7 files changed, 140 insertions, 35 deletions

diff --git a/Acl/Dbal/AclProvider.php b/Acl/Dbal/AclProvider.php
index 5d45655..b4791fa 100644
--- a/Acl/Dbal/AclProvider.php
+++ b/Acl/Dbal/AclProvider.php
@@ -165,13 +165,13 @@ class AclProvider implements AclProviderInterface
             if ((self::MAX_BATCH_SIZE === count($currentBatch) || ($i + 1) === $c) && count($currentBatch) > 0) {
                 try {
                     $loadedBatch = $this->lookupObjectIdentities($currentBatch, $sids, $oidLookup);
-                } catch (AclNotFoundException $aclNotFoundexception) {
+                } catch (AclNotFoundException $aclNotFoundException) {
                     if ($result->count()) {
                         $partialResultException = new NotAllAclsFoundException('The provider could not find ACLs for all object identities.');
                         $partialResultException->setPartialResult($result);
                         throw $partialResultException;
                     } else {
-                        throw $aclNotFoundexception;
+                        throw $aclNotFoundException;
                     }
                 }
                 foreach ($loadedBatch as $loadedOid) {
diff --git a/Acl/Dbal/MutableAclProvider.php b/Acl/Dbal/MutableAclProvider.php
index 29d3cfd..e4b2a75 100644
--- a/Acl/Dbal/MutableAclProvider.php
+++ b/Acl/Dbal/MutableAclProvider.php
@@ -109,6 +109,18 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf
     }
 
     /**
+     * Deletes the security identity from the database.
+     * ACL entries have the CASCADE option on their foreign key so they will also get deleted
+     *
+     * @param SecurityIdentityInterface $sid
+     * @throws \InvalidArgumentException
+     */
+    public function deleteSecurityIdentity(SecurityIdentityInterface $sid)
+    {
+        $this->connection->executeQuery($this->getDeleteSecurityIdentityIdSql($sid));
+    }
+
+    /**
      * {@inheritDoc}
      */
     public function findAcls(array $oids, array $sids = array())
@@ -253,7 +265,7 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf
             }
 
             // check properties for deleted, and created ACEs, and perform deletions
-            // we need to perfom deletions before updating existing ACEs, in order to
+            // we need to perform deletions before updating existing ACEs, in order to
             // preserve uniqueness of the order field
             if (isset($propertyChanges['classAces'])) {
                 $this->updateOldAceProperty('classAces', $propertyChanges['classAces']);
@@ -352,6 +364,17 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf
     }
 
     /**
+     * Updates a user security identity when the user's username changes
+     *
+     * @param UserSecurityIdentity $usid
+     * @param string $oldUsername
+     */
+    public function updateUserSecurityIdentity(UserSecurityIdentity $usid, $oldUsername)
+    {
+        $this->connection->executeQuery($this->getUpdateUserSecurityIdentitySql($usid, $oldUsername));
+    }
+
+    /**
      * Constructs the SQL for deleting access control entries.
      *
      * @param integer $oidPK
@@ -360,7 +383,7 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf
     protected function getDeleteAccessControlEntriesSql($oidPK)
     {
         return sprintf(
-              'DELETE FROM %s WHERE object_identity_id = %d',
+            'DELETE FROM %s WHERE object_identity_id = %d',
             $this->options['entry_table_name'],
             $oidPK
         );
@@ -612,6 +635,21 @@ QUERY;
     }
 
     /**
+     * Constructs the SQL to delete a security identity.
+     *
+     * @param SecurityIdentityInterface $sid
+     * @throws \InvalidArgumentException
+     * @return string
+     */
+    protected function getDeleteSecurityIdentityIdSql(SecurityIdentityInterface $sid)
+    {
+        $select = $this->getSelectSecurityIdentityIdSql($sid);
+        $delete = preg_replace('/^SELECT id FROM/', 'DELETE FROM', $select);
+
+        return $delete;
+    }
+
+    /**
      * Constructs the SQL for updating an object identity.
      *
      * @param integer $pk
@@ -634,6 +672,31 @@ QUERY;
     }
 
     /**
+     * Constructs the SQL for updating a user security identity.
+     *
+     * @param UserSecurityIdentity $usid
+     * @param string $oldUsername
+     * @return string
+     */
+    protected function getUpdateUserSecurityIdentitySql(UserSecurityIdentity $usid, $oldUsername)
+    {
+        if ($usid->getUsername() == $oldUsername) {
+            throw new \InvalidArgumentException('There are no changes.');
+        }
+
+        $oldIdentifier = $usid->getClass().'-'.$oldUsername;
+        $newIdentifier = $usid->getClass().'-'.$usid->getUsername();
+
+        return sprintf(
+            'UPDATE %s SET identifier = %s WHERE identifier = %s AND username = %s',
+            $this->options['sid_table_name'],
+            $this->connection->quote($newIdentifier),
+            $this->connection->quote($oldIdentifier),
+            $this->connection->getDatabasePlatform()->convertBooleans(true)
+        );
+    }
+
+    /**
      * Constructs the SQL for updating an ACE.
      *
      * @param integer $pk
@@ -806,7 +869,7 @@ QUERY;
      * @param string $name
      * @param array $changes
      */
-    private function updateOldFieldAceProperty($ane, array $changes)
+    private function updateOldFieldAceProperty($name, array $changes)
     {
         $currentIds = array();
         foreach ($changes[1] as $field => $new) {
@@ -925,11 +988,12 @@ QUERY;
         if (isset($propertyChanges['aceOrder'])
             && $propertyChanges['aceOrder'][1] > $propertyChanges['aceOrder'][0]
             && $propertyChanges == $aces->offsetGet($ace)) {
-                $aces->next();
-                if ($aces->valid()) {
+
+            $aces->next();
+            if ($aces->valid()) {
                     $this->updateAce($aces, $aces->current());
-                }
             }
+        }
 
         if (isset($propertyChanges['mask'])) {
             $sets[] = sprintf('mask = %d', $propertyChanges['mask'][1]);
@@ -949,5 +1013,4 @@ QUERY;
 
         $this->connection->executeQuery($this->getUpdateAccessControlEntrySql($ace->getId(), $sets));
     }
-
 }
diff --git a/Acl/Permission/MaskBuilder.php b/Acl/Permission/MaskBuilder.php
index 017e7c0..1f6ab1e 100644
--- a/Acl/Permission/MaskBuilder.php
+++ b/Acl/Permission/MaskBuilder.php
@@ -96,13 +96,7 @@ class MaskBuilder
      */
     public function add($mask)
     {
-        if (is_string($mask) && defined($name = 'static::MASK_'.strtoupper($mask))) {
-            $mask = constant($name);
-        } elseif (!is_int($mask)) {
-            throw new \InvalidArgumentException('$mask must be an integer.');
-        }
-
-        $this->mask |= $mask;
+        $this->mask |= $this->getMask($mask);
 
         return $this;
     }
@@ -152,13 +146,7 @@ class MaskBuilder
      */
     public function remove($mask)
     {
-        if (is_string($mask) && defined($name = 'static::MASK_'.strtoupper($mask))) {
-            $mask = constant($name);
-        } elseif (!is_int($mask)) {
-            throw new \InvalidArgumentException('$mask must be an integer.');
-        }
-
-        $this->mask &= ~$mask;
+        $this->mask &= ~$this->getMask($mask);
 
         return $this;
     }
@@ -191,19 +179,43 @@ class MaskBuilder
 
         $reflection = new \ReflectionClass(get_called_class());
         foreach ($reflection->getConstants() as $name => $cMask) {
-            if (0 !== strpos($name, 'MASK_')) {
+            if (0 !== strpos($name, 'MASK_') || $mask !== $cMask) {
                 continue;
             }
 
-            if ($mask === $cMask) {
-                if (!defined($cName = 'static::CODE_'.substr($name, 5))) {
-                    throw new \RuntimeException('There was no code defined for this mask.');
-                }
-
-                return constant($cName);
+            if (!defined($cName = 'static::CODE_'.substr($name, 5))) {
+                throw new \RuntimeException('There was no code defined for this mask.');
             }
+
+            return constant($cName);
         }
 
         throw new \InvalidArgumentException(sprintf('The mask "%d" is not supported.', $mask));
     }
+
+    /**
+     * Returns the mask for the passed code
+     *
+     * @param mixed $code
+     *
+     * @return integer
+     *
+     * @throws \InvalidArgumentException
+     */
+    private function getMask($code)
+    {
+        if (is_string($code)) {
+            if (!defined($name = sprintf('static::MASK_%s', strtoupper($code)))) {
+                throw new \InvalidArgumentException(sprintf('The code "%s" is not supported', $code));
+            }
+
+            return constant($name);
+        }
+
+        if (!is_int($code)) {
+            throw new \InvalidArgumentException('$code must be an integer.');
+        }
+
+        return $code;
+    }
 }
diff --git a/Acl/README.md b/Acl/README.md
index 87e5092..6c009a3 100644
--- a/Acl/README.md
+++ b/Acl/README.md
@@ -11,7 +11,7 @@ Resources
 
 Documentation:
 
-http://symfony.com/doc/2.4/book/security.html
+http://symfony.com/doc/2.5/book/security.html
 
 Tests
 -----
diff --git a/Acl/Tests/Dbal/MutableAclProviderTest.php b/Acl/Tests/Dbal/MutableAclProviderTest.php
index 440f69c..8c920cf 100644
--- a/Acl/Tests/Dbal/MutableAclProviderTest.php
+++ b/Acl/Tests/Dbal/MutableAclProviderTest.php
@@ -407,6 +407,36 @@ class MutableAclProviderTest extends \PHPUnit_Framework_TestCase
         $provider->updateAcl($acl);
     }
 
+    public function testUpdateUserSecurityIdentity()
+    {
+        $provider = $this->getProvider();
+        $acl = $provider->createAcl(new ObjectIdentity(1, 'Foo'));
+        $sid = new UserSecurityIdentity('johannes', 'FooClass');
+        $acl->setEntriesInheriting(!$acl->isEntriesInheriting());
+
+        $acl->insertObjectAce($sid, 1);
+        $acl->insertClassAce($sid, 5, 0, false);
+        $acl->insertObjectAce($sid, 2, 1, true);
+        $acl->insertClassFieldAce('field', $sid, 2, 0, true);
+        $provider->updateAcl($acl);
+
+        $newSid = new UserSecurityIdentity('mathieu', 'FooClass');
+        $provider->updateUserSecurityIdentity($newSid, 'johannes');
+
+        $reloadProvider = $this->getProvider();
+        $reloadedAcl = $reloadProvider->findAcl(new ObjectIdentity(1, 'Foo'));
+
+        $this->assertNotSame($acl, $reloadedAcl);
+        $this->assertSame($acl->isEntriesInheriting(), $reloadedAcl->isEntriesInheriting());
+
+        $aces = $acl->getObjectAces();
+        $reloadedAces = $reloadedAcl->getObjectAces();
+        $this->assertEquals(count($aces), count($reloadedAces));
+        foreach ($reloadedAces as $ace) {
+            $this->assertTrue($ace->getSecurityIdentity()->equals($newSid));
+        }
+    }
+
     /**
      * Data must have the following format:
      * array(
diff --git a/Acl/Tests/Domain/AuditLoggerTest.php b/Acl/Tests/Domain/AuditLoggerTest.php
index fe56b8c..15538d3 100644
--- a/Acl/Tests/Domain/AuditLoggerTest.php
+++ b/Acl/Tests/Domain/AuditLoggerTest.php
@@ -26,12 +26,12 @@ class AuditLoggerTest extends \PHPUnit_Framework_TestCase
                 ->expects($this->once())
                 ->method('isAuditSuccess')
                 ->will($this->returnValue($audit))
-           ;
+            ;
 
-           $ace
+            $ace
                ->expects($this->never())
                ->method('isAuditFailure')
-           ;
+            ;
         } else {
             $ace
                 ->expects($this->never())
diff --git a/Acl/composer.json b/Acl/composer.json
index 0e68d9e..5f5787f 100644
--- a/Acl/composer.json
+++ b/Acl/composer.json
@@ -36,7 +36,7 @@
     "minimum-stability": "dev",
     "extra": {
         "branch-alias": {
-            "dev-master": "2.4-dev"
+            "dev-master": "2.5-dev"
         }
     }
 }