Tweak a bit ACL

DependencyInjection/Configuration.php

@@ -39,7 +39,6 @@ public function getConfigTreeBuilder()
             ->fixXmlConfig('dashboard_group')
             ->fixXmlConfig('admin_service')
             ->children()
-
                 ->arrayNode('security')
                     ->addDefaultsIfNotSet()
                     ->children()

DependencyInjection/SonataAdminExtension.php

@@ -94,9 +94,11 @@ public function load(array $configs, ContainerBuilder $container)
                 }
                 break;
         }
+
         $container->setParameter('sonata.admin.configuration.security.information', $config['security']['information']);
         $container->setParameter('sonata.admin.configuration.security.admin_permissions', $config['security']['admin_permissions']);
         $container->setParameter('sonata.admin.configuration.security.object_permissions', $config['security']['object_permissions']);
+
         $loader->load('security.xml');
 
         /**

Resources/config/security.xml

@@ -35,7 +35,6 @@
             </call>
         </service>
         <service id="sonata.admin.manipulator.acl.admin" class="%sonata.admin.manipulator.acl.admin.class%" >
-            <argument type="service" id="sonata.admin.security.handler" />
             <argument>%sonata.admin.security.mask.builder.class%</argument>
         </service>
     </services>

Util/AdminAclManipulator.php

@@ -21,13 +21,11 @@
 
 class AdminAclManipulator implements AdminAclManipulatorInterface
 {
-    protected $securityHandler;
     protected $maskBuilderClass;
 
-    public function __construct(AclSecurityHandlerInterface $securityHandler, $maskBuilderClass)
+    public function __construct($maskBuilderClass)
     {
-        $this->securityHandler = $securityHandler;
-        $this->maskBuilderClass =$maskBuilderClass;
+        $this->maskBuilderClass = $maskBuilderClass;
     }
 
     /**
@@ -37,44 +35,44 @@ public function configureAcls(OutputInterface $output, AdminInterface $admin)
     {
         $securityHandler = $admin->getSecurityHandler();
         if (!$securityHandler instanceof AclSecurityHandlerInterface) {
-            $output->writeln('Admin class is not configured to use ACL : <info>ignoring</info>');
+            $output->writeln(sprintf('Admin `%s` is not configured to use ACL : <info>ignoring</info>', $admin->getCode()));
             return;
         }
 
         $objectIdentity = ObjectIdentity::fromDomainObject($admin);
         $newAcl = false;
-        if (is_null($acl = $this->securityHandler->getObjectAcl($objectIdentity))) {
-            $acl = $this->securityHandler->createAcl($objectIdentity);
+        if (is_null($acl = $securityHandler->getObjectAcl($objectIdentity))) {
+            $acl = $securityHandler->createAcl($objectIdentity);
             $newAcl = true;
         }
 
         // create admin ACL
         $output->writeln(sprintf(' > install ACL for %s', $admin->getCode()));
-        $configResult = $this->addAdminClassAces($output, $acl, $securityHandler->buildSecurityInformation($admin));
+        $configResult = $this->addAdminClassAces($output, $acl, $securityHandler, $securityHandler->buildSecurityInformation($admin));
 
         if ($configResult) {
-            $this->securityHandler->updateAcl($acl);
+            $securityHandler->updateAcl($acl);
         } else {
             $output->writeln(sprintf('   - %s , no roles and permissions found', ($newAcl ? 'skip' : 'removed')));
-            $this->securityHandler->deleteAcl($objectIdentity);
+            $securityHandler->deleteAcl($objectIdentity);
         }
     }
 
     /**
      * {@inheritDoc}
      */
-    public function addAdminClassAces(OutputInterface $output, AclInterface $acl, array $roleInformation = array())
+    public function addAdminClassAces(OutputInterface $output, AclInterface $acl, AclSecurityHandlerInterface $securityHandler, array $roleInformation = array())
     {
-        if (count($this->securityHandler->getAdminPermissions()) > 0 ) {
+        if (count($securityHandler->getAdminPermissions()) > 0 ) {
             $builder = new $this->maskBuilderClass();
 
             foreach ($roleInformation as $role => $permissions) {
-                $aceIndex = $this->securityHandler->findClassAceIndexByRole($acl, $role);
+                $aceIndex = $securityHandler->findClassAceIndexByRole($acl, $role);
                 $roleAdminPermissions = array();
 
                 foreach ($permissions as $permission) {
                     // add only the admin permissions
-                    if (in_array($permission, $this->securityHandler->getAdminPermissions())) {
+                    if (in_array($permission, $securityHandler->getAdminPermissions())) {
                         $builder->add($permission);
                         $roleAdminPermissions[] = $permission;
                     }

Util/AdminAclManipulatorInterface.php

@@ -14,29 +14,27 @@
 use Symfony\Component\Security\Acl\Model\AclInterface;
 use Symfony\Component\Console\Output\OutputInterface;
 use Sonata\AdminBundle\Admin\AdminInterface;
+use Sonata\AdminBundle\Security\Handler\AclSecurityHandlerInterface;
 
 interface AdminAclManipulatorInterface
 {
     /**
      * Batch configure the ACLs for all objects handled by an Admin
      *
-     * @abstract
-     * @param OutputInterface $output
-     * @param AdminInterface $admin
-     * @param UserSecurityIdentity $securityIdentity
-     * @throws ModelManagerException
+     * @param \Symfony\Component\Console\Output\OutputInterface $output
+     * @param \Sonata\AdminBundle\Admin\AdminInterface $admin
      * @return void
      */
     function configureAcls(OutputInterface $output, AdminInterface $admin);
 
     /**
      * Add the class ACE's to the admin ACL
      *
-     * @abstract
-     * @param AclInterface $acl
+     * @param \Symfony\Component\Console\Output\OutputInterface $output
+     * @param \Symfony\Component\Security\Acl\Model\AclInterface $acl
+     * @param \Sonata\AdminBundle\Security\Handler\AclSecurityHandlerInterface $securityHandler
      * @param array $roleInformation
-     * @param OutputInterface $output
      * @return boolean TRUE if admin class ACEs are added, FALSE if not
      */
-    function addAdminClassAces(OutputInterface $output, AclInterface $acl, array $roleInformation = array());
+    function addAdminClassAces(OutputInterface $output, AclInterface $acl, AclSecurityHandlerInterface $securityHandler, array $roleInformation = array());
 }