feature #8305 Added MutableAclProvider::deleteSecurityIdentity (lavoiesl)
This PR was merged into the 2.5-dev branch.
Discussion
----------
Added MutableAclProvider::deleteSecurityIdentity
This provides a very simple function to enable the deletion of a SecurityIdentity.
Developers can add a listener on the delete of a user and remove all the related ACLs.
Foreign keys already ensure that the ACEs are properly deleted.
Among the problems of not deleting the SecurityIdentity:
* Inconsistent database, referring to a non-existent user.
* If a user is deleted and another is created with the same name, it will inherit all the old user’s ACEs
Not addressed by this PR: Changing a user’s username breaks the related ACLs. See #5787
See also: https://groups.google.com/forum/#!topic/symfony2/mGTXlTWiMs8/discussion
Commits
-------
bdbbe58
[Security][Acl] Issue #5787 : Added MutableAclProvider::deleteSecurityIdentity
This commit is contained in:
commit
7a9ab2c79f
@ -108,6 +108,18 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Deletes the security identity from the database.
|
||||
* ACL entries have the CASCADE option on their foreign key so they will also get deleted
|
||||
*
|
||||
* @param SecurityIdentityInterface $sid
|
||||
* @throws \InvalidArgumentException
|
||||
*/
|
||||
public function deleteSecurityIdentity(SecurityIdentityInterface $sid)
|
||||
{
|
||||
$this->connection->executeQuery($this->getDeleteSecurityIdentityIdSql($sid));
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@ -622,6 +634,21 @@ QUERY;
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructs the SQL to delete a security identity.
|
||||
*
|
||||
* @param SecurityIdentityInterface $sid
|
||||
* @throws \InvalidArgumentException
|
||||
* @return string
|
||||
*/
|
||||
protected function getDeleteSecurityIdentityIdSql(SecurityIdentityInterface $sid)
|
||||
{
|
||||
$select = $this->getSelectSecurityIdentityIdSql($sid);
|
||||
$delete = preg_replace('/^SELECT id FROM/', 'DELETE FROM', $select);
|
||||
|
||||
return $delete;
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructs the SQL for updating an object identity.
|
||||
*
|
||||
|
Reference in New Issue
Block a user