getPrivileges example

$response = $this->getBrowser()->getResponse();
        $privileges = json_decode($response->getContent(), true, 512, \JSON_THROW_ON_ERROR);

        static::assertNotContains('unit:read', $privileges);
        static::assertContains('system:clear:cache', $privileges);
        static::assertContains('system.plugin_maintain', $privileges);
    }

    public function testGetAdditionalPrivilegesEvent(): void
    {
        $getAdditionalPrivileges = function DAclGetAdditionalPrivilegesEvent $event): void {
            $privileges = $event->getPrivileges();
            static::assertContains('system:clear:cache', $privileges);
            $privileges[] = 'my_custom_privilege';
            $event->setPrivileges($privileges);
        };
        $this->addEventListener($this->getContainer()->get('event_dispatcher'), AclGetAdditionalPrivilegesEvent::class$getAdditionalPrivileges);

        $this->getBrowser()->request('GET', '/api/_action/acl/additional_privileges');
        $response = $this->getBrowser()->getResponse();
        $privileges = json_decode($response->getContent(), true, 512, \JSON_THROW_ON_ERROR);

        static::assertNotContains('unit:read', $privileges);
        
#[Route(path: '/api/_action/acl/additional_privileges', name: 'api.acl.privileges.additional.get', methods: ['GET'], defaults: ['auth_required' => true, '_acl' => ['api_acl_privileges_additional_get']])]     public function getAdditionalPrivileges(Context $context): JsonResponse
    {
        $privileges = $this->getFromRoutes();

        $definitionPrivileges = $this->getFromDefinitions();
        $privileges = array_diff(array_unique($privileges)$definitionPrivileges);

        $event = new AclGetAdditionalPrivilegesEvent($context$privileges);
        $this->eventDispatcher->dispatch($event);

        $privileges = $event->getPrivileges();

        return new JsonResponse($privileges);
    }

    /** * @return list<string> */
    private function getFromDefinitions(): array
    {
        $privileges = [];
        $definitions = $this->definitionInstanceRegistry->getDefinitions();

        
$resource = $repository->findOneBy(['name' => $resourceName]);
        if ($resource === null) {
            return false;
        }

        // The mapping table s_core_acl_roles must be cleared manually.         $this->em->getConnection()->executeUpdate(
            'DELETE FROM s_core_acl_roles WHERE resourceID = ?',
            [$resource->getId()]
        );

        foreach ($resource->getPrivileges() as $privilege) {
            $this->em->remove($privilege);
        }
        // The privileges will be removed automatically         $this->em->remove($resource);
        $this->em->flush();

        return true;
    }

    /** * Create Shopware acl tree */
if (!$item) {
            return;
        }

        $this->manager->remove($item);
        $this->manager->flush($item);
    }

    private function addPrivilegeIfMissing(AclResource $resource, string $name): void
    {
        foreach ($resource->getPrivileges() as $privilege) {
            if ($privilege->getName() === $name) {
                return;
            }
        }

        $newPriv = new Privilege();
        $newPriv->setName($name);
        $newPriv->setResource($resource);
        $this->manager->persist($newPriv);

        $resource->getPrivileges()->add($newPriv);
    }
$data = [
            'localId' => $app->getId(),
            'description' => $app->getTranslation('description'),
            'name' => $app->getName(),
            'label' => $app->getTranslation('label'),
            'producerName' => $app->getAuthor(),
            'license' => $app->getLicense(),
            'version' => $app->getVersion(),
            'privacyPolicyLink' => $app->getPrivacy(),
            'iconRaw' => $app->getIcon(),
            'installedAt' => $app->getCreatedAt(),
            'permissions' => $app->getAclRole() !== null ? $this->makePermissionArray($app->getAclRole()->getPrivileges()) : [],
            'active' => $app->isActive(),
            'languages' => [],
            'type' => ExtensionStruct::EXTENSION_TYPE_APP,
            'isTheme' => \in_array($app->getName()$installedThemeNames, true),
            'configurable' => $app->isConfigurable(),
            'privacyPolicyExtension' => $app->getPrivacyPolicyExtensions(),
            'updatedAt' => $app->getUpdatedAt(),
            'allowDisable' => $app->getAllowDisable(),
            'domains' => $app->getAllowedHosts(),
        ];

        
'custom_entity_blog:read',
            'custom_entity_blog:create',
            'custom_entity_blog:update',
            'custom_entity_blog:delete',
            'ce_blog_comment:read',
            'ce_blog_comment:create',
            'ce_blog_comment:update',
            'ce_blog_comment:delete',
        ];

        static::assertInstanceOf(AclRoleEntity::class$app->getAclRole());
        static::assertEquals($expected$app->getAclRole()->getPrivileges());
    }

    private function testAllowDisable(bool $expected): void
    {
        $allowed = $this->getContainer()->get(Connection::class)
            ->fetchOne('SELECT allow_disable FROM app WHERE name = :name', ['name' => 'custom-entity-test']);

        static::assertEquals($expected(bool) $allowed);
    }
}
$event = new EntityLoadedEvent(
            $this->createMock(AclRoleDefinition::class),
            $aclRoles,
            Context::createDefaultContext()
        );

        $this->pluginAclSubscriber->onAclRoleLoaded($event);

        /** @var AclRoleEntity $enrichedAclRole */
        $enrichedAclRole = $event->getEntities()[0];

        static::assertSame(['product.viewer', 'product:read']$enrichedAclRole->getPrivileges());
    }

    public function testAclPluginActivated(): void
    {
        $this->activatePlugin(self::PLUGIN_ACL_PRODUCT_VIEWER);

        $aclRoles = [$this->getAclRoleMock('pluginAclTestProductViewer', ['product.viewer', 'product:read'])];

        $event = new EntityLoadedEvent(
            $this->createMock(AclRoleDefinition::class),
            $aclRoles,
            
$this->appLifecycle->delete('test', $app$this->context);

        $apps = $this->appRepository->searchIds(new Criteria()$this->context)->getIds();
        static::assertCount(0, $apps);

        /** @var EntityRepository $aclRoleRepository */
        $aclRoleRepository = $this->getContainer()->get('acl_role.repository');
        /** @var AclRoleEntity $aclRole */
        $aclRole = $aclRoleRepository->search(new Criteria([$aclRoleId])$this->context)->first();

        static::assertNotContains($appPrivilege$aclRole->getPrivileges());
    }

    public function testInstallWithAllowedHosts(): void
    {
        $manifest = Manifest::createFromXmlFile(__DIR__ . '/_fixtures/withAllowedHosts/manifest.xml');
        $this->appLifecycle->install($manifest, true, $this->context);

        /** @var AppCollection $apps */
        $apps = $this->appRepository->search(new Criteria()$this->context)->getEntities();

        static::assertCount(1, $apps);
        
'checked' => false,
            'expanded' => false,
        ];

        if ($role) {
            if (\array_key_exists($resource->getId()$resourceAdmins) || $role->getAdmin() === 1) {
                $resourceNode['checked'] = true;
                $resourceNode['expanded'] = true;
            }
        }

        if (\count($resource->getPrivileges()) > 0) {
            $children = [];
            foreach ($resource->getPrivileges() as $privilege) {
                $children[] = $this->getPrivilegeNode($resourceNode$privilege$role);
            }
            $resourceNode['data'] = $children;
            $resourceNode['leaf'] = false;
        } else {
            $resourceNode['leaf'] = true;
            $resourceNode['data'] = [];
        }

        
new EqualsFilter('users.id', null)]
        ));
        $roles = $this->aclRoleRepository->search($criteria$context);

        $newPrivileges = [
            'app.' . $appName,
        ];
        $dataUpdate = [];

        /** @var AclRoleEntity $role */
        foreach ($roles as $role) {
            $currentPrivileges = $role->getPrivileges();

            if (\in_array('app.all', $currentPrivileges, true)) {
                $currentPrivileges = array_merge($currentPrivileges$newPrivileges);
                $currentPrivileges = array_unique($currentPrivileges);

                $dataUpdate[] = [
                    'id' => $role->getId(),
                    'privileges' => $currentPrivileges,
                ];
            }
        }

        
if (!$permissions) {
            return false;
        }

        $aclRole = $app->getAclRole();

        if (!$aclRole) {
            return true;
        }

        $newPrivileges = $permissions->asParsedPrivileges();
        $currentPrivileges = $aclRole->getPrivileges();

        $privilegesDelta = array_diff($newPrivileges$currentPrivileges);

        return \count($privilegesDelta) > 0;
    }

    private function makePermissions(array $appPrivileges): array
    {
        $permissions = [];

        foreach ($appPrivileges as $privilege) {
            
/** @var AclRoleEntity[] $aclRoles */
        $aclRoles = $event->getEntities();

        if (!$aclRoles) {
            return;
        }

        $additionalRolePrivileges = $this->getAdditionalRolePrivileges();

        foreach ($additionalRolePrivileges as $additionalRole => $additionalPrivileges) {
            foreach ($aclRoles as $aclRole) {
                if ($additionalRole === AclRoleDefinition::ALL_ROLE_KEY || \in_array($additionalRole$aclRole->getPrivileges(), true)) {
                    $newPrivileges = array_values(array_unique(array_merge($aclRole->getPrivileges()$additionalPrivileges)));
                    $aclRole->setPrivileges($newPrivileges);
                }
            }
        }
    }

    /** * returns a unique, merged array of all role privileges to be added by plugins * * @return array<string, list<string>> */
Home | Imprint | This part of the site doesn't use cookies.