Updated user group system and added correct acl perm selection when a…

…dding categories
epixa · Sep 18, 2011 · cc72cdc · cc72cdc
1 parent fc1dbd5
commit cc72cdc
Show file tree

Hide file tree

Showing 11 changed files with 84 additions and 72 deletions.
diff --git a/app/config/config.yml b/app/config/config.yml
@@ -58,8 +58,6 @@ jms_security_extra:
     secure_controllers:  true
     secure_all_services: false
 
-
-
 # FriendsOfSymfony UserBundle Configuration
 fos_user:
     db_driver: orm
@@ -72,7 +70,3 @@ fos_user:
         algorithm:        sha512
         encode_as_base64: false
         iterations:       10
-    registration:
-        form:
-            handler: talkfest.form.handler.registration
-
diff --git a/src/Epixa/TalkfestBundle/Controller/CategoryController.php b/src/Epixa/TalkfestBundle/Controller/CategoryController.php
@@ -41,6 +41,10 @@ public function viewAction($id, $page = 1)
     {
         $category = $this->getCategoryService()->get($id);
 
+        if (!$this->get('security.context')->isGranted('VIEW', $category)) {
+            throw new \Symfony\Component\Security\Core\Exception\AccessDeniedException();
+        }
+
         return array(
             'category' => $category,
             'posts' => $this->getPostService()->getByCategory($category, $page),
@@ -69,7 +73,7 @@ public function addAction(Request $request)
                 $this->getCategoryService()->add($category);
 
                 $this->get('session')->setFlash('notice', 'Category created');
-                return $this->redirect($this->generateUrl('post_index_page'));
+                return $this->redirect($this->generateUrl('post_index'));
             }
         }
 
@@ -136,7 +140,7 @@ public function deleteAction($id, Request $request)
                 $service->delete($deletionOptions);
 
                 $this->get('session')->setFlash('notice', 'Category deleted');
-                return $this->redirect($this->generateUrl('post_index_page'));
+                return $this->redirect($this->generateUrl('post_index'));
             }
         }
 

diff --git a/src/Epixa/TalkfestBundle/Controller/CommentController.php b/src/Epixa/TalkfestBundle/Controller/CommentController.php
@@ -9,6 +9,7 @@
     Sensio\Bundle\FrameworkExtraBundle\Configuration\Route,
     Sensio\Bundle\FrameworkExtraBundle\Configuration\Template,
     Symfony\Component\HttpFoundation\Request,
+    JMS\SecurityExtraBundle\Annotation\Secure,
     Epixa\TalkfestBundle\Entity\Post,
     Epixa\TalkfestBundle\Entity\Comment,
     Epixa\TalkfestBundle\Form\Type\CommentType,

diff --git a/src/Epixa/TalkfestBundle/Controller/PostController.php b/src/Epixa/TalkfestBundle/Controller/PostController.php
@@ -59,9 +59,11 @@ public function viewAction($id)
         /* @var \Symfony\Component\HttpFoundation\Response $addCommentResponse */
         $addCommentResponse = $this->forward('EpixaTalkfestBundle:Comment:add', array('post' => $post));
         if ($addCommentResponse->isRedirection()) {
+            var_dump($addCommentResponse);
+            die('here');
             return $addCommentResponse;
         }
-        
+
         return array(
             'form' => $addCommentResponse->getContent(),
             'post' => $post,

diff --git a/src/Epixa/TalkfestBundle/Entity/Category.php b/src/Epixa/TalkfestBundle/Entity/Category.php
@@ -6,6 +6,7 @@
 namespace Epixa\TalkfestBundle\Entity;
 
 use Doctrine\ORM\Mapping as ORM,
+    Doctrine\Common\Collections\ArrayCollection,
     Symfony\Component\Validator\Constraints as Assert;
 
 /**
@@ -46,15 +47,25 @@ class Category
      */
     protected $dateCreated;
 
+    /**
+     * @ORM\ManyToMany(targetEntity="Epixa\TalkfestBundle\Entity\Group")
+     * @ORM\JoinTable(name="talkfest_category_user_group",
+     *      joinColumns={@ORM\JoinColumn(name="category_id", referencedColumnName="id")},
+     *      inverseJoinColumns={@ORM\JoinColumn(name="group_id", referencedColumnName="id")}
+     * )
+     */
+    protected $groups;
+
 
     /**
      * Initializes a new Category
      *
-     * The creation date is set to now and the topics collection is initialized.
+     * The creation date is set to now and the groups collection is initialized.
      */
     public function __construct()
     {
         $this->setDateCreated('now');
+        $this->groups = new ArrayCollection();
     }
 
     /**
@@ -123,6 +134,16 @@ public function setDateCreated($date)
         return $this;
     }
 
+    /**
+     * Gets all the groups that can access this category
+     * 
+     * @return \Epixa\TalkfestBundle\Entity\Group[]
+     */
+    public function getGroups()
+    {
+        return $this->groups;
+    }
+
     /**
      * Converts the category to a string
      *

diff --git a/src/Epixa/TalkfestBundle/Entity/Group.php b/src/Epixa/TalkfestBundle/Entity/Group.php
@@ -6,7 +6,8 @@
 namespace Epixa\TalkfestBundle\Entity;
 
 use FOS\UserBundle\Entity\Group as BaseGroup,
-    Doctrine\ORM\Mapping as ORM;
+    Doctrine\ORM\Mapping as ORM,
+    Symfony\Component\Security\Core\Role\RoleInterface;
 
 /**
  * A representation of a user group
@@ -21,7 +22,7 @@
  * @ORM\Table(name="talkfest_user_group")
  * @ORM\ChangeTrackingPolicy("DEFERRED_EXPLICIT")
  */
-class Group extends BaseGroup
+class Group extends BaseGroup implements RoleInterface
 {
     /**
      * @ORM\Id
@@ -31,29 +32,27 @@ class Group extends BaseGroup
     protected $id;
 
     /**
-     * @ORM\Column(type="boolean", name="is_default")
-     * @var bool
+     * @ORM\Column(type="string", name="default_role")
      */
-    protected $isDefault = false;
+    protected $role;
 
     /**
-     * Sets whether this is the default group or not
-     * 
-     * @param bool $flag
-     * @return Group
+     * Converts the group to a string
+     *
+     * @return string
      */
-    public function setIsDefault($flag)
+    public function __toString()
     {
-        $this->isDefault = (bool)$flag;
-        return $this;
+        return $this->getName();
     }
 
     /**
-     * Is this group the default group?
-     * @return bool
+     * Gets the default role for this group
+     * 
+     * @return string
      */
-    public function isDefault()
+    public function getRole()
     {
-        return $this->isDefault;
+        return $this->role;
     }
 }
diff --git a/src/Epixa/TalkfestBundle/Entity/User.php b/src/Epixa/TalkfestBundle/Entity/User.php
@@ -21,7 +21,7 @@
  * @ORM\Table(name="talkfest_user")
  * @ORM\ChangeTrackingPolicy("DEFERRED_EXPLICIT")
  */
-class User extends BaseUser implements \FOS\UserBundle\Model\UserInterface
+class User extends BaseUser
 {
     /**
      * @ORM\Id

diff --git a/src/Epixa/TalkfestBundle/Form/Type/CategoryType.php b/src/Epixa/TalkfestBundle/Form/Type/CategoryType.php
@@ -30,6 +30,9 @@ class CategoryType extends AbstractType
     public function buildForm(FormBuilder $builder, array $options)
     {
         $builder->add('name');
+        $builder->add('groups', null, array(
+            'label' => 'Groups that can access this category'
+        ));
     }
 
     /**

diff --git a/src/Epixa/TalkfestBundle/Service/CategoryService.php b/src/Epixa/TalkfestBundle/Service/CategoryService.php
@@ -6,9 +6,11 @@
 namespace Epixa\TalkfestBundle\Service;
 
 use Doctrine\ORM\NoResultException,
+    Symfony\Component\Security\Acl\Domain\ObjectIdentity,
+    Symfony\Component\Security\Acl\Permission\MaskBuilder,
+    Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity,
     Epixa\TalkfestBundle\Entity\Category,
-    Epixa\TalkfestBundle\Model\CategoryDeletionOptions,
-    Symfony\Bridge\Doctrine\Form\ChoiceList\EntityChoiceList;
+    Epixa\TalkfestBundle\Model\CategoryDeletionOptions;
 
 /**
  * Service for managing categories
@@ -62,6 +64,8 @@ public function add(Category $category)
 
         $em->persist($category);
         $em->flush();
+
+        $this->initCategoryAccess($category);
     }
 
     /**
@@ -122,23 +126,17 @@ public function delete(CategoryDeletionOptions $options)
         }
     }
 
-    /**
-     * Gets a choice list of categories
-     *
-     * If a category is provided, it is not included in the returned by the choice list.
-     *
-     * @param \Epixa\TalkfestBundle\Entity\Category|null $excludedCategory
-     * @return \Symfony\Bridge\Doctrine\Form\ChoiceList\EntityChoiceList
-     */
-    public function getCategoryChoiceList(Category $excludedCategory = null)
+    public function initCategoryAccess(Category $category)
     {
-        /* @var \Epixa\TalkfestBundle\Repository\CategoryRepository $repo */
-        $em = $this->getEntityManager();
-        $repo = $em->getRepository('Epixa\TalkfestBundle\Entity\Category');
-        $qb = $repo->getSelectQueryBuilder();
-        $repo->excludeCategory($qb, $excludedCategory);
+        $aclProvider = $this->container->get('security.acl.provider');
 
+        foreach ($category->getGroups() as $group) {
+            $securityIdentity = new RoleSecurityIdentity($group->getRole());
+            $objectIdentity = ObjectIdentity::fromDomainObject($category);
+            $acl = $aclProvider->createAcl($objectIdentity);
 
-        return new EntityChoiceList($em, 'Epixa\TalkfestBundle\Entity\Category', null, $qb);
+            $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_VIEW);
+            $aclProvider->updateAcl($acl);
+        }
     }
 }
diff --git a/src/Epixa/TalkfestBundle/Service/GroupService.php b/src/Epixa/TalkfestBundle/Service/GroupService.php
@@ -55,19 +55,4 @@ public function setContainer(ContainerInterface $container = null)
     {
         $this->container = $container;
     }
-
-    /**
-     * Gets the default user group
-     *
-     * @throws \RuntimeException If no default group is configured
-     * @return \Epixa\TalkfestBundle\Entity\Group
-     */
-    public function getDefaultGroup()
-    {
-        $group = $this->repository->findOneBy(array('isDefault' => true));
-        if ($group === null) {
-            throw new \RuntimeException('No default group configured');
-        }
-        return $group;
-    }
 }
diff --git a/src/Epixa/TalkfestBundle/Service/PostService.php b/src/Epixa/TalkfestBundle/Service/PostService.php
@@ -91,19 +91,7 @@ public function add(Post $post)
         $em->persist($post);
         $em->flush();
 
-        // creating the ACL
-        $aclProvider = $this->container->get('security.acl.provider');
-        $objectIdentity = ObjectIdentity::fromDomainObject($post);
-        $acl = $aclProvider->createAcl($objectIdentity);
-
-        // retrieving the security identity of the currently logged-in user
-        $securityContext = $this->container->get('security.context');
-        $user = $securityContext->getToken()->getUser();
-        $securityIdentity = UserSecurityIdentity::fromAccount($user);
-
-        // grant owner access
-        $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_EDIT);
-        $aclProvider->updateAcl($acl);
+        $this->initPostAccess($post);
 
         return $post;
     }
@@ -144,4 +132,21 @@ public function delete(Post $post)
         $em->remove($post);
         $em->flush();
     }
+
+    public function initPostAccess(Post $post)
+    {
+        // creating the ACL
+        $aclProvider = $this->container->get('security.acl.provider');
+        $objectIdentity = ObjectIdentity::fromDomainObject($post);
+        $acl = $aclProvider->createAcl($objectIdentity);
+
+        // retrieving the security identity of the currently logged-in user
+        $securityContext = $this->container->get('security.context');
+        $user = $securityContext->getToken()->getUser();
+        $securityIdentity = UserSecurityIdentity::fromAccount($user);
+
+        // grant owner access
+        $acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_EDIT);
+        $aclProvider->updateAcl($acl);
+    }
 }