我想更新以前编写的(或插入新的,如果不存在)ACL。我想做的不是工作:
public function upgradeUser(User $user, Model $model)
{
$acl = null;
$objectIdentity = ObjectIdentity::fromDomainObject($model);
$securityIdentity= UserSecurityIdentity::fromAccount($user);
try {
$acl = $this->aclProvider->findAcl($objectIdentity);
/** @var Entry[] $aces */
$aces = $acl->getObjectAces();
foreach($aces as $i => $ace) {
if ($securityIdentity->equals($securityIdentity)) {
$acl->updateObjectAce($i, $ace->getMask() & MaskBuilder::MASK_OPERATOR);
}
}
} catch (AclNotFoundException $e) {
$acl = $this->aclProvider->createAcl($objectIdentity);
$acl->insertObjectAce($securityIdentity, MaskBuilder::MASK_OPERATOR);
}
$this->aclProvider->updateAcl($acl);
}
答案 0 :(得分:0)
问题是因为错误"插入"处理。解决方案是在找不到更新的对象时使用InserObjectAcl方法:
protected function addMask(SecurityIdentityInterface $securityIdentity, $mask, $acl, $appendMask = true)
{
// flag to determine if mask was really updated or not
$isUpdated = false;
// go throw all aces and try to find current user's ace
foreach ($acl->getObjectAces() as $ace) {
if (!($ace instanceof Entry) || !$ace->getSecurityIdentity()->equals($securityIdentity))
continue;
$maskBuilder = new MaskBuilder($appendMask ? $ace->getMask() : 0);
$maskBuilder->add($mask);
$ace->setMask($maskBuilder->get());
$isUpdated = true;
break;
}
// in the case if object was not found in aces for this user, insert a new ace
if ($isUpdated === false)
$acl->insertObjectAce($securityIdentity, $mask);
}