hdabo_sf: vendor/symfony/src/Symfony/Component/Security/Acl/Dbal/MutableAclProvider.php@7f95f8617b0b (annotated)

0 7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	1	<?php
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	2
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	3	/*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	4	* This file is part of the Symfony package.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	5	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	6	* (c) Fabien Potencier <fabien@symfony.com>
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	7	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	8	* For the full copyright and license information, please view the LICENSE
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	9	* file that was distributed with this source code.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	10	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	11
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	12	namespace Symfony\Component\Security\Acl\Dbal;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	13
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	14	use Doctrine\Common\PropertyChangedListener;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	15	use Doctrine\DBAL\Driver\Connection;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	16	use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	17	use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	18	use Symfony\Component\Security\Acl\Exception\AclAlreadyExistsException;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	19	use Symfony\Component\Security\Acl\Exception\ConcurrentModificationException;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	20	use Symfony\Component\Security\Acl\Exception\Exception;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	21	use Symfony\Component\Security\Acl\Model\AclCacheInterface;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	22	use Symfony\Component\Security\Acl\Model\AclInterface;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	23	use Symfony\Component\Security\Acl\Model\EntryInterface;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	24	use Symfony\Component\Security\Acl\Model\MutableAclInterface;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	25	use Symfony\Component\Security\Acl\Model\MutableAclProviderInterface;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	26	use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	27	use Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	28	use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	29
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	30	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	31	* An implementation of the MutableAclProviderInterface using Doctrine DBAL.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	32	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	33	* @author Johannes M. Schmitt <schmittjoh@gmail.com>
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	34	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	35	class MutableAclProvider extends AclProvider implements MutableAclProviderInterface, PropertyChangedListener
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	36	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	37	private $propertyChanges;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	38
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	39	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	40	* {@inheritDoc}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	41	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	42	public function __construct(Connection $connection, PermissionGrantingStrategyInterface $permissionGrantingStrategy, array $options, AclCacheInterface $cache = null)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	43	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	44	parent::__construct($connection, $permissionGrantingStrategy, $options, $cache);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	45
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	46	$this->propertyChanges = new \SplObjectStorage();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	47	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	48
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	49	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	50	* {@inheritDoc}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	51	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	52	public function createAcl(ObjectIdentityInterface $oid)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	53	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	54	if (false !== $this->retrieveObjectIdentityPrimaryKey($oid)) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	55	throw new AclAlreadyExistsException(sprintf('%s is already associated with an ACL.', $oid));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	56	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	57
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	58	$this->connection->beginTransaction();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	59	try {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	60	$this->createObjectIdentity($oid);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	61
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	62	$pk = $this->retrieveObjectIdentityPrimaryKey($oid);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	63	$this->connection->executeQuery($this->getInsertObjectIdentityRelationSql($pk, $pk));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	64
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	65	$this->connection->commit();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	66	} catch (\Exception $failed) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	67	$this->connection->rollBack();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	68
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	69	throw $failed;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	70	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	71
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	72	// re-read the ACL from the database to ensure proper caching, etc.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	73	return $this->findAcl($oid);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	74	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	75
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	76	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	77	* {@inheritDoc}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	78	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	79	public function deleteAcl(ObjectIdentityInterface $oid)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	80	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	81	$this->connection->beginTransaction();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	82	try {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	83	foreach ($this->findChildren($oid, true) as $childOid) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	84	$this->deleteAcl($childOid);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	85	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	86
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	87	$oidPK = $this->retrieveObjectIdentityPrimaryKey($oid);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	88
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	89	$this->deleteAccessControlEntries($oidPK);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	90	$this->deleteObjectIdentityRelations($oidPK);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	91	$this->deleteObjectIdentity($oidPK);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	92
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	93	$this->connection->commit();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	94	} catch (\Exception $failed) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	95	$this->connection->rollBack();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	96
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	97	throw $failed;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	98	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	99
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	100	// evict the ACL from the in-memory identity map
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	101	if (isset($this->loadedAcls[$oid->getType()][$oid->getIdentifier()])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	102	$this->propertyChanges->offsetUnset($this->loadedAcls[$oid->getType()][$oid->getIdentifier()]);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	103	unset($this->loadedAcls[$oid->getType()][$oid->getIdentifier()]);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	104	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	105
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	106	// evict the ACL from any caches
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	107	if (null !== $this->cache) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	108	$this->cache->evictFromCacheByIdentity($oid);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	109	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	110	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	111
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	112	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	113	* {@inheritDoc}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	114	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	115	public function findAcls(array $oids, array $sids = array())
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	116	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	117	$result = parent::findAcls($oids, $sids);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	118
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	119	foreach ($result as $oid) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	120	$acl = $result->offsetGet($oid);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	121
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	122	if (false === $this->propertyChanges->contains($acl) && $acl instanceof MutableAclInterface) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	123	$acl->addPropertyChangedListener($this);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	124	$this->propertyChanges->attach($acl, array());
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	125	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	126
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	127	$parentAcl = $acl->getParentAcl();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	128	while (null !== $parentAcl) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	129	if (false === $this->propertyChanges->contains($parentAcl) && $acl instanceof MutableAclInterface) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	130	$parentAcl->addPropertyChangedListener($this);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	131	$this->propertyChanges->attach($parentAcl, array());
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	132	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	133
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	134	$parentAcl = $parentAcl->getParentAcl();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	135	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	136	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	137
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	138	return $result;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	139	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	140
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	141	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	142	* Implementation of PropertyChangedListener
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	143	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	144	* This allows us to keep track of which values have been changed, so we don't
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	145	* have to do a full introspection when ->updateAcl() is called.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	146	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	147	* @param mixed $sender
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	148	* @param string $propertyName
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	149	* @param mixed $oldValue
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	150	* @param mixed $newValue
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	151	* @return void
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	152	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	153	public function propertyChanged($sender, $propertyName, $oldValue, $newValue)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	154	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	155	if (!$sender instanceof MutableAclInterface && !$sender instanceof EntryInterface) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	156	throw new \InvalidArgumentException('$sender must be an instance of MutableAclInterface, or EntryInterface.');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	157	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	158
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	159	if ($sender instanceof EntryInterface) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	160	if (null === $sender->getId()) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	161	return;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	162	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	163
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	164	$ace = $sender;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	165	$sender = $ace->getAcl();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	166	} else {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	167	$ace = null;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	168	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	169
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	170	if (false === $this->propertyChanges->contains($sender)) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	171	throw new \InvalidArgumentException('$sender is not being tracked by this provider.');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	172	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	173
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	174	$propertyChanges = $this->propertyChanges->offsetGet($sender);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	175	if (null === $ace) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	176	if (isset($propertyChanges[$propertyName])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	177	$oldValue = $propertyChanges[$propertyName][0];
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	178	if ($oldValue === $newValue) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	179	unset($propertyChanges[$propertyName]);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	180	} else {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	181	$propertyChanges[$propertyName] = array($oldValue, $newValue);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	182	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	183	} else {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	184	$propertyChanges[$propertyName] = array($oldValue, $newValue);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	185	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	186	} else {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	187	if (!isset($propertyChanges['aces'])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	188	$propertyChanges['aces'] = new \SplObjectStorage();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	189	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	190
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	191	$acePropertyChanges = $propertyChanges['aces']->contains($ace)? $propertyChanges['aces']->offsetGet($ace) : array();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	192
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	193	if (isset($acePropertyChanges[$propertyName])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	194	$oldValue = $acePropertyChanges[$propertyName][0];
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	195	if ($oldValue === $newValue) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	196	unset($acePropertyChanges[$propertyName]);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	197	} else {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	198	$acePropertyChanges[$propertyName] = array($oldValue, $newValue);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	199	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	200	} else {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	201	$acePropertyChanges[$propertyName] = array($oldValue, $newValue);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	202	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	203
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	204	if (count($acePropertyChanges) > 0) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	205	$propertyChanges['aces']->offsetSet($ace, $acePropertyChanges);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	206	} else {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	207	$propertyChanges['aces']->offsetUnset($ace);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	208
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	209	if (0 === count($propertyChanges['aces'])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	210	unset($propertyChanges['aces']);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	211	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	212	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	213	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	214
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	215	$this->propertyChanges->offsetSet($sender, $propertyChanges);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	216	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	217
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	218	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	219	* {@inheritDoc}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	220	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	221	public function updateAcl(MutableAclInterface $acl)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	222	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	223	if (!$this->propertyChanges->contains($acl)) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	224	throw new \InvalidArgumentException('$acl is not tracked by this provider.');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	225	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	226
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	227	$propertyChanges = $this->propertyChanges->offsetGet($acl);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	228	// check if any changes were made to this ACL
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	229	if (0 === count($propertyChanges)) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	230	return;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	231	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	232
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	233	$sets = $sharedPropertyChanges = array();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	234
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	235	$this->connection->beginTransaction();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	236	try {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	237	if (isset($propertyChanges['entriesInheriting'])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	238	$sets[] = 'entries_inheriting = '.$this->connection->getDatabasePlatform()->convertBooleans($propertyChanges['entriesInheriting'][1]);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	239	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	240
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	241	if (isset($propertyChanges['parentAcl'])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	242	if (null === $propertyChanges['parentAcl'][1]) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	243	$sets[] = 'parent_object_identity_id = NULL';
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	244	} else {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	245	$sets[] = 'parent_object_identity_id = '.intval($propertyChanges['parentAcl'][1]->getId());
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	246	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	247
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	248	$this->regenerateAncestorRelations($acl);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	249	$childAcls = $this->findAcls($this->findChildren($acl->getObjectIdentity(), false));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	250	foreach ($childAcls as $childOid) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	251	$this->regenerateAncestorRelations($childAcls[$childOid]);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	252	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	253	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	254
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	255	// this includes only updates of existing ACEs, but neither the creation, nor
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	256	// the deletion of ACEs; these are tracked by changes to the ACL's respective
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	257	// properties (classAces, classFieldAces, objectAces, objectFieldAces)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	258	if (isset($propertyChanges['aces'])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	259	$this->updateAces($propertyChanges['aces']);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	260	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	261
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	262	// check properties for deleted, and created ACEs
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	263	if (isset($propertyChanges['classAces'])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	264	$this->updateAceProperty('classAces', $propertyChanges['classAces']);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	265	$sharedPropertyChanges['classAces'] = $propertyChanges['classAces'];
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	266	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	267	if (isset($propertyChanges['classFieldAces'])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	268	$this->updateFieldAceProperty('classFieldAces', $propertyChanges['classFieldAces']);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	269	$sharedPropertyChanges['classFieldAces'] = $propertyChanges['classFieldAces'];
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	270	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	271	if (isset($propertyChanges['objectAces'])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	272	$this->updateAceProperty('objectAces', $propertyChanges['objectAces']);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	273	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	274	if (isset($propertyChanges['objectFieldAces'])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	275	$this->updateFieldAceProperty('objectFieldAces', $propertyChanges['objectFieldAces']);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	276	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	277
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	278	// if there have been changes to shared properties, we need to synchronize other
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	279	// ACL instances for object identities of the same type that are already in-memory
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	280	if (count($sharedPropertyChanges) > 0) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	281	$classAcesProperty = new \ReflectionProperty('Symfony\Component\Security\Acl\Domain\Acl', 'classAces');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	282	$classAcesProperty->setAccessible(true);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	283	$classFieldAcesProperty = new \ReflectionProperty('Symfony\Component\Security\Acl\Domain\Acl', 'classFieldAces');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	284	$classFieldAcesProperty->setAccessible(true);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	285
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	286	foreach ($this->loadedAcls[$acl->getObjectIdentity()->getType()] as $sameTypeAcl) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	287	if (isset($sharedPropertyChanges['classAces'])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	288	if ($acl !== $sameTypeAcl && $classAcesProperty->getValue($sameTypeAcl) !== $sharedPropertyChanges['classAces'][0]) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	289	throw new ConcurrentModificationException('The "classAces" property has been modified concurrently.');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	290	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	291
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	292	$classAcesProperty->setValue($sameTypeAcl, $sharedPropertyChanges['classAces'][1]);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	293	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	294
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	295	if (isset($sharedPropertyChanges['classFieldAces'])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	296	if ($acl !== $sameTypeAcl && $classFieldAcesProperty->getValue($sameTypeAcl) !== $sharedPropertyChanges['classFieldAces'][0]) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	297	throw new ConcurrentModificationException('The "classFieldAces" property has been modified concurrently.');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	298	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	299
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	300	$classFieldAcesProperty->setValue($sameTypeAcl, $sharedPropertyChanges['classFieldAces'][1]);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	301	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	302	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	303	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	304
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	305	// persist any changes to the acl_object_identities table
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	306	if (count($sets) > 0) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	307	$this->connection->executeQuery($this->getUpdateObjectIdentitySql($acl->getId(), $sets));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	308	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	309
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	310	$this->connection->commit();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	311	} catch (\Exception $failed) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	312	$this->connection->rollBack();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	313
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	314	throw $failed;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	315	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	316
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	317	$this->propertyChanges->offsetSet($acl, array());
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	318
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	319	if (null !== $this->cache) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	320	if (count($sharedPropertyChanges) > 0) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	321	// FIXME: Currently, there is no easy way to clear the cache for ACLs
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	322	// of a certain type. The problem here is that we need to make
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	323	// sure to clear the cache of all child ACLs as well, and these
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	324	// child ACLs might be of a different class type.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	325	$this->cache->clearCache();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	326	} else {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	327	// if there are no shared property changes, it's sufficient to just delete
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	328	// the cache for this ACL
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	329	$this->cache->evictFromCacheByIdentity($acl->getObjectIdentity());
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	330
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	331	foreach ($this->findChildren($acl->getObjectIdentity()) as $childOid) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	332	$this->cache->evictFromCacheByIdentity($childOid);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	333	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	334	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	335	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	336	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	337
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	338	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	339	* Constructs the SQL for deleting access control entries.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	340	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	341	* @param integer $oidPK
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	342	* @return string
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	343	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	344	protected function getDeleteAccessControlEntriesSql($oidPK)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	345	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	346	return sprintf(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	347	'DELETE FROM %s WHERE object_identity_id = %d',
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	348	$this->options['entry_table_name'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	349	$oidPK
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	350	);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	351	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	352
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	353	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	354	* Constructs the SQL for deleting a specific ACE.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	355	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	356	* @param integer $acePK
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	357	* @return string
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	358	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	359	protected function getDeleteAccessControlEntrySql($acePK)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	360	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	361	return sprintf(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	362	'DELETE FROM %s WHERE id = %d',
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	363	$this->options['entry_table_name'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	364	$acePK
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	365	);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	366	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	367
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	368	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	369	* Constructs the SQL for deleting an object identity.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	370	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	371	* @param integer $pk
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	372	* @return string
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	373	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	374	protected function getDeleteObjectIdentitySql($pk)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	375	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	376	return sprintf(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	377	'DELETE FROM %s WHERE id = %d',
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	378	$this->options['oid_table_name'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	379	$pk
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	380	);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	381	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	382
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	383	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	384	* Constructs the SQL for deleting relation entries.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	385	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	386	* @param integer $pk
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	387	* @return string
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	388	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	389	protected function getDeleteObjectIdentityRelationsSql($pk)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	390	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	391	return sprintf(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	392	'DELETE FROM %s WHERE object_identity_id = %d',
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	393	$this->options['oid_ancestors_table_name'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	394	$pk
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	395	);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	396	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	397
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	398	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	399	* Constructs the SQL for inserting an ACE.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	400	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	401	* @param integer $classId
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	402	* @param integer\|null $objectIdentityId
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	403	* @param string\|null $field
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	404	* @param integer $aceOrder
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	405	* @param integer $securityIdentityId
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	406	* @param string $strategy
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	407	* @param integer $mask
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	408	* @param Boolean $granting
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	409	* @param Boolean $auditSuccess
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	410	* @param Boolean $auditFailure
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	411	* @return string
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	412	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	413	protected function getInsertAccessControlEntrySql($classId, $objectIdentityId, $field, $aceOrder, $securityIdentityId, $strategy, $mask, $granting, $auditSuccess, $auditFailure)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	414	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	415	$query = <<<QUERY
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	416	INSERT INTO %s (
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	417	class_id,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	418	object_identity_id,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	419	field_name,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	420	ace_order,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	421	security_identity_id,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	422	mask,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	423	granting,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	424	granting_strategy,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	425	audit_success,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	426	audit_failure
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	427	)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	428	VALUES (%d, %s, %s, %d, %d, %d, %s, %s, %s, %s)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	429	QUERY;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	430
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	431	return sprintf(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	432	$query,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	433	$this->options['entry_table_name'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	434	$classId,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	435	null === $objectIdentityId? 'NULL' : intval($objectIdentityId),
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	436	null === $field? 'NULL' : $this->connection->quote($field),
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	437	$aceOrder,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	438	$securityIdentityId,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	439	$mask,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	440	$this->connection->getDatabasePlatform()->convertBooleans($granting),
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	441	$this->connection->quote($strategy),
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	442	$this->connection->getDatabasePlatform()->convertBooleans($auditSuccess),
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	443	$this->connection->getDatabasePlatform()->convertBooleans($auditFailure)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	444	);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	445	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	446
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	447	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	448	* Constructs the SQL for inserting a new class type.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	449	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	450	* @param string $classType
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	451	* @return string
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	452	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	453	protected function getInsertClassSql($classType)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	454	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	455	return sprintf(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	456	'INSERT INTO %s (class_type) VALUES (%s)',
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	457	$this->options['class_table_name'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	458	$this->connection->quote($classType)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	459	);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	460	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	461
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	462	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	463	* Constructs the SQL for inserting a relation entry.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	464	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	465	* @param integer $objectIdentityId
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	466	* @param integer $ancestorId
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	467	* @return string
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	468	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	469	protected function getInsertObjectIdentityRelationSql($objectIdentityId, $ancestorId)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	470	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	471	return sprintf(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	472	'INSERT INTO %s (object_identity_id, ancestor_id) VALUES (%d, %d)',
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	473	$this->options['oid_ancestors_table_name'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	474	$objectIdentityId,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	475	$ancestorId
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	476	);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	477	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	478
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	479	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	480	* Constructs the SQL for inserting an object identity.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	481	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	482	* @param string $identifier
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	483	* @param integer $classId
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	484	* @param Boolean $entriesInheriting
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	485	* @return string
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	486	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	487	protected function getInsertObjectIdentitySql($identifier, $classId, $entriesInheriting)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	488	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	489	$query = <<<QUERY
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	490	INSERT INTO %s (class_id, object_identifier, entries_inheriting)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	491	VALUES (%d, %s, %s)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	492	QUERY;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	493
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	494	return sprintf(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	495	$query,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	496	$this->options['oid_table_name'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	497	$classId,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	498	$this->connection->quote($identifier),
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	499	$this->connection->getDatabasePlatform()->convertBooleans($entriesInheriting)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	500	);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	501	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	502
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	503	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	504	* Constructs the SQL for inserting a security identity.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	505	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	506	* @param SecurityIdentityInterface $sid
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	507	* @throws \InvalidArgumentException
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	508	* @return string
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	509	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	510	protected function getInsertSecurityIdentitySql(SecurityIdentityInterface $sid)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	511	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	512	if ($sid instanceof UserSecurityIdentity) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	513	$identifier = $sid->getClass().'-'.$sid->getUsername();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	514	$username = true;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	515	} else if ($sid instanceof RoleSecurityIdentity) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	516	$identifier = $sid->getRole();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	517	$username = false;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	518	} else {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	519	throw new \InvalidArgumentException('$sid must either be an instance of UserSecurityIdentity, or RoleSecurityIdentity.');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	520	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	521
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	522	return sprintf(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	523	'INSERT INTO %s (identifier, username) VALUES (%s, %s)',
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	524	$this->options['sid_table_name'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	525	$this->connection->quote($identifier),
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	526	$this->connection->getDatabasePlatform()->convertBooleans($username)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	527	);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	528	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	529
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	530	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	531	* Constructs the SQL for selecting an ACE.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	532	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	533	* @param integer $classId
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	534	* @param integer $oid
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	535	* @param string $field
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	536	* @param integer $order
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	537	* @return string
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	538	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	539	protected function getSelectAccessControlEntryIdSql($classId, $oid, $field, $order)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	540	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	541	return sprintf(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	542	'SELECT id FROM %s WHERE class_id = %d AND %s AND %s AND ace_order = %d',
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	543	$this->options['entry_table_name'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	544	$classId,
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	545	null === $oid ?
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	546	$this->connection->getDatabasePlatform()->getIsNullExpression('object_identity_id')
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	547	: 'object_identity_id = '.intval($oid),
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	548	null === $field ?
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	549	$this->connection->getDatabasePlatform()->getIsNullExpression('field_name')
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	550	: 'field_name = '.$this->connection->quote($field),
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	551	$order
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	552	);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	553	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	554
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	555	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	556	* Constructs the SQL for selecting the primary key associated with
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	557	* the passed class type.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	558	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	559	* @param string $classType
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	560	* @return string
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	561	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	562	protected function getSelectClassIdSql($classType)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	563	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	564	return sprintf(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	565	'SELECT id FROM %s WHERE class_type = %s',
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	566	$this->options['class_table_name'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	567	$this->connection->quote($classType)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	568	);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	569	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	570
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	571	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	572	* Constructs the SQL for selecting the primary key of a security identity.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	573	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	574	* @param SecurityIdentityInterface $sid
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	575	* @throws \InvalidArgumentException
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	576	* @return string
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	577	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	578	protected function getSelectSecurityIdentityIdSql(SecurityIdentityInterface $sid)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	579	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	580	if ($sid instanceof UserSecurityIdentity) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	581	$identifier = $sid->getClass().'-'.$sid->getUsername();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	582	$username = true;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	583	} else if ($sid instanceof RoleSecurityIdentity) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	584	$identifier = $sid->getRole();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	585	$username = false;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	586	} else {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	587	throw new \InvalidArgumentException('$sid must either be an instance of UserSecurityIdentity, or RoleSecurityIdentity.');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	588	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	589
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	590	return sprintf(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	591	'SELECT id FROM %s WHERE identifier = %s AND username = %s',
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	592	$this->options['sid_table_name'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	593	$this->connection->quote($identifier),
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	594	$this->connection->getDatabasePlatform()->convertBooleans($username)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	595	);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	596	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	597
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	598	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	599	* Constructs the SQL for updating an object identity.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	600	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	601	* @param integer $pk
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	602	* @param array $changes
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	603	* @throws \InvalidArgumentException
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	604	* @return string
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	605	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	606	protected function getUpdateObjectIdentitySql($pk, array $changes)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	607	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	608	if (0 === count($changes)) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	609	throw new \InvalidArgumentException('There are no changes.');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	610	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	611
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	612	return sprintf(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	613	'UPDATE %s SET %s WHERE id = %d',
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	614	$this->options['oid_table_name'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	615	implode(', ', $changes),
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	616	$pk
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	617	);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	618	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	619
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	620	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	621	* Constructs the SQL for updating an ACE.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	622	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	623	* @param integer $pk
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	624	* @param array $sets
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	625	* @throws \InvalidArgumentException
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	626	* @return string
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	627	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	628	protected function getUpdateAccessControlEntrySql($pk, array $sets)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	629	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	630	if (0 === count($sets)) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	631	throw new \InvalidArgumentException('There are no changes.');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	632	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	633
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	634	return sprintf(
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	635	'UPDATE %s SET %s WHERE id = %d',
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	636	$this->options['entry_table_name'],
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	637	implode(', ', $sets),
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	638	$pk
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	639	);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	640	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	641
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	642	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	643	* Creates the ACL for the passed object identity
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	644	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	645	* @param ObjectIdentityInterface $oid
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	646	* @return void
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	647	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	648	private function createObjectIdentity(ObjectIdentityInterface $oid)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	649	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	650	$classId = $this->createOrRetrieveClassId($oid->getType());
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	651
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	652	$this->connection->executeQuery($this->getInsertObjectIdentitySql($oid->getIdentifier(), $classId, true));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	653	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	654
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	655	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	656	* Returns the primary key for the passed class type.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	657	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	658	* If the type does not yet exist in the database, it will be created.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	659	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	660	* @param string $classType
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	661	* @return integer
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	662	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	663	private function createOrRetrieveClassId($classType)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	664	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	665	if (false !== $id = $this->connection->executeQuery($this->getSelectClassIdSql($classType))->fetchColumn()) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	666	return $id;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	667	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	668
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	669	$this->connection->executeQuery($this->getInsertClassSql($classType));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	670
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	671	return $this->connection->executeQuery($this->getSelectClassIdSql($classType))->fetchColumn();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	672	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	673
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	674	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	675	* Returns the primary key for the passed security identity.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	676	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	677	* If the security identity does not yet exist in the database, it will be
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	678	* created.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	679	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	680	* @param SecurityIdentityInterface $sid
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	681	* @return integer
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	682	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	683	private function createOrRetrieveSecurityIdentityId(SecurityIdentityInterface $sid)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	684	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	685	if (false !== $id = $this->connection->executeQuery($this->getSelectSecurityIdentityIdSql($sid))->fetchColumn()) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	686	return $id;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	687	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	688
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	689	$this->connection->executeQuery($this->getInsertSecurityIdentitySql($sid));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	690
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	691	return $this->connection->executeQuery($this->getSelectSecurityIdentityIdSql($sid))->fetchColumn();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	692	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	693
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	694	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	695	* Deletes all ACEs for the given object identity primary key.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	696	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	697	* @param integer $oidPK
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	698	* @return void
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	699	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	700	private function deleteAccessControlEntries($oidPK)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	701	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	702	$this->connection->executeQuery($this->getDeleteAccessControlEntriesSql($oidPK));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	703	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	704
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	705	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	706	* Deletes the object identity from the database.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	707	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	708	* @param integer $pk
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	709	* @return void
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	710	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	711	private function deleteObjectIdentity($pk)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	712	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	713	$this->connection->executeQuery($this->getDeleteObjectIdentitySql($pk));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	714	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	715
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	716	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	717	* Deletes all entries from the relations table from the database.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	718	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	719	* @param integer $pk
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	720	* @return void
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	721	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	722	private function deleteObjectIdentityRelations($pk)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	723	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	724	$this->connection->executeQuery($this->getDeleteObjectIdentityRelationsSql($pk));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	725	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	726
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	727	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	728	* This regenerates the ancestor table which is used for fast read access.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	729	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	730	* @param AclInterface $acl
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	731	* @return void
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	732	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	733	private function regenerateAncestorRelations(AclInterface $acl)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	734	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	735	$pk = $acl->getId();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	736	$this->connection->executeQuery($this->getDeleteObjectIdentityRelationsSql($pk));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	737	$this->connection->executeQuery($this->getInsertObjectIdentityRelationSql($pk, $pk));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	738
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	739	$parentAcl = $acl->getParentAcl();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	740	while (null !== $parentAcl) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	741	$this->connection->executeQuery($this->getInsertObjectIdentityRelationSql($pk, $parentAcl->getId()));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	742
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	743	$parentAcl = $parentAcl->getParentAcl();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	744	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	745	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	746
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	747	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	748	* This processes changes on an ACE related property (classFieldAces, or objectFieldAces).
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	749	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	750	* @param string $name
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	751	* @param array $changes
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	752	* @return void
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	753	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	754	private function updateFieldAceProperty($name, array $changes)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	755	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	756	$sids = new \SplObjectStorage();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	757	$classIds = new \SplObjectStorage();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	758	$currentIds = array();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	759	foreach ($changes[1] as $field => $new) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	760	for ($i=0,$c=count($new); $i<$c; $i++) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	761	$ace = $new[$i];
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	762
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	763	if (null === $ace->getId()) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	764	if ($sids->contains($ace->getSecurityIdentity())) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	765	$sid = $sids->offsetGet($ace->getSecurityIdentity());
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	766	} else {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	767	$sid = $this->createOrRetrieveSecurityIdentityId($ace->getSecurityIdentity());
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	768	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	769
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	770	$oid = $ace->getAcl()->getObjectIdentity();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	771	if ($classIds->contains($oid)) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	772	$classId = $classIds->offsetGet($oid);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	773	} else {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	774	$classId = $this->createOrRetrieveClassId($oid->getType());
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	775	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	776
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	777	$objectIdentityId = $name === 'classFieldAces' ? null : $ace->getAcl()->getId();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	778
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	779	$this->connection->executeQuery($this->getInsertAccessControlEntrySql($classId, $objectIdentityId, $field, $i, $sid, $ace->getStrategy(), $ace->getMask(), $ace->isGranting(), $ace->isAuditSuccess(), $ace->isAuditFailure()));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	780	$aceId = $this->connection->executeQuery($this->getSelectAccessControlEntryIdSql($classId, $objectIdentityId, $field, $i))->fetchColumn();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	781	$this->loadedAces[$aceId] = $ace;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	782
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	783	$aceIdProperty = new \ReflectionProperty('Symfony\Component\Security\Acl\Domain\Entry', 'id');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	784	$aceIdProperty->setAccessible(true);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	785	$aceIdProperty->setValue($ace, intval($aceId));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	786	} else {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	787	$currentIds[$ace->getId()] = true;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	788	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	789	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	790	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	791
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	792	foreach ($changes[0] as $old) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	793	for ($i=0,$c=count($old); $i<$c; $i++) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	794	$ace = $old[$i];
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	795
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	796	if (!isset($currentIds[$ace->getId()])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	797	$this->connection->executeQuery($this->getDeleteAccessControlEntrySql($ace->getId()));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	798	unset($this->loadedAces[$ace->getId()]);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	799	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	800	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	801	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	802	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	803
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	804	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	805	* This processes changes on an ACE related property (classAces, or objectAces).
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	806	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	807	* @param string $name
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	808	* @param array $changes
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	809	* @return void
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	810	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	811	private function updateAceProperty($name, array $changes)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	812	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	813	list($old, $new) = $changes;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	814
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	815	$sids = new \SplObjectStorage();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	816	$classIds = new \SplObjectStorage();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	817	$currentIds = array();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	818	for ($i=0,$c=count($new); $i<$c; $i++) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	819	$ace = $new[$i];
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	820
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	821	if (null === $ace->getId()) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	822	if ($sids->contains($ace->getSecurityIdentity())) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	823	$sid = $sids->offsetGet($ace->getSecurityIdentity());
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	824	} else {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	825	$sid = $this->createOrRetrieveSecurityIdentityId($ace->getSecurityIdentity());
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	826	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	827
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	828	$oid = $ace->getAcl()->getObjectIdentity();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	829	if ($classIds->contains($oid)) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	830	$classId = $classIds->offsetGet($oid);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	831	} else {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	832	$classId = $this->createOrRetrieveClassId($oid->getType());
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	833	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	834
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	835	$objectIdentityId = $name === 'classAces' ? null : $ace->getAcl()->getId();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	836
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	837	$this->connection->executeQuery($this->getInsertAccessControlEntrySql($classId, $objectIdentityId, null, $i, $sid, $ace->getStrategy(), $ace->getMask(), $ace->isGranting(), $ace->isAuditSuccess(), $ace->isAuditFailure()));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	838	$aceId = $this->connection->executeQuery($this->getSelectAccessControlEntryIdSql($classId, $objectIdentityId, null, $i))->fetchColumn();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	839	$this->loadedAces[$aceId] = $ace;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	840
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	841	$aceIdProperty = new \ReflectionProperty($ace, 'id');
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	842	$aceIdProperty->setAccessible(true);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	843	$aceIdProperty->setValue($ace, intval($aceId));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	844	} else {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	845	$currentIds[$ace->getId()] = true;
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	846	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	847	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	848
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	849	for ($i=0,$c=count($old); $i<$c; $i++) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	850	$ace = $old[$i];
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	851
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	852	if (!isset($currentIds[$ace->getId()])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	853	$this->connection->executeQuery($this->getDeleteAccessControlEntrySql($ace->getId()));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	854	unset($this->loadedAces[$ace->getId()]);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	855	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	856	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	857	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	858
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	859	/**
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	860	* Persists the changes which were made to ACEs to the database.
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	861	*
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	862	* @param \SplObjectStorage $aces
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	863	* @return void
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	864	*/
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	865	private function updateAces(\SplObjectStorage $aces)
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	866	{
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	867	foreach ($aces as $ace) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	868	$propertyChanges = $aces->offsetGet($ace);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	869	$sets = array();
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	870
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	871	if (isset($propertyChanges['mask'])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	872	$sets[] = sprintf('mask = %d', $propertyChanges['mask'][1]);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	873	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	874	if (isset($propertyChanges['strategy'])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	875	$sets[] = sprintf('granting_strategy = %s', $this->connection->quote($propertyChanges['strategy']));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	876	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	877	if (isset($propertyChanges['aceOrder'])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	878	$sets[] = sprintf('ace_order = %d', $propertyChanges['aceOrder'][1]);
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	879	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	880	if (isset($propertyChanges['auditSuccess'])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	881	$sets[] = sprintf('audit_success = %s', $this->connection->getDatabasePlatform()->convertBooleans($propertyChanges['auditSuccess'][1]));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	882	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	883	if (isset($propertyChanges['auditFailure'])) {
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	884	$sets[] = sprintf('audit_failure = %s', $this->connection->getDatabasePlatform()->convertBooleans($propertyChanges['auditFailure'][1]));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	885	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	886
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	887	$this->connection->executeQuery($this->getUpdateAccessControlEntrySql($ace->getId(), $sets));
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	888	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	889	}
7f95f8617b0b first commit ymh <ymh.work@gmail.com> parents: diff changeset	890	}

author	ymh <ymh.work@gmail.com>
	Sat, 24 Sep 2011 15:40:41 +0200
changeset 0	7f95f8617b0b
permissions	-rwxr-xr-x