public function addPolicyByRoleDraft(APIRoleDraft $roleDraft, APIPolicyCreateStruct $policyCreateStruct)
{
if (!is_string($policyCreateStruct->module) || empty($policyCreateStruct->module)) {
throw new InvalidArgumentValue('module', $policyCreateStruct->module, 'PolicyCreateStruct');
}
if (!is_string($policyCreateStruct->function) || empty($policyCreateStruct->function)) {
throw new InvalidArgumentValue('function', $policyCreateStruct->function, 'PolicyCreateStruct');
}
if ($policyCreateStruct->module === '*' && $policyCreateStruct->function !== '*') {
throw new InvalidArgumentValue('module', $policyCreateStruct->module, 'PolicyCreateStruct');
}
if ($this->repository->hasAccess('role', 'update') !== true) {
throw new UnauthorizedException('role', 'update');
}
$loadedRoleDraft = $this->loadRoleDraft($roleDraft->id);
$limitations = $policyCreateStruct->getLimitations();
$limitationValidationErrors = $this->validatePolicy($policyCreateStruct->module, $policyCreateStruct->function, $limitations);
if (!empty($limitationValidationErrors)) {
throw new LimitationValidationException($limitationValidationErrors);
}
$spiPolicy = $this->roleDomainMapper->buildPersistencePolicyObject($policyCreateStruct->module, $policyCreateStruct->function, $limitations);
$this->repository->beginTransaction();
try {
$this->userHandler->addPolicyByRoleDraft($loadedRoleDraft->id, $spiPolicy);
$this->repository->commit();
} catch (Exception $e) {
$this->repository->rollback();
throw $e;
}
return $this->loadRoleDraft($loadedRoleDraft->id);
}
