Merge remote branch 'schmittjoh/security'
* schmittjoh/security: changed condition nesting [Security] ACL: AclVoter::vote only gets an ObjectIdentity if $object is not an instance of ObjectIdentityInterface [SecurityBundle] fixed missing argument EventDisplatcher in RememberMe service
This commit is contained in:
commit
7bda949e41
@ -22,6 +22,7 @@
|
|||||||
<argument type="service" id="security.authentication.rememberme" />
|
<argument type="service" id="security.authentication.rememberme" />
|
||||||
<argument type="service" id="security.authentication.manager" />
|
<argument type="service" id="security.authentication.manager" />
|
||||||
<argument type="service" id="logger" on-invalid="null" />
|
<argument type="service" id="logger" on-invalid="null" />
|
||||||
|
<argument type="service" id="event_dispatcher" on-invalid="null"/>
|
||||||
</service>
|
</service>
|
||||||
|
|
||||||
<service id="security.authentication.provider.rememberme" class="%security.authentication.provider.rememberme.class%" abstract="true" public="false">
|
<service id="security.authentication.provider.rememberme" class="%security.authentication.provider.rememberme.class%" abstract="true" public="false">
|
||||||
|
@ -18,6 +18,7 @@ use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity;
|
|||||||
use Symfony\Component\Security\Acl\Exception\NoAceFoundException;
|
use Symfony\Component\Security\Acl\Exception\NoAceFoundException;
|
||||||
use Symfony\Component\Security\Acl\Exception\AclNotFoundException;
|
use Symfony\Component\Security\Acl\Exception\AclNotFoundException;
|
||||||
use Symfony\Component\Security\Acl\Model\AclProviderInterface;
|
use Symfony\Component\Security\Acl\Model\AclProviderInterface;
|
||||||
|
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
|
||||||
use Symfony\Component\Security\Acl\Permission\PermissionMapInterface;
|
use Symfony\Component\Security\Acl\Permission\PermissionMapInterface;
|
||||||
use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterface;
|
use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterface;
|
||||||
use Symfony\Component\Security\Acl\Model\ObjectIdentityRetrievalStrategyInterface;
|
use Symfony\Component\Security\Acl\Model\ObjectIdentityRetrievalStrategyInterface;
|
||||||
@ -78,7 +79,9 @@ class AclVoter implements VoterInterface
|
|||||||
$field = null;
|
$field = null;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (null === $oid = $this->objectIdentityRetrievalStrategy->getObjectIdentity($object)) {
|
if ($object instanceof ObjectIdentityInterface) {
|
||||||
|
$oid = $object;
|
||||||
|
} else if (null === $oid = $this->objectIdentityRetrievalStrategy->getObjectIdentity($object)) {
|
||||||
if (null !== $this->logger) {
|
if (null !== $this->logger) {
|
||||||
$this->logger->debug(sprintf('Object identity unavailable. Voting to %s', $this->allowIfObjectIdentityUnavailable? 'grant access' : 'abstain'));
|
$this->logger->debug(sprintf('Object identity unavailable. Voting to %s', $this->allowIfObjectIdentityUnavailable? 'grant access' : 'abstain'));
|
||||||
}
|
}
|
||||||
|
@ -67,6 +67,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
|
|||||||
* @param AuthenticationManagerInterface $authenticationManager An AuthenticationManagerInterface instance
|
* @param AuthenticationManagerInterface $authenticationManager An AuthenticationManagerInterface instance
|
||||||
* @param array $options An array of options for the processing of a successful, or failed authentication attempt
|
* @param array $options An array of options for the processing of a successful, or failed authentication attempt
|
||||||
* @param LoggerInterface $logger A LoggerInterface instance
|
* @param LoggerInterface $logger A LoggerInterface instance
|
||||||
|
* @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance
|
||||||
*/
|
*/
|
||||||
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, $providerKey, array $options = array(), AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
|
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, $providerKey, array $options = array(), AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
|
||||||
{
|
{
|
||||||
|
@ -47,6 +47,7 @@ class RememberMeListener implements ListenerInterface
|
|||||||
* @param RememberMeServicesInterface $rememberMeServices
|
* @param RememberMeServicesInterface $rememberMeServices
|
||||||
* @param AuthenticationManagerInterface $authenticationManager
|
* @param AuthenticationManagerInterface $authenticationManager
|
||||||
* @param LoggerInterface $logger
|
* @param LoggerInterface $logger
|
||||||
|
* @param EventDispatcherInterface $dispatcher
|
||||||
*/
|
*/
|
||||||
public function __construct(SecurityContext $securityContext, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
|
public function __construct(SecurityContext $securityContext, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
|
||||||
{
|
{
|
||||||
|
@ -361,6 +361,52 @@ class AclVoterTest extends \PHPUnit_Framework_TestCase
|
|||||||
$this->assertSame(VoterInterface::ACCESS_DENIED, $voter->vote($this->getToken(), new FieldVote(new \stdClass(), 'foo'), array('VIEW')));
|
$this->assertSame(VoterInterface::ACCESS_DENIED, $voter->vote($this->getToken(), new FieldVote(new \stdClass(), 'foo'), array('VIEW')));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testWhenReceivingAnObjectIdentityInterfaceWeDontRetrieveANewObjectIdentity()
|
||||||
|
{
|
||||||
|
list($voter, $provider, $permissionMap, $oidStrategy, $sidStrategy) = $this->getVoter();
|
||||||
|
|
||||||
|
$oid = new ObjectIdentity('someID','someType');
|
||||||
|
|
||||||
|
$permissionMap
|
||||||
|
->expects($this->once())
|
||||||
|
->method('contains')
|
||||||
|
->will($this->returnValue(true))
|
||||||
|
;
|
||||||
|
$permissionMap
|
||||||
|
->expects($this->once())
|
||||||
|
->method('getMasks')
|
||||||
|
->with($this->equalTo('VIEW'))
|
||||||
|
->will($this->returnValue($masks = array(1, 2, 3)))
|
||||||
|
;
|
||||||
|
|
||||||
|
$oidStrategy
|
||||||
|
->expects($this->never())
|
||||||
|
->method('getObjectIdentity')
|
||||||
|
;
|
||||||
|
|
||||||
|
$sidStrategy
|
||||||
|
->expects($this->once())
|
||||||
|
->method('getSecurityIdentities')
|
||||||
|
->will($this->returnValue($sids = array(new UserSecurityIdentity('johannes', 'Foo'), new RoleSecurityIdentity('ROLE_FOO'))))
|
||||||
|
;
|
||||||
|
|
||||||
|
$provider
|
||||||
|
->expects($this->once())
|
||||||
|
->method('findAcl')
|
||||||
|
->with($this->equalTo($oid), $this->equalTo($sids))
|
||||||
|
->will($this->returnValue($acl = $this->getMock('Symfony\Component\Security\Acl\Model\AclInterface')))
|
||||||
|
;
|
||||||
|
|
||||||
|
$acl
|
||||||
|
->expects($this->once())
|
||||||
|
->method('isGranted')
|
||||||
|
->with($this->identicalTo($masks), $this->equalTo($sids), $this->isFalse())
|
||||||
|
->will($this->throwException(new NoAceFoundException('No ACE')))
|
||||||
|
;
|
||||||
|
|
||||||
|
$voter->vote($this->getToken(), $oid, array('VIEW'));
|
||||||
|
}
|
||||||
|
|
||||||
protected function getToken()
|
protected function getToken()
|
||||||
{
|
{
|
||||||
return $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
|
return $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
|
||||||
|
Reference in New Issue
Block a user