CodeExplorer
You are a developer and looking for Shopware projects?
Apply Now!
getPrivileges example
$response = $this->getBrowser()->getResponse();
$privileges = json_decode($response->getContent(), true, 512, \JSON_THROW_ON_ERROR);
static::assertNotContains('unit:read', $privileges);
static::assertContains('system:clear:cache', $privileges);
static::assertContains('system.plugin_maintain', $privileges);
}
public function testGetAdditionalPrivilegesEvent(): void
{
$getAdditionalPrivileges = function DAclGetAdditionalPrivilegesEvent $event): void {
$privileges = $event->getPrivileges();
static::assertContains('system:clear:cache', $privileges);
$privileges[] = 'my_custom_privilege';
$event->setPrivileges($privileges);
};
$this->addEventListener($this->getContainer()->get('event_dispatcher'), AclGetAdditionalPrivilegesEvent::class, $getAdditionalPrivileges);
$this->getBrowser()->request('GET', '/api/_action/acl/additional_privileges');
$response = $this->getBrowser()->getResponse();
$privileges = json_decode($response->getContent(), true, 512, \JSON_THROW_ON_ERROR);
static::assertNotContains('unit:read', $privileges);
$privileges = json_decode($response->getContent(), true, 512, \JSON_THROW_ON_ERROR);
static::assertNotContains('unit:read', $privileges);
static::assertContains('system:clear:cache', $privileges);
static::assertContains('system.plugin_maintain', $privileges);
}
public function testGetAdditionalPrivilegesEvent(): void
{
$getAdditionalPrivileges = function DAclGetAdditionalPrivilegesEvent $event): void {
$privileges = $event->getPrivileges();
static::assertContains('system:clear:cache', $privileges);
$privileges[] = 'my_custom_privilege';
$event->setPrivileges($privileges);
};
$this->addEventListener($this->getContainer()->get('event_dispatcher'), AclGetAdditionalPrivilegesEvent::class, $getAdditionalPrivileges);
$this->getBrowser()->request('GET', '/api/_action/acl/additional_privileges');
$response = $this->getBrowser()->getResponse();
$privileges = json_decode($response->getContent(), true, 512, \JSON_THROW_ON_ERROR);
static::assertNotContains('unit:read', $privileges);
#[Route(path: '/api/_action/acl/additional_privileges', name: 'api.acl.privileges.additional.get', methods: ['GET'], defaults: ['auth_required' => true, '_acl' => ['api_acl_privileges_additional_get']])]
public function getAdditionalPrivileges(Context $context): JsonResponse
{
$privileges = $this->getFromRoutes();
$definitionPrivileges = $this->getFromDefinitions();
$privileges = array_diff(array_unique($privileges), $definitionPrivileges);
$event = new AclGetAdditionalPrivilegesEvent($context, $privileges);
$this->eventDispatcher->dispatch($event);
$privileges = $event->getPrivileges();
return new JsonResponse($privileges);
}
/** * @return list<string> */
private function getFromDefinitions(): array
{
$privileges = [];
$definitions = $this->definitionInstanceRegistry->getDefinitions();
{
$privileges = $this->getFromRoutes();
$definitionPrivileges = $this->getFromDefinitions();
$privileges = array_diff(array_unique($privileges), $definitionPrivileges);
$event = new AclGetAdditionalPrivilegesEvent($context, $privileges);
$this->eventDispatcher->dispatch($event);
$privileges = $event->getPrivileges();
return new JsonResponse($privileges);
}
/** * @return list<string> */
private function getFromDefinitions(): array
{
$privileges = [];
$definitions = $this->definitionInstanceRegistry->getDefinitions();
$resource = $repository->findOneBy(['name' => $resourceName]);
if ($resource === null) {
return false;
}
// The mapping table s_core_acl_roles must be cleared manually. $this->em->getConnection()->executeUpdate(
'DELETE FROM s_core_acl_roles WHERE resourceID = ?',
[$resource->getId()]
);
foreach ($resource->getPrivileges() as $privilege) {
$this->em->remove($privilege);
}
// The privileges will be removed automatically $this->em->remove($resource);
$this->em->flush();
return true;
}
/** * Create Shopware acl tree */
if ($resource === null) {
return false;
}
// The mapping table s_core_acl_roles must be cleared manually. $this->em->getConnection()->executeUpdate(
'DELETE FROM s_core_acl_roles WHERE resourceID = ?',
[$resource->getId()]
);
foreach ($resource->getPrivileges() as $privilege) {
$this->em->remove($privilege);
}
// The privileges will be removed automatically $this->em->remove($resource);
$this->em->flush();
return true;
}
/** * Create Shopware acl tree */
if (!$item) {
return;
}
$this->manager->remove($item);
$this->manager->flush($item);
}
private function addPrivilegeIfMissing(AclResource $resource, string $name): void
{
foreach ($resource->getPrivileges() as $privilege) {
if ($privilege->getName() === $name) {
return;
}
}
$newPriv = new Privilege();
$newPriv->setName($name);
$newPriv->setResource($resource);
$this->manager->persist($newPriv);
$resource->getPrivileges()->add($newPriv);
}
return;
}
$this->manager->remove($item);
$this->manager->flush($item);
}
private function addPrivilegeIfMissing(AclResource $resource, string $name): void
{
foreach ($resource->getPrivileges() as $privilege) {
if ($privilege->getName() === $name) {
return;
}
}
$newPriv = new Privilege();
$newPriv->setName($name);
$newPriv->setResource($resource);
$this->manager->persist($newPriv);
$resource->getPrivileges()->add($newPriv);
}
$data = [
'localId' => $app->getId(),
'description' => $app->getTranslation('description'),
'name' => $app->getName(),
'label' => $app->getTranslation('label'),
'producerName' => $app->getAuthor(),
'license' => $app->getLicense(),
'version' => $app->getVersion(),
'privacyPolicyLink' => $app->getPrivacy(),
'iconRaw' => $app->getIcon(),
'installedAt' => $app->getCreatedAt(),
'permissions' => $app->getAclRole() !== null ? $this->makePermissionArray($app->getAclRole()->getPrivileges()) : [],
'active' => $app->isActive(),
'languages' => [],
'type' => ExtensionStruct::EXTENSION_TYPE_APP,
'isTheme' => \in_array($app->getName(), $installedThemeNames, true),
'configurable' => $app->isConfigurable(),
'privacyPolicyExtension' => $app->getPrivacyPolicyExtensions(),
'updatedAt' => $app->getUpdatedAt(),
'allowDisable' => $app->getAllowDisable(),
'domains' => $app->getAllowedHosts(),
];
'localId' => $app->getId(),
'description' => $app->getTranslation('description'),
'name' => $app->getName(),
'label' => $app->getTranslation('label'),
'producerName' => $app->getAuthor(),
'license' => $app->getLicense(),
'version' => $app->getVersion(),
'privacyPolicyLink' => $app->getPrivacy(),
'iconRaw' => $app->getIcon(),
'installedAt' => $app->getCreatedAt(),
'permissions' => $app->getAclRole() !== null ? $this->makePermissionArray($app->getAclRole()->getPrivileges()) : [],
'active' => $app->isActive(),
'languages' => [],
'type' => ExtensionStruct::EXTENSION_TYPE_APP,
'isTheme' => \in_array($app->getName(), $installedThemeNames, true),
'configurable' => $app->isConfigurable(),
'privacyPolicyExtension' => $app->getPrivacyPolicyExtensions(),
'updatedAt' => $app->getUpdatedAt(),
'allowDisable' => $app->getAllowDisable(),
'domains' => $app->getAllowedHosts(),
];
'custom_entity_blog:read',
'custom_entity_blog:create',
'custom_entity_blog:update',
'custom_entity_blog:delete',
'ce_blog_comment:read',
'ce_blog_comment:create',
'ce_blog_comment:update',
'ce_blog_comment:delete',
];
static::assertInstanceOf(AclRoleEntity::class, $app->getAclRole());
static::assertEquals($expected, $app->getAclRole()->getPrivileges());
}
private function testAllowDisable(bool $expected): void
{
$allowed = $this->getContainer()->get(Connection::class)
->fetchOne('SELECT allow_disable FROM app WHERE name = :name', ['name' => 'custom-entity-test']);
static::assertEquals($expected, (bool) $allowed);
}
}
'custom_entity_blog:create',
'custom_entity_blog:update',
'custom_entity_blog:delete',
'ce_blog_comment:read',
'ce_blog_comment:create',
'ce_blog_comment:update',
'ce_blog_comment:delete',
];
static::assertInstanceOf(AclRoleEntity::class, $app->getAclRole());
static::assertEquals($expected, $app->getAclRole()->getPrivileges());
}
private function testAllowDisable(bool $expected): void
{
$allowed = $this->getContainer()->get(Connection::class)
->fetchOne('SELECT allow_disable FROM app WHERE name = :name', ['name' => 'custom-entity-test']);
static::assertEquals($expected, (bool) $allowed);
}
}
$event = new EntityLoadedEvent(
$this->createMock(AclRoleDefinition::class),
$aclRoles,
Context::createDefaultContext()
);
$this->pluginAclSubscriber->onAclRoleLoaded($event);
/** @var AclRoleEntity $enrichedAclRole */
$enrichedAclRole = $event->getEntities()[0];
static::assertSame(['product.viewer', 'product:read'], $enrichedAclRole->getPrivileges());
}
public function testAclPluginActivated(): void
{
$this->activatePlugin(self::PLUGIN_ACL_PRODUCT_VIEWER);
$aclRoles = [$this->getAclRoleMock('pluginAclTestProductViewer', ['product.viewer', 'product:read'])];
$event = new EntityLoadedEvent(
$this->createMock(AclRoleDefinition::class),
$aclRoles,
$this->createMock(AclRoleDefinition::class),
$aclRoles,
Context::createDefaultContext()
);
$this->pluginAclSubscriber->onAclRoleLoaded($event);
/** @var AclRoleEntity $enrichedAclRole */
$enrichedAclRole = $event->getEntities()[0];
static::assertSame(['product.viewer', 'product:read'], $enrichedAclRole->getPrivileges());
}
public function testAclPluginActivated(): void
{
$this->activatePlugin(self::PLUGIN_ACL_PRODUCT_VIEWER);
$aclRoles = [$this->getAclRoleMock('pluginAclTestProductViewer', ['product.viewer', 'product:read'])];
$event = new EntityLoadedEvent(
$this->createMock(AclRoleDefinition::class),
$aclRoles,
$this->appLifecycle->delete('test', $app, $this->context);
$apps = $this->appRepository->searchIds(new Criteria(), $this->context)->getIds();
static::assertCount(0, $apps);
/** @var EntityRepository $aclRoleRepository */
$aclRoleRepository = $this->getContainer()->get('acl_role.repository');
/** @var AclRoleEntity $aclRole */
$aclRole = $aclRoleRepository->search(new Criteria([$aclRoleId]), $this->context)->first();
static::assertNotContains($appPrivilege, $aclRole->getPrivileges());
}
public function testInstallWithAllowedHosts(): void
{
$manifest = Manifest::createFromXmlFile(__DIR__ . '/_fixtures/withAllowedHosts/manifest.xml');
$this->appLifecycle->install($manifest, true, $this->context);
/** @var AppCollection $apps */
$apps = $this->appRepository->search(new Criteria(), $this->context)->getEntities();
static::assertCount(1, $apps);
$apps = $this->appRepository->searchIds(new Criteria(), $this->context)->getIds();
static::assertCount(0, $apps);
/** @var EntityRepository $aclRoleRepository */
$aclRoleRepository = $this->getContainer()->get('acl_role.repository');
/** @var AclRoleEntity $aclRole */
$aclRole = $aclRoleRepository->search(new Criteria([$aclRoleId]), $this->context)->first();
static::assertNotContains($appPrivilege, $aclRole->getPrivileges());
}
public function testInstallWithAllowedHosts(): void
{
$manifest = Manifest::createFromXmlFile(__DIR__ . '/_fixtures/withAllowedHosts/manifest.xml');
$this->appLifecycle->install($manifest, true, $this->context);
/** @var AppCollection $apps */
$apps = $this->appRepository->search(new Criteria(), $this->context)->getEntities();
static::assertCount(1, $apps);
'checked' => false,
'expanded' => false,
];
if ($role) {
if (\array_key_exists($resource->getId(), $resourceAdmins) || $role->getAdmin() === 1) {
$resourceNode['checked'] = true;
$resourceNode['expanded'] = true;
}
}
if (\count($resource->getPrivileges()) > 0) {
$children = [];
foreach ($resource->getPrivileges() as $privilege) {
$children[] = $this->getPrivilegeNode($resourceNode, $privilege, $role);
}
$resourceNode['data'] = $children;
$resourceNode['leaf'] = false;
} else {
$resourceNode['leaf'] = true;
$resourceNode['data'] = [];
}
'expanded' => false,
];
if ($role) {
if (\array_key_exists($resource->getId(), $resourceAdmins) || $role->getAdmin() === 1) {
$resourceNode['checked'] = true;
$resourceNode['expanded'] = true;
}
}
if (\count($resource->getPrivileges()) > 0) {
$children = [];
foreach ($resource->getPrivileges() as $privilege) {
$children[] = $this->getPrivilegeNode($resourceNode, $privilege, $role);
}
$resourceNode['data'] = $children;
$resourceNode['leaf'] = false;
} else {
$resourceNode['leaf'] = true;
$resourceNode['data'] = [];
}
new EqualsFilter('users.id', null)]
));
$roles = $this->aclRoleRepository->search($criteria, $context);
$newPrivileges = [
'app.' . $appName,
];
$dataUpdate = [];
/** @var AclRoleEntity $role */
foreach ($roles as $role) {
$currentPrivileges = $role->getPrivileges();
if (\in_array('app.all', $currentPrivileges, true)) {
$currentPrivileges = array_merge($currentPrivileges, $newPrivileges);
$currentPrivileges = array_unique($currentPrivileges);
$dataUpdate[] = [
'id' => $role->getId(),
'privileges' => $currentPrivileges,
];
}
}
));
$roles = $this->aclRoleRepository->search($criteria, $context);
$newPrivileges = [
'app.' . $appName,
];
$dataUpdate = [];
/** @var AclRoleEntity $role */
foreach ($roles as $role) {
$currentPrivileges = $role->getPrivileges();
if (\in_array('app.all', $currentPrivileges, true)) {
$currentPrivileges = array_merge($currentPrivileges, $newPrivileges);
$currentPrivileges = array_unique($currentPrivileges);
$dataUpdate[] = [
'id' => $role->getId(),
'privileges' => $currentPrivileges,
];
}
}
if (!$permissions) {
return false;
}
$aclRole = $app->getAclRole();
if (!$aclRole) {
return true;
}
$newPrivileges = $permissions->asParsedPrivileges();
$currentPrivileges = $aclRole->getPrivileges();
$privilegesDelta = array_diff($newPrivileges, $currentPrivileges);
return \count($privilegesDelta) > 0;
}
private function makePermissions(array $appPrivileges): array
{
$permissions = [];
foreach ($appPrivileges as $privilege) {
return false;
}
$aclRole = $app->getAclRole();
if (!$aclRole) {
return true;
}
$newPrivileges = $permissions->asParsedPrivileges();
$currentPrivileges = $aclRole->getPrivileges();
$privilegesDelta = array_diff($newPrivileges, $currentPrivileges);
return \count($privilegesDelta) > 0;
}
private function makePermissions(array $appPrivileges): array
{
$permissions = [];
foreach ($appPrivileges as $privilege) {
/** @var AclRoleEntity[] $aclRoles */
$aclRoles = $event->getEntities();
if (!$aclRoles) {
return;
}
$additionalRolePrivileges = $this->getAdditionalRolePrivileges();
foreach ($additionalRolePrivileges as $additionalRole => $additionalPrivileges) {
foreach ($aclRoles as $aclRole) {
if ($additionalRole === AclRoleDefinition::ALL_ROLE_KEY || \in_array($additionalRole, $aclRole->getPrivileges(), true)) {
$newPrivileges = array_values(array_unique(array_merge($aclRole->getPrivileges(), $additionalPrivileges)));
$aclRole->setPrivileges($newPrivileges);
}
}
}
}
/** * returns a unique, merged array of all role privileges to be added by plugins * * @return array<string, list<string>> */
$aclRoles = $event->getEntities();
if (!$aclRoles) {
return;
}
$additionalRolePrivileges = $this->getAdditionalRolePrivileges();
foreach ($additionalRolePrivileges as $additionalRole => $additionalPrivileges) {
foreach ($aclRoles as $aclRole) {
if ($additionalRole === AclRoleDefinition::ALL_ROLE_KEY || \in_array($additionalRole, $aclRole->getPrivileges(), true)) {
$newPrivileges = array_values(array_unique(array_merge($aclRole->getPrivileges(), $additionalPrivileges)));
$aclRole->setPrivileges($newPrivileges);
}
}
}
}
/** * returns a unique, merged array of all role privileges to be added by plugins * * @return array<string, list<string>> */