[Security] performance improvements of PermissionGrantingStrategy
This commit is contained in:
parent
19bbafc441
commit
9749da6e52
|
@ -232,7 +232,7 @@ class Acl implements AuditableAclInterface
|
|||
*/
|
||||
public function isSidLoaded($sids)
|
||||
{
|
||||
if (0 === count($this->loadedSids)) {
|
||||
if (!$this->loadedSids) {
|
||||
return true;
|
||||
}
|
||||
|
||||
|
|
|
@ -30,8 +30,16 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
|
|||
const ALL = 'all';
|
||||
const ANY = 'any';
|
||||
|
||||
protected static $noAceException;
|
||||
protected $auditLogger;
|
||||
|
||||
public function __construct()
|
||||
{
|
||||
if (null === static::$noAceException) {
|
||||
static::$noAceException = new NoAceFoundException('No ACE.');
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Sets the audit logger
|
||||
*
|
||||
|
@ -62,16 +70,16 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
|
|||
try {
|
||||
$aces = $acl->getObjectAces();
|
||||
|
||||
if (0 === count($aces)) {
|
||||
throw new NoAceFoundException('No applicable ACE was found.');
|
||||
if (!$aces) {
|
||||
throw static::$noAceException;
|
||||
}
|
||||
|
||||
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
|
||||
} catch (NoAceFoundException $noObjectAce) {
|
||||
$aces = $acl->getClassAces();
|
||||
|
||||
if (0 === count($aces)) {
|
||||
throw new NoAceFoundException('No applicable ACE was found.');
|
||||
if (!$aces) {
|
||||
throw static::$noAceException;
|
||||
}
|
||||
|
||||
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
|
||||
|
@ -93,15 +101,15 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
|
|||
try {
|
||||
try {
|
||||
$aces = $acl->getObjectFieldAces($field);
|
||||
if (0 === count($aces)) {
|
||||
throw new NoAceFoundException('No applicable ACE was found.');
|
||||
if (!$aces) {
|
||||
throw static::$noAceException;
|
||||
}
|
||||
|
||||
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
|
||||
} catch (NoAceFoundException $noObjectAces) {
|
||||
$aces = $acl->getClassFieldAces($field);
|
||||
if (0 === count($aces)) {
|
||||
throw new NoAceFoundException('No applicable ACE was found.');
|
||||
if (!$aces) {
|
||||
throw static::$noAceException;
|
||||
}
|
||||
|
||||
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
|
||||
|
@ -151,12 +159,8 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
|
|||
|
||||
foreach ($masks as $requiredMask) {
|
||||
foreach ($sids as $sid) {
|
||||
if (!$acl->isSidLoaded($sid)) {
|
||||
throw new SidNotLoadedException(sprintf('The SID "%s" has not been loaded.', $sid));
|
||||
}
|
||||
|
||||
foreach ($aces as $ace) {
|
||||
if ($this->isAceApplicable($requiredMask, $sid, $ace)) {
|
||||
if ($sid->equals($ace->getSecurityIdentity()) && $this->isAceApplicable($requiredMask, $ace)) {
|
||||
if ($ace->isGranting()) {
|
||||
if (!$administrativeMode && null !== $this->auditLogger) {
|
||||
$this->auditLogger->logIfNeeded(true, $ace);
|
||||
|
@ -183,7 +187,7 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
|
|||
return false;
|
||||
}
|
||||
|
||||
throw new NoAceFoundException('No applicable ACE was found.');
|
||||
throw static::$noAceException;
|
||||
}
|
||||
|
||||
/**
|
||||
|
@ -203,17 +207,12 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
|
|||
* Strategy EQUAL:
|
||||
* The ACE will be considered applicable when the bitmasks are equal.
|
||||
*
|
||||
* @param SecurityIdentityInterface $sid
|
||||
* @param integer $requiredMask
|
||||
* @param EntryInterface $ace
|
||||
* @param int $requiredMask
|
||||
* @return Boolean
|
||||
*/
|
||||
protected function isAceApplicable($requiredMask, SecurityIdentityInterface $sid, EntryInterface $ace)
|
||||
protected function isAceApplicable($requiredMask, EntryInterface $ace)
|
||||
{
|
||||
if (false === $ace->getSecurityIdentity()->equals($sid)) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$strategy = $ace->getStrategy();
|
||||
if (self::ALL === $strategy) {
|
||||
return $requiredMask === ($ace->getMask() & $requiredMask);
|
||||
|
|
Reference in New Issue