feature #24318 [SecurityBundle] Deprecate ACL related code (chalasr)
This PR was merged into the 3.4 branch.
Discussion
----------
[SecurityBundle] Deprecate ACL related code
| Q | A
| ------------- | ---
| Branch? | 3.4
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes/no
| Fixed tickets | replaces #23811
| License | MIT
| Doc PR | todo
Needs https://github.com/symfony/acl-bundle/pull/2
Commits
-------
e3b7dc5424
[SecurityBundle] Deprecate ACL related code
This commit is contained in:
commit
8a752c33b9
|
@ -289,10 +289,11 @@ SecurityBundle
|
||||||
`Doctrine\DBAL\Connection` as first argument. Not passing it is
|
`Doctrine\DBAL\Connection` as first argument. Not passing it is
|
||||||
deprecated and will throw a `TypeError` in 4.0.
|
deprecated and will throw a `TypeError` in 4.0.
|
||||||
|
|
||||||
* `SetAclCommand::__construct()` now takes an instance of
|
* The `acl:set` command has been deprecated along with the `SetAclCommand` class,
|
||||||
`Symfony\Component\Security\Acl\Model\MutableAclProviderInterfaceConnection`
|
both will be removed in 4.0. Install symfony/acl-bundle instead
|
||||||
as first argument. Not passing it is deprecated and will throw a `TypeError`
|
|
||||||
in 4.0.
|
* The `init:acl` command has been deprecated along with the `InitAclCommand` class,
|
||||||
|
both will be removed in 4.0. Install symfony/acl-bundle and use `acl:init` instead
|
||||||
|
|
||||||
* Added `logout_on_user_change` to the firewall options. This config item will
|
* Added `logout_on_user_change` to the firewall options. This config item will
|
||||||
trigger a logout when the user has changed. Should be set to true to avoid
|
trigger a logout when the user has changed. Should be set to true to avoid
|
||||||
|
|
|
@ -667,12 +667,9 @@ SecurityBundle
|
||||||
|
|
||||||
* `UserPasswordEncoderCommand` does not extend `ContainerAwareCommand` nor implement `ContainerAwareInterface` anymore.
|
* `UserPasswordEncoderCommand` does not extend `ContainerAwareCommand` nor implement `ContainerAwareInterface` anymore.
|
||||||
|
|
||||||
* `InitAclCommand::__construct()` now requires an instance of
|
* `InitAclCommand` has been removed. Use `Symfony\Bundle\AclBundle\Command\InitAclCommand` instead
|
||||||
`Doctrine\DBAL\Connection` as first argument.
|
|
||||||
|
|
||||||
* `SetAclCommand::__construct()` now requires an instance of
|
* `SetAclCommand` has been removed. Use `Symfony\Bundle\AclBundle\Command\SetAclCommand` instead
|
||||||
`Symfony\Component\Security\Acl\Model\MutableAclProviderInterfaceConnection`
|
|
||||||
as first argument.
|
|
||||||
|
|
||||||
* The firewall option `logout_on_user_change` is now always true, which will
|
* The firewall option `logout_on_user_change` is now always true, which will
|
||||||
trigger a logout if the user changes between requests.
|
trigger a logout if the user changes between requests.
|
||||||
|
|
|
@ -8,15 +8,12 @@ CHANGELOG
|
||||||
`VoterInterface` on the class is now deprecated and will be removed in 4.0.
|
`VoterInterface` on the class is now deprecated and will be removed in 4.0.
|
||||||
* [BC BREAK] `FirewallContext::getListeners()` now returns `\Traversable|array`
|
* [BC BREAK] `FirewallContext::getListeners()` now returns `\Traversable|array`
|
||||||
* added info about called security listeners in profiler
|
* added info about called security listeners in profiler
|
||||||
* `InitAclCommand::__construct()` now takes an instance of
|
|
||||||
`Doctrine\DBAL\Connection` as first argument
|
|
||||||
* `SetAclCommand::__construct()` now takes an instance of
|
|
||||||
`Symfony\Component\Security\Acl\Model\MutableAclProviderInterfaceConnection`
|
|
||||||
as first argument
|
|
||||||
* Added `logout_on_user_change` to the firewall options. This config item will
|
* Added `logout_on_user_change` to the firewall options. This config item will
|
||||||
trigger a logout when the user has changed. Should be set to true to avoid
|
trigger a logout when the user has changed. Should be set to true to avoid
|
||||||
deprecations in the configuration.
|
deprecations in the configuration.
|
||||||
* deprecated HTTP digest authentication
|
* deprecated HTTP digest authentication
|
||||||
|
* deprecated command `acl:set` along with `SetAclCommand` class
|
||||||
|
* deprecated command `init:acl` along with `InitAclCommand` class
|
||||||
|
|
||||||
3.3.0
|
3.3.0
|
||||||
-----
|
-----
|
||||||
|
|
|
@ -11,9 +11,13 @@
|
||||||
|
|
||||||
namespace Symfony\Bundle\SecurityBundle\Command;
|
namespace Symfony\Bundle\SecurityBundle\Command;
|
||||||
|
|
||||||
|
@trigger_error(sprintf('Class "%s" is deprecated since version 3.4 and will be removed in 4.0. Use Symfony\Bundle\AclBundle\Command\SetAclCommand instead.', SetAclCommand::class), E_USER_DEPRECATED);
|
||||||
|
|
||||||
use Symfony\Bundle\FrameworkBundle\Command\ContainerAwareCommand;
|
use Symfony\Bundle\FrameworkBundle\Command\ContainerAwareCommand;
|
||||||
use Symfony\Component\Console\Input\InputInterface;
|
use Symfony\Component\Console\Input\InputInterface;
|
||||||
|
use Symfony\Component\Console\Output\ConsoleOutputInterface;
|
||||||
use Symfony\Component\Console\Output\OutputInterface;
|
use Symfony\Component\Console\Output\OutputInterface;
|
||||||
|
use Symfony\Component\Console\Style\SymfonyStyle;
|
||||||
use Symfony\Component\Security\Acl\Dbal\Schema;
|
use Symfony\Component\Security\Acl\Dbal\Schema;
|
||||||
use Doctrine\DBAL\Connection;
|
use Doctrine\DBAL\Connection;
|
||||||
use Doctrine\DBAL\Schema\SchemaException;
|
use Doctrine\DBAL\Schema\SchemaException;
|
||||||
|
@ -23,7 +27,7 @@ use Doctrine\DBAL\Schema\SchemaException;
|
||||||
*
|
*
|
||||||
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
||||||
*
|
*
|
||||||
* @final since version 3.4
|
* @deprecated since version 3.4, to be removed in 4.0. See Symfony\Bundle\AclBundle\Command\SetAclCommand instead.
|
||||||
*/
|
*/
|
||||||
class InitAclCommand extends ContainerAwareCommand
|
class InitAclCommand extends ContainerAwareCommand
|
||||||
{
|
{
|
||||||
|
@ -32,15 +36,9 @@ class InitAclCommand extends ContainerAwareCommand
|
||||||
private $connection;
|
private $connection;
|
||||||
private $schema;
|
private $schema;
|
||||||
|
|
||||||
/**
|
|
||||||
* @param Connection $connection
|
|
||||||
* @param Schema $schema
|
|
||||||
*/
|
|
||||||
public function __construct($connection = null, Schema $schema = null)
|
public function __construct($connection = null, Schema $schema = null)
|
||||||
{
|
{
|
||||||
if (!$connection instanceof Connection) {
|
if (!$connection instanceof Connection) {
|
||||||
@trigger_error(sprintf('%s() expects an instance of "%s" as first argument since version 3.4. Not passing it is deprecated and will throw a TypeError in 4.0.', __METHOD__, Connection::class), E_USER_DEPRECATED);
|
|
||||||
|
|
||||||
parent::__construct($connection);
|
parent::__construct($connection);
|
||||||
|
|
||||||
return;
|
return;
|
||||||
|
@ -54,8 +52,6 @@ class InitAclCommand extends ContainerAwareCommand
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* {@inheritdoc}
|
* {@inheritdoc}
|
||||||
*
|
|
||||||
* BC to be removed in 4.0
|
|
||||||
*/
|
*/
|
||||||
public function isEnabled()
|
public function isEnabled()
|
||||||
{
|
{
|
||||||
|
@ -93,7 +89,8 @@ EOF
|
||||||
*/
|
*/
|
||||||
protected function execute(InputInterface $input, OutputInterface $output)
|
protected function execute(InputInterface $input, OutputInterface $output)
|
||||||
{
|
{
|
||||||
// BC to be removed in 4.0
|
(new SymfonyStyle($input, $output instanceof ConsoleOutputInterface ? $output->getErrorOutput() : $output))->warning('Command "init:acl" is deprecated since version 3.4 and will be removed from SecurityBundle in 4.0. Install symfony/acl-bundle and use "acl:init" instead.');
|
||||||
|
|
||||||
if (null === $this->connection) {
|
if (null === $this->connection) {
|
||||||
$this->connection = $this->getContainer()->get('security.acl.dbal.connection');
|
$this->connection = $this->getContainer()->get('security.acl.dbal.connection');
|
||||||
$this->schema = $this->getContainer()->get('security.acl.dbal.schema');
|
$this->schema = $this->getContainer()->get('security.acl.dbal.schema');
|
||||||
|
|
|
@ -11,11 +11,15 @@
|
||||||
|
|
||||||
namespace Symfony\Bundle\SecurityBundle\Command;
|
namespace Symfony\Bundle\SecurityBundle\Command;
|
||||||
|
|
||||||
|
@trigger_error(sprintf('Class "%s" is deprecated since version 3.4 and will be removed in 4.0. Use Symfony\Bundle\AclBundle\Command\SetAclCommand instead.', SetAclCommand::class), E_USER_DEPRECATED);
|
||||||
|
|
||||||
use Symfony\Bundle\FrameworkBundle\Command\ContainerAwareCommand;
|
use Symfony\Bundle\FrameworkBundle\Command\ContainerAwareCommand;
|
||||||
use Symfony\Component\Console\Input\InputArgument;
|
use Symfony\Component\Console\Input\InputArgument;
|
||||||
use Symfony\Component\Console\Input\InputInterface;
|
use Symfony\Component\Console\Input\InputInterface;
|
||||||
use Symfony\Component\Console\Input\InputOption;
|
use Symfony\Component\Console\Input\InputOption;
|
||||||
|
use Symfony\Component\Console\Output\ConsoleOutputInterface;
|
||||||
use Symfony\Component\Console\Output\OutputInterface;
|
use Symfony\Component\Console\Output\OutputInterface;
|
||||||
|
use Symfony\Component\Console\Style\SymfonyStyle;
|
||||||
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
|
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
|
||||||
use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity;
|
use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity;
|
||||||
use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity;
|
use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity;
|
||||||
|
@ -28,7 +32,7 @@ use Symfony\Component\Security\Acl\Model\MutableAclProviderInterface;
|
||||||
*
|
*
|
||||||
* @author Kévin Dunglas <kevin@les-tilleuls.coop>
|
* @author Kévin Dunglas <kevin@les-tilleuls.coop>
|
||||||
*
|
*
|
||||||
* @final since version 3.4
|
* @deprecated since version 3.4, to be removed in 4.0. See Symfony\Bundle\AclBundle\Command\SetAclCommand instead.
|
||||||
*/
|
*/
|
||||||
class SetAclCommand extends ContainerAwareCommand
|
class SetAclCommand extends ContainerAwareCommand
|
||||||
{
|
{
|
||||||
|
@ -42,8 +46,6 @@ class SetAclCommand extends ContainerAwareCommand
|
||||||
public function __construct($provider = null)
|
public function __construct($provider = null)
|
||||||
{
|
{
|
||||||
if (!$provider instanceof MutableAclProviderInterface) {
|
if (!$provider instanceof MutableAclProviderInterface) {
|
||||||
@trigger_error(sprintf('%s() expects an instance of "%s" as first argument since version 3.4. Not passing it is deprecated and will throw a TypeError in 4.0.', __METHOD__, MutableAclProviderInterface::class), E_USER_DEPRECATED);
|
|
||||||
|
|
||||||
parent::__construct($provider);
|
parent::__construct($provider);
|
||||||
|
|
||||||
return;
|
return;
|
||||||
|
@ -56,8 +58,6 @@ class SetAclCommand extends ContainerAwareCommand
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* {@inheritdoc}
|
* {@inheritdoc}
|
||||||
*
|
|
||||||
* BC to be removed in 4.0
|
|
||||||
*/
|
*/
|
||||||
public function isEnabled()
|
public function isEnabled()
|
||||||
{
|
{
|
||||||
|
@ -117,7 +117,8 @@ EOF
|
||||||
*/
|
*/
|
||||||
protected function execute(InputInterface $input, OutputInterface $output)
|
protected function execute(InputInterface $input, OutputInterface $output)
|
||||||
{
|
{
|
||||||
// BC to be removed in 4.0
|
(new SymfonyStyle($input, $output instanceof ConsoleOutputInterface ? $output->getErrorOutput() : $output))->warning('Command "acl:set" is deprecated since version 3.4 and will be removed from SecurityBundle in 4.0. Install symfony/acl-bundle to use this command.');
|
||||||
|
|
||||||
if (null === $this->provider) {
|
if (null === $this->provider) {
|
||||||
$this->provider = $this->getContainer()->get('security.acl.provider');
|
$this->provider = $this->getContainer()->get('security.acl.provider');
|
||||||
}
|
}
|
||||||
|
@ -192,8 +193,6 @@ EOF
|
||||||
/**
|
/**
|
||||||
* Gets the mask builder.
|
* Gets the mask builder.
|
||||||
*
|
*
|
||||||
* BC to be removed in 4.0
|
|
||||||
*
|
|
||||||
* @return MaskBuilder
|
* @return MaskBuilder
|
||||||
*/
|
*/
|
||||||
protected function getMaskBuilder()
|
protected function getMaskBuilder()
|
||||||
|
|
|
@ -121,6 +121,7 @@ class MainConfiguration implements ConfigurationInterface
|
||||||
$rootNode
|
$rootNode
|
||||||
->children()
|
->children()
|
||||||
->arrayNode('acl')
|
->arrayNode('acl')
|
||||||
|
->setDeprecated('The "security.acl" configuration key is deprecated since version 3.4 and will be removed in 4.0. Install symfony/acl-bundle and use the "acl" key instead.')
|
||||||
->children()
|
->children()
|
||||||
->scalarNode('connection')
|
->scalarNode('connection')
|
||||||
->defaultNull()
|
->defaultNull()
|
||||||
|
|
|
@ -22,8 +22,6 @@ use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
|
||||||
|
|
||||||
abstract class CompleteConfigurationTest extends TestCase
|
abstract class CompleteConfigurationTest extends TestCase
|
||||||
{
|
{
|
||||||
private static $containerCache = array();
|
|
||||||
|
|
||||||
abstract protected function getLoader(ContainerBuilder $container);
|
abstract protected function getLoader(ContainerBuilder $container);
|
||||||
|
|
||||||
abstract protected function getFileExtension();
|
abstract protected function getFileExtension();
|
||||||
|
@ -38,6 +36,20 @@ abstract class CompleteConfigurationTest extends TestCase
|
||||||
), $container->getParameter('security.role_hierarchy.roles'));
|
), $container->getParameter('security.role_hierarchy.roles'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @group legacy
|
||||||
|
* @expectedDeprecation The "security.acl" configuration key is deprecated since version 3.4 and will be removed in 4.0. Install symfony/acl-bundle and use the "acl" key instead.
|
||||||
|
*/
|
||||||
|
public function testRolesHierarchyWithAcl()
|
||||||
|
{
|
||||||
|
$container = $this->getContainer('container1_with_acl');
|
||||||
|
$this->assertEquals(array(
|
||||||
|
'ROLE_ADMIN' => array('ROLE_USER'),
|
||||||
|
'ROLE_SUPER_ADMIN' => array('ROLE_USER', 'ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH'),
|
||||||
|
'ROLE_REMOTE' => array('ROLE_USER', 'ROLE_ADMIN'),
|
||||||
|
), $container->getParameter('security.role_hierarchy.roles'));
|
||||||
|
}
|
||||||
|
|
||||||
public function testUserProviders()
|
public function testUserProviders()
|
||||||
{
|
{
|
||||||
$container = $this->getContainer('container1');
|
$container = $this->getContainer('container1');
|
||||||
|
@ -439,14 +451,22 @@ abstract class CompleteConfigurationTest extends TestCase
|
||||||
)), $container->getDefinition('security.encoder_factory.generic')->getArguments());
|
)), $container->getDefinition('security.encoder_factory.generic')->getArguments());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @group legacy
|
||||||
|
* @expectedDeprecation The "security.acl" configuration key is deprecated since version 3.4 and will be removed in 4.0. Install symfony/acl-bundle and use the "acl" key instead.
|
||||||
|
*/
|
||||||
public function testAcl()
|
public function testAcl()
|
||||||
{
|
{
|
||||||
$container = $this->getContainer('container1');
|
$container = $this->getContainer('container1_with_acl');
|
||||||
|
|
||||||
$this->assertTrue($container->hasDefinition('security.acl.dbal.provider'));
|
$this->assertTrue($container->hasDefinition('security.acl.dbal.provider'));
|
||||||
$this->assertEquals('security.acl.dbal.provider', (string) $container->getAlias('security.acl.provider'));
|
$this->assertEquals('security.acl.dbal.provider', (string) $container->getAlias('security.acl.provider'));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @group legacy
|
||||||
|
* @expectedDeprecation The "security.acl" configuration key is deprecated since version 3.4 and will be removed in 4.0. Install symfony/acl-bundle and use the "acl" key instead.
|
||||||
|
*/
|
||||||
public function testCustomAclProvider()
|
public function testCustomAclProvider()
|
||||||
{
|
{
|
||||||
$container = $this->getContainer('custom_acl_provider');
|
$container = $this->getContainer('custom_acl_provider');
|
||||||
|
@ -546,9 +566,6 @@ abstract class CompleteConfigurationTest extends TestCase
|
||||||
{
|
{
|
||||||
$file = $file.'.'.$this->getFileExtension();
|
$file = $file.'.'.$this->getFileExtension();
|
||||||
|
|
||||||
if (isset(self::$containerCache[$file])) {
|
|
||||||
return self::$containerCache[$file];
|
|
||||||
}
|
|
||||||
$container = new ContainerBuilder();
|
$container = new ContainerBuilder();
|
||||||
$security = new SecurityExtension();
|
$security = new SecurityExtension();
|
||||||
$container->registerExtension($security);
|
$container->registerExtension($security);
|
||||||
|
@ -561,6 +578,6 @@ abstract class CompleteConfigurationTest extends TestCase
|
||||||
$container->getCompilerPassConfig()->setRemovingPasses(array());
|
$container->getCompilerPassConfig()->setRemovingPasses(array());
|
||||||
$container->compile();
|
$container->compile();
|
||||||
|
|
||||||
return self::$containerCache[$file] = $container;
|
return $container;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
<?php
|
<?php
|
||||||
|
|
||||||
$container->loadFromExtension('security', array(
|
$container->loadFromExtension('security', array(
|
||||||
'acl' => array(),
|
|
||||||
'encoders' => array(
|
'encoders' => array(
|
||||||
'JMS\FooBundle\Entity\User1' => 'plaintext',
|
'JMS\FooBundle\Entity\User1' => 'plaintext',
|
||||||
'JMS\FooBundle\Entity\User2' => array(
|
'JMS\FooBundle\Entity\User2' => array(
|
||||||
|
|
|
@ -0,0 +1,102 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
$container->loadFromExtension('security', array(
|
||||||
|
'acl' => array(),
|
||||||
|
'encoders' => array(
|
||||||
|
'JMS\FooBundle\Entity\User1' => 'plaintext',
|
||||||
|
'JMS\FooBundle\Entity\User2' => array(
|
||||||
|
'algorithm' => 'sha1',
|
||||||
|
'encode_as_base64' => false,
|
||||||
|
'iterations' => 5,
|
||||||
|
),
|
||||||
|
'JMS\FooBundle\Entity\User3' => array(
|
||||||
|
'algorithm' => 'md5',
|
||||||
|
),
|
||||||
|
'JMS\FooBundle\Entity\User4' => array(
|
||||||
|
'id' => 'security.encoder.foo',
|
||||||
|
),
|
||||||
|
'JMS\FooBundle\Entity\User5' => array(
|
||||||
|
'algorithm' => 'pbkdf2',
|
||||||
|
'hash_algorithm' => 'sha1',
|
||||||
|
'encode_as_base64' => false,
|
||||||
|
'iterations' => 5,
|
||||||
|
'key_length' => 30,
|
||||||
|
),
|
||||||
|
'JMS\FooBundle\Entity\User6' => array(
|
||||||
|
'algorithm' => 'bcrypt',
|
||||||
|
'cost' => 15,
|
||||||
|
),
|
||||||
|
),
|
||||||
|
'providers' => array(
|
||||||
|
'default' => array(
|
||||||
|
'memory' => array(
|
||||||
|
'users' => array(
|
||||||
|
'foo' => array('password' => 'foo', 'roles' => 'ROLE_USER'),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
'digest' => array(
|
||||||
|
'memory' => array(
|
||||||
|
'users' => array(
|
||||||
|
'foo' => array('password' => 'foo', 'roles' => 'ROLE_USER, ROLE_ADMIN'),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
'basic' => array(
|
||||||
|
'memory' => array(
|
||||||
|
'users' => array(
|
||||||
|
'foo' => array('password' => '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33', 'roles' => 'ROLE_SUPER_ADMIN'),
|
||||||
|
'bar' => array('password' => '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33', 'roles' => array('ROLE_USER', 'ROLE_ADMIN')),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
'service' => array(
|
||||||
|
'id' => 'user.manager',
|
||||||
|
),
|
||||||
|
'chain' => array(
|
||||||
|
'chain' => array(
|
||||||
|
'providers' => array('service', 'basic'),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
),
|
||||||
|
|
||||||
|
'firewalls' => array(
|
||||||
|
'simple' => array('pattern' => '/login', 'security' => false),
|
||||||
|
'secure' => array('stateless' => true,
|
||||||
|
'http_basic' => true,
|
||||||
|
'http_digest' => array('secret' => 'TheSecret'),
|
||||||
|
'form_login' => true,
|
||||||
|
'anonymous' => true,
|
||||||
|
'switch_user' => true,
|
||||||
|
'x509' => true,
|
||||||
|
'remote_user' => true,
|
||||||
|
'logout' => true,
|
||||||
|
'remember_me' => array('secret' => 'TheSecret'),
|
||||||
|
'user_checker' => null,
|
||||||
|
),
|
||||||
|
'host' => array(
|
||||||
|
'pattern' => '/test',
|
||||||
|
'host' => 'foo\\.example\\.org',
|
||||||
|
'methods' => array('GET', 'POST'),
|
||||||
|
'anonymous' => true,
|
||||||
|
'http_basic' => true,
|
||||||
|
),
|
||||||
|
'with_user_checker' => array(
|
||||||
|
'user_checker' => 'app.user_checker',
|
||||||
|
'anonymous' => true,
|
||||||
|
'http_basic' => true,
|
||||||
|
),
|
||||||
|
),
|
||||||
|
|
||||||
|
'access_control' => array(
|
||||||
|
array('path' => '/blog/524', 'role' => 'ROLE_USER', 'requires_channel' => 'https', 'methods' => array('get', 'POST')),
|
||||||
|
array('path' => '/blog/.*', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY'),
|
||||||
|
array('path' => '/blog/524', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY', 'allow_if' => "token.getUsername() matches '/^admin/'"),
|
||||||
|
),
|
||||||
|
|
||||||
|
'role_hierarchy' => array(
|
||||||
|
'ROLE_ADMIN' => 'ROLE_USER',
|
||||||
|
'ROLE_SUPER_ADMIN' => array('ROLE_USER', 'ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH'),
|
||||||
|
'ROLE_REMOTE' => 'ROLE_USER,ROLE_ADMIN',
|
||||||
|
),
|
||||||
|
));
|
|
@ -6,8 +6,6 @@
|
||||||
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
|
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
|
||||||
|
|
||||||
<config>
|
<config>
|
||||||
<acl />
|
|
||||||
|
|
||||||
<encoder class="JMS\FooBundle\Entity\User1" algorithm="plaintext" />
|
<encoder class="JMS\FooBundle\Entity\User1" algorithm="plaintext" />
|
||||||
|
|
||||||
<encoder class="JMS\FooBundle\Entity\User2" algorithm="sha1" encode-as-base64="false" iterations="5" />
|
<encoder class="JMS\FooBundle\Entity\User2" algorithm="sha1" encode-as-base64="false" iterations="5" />
|
||||||
|
|
|
@ -0,0 +1,81 @@
|
||||||
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
|
|
||||||
|
<srv:container xmlns="http://symfony.com/schema/dic/security"
|
||||||
|
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||||
|
xmlns:srv="http://symfony.com/schema/dic/services"
|
||||||
|
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
|
||||||
|
|
||||||
|
<config>
|
||||||
|
<acl />
|
||||||
|
<encoder class="JMS\FooBundle\Entity\User1" algorithm="plaintext" />
|
||||||
|
|
||||||
|
<encoder class="JMS\FooBundle\Entity\User2" algorithm="sha1" encode-as-base64="false" iterations="5" />
|
||||||
|
|
||||||
|
<encoder class="JMS\FooBundle\Entity\User3" algorithm="md5" />
|
||||||
|
|
||||||
|
<encoder class="JMS\FooBundle\Entity\User4" id="security.encoder.foo" />
|
||||||
|
|
||||||
|
<encoder class="JMS\FooBundle\Entity\User5" algorithm="pbkdf2" hash-algorithm="sha1" encode-as-base64="false" iterations="5" key-length="30" />
|
||||||
|
|
||||||
|
<encoder class="JMS\FooBundle\Entity\User6" algorithm="bcrypt" cost="15" />
|
||||||
|
|
||||||
|
<provider name="default">
|
||||||
|
<memory>
|
||||||
|
<user name="foo" password="foo" roles="ROLE_USER" />
|
||||||
|
</memory>
|
||||||
|
</provider>
|
||||||
|
|
||||||
|
<provider name="digest">
|
||||||
|
<memory>
|
||||||
|
<user name="foo" password="foo" roles="ROLE_USER, ROLE_ADMIN" />
|
||||||
|
</memory>
|
||||||
|
</provider>
|
||||||
|
|
||||||
|
<provider name="basic">
|
||||||
|
<memory>
|
||||||
|
<user name="foo" password="0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33" roles="ROLE_SUPER_ADMIN" />
|
||||||
|
<user name="bar" password="0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33" roles="ROLE_USER, ROLE_ADMIN" />
|
||||||
|
</memory>
|
||||||
|
</provider>
|
||||||
|
|
||||||
|
<provider name="service" id="user.manager" />
|
||||||
|
|
||||||
|
<provider name="chain">
|
||||||
|
<chain providers="service, basic" />
|
||||||
|
</provider>
|
||||||
|
|
||||||
|
<firewall name="simple" pattern="/login" security="false" />
|
||||||
|
|
||||||
|
<firewall name="secure" stateless="true">
|
||||||
|
<http-basic />
|
||||||
|
<http-digest secret="TheSecret" />
|
||||||
|
<form-login />
|
||||||
|
<anonymous />
|
||||||
|
<switch-user />
|
||||||
|
<x509 />
|
||||||
|
<remote-user />
|
||||||
|
<user-checker />
|
||||||
|
<logout />
|
||||||
|
<remember-me secret="TheSecret"/>
|
||||||
|
</firewall>
|
||||||
|
|
||||||
|
<firewall name="host" pattern="/test" host="foo\.example\.org" methods="GET,POST">
|
||||||
|
<anonymous />
|
||||||
|
<http-basic />
|
||||||
|
</firewall>
|
||||||
|
|
||||||
|
<firewall name="with_user_checker">
|
||||||
|
<anonymous />
|
||||||
|
<http-basic />
|
||||||
|
<user-checker>app.user_checker</user-checker>
|
||||||
|
</firewall>
|
||||||
|
|
||||||
|
<role id="ROLE_ADMIN">ROLE_USER</role>
|
||||||
|
<role id="ROLE_SUPER_ADMIN">ROLE_USER,ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH</role>
|
||||||
|
<role id="ROLE_REMOTE">ROLE_USER,ROLE_ADMIN</role>
|
||||||
|
|
||||||
|
<rule path="/blog/524" role="ROLE_USER" requires-channel="https" methods="get,POST" />
|
||||||
|
<rule role='IS_AUTHENTICATED_ANONYMOUSLY' path="/blog/.*" />
|
||||||
|
<rule role='IS_AUTHENTICATED_ANONYMOUSLY' allow-if="token.getUsername() matches '/^admin/'" path="/blog/524" />
|
||||||
|
</config>
|
||||||
|
</srv:container>
|
|
@ -1,5 +1,4 @@
|
||||||
security:
|
security:
|
||||||
acl: ~
|
|
||||||
encoders:
|
encoders:
|
||||||
JMS\FooBundle\Entity\User1: plaintext
|
JMS\FooBundle\Entity\User1: plaintext
|
||||||
JMS\FooBundle\Entity\User2:
|
JMS\FooBundle\Entity\User2:
|
||||||
|
|
|
@ -0,0 +1,83 @@
|
||||||
|
security:
|
||||||
|
acl: ~
|
||||||
|
encoders:
|
||||||
|
JMS\FooBundle\Entity\User1: plaintext
|
||||||
|
JMS\FooBundle\Entity\User2:
|
||||||
|
algorithm: sha1
|
||||||
|
encode_as_base64: false
|
||||||
|
iterations: 5
|
||||||
|
JMS\FooBundle\Entity\User3:
|
||||||
|
algorithm: md5
|
||||||
|
JMS\FooBundle\Entity\User4:
|
||||||
|
id: security.encoder.foo
|
||||||
|
JMS\FooBundle\Entity\User5:
|
||||||
|
algorithm: pbkdf2
|
||||||
|
hash_algorithm: sha1
|
||||||
|
encode_as_base64: false
|
||||||
|
iterations: 5
|
||||||
|
key_length: 30
|
||||||
|
JMS\FooBundle\Entity\User6:
|
||||||
|
algorithm: bcrypt
|
||||||
|
cost: 15
|
||||||
|
|
||||||
|
providers:
|
||||||
|
default:
|
||||||
|
memory:
|
||||||
|
users:
|
||||||
|
foo: { password: foo, roles: ROLE_USER }
|
||||||
|
digest:
|
||||||
|
memory:
|
||||||
|
users:
|
||||||
|
foo: { password: foo, roles: 'ROLE_USER, ROLE_ADMIN' }
|
||||||
|
basic:
|
||||||
|
memory:
|
||||||
|
users:
|
||||||
|
foo: { password: 0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33, roles: ROLE_SUPER_ADMIN }
|
||||||
|
bar: { password: 0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33, roles: [ROLE_USER, ROLE_ADMIN] }
|
||||||
|
service:
|
||||||
|
id: user.manager
|
||||||
|
chain:
|
||||||
|
chain:
|
||||||
|
providers: [service, basic]
|
||||||
|
|
||||||
|
|
||||||
|
firewalls:
|
||||||
|
simple: { pattern: /login, security: false }
|
||||||
|
secure:
|
||||||
|
stateless: true
|
||||||
|
http_basic: true
|
||||||
|
http_digest:
|
||||||
|
secret: TheSecret
|
||||||
|
form_login: true
|
||||||
|
anonymous: true
|
||||||
|
switch_user: true
|
||||||
|
x509: true
|
||||||
|
remote_user: true
|
||||||
|
logout: true
|
||||||
|
remember_me:
|
||||||
|
secret: TheSecret
|
||||||
|
user_checker: ~
|
||||||
|
|
||||||
|
host:
|
||||||
|
pattern: /test
|
||||||
|
host: foo\.example\.org
|
||||||
|
methods: [GET,POST]
|
||||||
|
anonymous: true
|
||||||
|
http_basic: true
|
||||||
|
|
||||||
|
with_user_checker:
|
||||||
|
anonymous: ~
|
||||||
|
http_basic: ~
|
||||||
|
user_checker: app.user_checker
|
||||||
|
|
||||||
|
role_hierarchy:
|
||||||
|
ROLE_ADMIN: ROLE_USER
|
||||||
|
ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH]
|
||||||
|
ROLE_REMOTE: ROLE_USER,ROLE_ADMIN
|
||||||
|
|
||||||
|
access_control:
|
||||||
|
- { path: /blog/524, role: ROLE_USER, requires_channel: https, methods: [get, POST]}
|
||||||
|
-
|
||||||
|
path: /blog/.*
|
||||||
|
role: IS_AUTHENTICATED_ANONYMOUSLY
|
||||||
|
- { path: /blog/524, role: IS_AUTHENTICATED_ANONYMOUSLY, allow_if: "token.getUsername() matches '/^admin/'" }
|
|
@ -33,15 +33,13 @@ use Symfony\Component\Security\Acl\Permission\BasicPermissionMap;
|
||||||
*
|
*
|
||||||
* @author Kévin Dunglas <kevin@les-tilleuls.coop>
|
* @author Kévin Dunglas <kevin@les-tilleuls.coop>
|
||||||
* @requires extension pdo_sqlite
|
* @requires extension pdo_sqlite
|
||||||
|
* @group legacy
|
||||||
*/
|
*/
|
||||||
class SetAclCommandTest extends WebTestCase
|
class SetAclCommandTest extends WebTestCase
|
||||||
{
|
{
|
||||||
const OBJECT_CLASS = 'Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AclBundle\Entity\Car';
|
const OBJECT_CLASS = 'Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AclBundle\Entity\Car';
|
||||||
const SECURITY_CLASS = 'Symfony\Component\Security\Core\User\User';
|
const SECURITY_CLASS = 'Symfony\Component\Security\Core\User\User';
|
||||||
|
|
||||||
/**
|
|
||||||
* @group legacy
|
|
||||||
*/
|
|
||||||
public function testSetAclUser()
|
public function testSetAclUser()
|
||||||
{
|
{
|
||||||
$objectId = 1;
|
$objectId = 1;
|
||||||
|
|
Reference in New Issue