TomaHost/Chamilo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Actualización

Browse Source
This commit is contained in:
Xes
2025-04-10 12:24:57 +02:00
parent 8969cc929d
commit 45420b6f0d
39760 changed files with 4303286 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
vendor/sonata-project/admin-bundle/Security/Acl/Permission/AdminPermissionMap.php vendored Normal file
View File

@@ -0,0 +1,129 @@
<?php
/*
* This file is part of the Sonata Project package.
*
* (c) Thomas Rabaix <thomas.rabaix@sonata-project.org>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Sonata\AdminBundle\Security\Acl\Permission;
use Symfony\Component\Security\Acl\Permission\PermissionMapInterface;
/**
* This is basic permission map complements the masks which have been defined
* on the standard implementation of the MaskBuilder.
*
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
* @author Thomas Rabaix <thomas.rabaix@gmail.com>
*/
class AdminPermissionMap implements PermissionMapInterface
{
const PERMISSION_VIEW = 'VIEW';
const PERMISSION_EDIT = 'EDIT';
const PERMISSION_CREATE = 'CREATE';
const PERMISSION_DELETE = 'DELETE';
const PERMISSION_UNDELETE = 'UNDELETE';
const PERMISSION_LIST = 'LIST';
const PERMISSION_EXPORT = 'EXPORT';
const PERMISSION_OPERATOR = 'OPERATOR';
const PERMISSION_MASTER = 'MASTER';
const PERMISSION_OWNER = 'OWNER';
/**
* Map each permission to the permissions it should grant access for
* fe. grant access for the view permission if the user has the edit permission.
*
* @var array
*/
private $map = [
self::PERMISSION_VIEW => [
MaskBuilder::MASK_VIEW,
MaskBuilder::MASK_LIST,
MaskBuilder::MASK_EDIT,
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
],
self::PERMISSION_EDIT => [
MaskBuilder::MASK_EDIT,
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
],
self::PERMISSION_CREATE => [
MaskBuilder::MASK_CREATE,
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
],
self::PERMISSION_DELETE => [
MaskBuilder::MASK_DELETE,
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
],
self::PERMISSION_UNDELETE => [
MaskBuilder::MASK_UNDELETE,
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
],
self::PERMISSION_LIST => [
MaskBuilder::MASK_LIST,
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
],
self::PERMISSION_EXPORT => [
MaskBuilder::MASK_EXPORT,
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
],
self::PERMISSION_OPERATOR => [
MaskBuilder::MASK_OPERATOR,
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
],
self::PERMISSION_MASTER => [
MaskBuilder::MASK_MASTER,
MaskBuilder::MASK_OWNER,
],
self::PERMISSION_OWNER => [
MaskBuilder::MASK_OWNER,
],
];
/**
* {@inheritdoc}
*/
public function getMasks($permission, $object)
{
if (!isset($this->map[$permission])) {
return;
}
return $this->map[$permission];
}
/**
* {@inheritdoc}
*/
public function contains($permission)
{
return isset($this->map[$permission]);
}
}

27
vendor/sonata-project/admin-bundle/Security/Acl/Permission/MaskBuilder.php vendored Normal file
View File

@@ -0,0 +1,27 @@
<?php
/*
* This file is part of the Sonata Project package.
*
* (c) Thomas Rabaix <thomas.rabaix@sonata-project.org>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Sonata\AdminBundle\Security\Acl\Permission;
use Symfony\Component\Security\Acl\Permission\MaskBuilder as BaseMaskBuilder;
/**
* {@inheritdoc}
* - LIST: the SID is allowed to view a list of the domain objects / fields.
*/
class MaskBuilder extends BaseMaskBuilder
{
const MASK_LIST = 4096; // 1 << 12
const MASK_EXPORT = 8192; // 1 << 13
const CODE_LIST = 'L';
const CODE_EXPORT = 'E';
}

319
vendor/sonata-project/admin-bundle/Security/Handler/AclSecurityHandler.php vendored Normal file
View File

@@ -0,0 +1,319 @@
<?php
/*
* This file is part of the Sonata Project package.
*
* (c) Thomas Rabaix <thomas.rabaix@sonata-project.org>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Sonata\AdminBundle\Security\Handler;
use Sonata\AdminBundle\Admin\AdminInterface;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity;
use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity;
use Symfony\Component\Security\Acl\Exception\AclNotFoundException;
use Symfony\Component\Security\Acl\Exception\NotAllAclsFoundException;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\MutableAclProviderInterface;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
use Symfony\Component\Security\Core\SecurityContextInterface;
/**
* @author Thomas Rabaix <thomas.rabaix@sonata-project.org>
*/
class AclSecurityHandler implements AclSecurityHandlerInterface
{
/**
* @var TokenStorageInterface|SecurityContextInterface
*/
protected $tokenStorage;
/**
* @var AuthorizationCheckerInterface|SecurityContextInterface
*/
protected $authorizationChecker;
/**
* @var MutableAclProviderInterface
*/
protected $aclProvider;
/**
* @var array
*/
protected $superAdminRoles;
/**
* @var array
*/
protected $adminPermissions;
/**
* @var array
*/
protected $objectPermissions;
/**
* @var string
*/
protected $maskBuilderClass;
/**
* NEXT_MAJOR: Go back to signature class check when bumping requirements to SF 2.6+.
*
* @param TokenStorageInterface|SecurityContextInterface $tokenStorage
* @param TokenStorageInterface|SecurityContextInterface $authorizationChecker
* @param MutableAclProviderInterface $aclProvider
* @param string $maskBuilderClass
* @param array $superAdminRoles
*/
public function __construct($tokenStorage, $authorizationChecker, MutableAclProviderInterface $aclProvider, $maskBuilderClass, array $superAdminRoles)
{
if (!$tokenStorage instanceof TokenStorageInterface && !$tokenStorage instanceof SecurityContextInterface) {
throw new \InvalidArgumentException('Argument 1 should be an instance of Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface or Symfony\Component\Security\Core\SecurityContextInterface');
}
if (!$authorizationChecker instanceof AuthorizationCheckerInterface && !$authorizationChecker instanceof SecurityContextInterface) {
throw new \InvalidArgumentException('Argument 2 should be an instance of Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface or Symfony\Component\Security\Core\SecurityContextInterface');
}
$this->tokenStorage = $tokenStorage;
$this->authorizationChecker = $authorizationChecker;
$this->aclProvider = $aclProvider;
$this->maskBuilderClass = $maskBuilderClass;
$this->superAdminRoles = $superAdminRoles;
}
/**
* {@inheritdoc}
*/
public function setAdminPermissions(array $permissions)
{
$this->adminPermissions = $permissions;
}
/**
* {@inheritdoc}
*/
public function getAdminPermissions()
{
return $this->adminPermissions;
}
/**
* {@inheritdoc}
*/
public function setObjectPermissions(array $permissions)
{
$this->objectPermissions = $permissions;
}
/**
* {@inheritdoc}
*/
public function getObjectPermissions()
{
return $this->objectPermissions;
}
/**
* {@inheritdoc}
*/
public function isGranted(AdminInterface $admin, $attributes, $object = null)
{
if (!is_array($attributes)) {
$attributes = [$attributes];
}
try {
return $this->authorizationChecker->isGranted($this->superAdminRoles) || $this->authorizationChecker->isGranted($attributes, $object);
} catch (AuthenticationCredentialsNotFoundException $e) {
return false;
}
}
/**
* {@inheritdoc}
*/
public function getBaseRole(AdminInterface $admin)
{
return 'ROLE_'.str_replace('.', '_', strtoupper($admin->getCode())).'_%s';
}
/**
* {@inheritdoc}
*/
public function buildSecurityInformation(AdminInterface $admin)
{
$baseRole = $this->getBaseRole($admin);
$results = [];
foreach ($admin->getSecurityInformation() as $role => $permissions) {
$results[sprintf($baseRole, $role)] = $permissions;
}
return $results;
}
/**
* {@inheritdoc}
*/
public function createObjectSecurity(AdminInterface $admin, $object)
{
// retrieving the ACL for the object identity
$objectIdentity = ObjectIdentity::fromDomainObject($object);
$acl = $this->getObjectAcl($objectIdentity);
if (is_null($acl)) {
$acl = $this->createAcl($objectIdentity);
}
// retrieving the security identity of the currently logged-in user
$user = $this->tokenStorage->getToken()->getUser();
$securityIdentity = UserSecurityIdentity::fromAccount($user);
$this->addObjectOwner($acl, $securityIdentity);
$this->addObjectClassAces($acl, $this->buildSecurityInformation($admin));
$this->updateAcl($acl);
}
/**
* {@inheritdoc}
*/
public function deleteObjectSecurity(AdminInterface $admin, $object)
{
$objectIdentity = ObjectIdentity::fromDomainObject($object);
$this->deleteAcl($objectIdentity);
}
/**
* {@inheritdoc}
*/
public function getObjectAcl(ObjectIdentityInterface $objectIdentity)
{
try {
$acl = $this->aclProvider->findAcl($objectIdentity);
} catch (AclNotFoundException $e) {
return;
}
return $acl;
}
/**
* {@inheritdoc}
*/
public function findObjectAcls(\Traversable $oids, array $sids = [])
{
try {
$acls = $this->aclProvider->findAcls(iterator_to_array($oids), $sids);
} catch (NotAllAclsFoundException $e) {
$acls = $e->getPartialResult();
} catch (AclNotFoundException $e) { // if only one oid, this error is thrown
$acls = new \SplObjectStorage();
}
return $acls;
}
/**
* {@inheritdoc}
*/
public function addObjectOwner(AclInterface $acl, UserSecurityIdentity $securityIdentity = null)
{
if (false === $this->findClassAceIndexByUsername($acl, $securityIdentity->getUsername())) {
// only add if not already exists
$acl->insertObjectAce($securityIdentity, constant("$this->maskBuilderClass::MASK_OWNER"));
}
}
/**
* {@inheritdoc}
*/
public function addObjectClassAces(AclInterface $acl, array $roleInformation = [])
{
$builder = new $this->maskBuilderClass();
foreach ($roleInformation as $role => $permissions) {
$aceIndex = $this->findClassAceIndexByRole($acl, $role);
$hasRole = false;
foreach ($permissions as $permission) {
// add only the object permissions
if (in_array($permission, $this->getObjectPermissions())) {
$builder->add($permission);
$hasRole = true;
}
}
if ($hasRole) {
if ($aceIndex === false) {
$acl->insertClassAce(new RoleSecurityIdentity($role), $builder->get());
} else {
$acl->updateClassAce($aceIndex, $builder->get());
}
$builder->reset();
} elseif ($aceIndex !== false) {
$acl->deleteClassAce($aceIndex);
}
}
}
/**
* {@inheritdoc}
*/
public function createAcl(ObjectIdentityInterface $objectIdentity)
{
return $this->aclProvider->createAcl($objectIdentity);
}
/**
* {@inheritdoc}
*/
public function updateAcl(AclInterface $acl)
{
$this->aclProvider->updateAcl($acl);
}
/**
* {@inheritdoc}
*/
public function deleteAcl(ObjectIdentityInterface $objectIdentity)
{
$this->aclProvider->deleteAcl($objectIdentity);
}
/**
* {@inheritdoc}
*/
public function findClassAceIndexByRole(AclInterface $acl, $role)
{
foreach ($acl->getClassAces() as $index => $entry) {
if ($entry->getSecurityIdentity() instanceof RoleSecurityIdentity && $entry->getSecurityIdentity()->getRole() === $role) {
return $index;
}
}
return false;
}
/**
* {@inheritdoc}
*/
public function findClassAceIndexByUsername(AclInterface $acl, $username)
{
foreach ($acl->getClassAces() as $index => $entry) {
if ($entry->getSecurityIdentity() instanceof UserSecurityIdentity && $entry->getSecurityIdentity()->getUsername() === $username) {
return $index;
}
}
return false;
}
}

150
vendor/sonata-project/admin-bundle/Security/Handler/AclSecurityHandlerInterface.php vendored Normal file
View File

@@ -0,0 +1,150 @@
<?php
/*
* This file is part of the Sonata Project package.
*
* (c) Thomas Rabaix <thomas.rabaix@sonata-project.org>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Sonata\AdminBundle\Security\Handler;
use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity;
use Symfony\Component\Security\Acl\Model\AclInterface;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
/**
* @author Thomas Rabaix <thomas.rabaix@sonata-project.org>
*/
interface AclSecurityHandlerInterface extends SecurityHandlerInterface
{
/**
* Set the permissions not related to an object instance and also to be available when objects do not exist.
*
* @abstract
*
* @param array $permissions
*/
public function setAdminPermissions(array $permissions);
/**
* Return the permissions not related to an object instance and also to be available when objects do not exist.
*
* @abstract
*
* @return array
*/
public function getAdminPermissions();
/**
* Set the permissions related to an object instance.
*
* @abstract
*
* @param array $permissions
*/
public function setObjectPermissions(array $permissions);
/**
* Return the permissions related to an object instance.
*
* @abstract
*
* @return array
*/
public function getObjectPermissions();
/**
* Get the ACL for the passed object identity.
*
* @abstract
*
* @param ObjectIdentityInterface $objectIdentity
*
* @return null|AclInterface or NULL if not found
*/
public function getObjectAcl(ObjectIdentityInterface $objectIdentity);
/**
* Find the ACLs for the passed object identities.
*
* @abstract
*
* @param \Traversable $oids a collection of ObjectIdentityInterface implementations
* @param array $sids an array of SecurityIdentityInterface implementations
*
* @throws \Exception
*
* @return \SplObjectStorage mapping the passed object identities to ACLs
*/
public function findObjectAcls(\Traversable $oids, array $sids = []);
/**
* Add an object owner ACE to the object ACL.
*
* @abstract
*
* @param AclInterface $acl
* @param UserSecurityIdentity $securityIdentity
*/
public function addObjectOwner(AclInterface $acl, UserSecurityIdentity $securityIdentity = null);
/**
* Add the object class ACE's to the object ACL.
*
* @param AclInterface $acl
* @param array $roleInformation
*/
public function addObjectClassAces(AclInterface $acl, array $roleInformation = []);
/**
* Create an object ACL.
*
* @abstract
*
* @param ObjectIdentityInterface $objectIdentity
*
* @return AclInterface
*/
public function createAcl(ObjectIdentityInterface $objectIdentity);
/**
* Update the ACL.
*
* @abstract
*
* @param AclInterface $acl
*/
public function updateAcl(AclInterface $acl);
/**
* Delete the ACL.
*
* @abstract
*
* @param ObjectIdentityInterface $objectIdentity
*/
public function deleteAcl(ObjectIdentityInterface $objectIdentity);
/**
* Helper method to find the index of a class ACE for a role.
*
* @param AclInterface $acl
* @param string $role
*
* @return mixed index if found, FALSE if not found
*/
public function findClassAceIndexByRole(AclInterface $acl, $role);
/**
* Helper method to find the index of a class ACE for a username.
*
* @param AclInterface $acl
* @param string $username
*
* @return mixed index if found, FALSE if not found
*/
public function findClassAceIndexByUsername(AclInterface $acl, $username);
}

58
vendor/sonata-project/admin-bundle/Security/Handler/NoopSecurityHandler.php vendored Normal file
View File

@@ -0,0 +1,58 @@
<?php
/*
* This file is part of the Sonata Project package.
*
* (c) Thomas Rabaix <thomas.rabaix@sonata-project.org>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Sonata\AdminBundle\Security\Handler;
use Sonata\AdminBundle\Admin\AdminInterface;
/**
* @author Thomas Rabaix <thomas.rabaix@sonata-project.org>
*/
class NoopSecurityHandler implements SecurityHandlerInterface
{
/**
* {@inheritdoc}
*/
public function isGranted(AdminInterface $admin, $attributes, $object = null)
{
return true;
}
/**
* {@inheritdoc}
*/
public function getBaseRole(AdminInterface $admin)
{
return '';
}
/**
* {@inheritdoc}
*/
public function buildSecurityInformation(AdminInterface $admin)
{
return [];
}
/**
* {@inheritdoc}
*/
public function createObjectSecurity(AdminInterface $admin, $object)
{
}
/**
* {@inheritdoc}
*/
public function deleteObjectSecurity(AdminInterface $admin, $object)
{
}
}

103
vendor/sonata-project/admin-bundle/Security/Handler/RoleSecurityHandler.php vendored Normal file
View File

@@ -0,0 +1,103 @@
<?php
/*
* This file is part of the Sonata Project package.
*
* (c) Thomas Rabaix <thomas.rabaix@sonata-project.org>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Sonata\AdminBundle\Security\Handler;
use Sonata\AdminBundle\Admin\AdminInterface;
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
use Symfony\Component\Security\Core\SecurityContextInterface;
/**
* @author Thomas Rabaix <thomas.rabaix@sonata-project.org>
*/
class RoleSecurityHandler implements SecurityHandlerInterface
{
/**
* @var AuthorizationCheckerInterface|SecurityContextInterface
*/
protected $authorizationChecker;
/**
* @var array
*/
protected $superAdminRoles;
/**
* NEXT_MAJOR: Go back to signature class check when bumping requirements to SF 2.6+.
*
* @param AuthorizationCheckerInterface|SecurityContextInterface $authorizationChecker
* @param array $superAdminRoles
*/
public function __construct($authorizationChecker, array $superAdminRoles)
{
if (!$authorizationChecker instanceof AuthorizationCheckerInterface && !$authorizationChecker instanceof SecurityContextInterface) {
throw new \InvalidArgumentException('Argument 1 should be an instance of Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface or Symfony\Component\Security\Core\SecurityContextInterface');
}
$this->authorizationChecker = $authorizationChecker;
$this->superAdminRoles = $superAdminRoles;
}
/**
* {@inheritdoc}
*/
public function isGranted(AdminInterface $admin, $attributes, $object = null)
{
if (!is_array($attributes)) {
$attributes = [$attributes];
}
foreach ($attributes as $pos => $attribute) {
$attributes[$pos] = sprintf($this->getBaseRole($admin), $attribute);
}
$allRole = sprintf($this->getBaseRole($admin), 'ALL');
try {
return $this->authorizationChecker->isGranted($this->superAdminRoles)
|| $this->authorizationChecker->isGranted($attributes, $object)
|| $this->authorizationChecker->isGranted([$allRole], $object);
} catch (AuthenticationCredentialsNotFoundException $e) {
return false;
}
}
/**
* {@inheritdoc}
*/
public function getBaseRole(AdminInterface $admin)
{
return 'ROLE_'.str_replace('.', '_', strtoupper($admin->getCode())).'_%s';
}
/**
* {@inheritdoc}
*/
public function buildSecurityInformation(AdminInterface $admin)
{
return [];
}
/**
* {@inheritdoc}
*/
public function createObjectSecurity(AdminInterface $admin, $object)
{
}
/**
* {@inheritdoc}
*/
public function deleteObjectSecurity(AdminInterface $admin, $object)
{
}
}

59
vendor/sonata-project/admin-bundle/Security/Handler/SecurityHandlerInterface.php vendored Normal file
View File

@@ -0,0 +1,59 @@
<?php
/*
* This file is part of the Sonata Project package.
*
* (c) Thomas Rabaix <thomas.rabaix@sonata-project.org>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Sonata\AdminBundle\Security\Handler;
use Sonata\AdminBundle\Admin\AdminInterface;
/**
* @author Thomas Rabaix <thomas.rabaix@sonata-project.org>
*/
interface SecurityHandlerInterface
{
/**
* @param AdminInterface $admin
* @param string|array $attributes
* @param null $object
*
* @return bool
*/
public function isGranted(AdminInterface $admin, $attributes, $object = null);
/**
* Get a sprintf template to get the role.
*
* @param AdminInterface $admin
*
* @return string
*/
public function getBaseRole(AdminInterface $admin);
/**
* @param AdminInterface $admin
*/
public function buildSecurityInformation(AdminInterface $admin);
/**
* Create object security, fe. make the current user owner of the object.
*
* @param AdminInterface $admin
* @param mixed $object
*/
public function createObjectSecurity(AdminInterface $admin, $object);
/**
* Remove object security.
*
* @param AdminInterface $admin
* @param mixed $object
*/
public function deleteObjectSecurity(AdminInterface $admin, $object);
}