Removed hardcoded role names from code.

Signed-off-by: Gergely Polonkai <polesz@w00d5t0ck.info>
This commit is contained in:
Polonkai Gergely 2012-09-10 14:00:02 +02:00
parent f220206de8
commit a8f1f85573
12 changed files with 74 additions and 1728 deletions

File diff suppressed because it is too large Load Diff

View File

@ -6,8 +6,12 @@ use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use JMS\DiExtraBundle\Annotation as DI;
use KekRozsak\FrontBundle\Entity\Group;
use KekRozsak\SecurityBundle\Entity\User;
/**
* @Route("/admin")
*/
@ -26,9 +30,12 @@ class DefaultController extends Controller
*/
public function manageRegsAction()
{
if (!$this->$securityContext->isGranted('ROLE_ADMIN')) {
$objectIdentity = new ObjectIdentity(User::ACL_OID, 'KekRozsak\\SecurityBundle\\Entity\\User');
if (!$this->securityContext->isGranted('OWNER', $objectIdentity)) {
throw new AccessDeniedException('Ehhez a művelethez nincs jogosultságod.');
}
$users = $this->getDoctrine()->getEntityManager()->createQuery('SELECT u FROM KekRozsakSecurityBundle:User u WHERE u.acceptedBy IS NULL')->getResult();
$request = $this->getRequest();
@ -59,9 +66,10 @@ class DefaultController extends Controller
{
$user = $this->securityContext->getToken()->getUser();
$request = $this->getRequest();
$objectIdentity = new ObjectIdentity(Group::ACL_OID, 'KekRozsak\\FrontBundle\\Entity\\Group');
$groupRepo = $this->getDoctrine()->getRepository('KekRozsakFrontBundle:Group');
$groupRepo = $this->getDoctrine()->getRepository('KekRozsakFrontBundle:Group');
if ($this->securityContext->isGranted('ROLE_ADMIN') === false) {
if (!$this->securityContext->isGranted('OWNER', $objectIdentity)) {
$myGroups = $groupRepo->findByLeader($user);
} else {
$myGroups = $groupRepo->findAll();
@ -75,7 +83,7 @@ class DefaultController extends Controller
if ($aUser && $aGroup) {
if (
($aGroup->getLeader() == $user)
|| $this->securityContext->isGranted('ROLE_ADMIN')
|| $this->securityContext->isGranted('OWNER', $objectIdentity)
) {
$membershipRepo = $this->getDoctrine()->getRepository('KekRozsakFrontBundle:UserGroupMembership');
$membershipObject = $membershipRepo->findOneBy(array('user' => $aUser, 'group' => $aGroup));

View File

@ -8,6 +8,7 @@ use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use KekRozsak\FrontBundle\Entity\ForumTopicGroup;
use KekRozsak\FrontBundle\Entity\ForumTopic;
@ -29,6 +30,7 @@ class ForumController extends Controller
*/
public function topicGroupListAction()
{
$topicGroupOid = new ObjectIdentity(ForumTopicGroup::ACL_OID, 'KekRozsak\\FrontBundle\\Entity\\ForumTopicGroup');
$groupRepo = $this->getDoctrine()->getRepository('KekRozsakFrontBundle:ForumTopicGroup');
$request = $this->getRequest();
$newTopicGroup = new ForumTopicGroup();
@ -61,6 +63,7 @@ class ForumController extends Controller
return array(
'topicGroups' => $topicGroups,
'newTopicGroupForm' => $newTopicGroupForm->createView(),
'oid' => $topicGroupOid,
);
}

View File

@ -12,6 +12,13 @@ use KekRozsak\SecurityBundle\Entity\User;
*/
class Article
{
/**
* The ACL class OID for this class
*
* @const ACL_OID
*/
const ACL_OID = 'articleClass';
/**
* The ID of the Article
*

View File

@ -18,6 +18,13 @@ use KekRozsak\SecurityBundle\Entity\User;
*/
class ForumTopicGroup
{
/**
* The ACL class OID for this class
*
* @const ACL_OID
*/
const ACL_OID = 'forumTopicGroupClass';
public function __construct()
{
$this->topics = new ArrayCollection();

View File

@ -19,6 +19,13 @@ use KekRozsak\FrontBundle\Entity\Document;
*/
class Group
{
/**
* The ACL class OID for this class
*
* @const ACL_OID
*/
const ACL_OID = 'groupClass';
public function __construct()
{
$this->members = new ArrayCollection();

View File

@ -12,6 +12,13 @@ use KekRozsak\SecurityBundle\Entity\User;
*/
class News
{
/**
* The ACL class OID for this class
*
* @const ACL_OID
*/
const ACL_OID = 'newsClass';
public function __construct()
{
$this->public = false;

View File

@ -7,7 +7,7 @@
{% block content %}
<h3>Fórum</h3>
{% if is_granted('ROLE_ADMIN') %}
{% if is_granted('OWNER', oid) %}
<span class="gomb" id="new-topic-group-button">[Új témakör]</span><br />
<div id="new-topic-group">
{# TODO: make this an AJAX form #}

View File

@ -47,14 +47,21 @@ EOF
$securityContext = $container->get('security.context');
$aclProvider = $container->get('security.acl.provider');
$roleRepo = $container->get('doctrine')->getRepository('KekRozsakSecurityBundle:Role');
$adminRole = $roleRepo->findOneByName('ROLE_ADMIN');
$classNames = array(
'newsClass' => 'KekRozsak\\FrontBundle\\Entity\\News',
'articlesClass' => 'KekRozsak\\FrontBundle\\Entity\\Articles',
'KekRozsak\\FrontBundle\\Entity\\News',
'KekRozsak\\FrontBundle\\Entity\\Article',
'KekRozsak\\FrontBundle\\Entity\\Group',
'KekRozsak\\FrontBundle\\Entity\\ForumTopicGroup',
'KekRozsak\\SecurityBundle\\Entity\\User',
);
$securityIdentity = new RoleSecurityIdentity('ROLE_ADMIN');
foreach ($classNames as $id => $className) {
$securityIdentity = new RoleSecurityIdentity($adminRole);
foreach ($classNames as $className) {
$id = $className::ACL_OID;
$objectIdentity = new ObjectIdentity($id, $className);
try {
$acl = $aclProvider->findAcl($objectIdentity, array($securityIdentity));

View File

@ -9,6 +9,7 @@ use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter;
use Symfony\Component\Security\Core\SecurityContext;
use Symfony\Component\Security\Core\User\UserInterface;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use KekRozsak\SecurityBundle\Entity\User;
use KekRozsak\SecurityBundle\Form\Type\UserType;
@ -146,7 +147,9 @@ class DefaultController extends Controller
*/
public function ajaxUserdataAction(User $user)
{
$userOid = new ObjectIdentity(User::ACL_OID, get_class($user));
return array(
'oid' => $userOid,
'user' => $user,
);
}

View File

@ -23,6 +23,13 @@ use KekRozsak\SecurityBundle\Entity\Role;
*/
class User implements UserInterface, AdvancedUserInterface
{
/**
* The ACL class OID for this class
*
* @const ACL_OID
*/
const ACL_OID = 'userClass';
public function __construct()
{
$this->groups = new ArrayCollection();

View File

@ -6,25 +6,25 @@
</head>
<body>
<strong>Tagság kezdete</strong>: {{ user.registeredAt|date('Y-m-d') }}<br />
{% if is_granted('ROLE_ADMIN') %}
{% if is_granted('OWNER', oid) %}
<strong>Felhasználónév</strong>: {{ user.username }}<br />
{% endif %}
{% if is_granted('ROLE_ADMIN') or (user.userData and user.userData.emailPublic) %}
{% if is_granted('OWNER', oid) or (user.userData and user.userData.emailPublic) %}
<strong>E-mail</strong>: {{ user.email }}<br />
{% endif %}
{% if user.userData and (is_granted('ROLE_ADMIN') or (user.userData.realNamePublic and (user.userData.realName == ''))) %}
{% if user.userData and (is_granted('OWNER', oid) or (user.userData.realNamePublic and (user.userData.realName == ''))) %}
<strong>Valódi név</strong>: {{ user.userData.realName }}<br />
{% endif %}
{% if user.userData and user.userData.msnAddress != '' and (is_granted('ROLE_ADMIN') or user.userData.msnAddressPublic) %}
{% if user.userData and user.userData.msnAddress != '' and (is_granted('OWNER', oid) or user.userData.msnAddressPublic) %}
<strong>MSN cím</strong>: {{ user.userData.msnAddress }}<br />
{% endif %}
{% if user.userData and user.userData.googleTalk != '' and (is_granted('ROLE_ADMIN') or user.userData.googleTalkPublic) %}
{% if user.userData and user.userData.googleTalk != '' and (is_granted('OWNER', oid) or user.userData.googleTalkPublic) %}
<strong>Google Talk cím</strong>: {{ user.userData.googleTalk }}<br />
{% endif %}
{% if user.userData and user.userData.skype != '' and (is_granted('ROLE_ADMIN') or user.userData.skypePublic) %}
{% if user.userData and user.userData.skype != '' and (is_granted('OWNER', oid) or user.userData.skypePublic) %}
<strong>Skype név</strong>: {{ user.userData.skype}}<br />
{% endif %}
{% if user.userData and user.userData.phoneNumber != '' and (is_granted('ROLE_ADMIN') or user.userData.phoneNumberPublic) %}
{% if user.userData and user.userData.phoneNumber != '' and (is_granted('OWNER', oid) or user.userData.phoneNumberPublic) %}
<strong>Telefonszám</strong>: {{ user.userData.phoneNumber }}<br />
{% endif %}
{% if user.userData and user.userData.selfDescription != '' %}
@ -34,7 +34,7 @@
<strong>Csoportok</strong>:<br />
{% set groupCount = 0 %}
{% for group in user.allGroups %}
{#% if is_granted('ROLE_ADMIN') or group.isMember(app.user) or group.open %#}
{#% if is_granted('OWNER', oid) or group.isMember(app.user) or group.open %#}
{% set groupCount = groupCount + 1 %}
{{ group.name }}<br />
{#% endif %#}
@ -42,7 +42,7 @@
{% if groupCount == 0 %}
Egy csoportnak sem tagja.<br />
{% endif %}
{% if is_granted('ROLE_ADMIN') %}
{% if is_granted('OWNER', oid) %}
<strong>Jóváhagyta</strong>: {{ user.acceptedBy.displayName }}<br />
<strong>Utolsó bejelentkezés</strong>: {{ user.lastLoginAt|date('Y-m-d H:i') }}<br />
<strong>Jogok</strong>:<br />