Add some magic ACL juice

Add an entry for every created object for the creating user. Check that exists when updating, getting.
christheyounger · Aug 30, 2016 · afb8985 · afb8985
1 parent 8d2ba3e
commit afb8985
Show file tree

Hide file tree

Showing 3 changed files with 44 additions and 12 deletions.
diff --git a/src/Darkbluesun/GoldfishBundle/Controller/ClientController.php b/src/Darkbluesun/GoldfishBundle/Controller/ClientController.php
@@ -3,6 +3,7 @@
 namespace Darkbluesun\GoldfishBundle\Controller;
 
 use JMS\Serializer\SerializationContext;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Bundle\FrameworkBundle\Controller\Controller;
@@ -11,6 +12,9 @@
 use Darkbluesun\GoldfishBundle\Entity\Workspace;
 use Darkbluesun\GoldfishBundle\Entity\Client;
 use Darkbluesun\GoldfishBundle\Entity\ClientComment;
+use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
+use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity;
+use Symfony\Component\Security\Acl\Permission\MaskBuilder;
 
 /**
  * Client controller.
@@ -49,7 +53,7 @@ public function getcAction()
 
     /**
      * Gets an existing Client entity.
-     *
+     * @Security("is_granted('VIEW', client)")
      * @Route("/{id}", name="clients_get")
      * @Method("GET")
      */
@@ -72,12 +76,18 @@ public function createAction(Request $request)
         $client->setCreatedAt(new \DateTime())->setUpdatedAt(new \DateTime());
         $em->persist($client);
         $em->flush();
+
+        $aclProvider = $this->get('security.acl.provider');
+        $acl = $aclProvider->createAcl(ObjectIdentity::fromDomainObject($client));
+        $acl->insertObjectAce(UserSecurityIdentity::fromAccount($this->getUser()), MaskBuilder::MASK_OWNER);
+        $aclProvider->updateAcl($acl);
+
         return $this->getAction($client);
     }
 
     /**
      * Updates an existing Client entity.
-     *
+     * @Security("is_granted('EDIT', client)")
      * @Route("/{id}", name="clients_update")
      * @Method("POST")
      */
@@ -113,7 +123,7 @@ public function commentAction(Request $request, Client $client) {
 
     /**
      * Deletes a Client entity.
-     *
+     * @Security("is_granted('DELETE', client)")
      * @Route("/{id}", name="clients_delete")
      * @Method("DELETE")
      */

diff --git a/src/Darkbluesun/GoldfishBundle/Controller/ProjectController.php b/src/Darkbluesun/GoldfishBundle/Controller/ProjectController.php
@@ -3,13 +3,19 @@
 namespace Darkbluesun\GoldfishBundle\Controller;
 
 use JMS\Serializer\SerializationContext;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Bundle\FrameworkBundle\Controller\Controller;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
 use Darkbluesun\GoldfishBundle\Entity\Project;
+use Darkbluesun\GoldfishBundle\Entity\Task;
+use Darkbluesun\GoldfishBundle\Form\ProjectType;
+use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
+use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity;
+use Symfony\Component\Security\Acl\Permission\MaskBuilder;
 
 /**
  * Project controller.
@@ -36,7 +42,7 @@ public function getcAction()
 
     /**
      * Get a Project
-     *
+     * @Security("is_granted('VIEW', project)")
      * @Route("/{id}", name="project_get")
      * @Method("GET")
      */
@@ -59,12 +65,18 @@ public function postAction(Request $request)
         $project = $em->merge($project);
         $project->setCreatedAt(new \DateTime())->setUpdatedAt(new \DateTime());
         $em->flush();
+
+        $aclProvider = $this->get('security.acl.provider');
+        $acl = $aclProvider->createAcl(ObjectIdentity::fromDomainObject($project));
+        $acl->insertObjectAce(UserSecurityIdentity::fromAccount($this->getUser()), MaskBuilder::MASK_OWNER);
+        $aclProvider->updateAcl($acl);
+
         return $this->getAction($project);
     }
 
     /**
      * Updates an existing Project entity.
-     *
+     * @Security("is_granted('EDIT', project)")
      * @Route("/{id}", name="project_update")
      * @Method("POST")
      */
@@ -81,7 +93,7 @@ public function updateAction(Request $request, Project $project)
 
     /**
      * Deletes a Project.
-     *
+     * @Security("is_granted('DELETE', project)")
      * @Route("/{id}", name="project_delete")
      * @Method("DELETE")
      */

diff --git a/src/Darkbluesun/GoldfishBundle/Controller/TaskController.php b/src/Darkbluesun/GoldfishBundle/Controller/TaskController.php
@@ -3,6 +3,7 @@
 namespace Darkbluesun\GoldfishBundle\Controller;
 
 use JMS\Serializer\SerializationContext;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\HttpFoundation\JsonResponse;
@@ -11,6 +12,10 @@
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
 use Darkbluesun\GoldfishBundle\Entity\Task;
 use Darkbluesun\GoldfishBundle\Entity\TimeEntry;
+use Darkbluesun\GoldfishBundle\Form\TaskType;
+use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
+use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity;
+use Symfony\Component\Security\Acl\Permission\MaskBuilder;
 
 /**
  * Task controller.
@@ -36,7 +41,7 @@ public function getcAction()
 
     /**
      * Gets a Task.
-     *
+     * @Security("is_granted('view', task)")
      * @Route("/{id}", name="tasks_get")
      * @Method("GET")
      */
@@ -64,12 +69,17 @@ public function postAction(Request $request)
         $task = $em->merge($task);
         $em->flush();
 
+        $aclProvider = $this->get('security.acl.provider');
+        $acl = $aclProvider->createAcl(ObjectIdentity::fromDomainObject($task));
+        $acl->insertObjectAce(UserSecurityIdentity::fromAccount($this->getUser()), MaskBuilder::MASK_OWNER);
+        $aclProvider->updateAcl($acl);
+
         return $this->getAction($task);
     }
 
     /**
      * Updates an existing Task.
-     *
+     * @Security("is_granted('EDIT', task)")
      * @Route("/{id}", name="tasks_update")
      * @Method("POST")
      */
@@ -87,7 +97,7 @@ public function updateAction(Request $request, Task $task)
 
     /**
      * Deletes a Task.
-     *
+     * @Security("is_granted('DELETE', task)")
      * @Route("/{id}", name="tasks_delete")
      * @Method("DELETE")
      */
@@ -101,7 +111,7 @@ public function deleteAction(Request $request, Task $task)
 
     /**
      * Lists all Comments belonging to this thing.
-     *
+     * @Security("is_granted('VIEW', task)")
      * @Route("/{id}/comments", name="task_comment_list")
      * @Method("GET")
      */
@@ -116,7 +126,7 @@ public function getCommentsAction(Task $task)
 
     /**
      * List all time entries
-     *
+     * @Security("is_granted('VIEW', task)")
      * @Route("/{id}/timesheet/", name="task_timesheet")
      * @Method("GET")
      */
@@ -130,7 +140,7 @@ public function getTimesheetAction(Task $task) {
 
     /**
      * Time add
-     *
+     * @Security("is_granted('EDIT', task)")
      * @Route("/{id}/addtime", name="task_add_time")
      * @Method("POST")
      */