[Security][Acl] Fix #5787 : Add MutableAclProvider::updateUserSecurityIdentity
This commit is contained in:
parent
c0e4c4a4d1
commit
da53d92188
@ -351,6 +351,17 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Updates a user security identity when the user's username changes
|
||||
*
|
||||
* @param UserSecurityIdentity $usid
|
||||
* @param string $oldUsername
|
||||
*/
|
||||
public function updateUserSecurityIdentity(UserSecurityIdentity $usid, $oldUsername)
|
||||
{
|
||||
$this->connection->executeQuery($this->getUpdateUserSecurityIdentitySql($usid, $oldUsername));
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructs the SQL for deleting access control entries.
|
||||
*
|
||||
@ -633,6 +644,31 @@ QUERY;
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructs the SQL for updating a user security identity.
|
||||
*
|
||||
* @param UserSecurityIdentity $usid
|
||||
* @param string $oldUsername
|
||||
* @return string
|
||||
*/
|
||||
protected function getUpdateUserSecurityIdentitySql(UserSecurityIdentity $usid, $oldUsername)
|
||||
{
|
||||
if ($usid->getUsername() == $oldUsername) {
|
||||
throw new \InvalidArgumentException('There are no changes.');
|
||||
}
|
||||
|
||||
$oldIdentifier = $usid->getClass().'-'.$oldUsername;
|
||||
$newIdentifier = $usid->getClass().'-'.$usid->getUsername();
|
||||
|
||||
return sprintf(
|
||||
'UPDATE %s SET identifier = %s WHERE identifier = %s AND username = %s',
|
||||
$this->options['sid_table_name'],
|
||||
$this->connection->quote($newIdentifier),
|
||||
$this->connection->quote($oldIdentifier),
|
||||
$this->connection->getDatabasePlatform()->convertBooleans(true)
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructs the SQL for updating an ACE.
|
||||
*
|
||||
|
@ -407,6 +407,36 @@ class MutableAclProviderTest extends \PHPUnit_Framework_TestCase
|
||||
$provider->updateAcl($acl);
|
||||
}
|
||||
|
||||
public function testUpdateUserSecurityIdentity()
|
||||
{
|
||||
$provider = $this->getProvider();
|
||||
$acl = $provider->createAcl(new ObjectIdentity(1, 'Foo'));
|
||||
$sid = new UserSecurityIdentity('johannes', 'FooClass');
|
||||
$acl->setEntriesInheriting(!$acl->isEntriesInheriting());
|
||||
|
||||
$acl->insertObjectAce($sid, 1);
|
||||
$acl->insertClassAce($sid, 5, 0, false);
|
||||
$acl->insertObjectAce($sid, 2, 1, true);
|
||||
$acl->insertClassFieldAce('field', $sid, 2, 0, true);
|
||||
$provider->updateAcl($acl);
|
||||
|
||||
$newSid = new UserSecurityIdentity('mathieu', 'FooClass');
|
||||
$provider->updateUserSecurityIdentity($newSid, 'johannes');
|
||||
|
||||
$reloadProvider = $this->getProvider();
|
||||
$reloadedAcl = $reloadProvider->findAcl(new ObjectIdentity(1, 'Foo'));
|
||||
|
||||
$this->assertNotSame($acl, $reloadedAcl);
|
||||
$this->assertSame($acl->isEntriesInheriting(), $reloadedAcl->isEntriesInheriting());
|
||||
|
||||
$aces = $acl->getObjectAces();
|
||||
$reloadedAces = $reloadedAcl->getObjectAces();
|
||||
$this->assertEquals(count($aces), count($reloadedAces));
|
||||
foreach ($reloadedAces as $ace) {
|
||||
$this->assertTrue($ace->getSecurityIdentity()->equals($newSid));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Data must have the following format:
|
||||
* array(
|
||||
|
Reference in New Issue
Block a user