From 7423f0bf50726593243343e8d1fb9ffe10d8daaa Mon Sep 17 00:00:00 2001 From: Alexey Popkov Date: Thu, 24 Mar 2011 14:00:16 +0300 Subject: [PATCH 1/3] [SecurityBundle] fixed missing argument EventDisplatcher in RememberMe service --- .../SecurityBundle/Resources/config/security_rememberme.xml | 1 + .../Security/Http/Firewall/AbstractAuthenticationListener.php | 1 + .../Component/Security/Http/Firewall/RememberMeListener.php | 1 + 3 files changed, 3 insertions(+) diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.xml index 9f0cd54c40..2d60fa0b4b 100644 --- a/src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.xml +++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/security_rememberme.xml @@ -22,6 +22,7 @@ + diff --git a/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php b/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php index 5606c49c98..6bad96fd5e 100644 --- a/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/AbstractAuthenticationListener.php @@ -67,6 +67,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface * @param AuthenticationManagerInterface $authenticationManager An AuthenticationManagerInterface instance * @param array $options An array of options for the processing of a successful, or failed authentication attempt * @param LoggerInterface $logger A LoggerInterface instance + * @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance */ public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, $providerKey, array $options = array(), AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) { diff --git a/src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php b/src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php index c13845c24f..db8910bf04 100644 --- a/src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php +++ b/src/Symfony/Component/Security/Http/Firewall/RememberMeListener.php @@ -47,6 +47,7 @@ class RememberMeListener implements ListenerInterface * @param RememberMeServicesInterface $rememberMeServices * @param AuthenticationManagerInterface $authenticationManager * @param LoggerInterface $logger + * @param EventDispatcherInterface $dispatcher */ public function __construct(SecurityContext $securityContext, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null) { From bedbe51081fc57abf792a08cb3cfdb770717b07e Mon Sep 17 00:00:00 2001 From: Gustavo Adrian Date: Thu, 24 Mar 2011 21:54:21 -0300 Subject: [PATCH 2/3] [Security] ACL: AclVoter::vote only gets an ObjectIdentity if $object is not an instance of ObjectIdentityInterface --- .../Component/Security/Acl/Voter/AclVoter.php | 9 +++- .../Security/Acl/Voter/AclVoterTest.php | 46 +++++++++++++++++++ 2 files changed, 54 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Component/Security/Acl/Voter/AclVoter.php b/src/Symfony/Component/Security/Acl/Voter/AclVoter.php index e7811edb3a..a32b77e936 100644 --- a/src/Symfony/Component/Security/Acl/Voter/AclVoter.php +++ b/src/Symfony/Component/Security/Acl/Voter/AclVoter.php @@ -18,6 +18,7 @@ use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity; use Symfony\Component\Security\Acl\Exception\NoAceFoundException; use Symfony\Component\Security\Acl\Exception\AclNotFoundException; use Symfony\Component\Security\Acl\Model\AclProviderInterface; +use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface; use Symfony\Component\Security\Acl\Permission\PermissionMapInterface; use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterface; use Symfony\Component\Security\Acl\Model\ObjectIdentityRetrievalStrategyInterface; @@ -77,8 +78,14 @@ class AclVoter implements VoterInterface } else { $field = null; } + + if ($object instanceof ObjectIdentityInterface) { + $oid = $object; + } else { + $oid = $this->objectIdentityRetrievalStrategy->getObjectIdentity($object); + } - if (null === $oid = $this->objectIdentityRetrievalStrategy->getObjectIdentity($object)) { + if (null === $oid) { if (null !== $this->logger) { $this->logger->debug(sprintf('Object identity unavailable. Voting to %s', $this->allowIfObjectIdentityUnavailable? 'grant access' : 'abstain')); } diff --git a/tests/Symfony/Tests/Component/Security/Acl/Voter/AclVoterTest.php b/tests/Symfony/Tests/Component/Security/Acl/Voter/AclVoterTest.php index c0552fb615..94f35545e5 100644 --- a/tests/Symfony/Tests/Component/Security/Acl/Voter/AclVoterTest.php +++ b/tests/Symfony/Tests/Component/Security/Acl/Voter/AclVoterTest.php @@ -360,6 +360,52 @@ class AclVoterTest extends \PHPUnit_Framework_TestCase $this->assertSame(VoterInterface::ACCESS_DENIED, $voter->vote($this->getToken(), new FieldVote(new \stdClass(), 'foo'), array('VIEW'))); } + + public function testWhenReceivingAnObjectIdentityInterfaceWeDontRetrieveANewObjectIdentity() + { + list($voter, $provider, $permissionMap, $oidStrategy, $sidStrategy) = $this->getVoter(); + + $oid = new ObjectIdentity('someID','someType'); + + $permissionMap + ->expects($this->once()) + ->method('contains') + ->will($this->returnValue(true)) + ; + $permissionMap + ->expects($this->once()) + ->method('getMasks') + ->with($this->equalTo('VIEW')) + ->will($this->returnValue($masks = array(1, 2, 3))) + ; + + $oidStrategy + ->expects($this->never()) + ->method('getObjectIdentity') + ; + + $sidStrategy + ->expects($this->once()) + ->method('getSecurityIdentities') + ->will($this->returnValue($sids = array(new UserSecurityIdentity('johannes', 'Foo'), new RoleSecurityIdentity('ROLE_FOO')))) + ; + + $provider + ->expects($this->once()) + ->method('findAcl') + ->with($this->equalTo($oid), $this->equalTo($sids)) + ->will($this->returnValue($acl = $this->getMock('Symfony\Component\Security\Acl\Model\AclInterface'))) + ; + + $acl + ->expects($this->once()) + ->method('isGranted') + ->with($this->identicalTo($masks), $this->equalTo($sids), $this->isFalse()) + ->will($this->throwException(new NoAceFoundException('No ACE'))) + ; + + $voter->vote($this->getToken(), $oid, array('VIEW')); + } protected function getToken() { From 031bf35bb16bc041f1964dcc81697ce4a77f4b9d Mon Sep 17 00:00:00 2001 From: Johannes Schmitt Date: Sat, 26 Mar 2011 09:00:03 +0100 Subject: [PATCH 3/3] changed condition nesting --- src/Symfony/Component/Security/Acl/Voter/AclVoter.php | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/src/Symfony/Component/Security/Acl/Voter/AclVoter.php b/src/Symfony/Component/Security/Acl/Voter/AclVoter.php index a32b77e936..9ae4c04529 100644 --- a/src/Symfony/Component/Security/Acl/Voter/AclVoter.php +++ b/src/Symfony/Component/Security/Acl/Voter/AclVoter.php @@ -78,14 +78,10 @@ class AclVoter implements VoterInterface } else { $field = null; } - + if ($object instanceof ObjectIdentityInterface) { $oid = $object; - } else { - $oid = $this->objectIdentityRetrievalStrategy->getObjectIdentity($object); - } - - if (null === $oid) { + } else if (null === $oid = $this->objectIdentityRetrievalStrategy->getObjectIdentity($object)) { if (null !== $this->logger) { $this->logger->debug(sprintf('Object identity unavailable. Voting to %s', $this->allowIfObjectIdentityUnavailable? 'grant access' : 'abstain')); }