feature #8305 Added MutableAclProvider::deleteSecurityIdentity (lavoiesl)

This PR was merged into the 2.5-dev branch. Discussion ---------- Added MutableAclProvider::deleteSecurityIdentity This provides a very simple function to enable the deletion of a SecurityIdentity. Developers can add a listener on the delete of a user and remove all the related ACLs. Foreign keys already ensure that the ACEs are properly deleted. Among the problems of not deleting the SecurityIdentity: * Inconsistent database, referring to a non-existent user. * If a user is deleted and another is created with the same name, it will inherit all the old user’s ACEs Not addressed by this PR: Changing a user’s username breaks the related ACLs. See #5787 See also: https://groups.google.com/forum/#!topic/symfony2/mGTXlTWiMs8/discussion Commits ------- bdbbe58 [Security][Acl] Issue #5787 : Added MutableAclProvider::deleteSecurityIdentity
2013-12-27 17:31:41 +01:00 · 2013-12-27 17:31:41 +01:00 · 7a9ab2c79f
commit 7a9ab2c79f
parent a4d423e4cd bdbbe58128
1 changed files with 27 additions and 0 deletions
--- a/src/Symfony/Component/Security/Acl/Dbal/MutableAclProvider.php
+++ b/src/Symfony/Component/Security/Acl/Dbal/MutableAclProvider.php
@ -108,6 +108,18 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf
        }
    }

+    /**
+     * Deletes the security identity from the database.
+     * ACL entries have the CASCADE option on their foreign key so they will also get deleted
+     *
+     * @param SecurityIdentityInterface $sid
+     * @throws \InvalidArgumentException
+     */
+    public function deleteSecurityIdentity(SecurityIdentityInterface $sid)
+    {
+        $this->connection->executeQuery($this->getDeleteSecurityIdentityIdSql($sid));
+    }
+
    /**
     * {@inheritDoc}
     */
@ -622,6 +634,21 @@ QUERY;
        );
    }

+    /**
+     * Constructs the SQL to delete a security identity.
+     *
+     * @param SecurityIdentityInterface $sid
+     * @throws \InvalidArgumentException
+     * @return string
+     */
+    protected function getDeleteSecurityIdentityIdSql(SecurityIdentityInterface $sid)
+    {
+        $select = $this->getSelectSecurityIdentityIdSql($sid);
+        $delete = preg_replace('/^SELECT id FROM/', 'DELETE FROM', $select);
+
+        return $delete;
+    }
+
    /**
     * Constructs the SQL for updating an object identity.
     *