2 files changed, 66 insertions, 0 deletions

diff --git a/Acl/Dbal/MutableAclProvider.php b/Acl/Dbal/MutableAclProvider.php
index e857c68..54bef68 100644
--- a/Acl/Dbal/MutableAclProvider.php
+++ b/Acl/Dbal/MutableAclProvider.php
@@ -352,6 +352,17 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf
     }
 
     /**
+     * Updates a user security identity when the user's username changes
+     *
+     * @param UserSecurityIdentity $usid
+     * @param string $oldUsername
+     */
+    public function updateUserSecurityIdentity(UserSecurityIdentity $usid, $oldUsername)
+    {
+        $this->connection->executeQuery($this->getUpdateUserSecurityIdentitySql($usid, $oldUsername));
+    }
+
+    /**
      * Constructs the SQL for deleting access control entries.
      *
      * @param integer $oidPK
@@ -634,6 +645,31 @@ QUERY;
     }
 
     /**
+     * Constructs the SQL for updating a user security identity.
+     *
+     * @param UserSecurityIdentity $usid
+     * @param string $oldUsername
+     * @return string
+     */
+    protected function getUpdateUserSecurityIdentitySql(UserSecurityIdentity $usid, $oldUsername)
+    {
+        if ($usid->getUsername() == $oldUsername) {
+            throw new \InvalidArgumentException('There are no changes.');
+        }
+
+        $oldIdentifier = $usid->getClass().'-'.$oldUsername;
+        $newIdentifier = $usid->getClass().'-'.$usid->getUsername();
+
+        return sprintf(
+            'UPDATE %s SET identifier = %s WHERE identifier = %s AND username = %s',
+            $this->options['sid_table_name'],
+            $this->connection->quote($newIdentifier),
+            $this->connection->quote($oldIdentifier),
+            $this->connection->getDatabasePlatform()->convertBooleans(true)
+        );
+    }
+
+    /**
      * Constructs the SQL for updating an ACE.
      *
      * @param integer $pk
diff --git a/Acl/Tests/Dbal/MutableAclProviderTest.php b/Acl/Tests/Dbal/MutableAclProviderTest.php
index 440f69c..8c920cf 100644
--- a/Acl/Tests/Dbal/MutableAclProviderTest.php
+++ b/Acl/Tests/Dbal/MutableAclProviderTest.php
@@ -407,6 +407,36 @@ class MutableAclProviderTest extends \PHPUnit_Framework_TestCase
         $provider->updateAcl($acl);
     }
 
+    public function testUpdateUserSecurityIdentity()
+    {
+        $provider = $this->getProvider();
+        $acl = $provider->createAcl(new ObjectIdentity(1, 'Foo'));
+        $sid = new UserSecurityIdentity('johannes', 'FooClass');
+        $acl->setEntriesInheriting(!$acl->isEntriesInheriting());
+
+        $acl->insertObjectAce($sid, 1);
+        $acl->insertClassAce($sid, 5, 0, false);
+        $acl->insertObjectAce($sid, 2, 1, true);
+        $acl->insertClassFieldAce('field', $sid, 2, 0, true);
+        $provider->updateAcl($acl);
+
+        $newSid = new UserSecurityIdentity('mathieu', 'FooClass');
+        $provider->updateUserSecurityIdentity($newSid, 'johannes');
+
+        $reloadProvider = $this->getProvider();
+        $reloadedAcl = $reloadProvider->findAcl(new ObjectIdentity(1, 'Foo'));
+
+        $this->assertNotSame($acl, $reloadedAcl);
+        $this->assertSame($acl->isEntriesInheriting(), $reloadedAcl->isEntriesInheriting());
+
+        $aces = $acl->getObjectAces();
+        $reloadedAces = $reloadedAcl->getObjectAces();
+        $this->assertEquals(count($aces), count($reloadedAces));
+        foreach ($reloadedAces as $ace) {
+            $this->assertTrue($ace->getSecurityIdentity()->equals($newSid));
+        }
+    }
+
     /**
      * Data must have the following format:
      * array(