Merge remote branch 'schmittjoh/security'
* schmittjoh/security: changed condition nesting [Security] ACL: AclVoter::vote only gets an ObjectIdentity if $object is not an instance of ObjectIdentityInterface [SecurityBundle] fixed missing argument EventDisplatcher in RememberMe service
This commit is contained in:
commit
7bda949e41
@ -22,6 +22,7 @@
|
||||
<argument type="service" id="security.authentication.rememberme" />
|
||||
<argument type="service" id="security.authentication.manager" />
|
||||
<argument type="service" id="logger" on-invalid="null" />
|
||||
<argument type="service" id="event_dispatcher" on-invalid="null"/>
|
||||
</service>
|
||||
|
||||
<service id="security.authentication.provider.rememberme" class="%security.authentication.provider.rememberme.class%" abstract="true" public="false">
|
||||
|
@ -18,6 +18,7 @@ use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity;
|
||||
use Symfony\Component\Security\Acl\Exception\NoAceFoundException;
|
||||
use Symfony\Component\Security\Acl\Exception\AclNotFoundException;
|
||||
use Symfony\Component\Security\Acl\Model\AclProviderInterface;
|
||||
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
|
||||
use Symfony\Component\Security\Acl\Permission\PermissionMapInterface;
|
||||
use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterface;
|
||||
use Symfony\Component\Security\Acl\Model\ObjectIdentityRetrievalStrategyInterface;
|
||||
@ -78,7 +79,9 @@ class AclVoter implements VoterInterface
|
||||
$field = null;
|
||||
}
|
||||
|
||||
if (null === $oid = $this->objectIdentityRetrievalStrategy->getObjectIdentity($object)) {
|
||||
if ($object instanceof ObjectIdentityInterface) {
|
||||
$oid = $object;
|
||||
} else if (null === $oid = $this->objectIdentityRetrievalStrategy->getObjectIdentity($object)) {
|
||||
if (null !== $this->logger) {
|
||||
$this->logger->debug(sprintf('Object identity unavailable. Voting to %s', $this->allowIfObjectIdentityUnavailable? 'grant access' : 'abstain'));
|
||||
}
|
||||
|
@ -67,6 +67,7 @@ abstract class AbstractAuthenticationListener implements ListenerInterface
|
||||
* @param AuthenticationManagerInterface $authenticationManager An AuthenticationManagerInterface instance
|
||||
* @param array $options An array of options for the processing of a successful, or failed authentication attempt
|
||||
* @param LoggerInterface $logger A LoggerInterface instance
|
||||
* @param EventDispatcherInterface $dispatcher An EventDispatcherInterface instance
|
||||
*/
|
||||
public function __construct(SecurityContextInterface $securityContext, AuthenticationManagerInterface $authenticationManager, SessionAuthenticationStrategyInterface $sessionStrategy, $providerKey, array $options = array(), AuthenticationSuccessHandlerInterface $successHandler = null, AuthenticationFailureHandlerInterface $failureHandler = null, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
|
||||
{
|
||||
|
@ -47,6 +47,7 @@ class RememberMeListener implements ListenerInterface
|
||||
* @param RememberMeServicesInterface $rememberMeServices
|
||||
* @param AuthenticationManagerInterface $authenticationManager
|
||||
* @param LoggerInterface $logger
|
||||
* @param EventDispatcherInterface $dispatcher
|
||||
*/
|
||||
public function __construct(SecurityContext $securityContext, RememberMeServicesInterface $rememberMeServices, AuthenticationManagerInterface $authenticationManager, LoggerInterface $logger = null, EventDispatcherInterface $dispatcher = null)
|
||||
{
|
||||
|
@ -361,6 +361,52 @@ class AclVoterTest extends \PHPUnit_Framework_TestCase
|
||||
$this->assertSame(VoterInterface::ACCESS_DENIED, $voter->vote($this->getToken(), new FieldVote(new \stdClass(), 'foo'), array('VIEW')));
|
||||
}
|
||||
|
||||
public function testWhenReceivingAnObjectIdentityInterfaceWeDontRetrieveANewObjectIdentity()
|
||||
{
|
||||
list($voter, $provider, $permissionMap, $oidStrategy, $sidStrategy) = $this->getVoter();
|
||||
|
||||
$oid = new ObjectIdentity('someID','someType');
|
||||
|
||||
$permissionMap
|
||||
->expects($this->once())
|
||||
->method('contains')
|
||||
->will($this->returnValue(true))
|
||||
;
|
||||
$permissionMap
|
||||
->expects($this->once())
|
||||
->method('getMasks')
|
||||
->with($this->equalTo('VIEW'))
|
||||
->will($this->returnValue($masks = array(1, 2, 3)))
|
||||
;
|
||||
|
||||
$oidStrategy
|
||||
->expects($this->never())
|
||||
->method('getObjectIdentity')
|
||||
;
|
||||
|
||||
$sidStrategy
|
||||
->expects($this->once())
|
||||
->method('getSecurityIdentities')
|
||||
->will($this->returnValue($sids = array(new UserSecurityIdentity('johannes', 'Foo'), new RoleSecurityIdentity('ROLE_FOO'))))
|
||||
;
|
||||
|
||||
$provider
|
||||
->expects($this->once())
|
||||
->method('findAcl')
|
||||
->with($this->equalTo($oid), $this->equalTo($sids))
|
||||
->will($this->returnValue($acl = $this->getMock('Symfony\Component\Security\Acl\Model\AclInterface')))
|
||||
;
|
||||
|
||||
$acl
|
||||
->expects($this->once())
|
||||
->method('isGranted')
|
||||
->with($this->identicalTo($masks), $this->equalTo($sids), $this->isFalse())
|
||||
->will($this->throwException(new NoAceFoundException('No ACE')))
|
||||
;
|
||||
|
||||
$voter->vote($this->getToken(), $oid, array('VIEW'));
|
||||
}
|
||||
|
||||
protected function getToken()
|
||||
{
|
||||
return $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
|
||||
|
Reference in New Issue
Block a user