

@ -6,8 +6,12 @@ use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route; use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template; use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Symfony\Component\Security\Core\Exception\AccessDeniedException; use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use JMS\DiExtraBundle\Annotation as DI; use JMS\DiExtraBundle\Annotation as DI;
use KekRozsak\FrontBundle\Entity\Group;
use KekRozsak\SecurityBundle\Entity\User;
/** /**
* @Route("/admin") * @Route("/admin")
*/ */
@ -26,9 +30,12 @@ class DefaultController extends Controller
*/ */
public function manageRegsAction() public function manageRegsAction()
{ {
if (!$this->$securityContext->isGranted('ROLE_ADMIN')) { $objectIdentity = new ObjectIdentity(User::ACL_OID, 'KekRozsak\\SecurityBundle\\Entity\\User');
if (!$this->securityContext->isGranted('OWNER', $objectIdentity)) {
throw new AccessDeniedException('Ehhez a művelethez nincs jogosultságod.'); throw new AccessDeniedException('Ehhez a művelethez nincs jogosultságod.');
} }
$users = $this->getDoctrine()->getEntityManager()->createQuery('SELECT u FROM KekRozsakSecurityBundle:User u WHERE u.acceptedBy IS NULL')->getResult(); $users = $this->getDoctrine()->getEntityManager()->createQuery('SELECT u FROM KekRozsakSecurityBundle:User u WHERE u.acceptedBy IS NULL')->getResult();
$request = $this->getRequest(); $request = $this->getRequest();
@ -59,9 +66,10 @@ class DefaultController extends Controller
{ {
$user = $this->securityContext->getToken()->getUser(); $user = $this->securityContext->getToken()->getUser();
$request = $this->getRequest(); $request = $this->getRequest();
$objectIdentity = new ObjectIdentity(Group::ACL_OID, 'KekRozsak\\FrontBundle\\Entity\\Group');
$groupRepo = $this->getDoctrine()->getRepository('KekRozsakFrontBundle:Group'); $groupRepo = $this->getDoctrine()->getRepository('KekRozsakFrontBundle:Group');
if ($this->securityContext->isGranted('ROLE_ADMIN') === false) {
if (!$this->securityContext->isGranted('OWNER', $objectIdentity)) {
$myGroups = $groupRepo->findByLeader($user); $myGroups = $groupRepo->findByLeader($user);
} else { } else {
$myGroups = $groupRepo->findAll(); $myGroups = $groupRepo->findAll();
@ -75,7 +83,7 @@ class DefaultController extends Controller
if ($aUser && $aGroup) { if ($aUser && $aGroup) {
if ( if (
($aGroup->getLeader() == $user) ($aGroup->getLeader() == $user)
|| $this->securityContext->isGranted('ROLE_ADMIN') || $this->securityContext->isGranted('OWNER', $objectIdentity)
) { ) {
$membershipRepo = $this->getDoctrine()->getRepository('KekRozsakFrontBundle:UserGroupMembership'); $membershipRepo = $this->getDoctrine()->getRepository('KekRozsakFrontBundle:UserGroupMembership');
$membershipObject = $membershipRepo->findOneBy(array('user' => $aUser, 'group' => $aGroup)); $membershipObject = $membershipRepo->findOneBy(array('user' => $aUser, 'group' => $aGroup));

View File

@ -8,6 +8,7 @@ use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template; use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter; use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter;
use Symfony\Component\HttpFoundation\Response; use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use KekRozsak\FrontBundle\Entity\ForumTopicGroup; use KekRozsak\FrontBundle\Entity\ForumTopicGroup;
use KekRozsak\FrontBundle\Entity\ForumTopic; use KekRozsak\FrontBundle\Entity\ForumTopic;
@ -29,6 +30,7 @@ class ForumController extends Controller
*/ */
public function topicGroupListAction() public function topicGroupListAction()
{ {
$topicGroupOid = new ObjectIdentity(ForumTopicGroup::ACL_OID, 'KekRozsak\\FrontBundle\\Entity\\ForumTopicGroup');
$groupRepo = $this->getDoctrine()->getRepository('KekRozsakFrontBundle:ForumTopicGroup'); $groupRepo = $this->getDoctrine()->getRepository('KekRozsakFrontBundle:ForumTopicGroup');
$request = $this->getRequest(); $request = $this->getRequest();
$newTopicGroup = new ForumTopicGroup(); $newTopicGroup = new ForumTopicGroup();
@ -61,6 +63,7 @@ class ForumController extends Controller
return array( return array(
'topicGroups' => $topicGroups, 'topicGroups' => $topicGroups,
'newTopicGroupForm' => $newTopicGroupForm->createView(), 'newTopicGroupForm' => $newTopicGroupForm->createView(),
'oid' => $topicGroupOid,
); );
} }

View File

@ -12,6 +12,13 @@ use KekRozsak\SecurityBundle\Entity\User;
*/ */
class Article class Article
{ {
/**
* The ACL class OID for this class
*
* @const ACL_OID
*/
const ACL_OID = 'articleClass';
/** /**
* The ID of the Article * The ID of the Article
* *

View File

@ -18,6 +18,13 @@ use KekRozsak\SecurityBundle\Entity\User;
*/ */
class ForumTopicGroup class ForumTopicGroup
{ {
/**
* The ACL class OID for this class
*
* @const ACL_OID
*/
const ACL_OID = 'forumTopicGroupClass';
public function __construct() public function __construct()
{ {
$this->topics = new ArrayCollection(); $this->topics = new ArrayCollection();

View File

@ -19,6 +19,13 @@ use KekRozsak\FrontBundle\Entity\Document;
*/ */
class Group class Group
{ {
/**
* The ACL class OID for this class
*
* @const ACL_OID
*/
const ACL_OID = 'groupClass';
public function __construct() public function __construct()
{ {
$this->members = new ArrayCollection(); $this->members = new ArrayCollection();

View File

@ -12,6 +12,13 @@ use KekRozsak\SecurityBundle\Entity\User;
*/ */
class News class News
{ {
/**
* The ACL class OID for this class
*
* @const ACL_OID
*/
const ACL_OID = 'newsClass';
public function __construct() public function __construct()
{ {
$this->public = false; $this->public = false;

View File

@ -7,7 +7,7 @@
{% block content %} {% block content %}
<h3>Fórum</h3> <h3>Fórum</h3>
{% if is_granted('ROLE_ADMIN') %} {% if is_granted('OWNER', oid) %}
<span class="gomb" id="new-topic-group-button">[Új témakör]</span><br /> <span class="gomb" id="new-topic-group-button">[Új témakör]</span><br />
<div id="new-topic-group"> <div id="new-topic-group">
{# TODO: make this an AJAX form #} {# TODO: make this an AJAX form #}

View File

@ -47,14 +47,21 @@ EOF
$securityContext = $container->get('security.context'); $securityContext = $container->get('security.context');
$aclProvider = $container->get('security.acl.provider'); $aclProvider = $container->get('security.acl.provider');
$roleRepo = $container->get('doctrine')->getRepository('KekRozsakSecurityBundle:Role');
$adminRole = $roleRepo->findOneByName('ROLE_ADMIN');
$classNames = array( $classNames = array(
'newsClass' => 'KekRozsak\\FrontBundle\\Entity\\News', 'KekRozsak\\FrontBundle\\Entity\\News',
'articlesClass' => 'KekRozsak\\FrontBundle\\Entity\\Articles', 'KekRozsak\\FrontBundle\\Entity\\Article',
'KekRozsak\\FrontBundle\\Entity\\Group',
'KekRozsak\\FrontBundle\\Entity\\ForumTopicGroup',
'KekRozsak\\SecurityBundle\\Entity\\User',
); );
$securityIdentity = new RoleSecurityIdentity('ROLE_ADMIN'); $securityIdentity = new RoleSecurityIdentity($adminRole);
foreach ($classNames as $id => $className) { foreach ($classNames as $className) {
$id = $className::ACL_OID;
$objectIdentity = new ObjectIdentity($id, $className); $objectIdentity = new ObjectIdentity($id, $className);
try { try {
$acl = $aclProvider->findAcl($objectIdentity, array($securityIdentity)); $acl = $aclProvider->findAcl($objectIdentity, array($securityIdentity));

View File

@ -9,6 +9,7 @@ use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter; use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter;
use Symfony\Component\Security\Core\SecurityContext; use Symfony\Component\Security\Core\SecurityContext;
use Symfony\Component\Security\Core\User\UserInterface; use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use KekRozsak\SecurityBundle\Entity\User; use KekRozsak\SecurityBundle\Entity\User;
use KekRozsak\SecurityBundle\Form\Type\UserType; use KekRozsak\SecurityBundle\Form\Type\UserType;
@ -146,7 +147,9 @@ class DefaultController extends Controller
*/ */
public function ajaxUserdataAction(User $user) public function ajaxUserdataAction(User $user)
{ {
$userOid = new ObjectIdentity(User::ACL_OID, get_class($user));
return array( return array(
'oid' => $userOid,
'user' => $user, 'user' => $user,
); );
} }

View File

@ -23,6 +23,13 @@ use KekRozsak\SecurityBundle\Entity\Role;
*/ */
class User implements UserInterface, AdvancedUserInterface class User implements UserInterface, AdvancedUserInterface
{ {
/**
* The ACL class OID for this class
*
* @const ACL_OID
*/
const ACL_OID = 'userClass';
public function __construct() public function __construct()
{ {
$this->groups = new ArrayCollection(); $this->groups = new ArrayCollection();

View File

@ -6,25 +6,25 @@
</head> </head>
<body> <body>
<strong>Tagság kezdete</strong>: {{ user.registeredAt|date('Y-m-d') }}<br /> <strong>Tagság kezdete</strong>: {{ user.registeredAt|date('Y-m-d') }}<br />
{% if is_granted('ROLE_ADMIN') %} {% if is_granted('OWNER', oid) %}
<strong>Felhasználónév</strong>: {{ user.username }}<br /> <strong>Felhasználónév</strong>: {{ user.username }}<br />
{% endif %} {% endif %}
{% if is_granted('ROLE_ADMIN') or (user.userData and user.userData.emailPublic) %} {% if is_granted('OWNER', oid) or (user.userData and user.userData.emailPublic) %}
<strong>E-mail</strong>: {{ user.email }}<br /> <strong>E-mail</strong>: {{ user.email }}<br />
{% endif %} {% endif %}
{% if user.userData and (is_granted('ROLE_ADMIN') or (user.userData.realNamePublic and (user.userData.realName == ''))) %} {% if user.userData and (is_granted('OWNER', oid) or (user.userData.realNamePublic and (user.userData.realName == ''))) %}
<strong>Valódi név</strong>: {{ user.userData.realName }}<br /> <strong>Valódi név</strong>: {{ user.userData.realName }}<br />
{% endif %} {% endif %}
{% if user.userData and user.userData.msnAddress != '' and (is_granted('ROLE_ADMIN') or user.userData.msnAddressPublic) %} {% if user.userData and user.userData.msnAddress != '' and (is_granted('OWNER', oid) or user.userData.msnAddressPublic) %}
<strong>MSN cím</strong>: {{ user.userData.msnAddress }}<br /> <strong>MSN cím</strong>: {{ user.userData.msnAddress }}<br />
{% endif %} {% endif %}
{% if user.userData and user.userData.googleTalk != '' and (is_granted('ROLE_ADMIN') or user.userData.googleTalkPublic) %} {% if user.userData and user.userData.googleTalk != '' and (is_granted('OWNER', oid) or user.userData.googleTalkPublic) %}
<strong>Google Talk cím</strong>: {{ user.userData.googleTalk }}<br /> <strong>Google Talk cím</strong>: {{ user.userData.googleTalk }}<br />
{% endif %} {% endif %}
{% if user.userData and user.userData.skype != '' and (is_granted('ROLE_ADMIN') or user.userData.skypePublic) %} {% if user.userData and user.userData.skype != '' and (is_granted('OWNER', oid) or user.userData.skypePublic) %}
<strong>Skype név</strong>: {{ user.userData.skype}}<br /> <strong>Skype név</strong>: {{ user.userData.skype}}<br />
{% endif %} {% endif %}
{% if user.userData and user.userData.phoneNumber != '' and (is_granted('ROLE_ADMIN') or user.userData.phoneNumberPublic) %} {% if user.userData and user.userData.phoneNumber != '' and (is_granted('OWNER', oid) or user.userData.phoneNumberPublic) %}
<strong>Telefonszám</strong>: {{ user.userData.phoneNumber }}<br /> <strong>Telefonszám</strong>: {{ user.userData.phoneNumber }}<br />
{% endif %} {% endif %}
{% if user.userData and user.userData.selfDescription != '' %} {% if user.userData and user.userData.selfDescription != '' %}
@ -34,7 +34,7 @@
<strong>Csoportok</strong>:<br /> <strong>Csoportok</strong>:<br />
{% set groupCount = 0 %} {% set groupCount = 0 %}
{% for group in user.allGroups %} {% for group in user.allGroups %}
{#% if is_granted('ROLE_ADMIN') or group.isMember(app.user) or group.open %#} {#% if is_granted('OWNER', oid) or group.isMember(app.user) or group.open %#}
{% set groupCount = groupCount + 1 %} {% set groupCount = groupCount + 1 %}
{{ group.name }}<br /> {{ group.name }}<br />
{#% endif %#} {#% endif %#}
@ -42,7 +42,7 @@
{% if groupCount == 0 %} {% if groupCount == 0 %}
Egy csoportnak sem tagja.<br /> Egy csoportnak sem tagja.<br />
{% endif %} {% endif %}
{% if is_granted('ROLE_ADMIN') %} {% if is_granted('OWNER', oid) %}
<strong>Jóváhagyta</strong>: {{ user.acceptedBy.displayName }}<br /> <strong>Jóváhagyta</strong>: {{ user.acceptedBy.displayName }}<br />
<strong>Utolsó bejelentkezés</strong>: {{ user.lastLoginAt|date('Y-m-d H:i') }}<br /> <strong>Utolsó bejelentkezés</strong>: {{ user.lastLoginAt|date('Y-m-d H:i') }}<br />
<strong>Jogok</strong>:<br /> <strong>Jogok</strong>:<br />