diogo
/
symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Security] performance improvements of PermissionGrantingStrategy

This commit is contained in:
Johannes Schmitt 2011-02-12 09:07:21 +01:00 committed by Fabien Potencier
parent 19bbafc441
commit 9749da6e52
2 changed files with 21 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Symfony/Component/Security/Acl/Domain/Acl.php
View File

@ -232,7 +232,7 @@ class Acl implements AuditableAclInterface
*/
public function isSidLoaded($sids)
{
if (0 === count($this->loadedSids)) {
if (!$this->loadedSids) {
return true;
}

41
src/Symfony/Component/Security/Acl/Domain/PermissionGrantingStrategy.php
View File

@ -30,8 +30,16 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
const ALL = 'all';
const ANY = 'any';
protected static $noAceException;
protected $auditLogger;
public function __construct()
{
if (null === static::$noAceException) {
static::$noAceException = new NoAceFoundException('No ACE.');
}
}
/**
* Sets the audit logger
*
@ -62,16 +70,16 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
try {
$aces = $acl->getObjectAces();
if (0 === count($aces)) {
throw new NoAceFoundException('No applicable ACE was found.');
if (!$aces) {
throw static::$noAceException;
}
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
} catch (NoAceFoundException $noObjectAce) {
$aces = $acl->getClassAces();
if (0 === count($aces)) {
throw new NoAceFoundException('No applicable ACE was found.');
if (!$aces) {
throw static::$noAceException;
}
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
@ -93,15 +101,15 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
try {
try {
$aces = $acl->getObjectFieldAces($field);
if (0 === count($aces)) {
throw new NoAceFoundException('No applicable ACE was found.');
if (!$aces) {
throw static::$noAceException;
}
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
} catch (NoAceFoundException $noObjectAces) {
$aces = $acl->getClassFieldAces($field);
if (0 === count($aces)) {
throw new NoAceFoundException('No applicable ACE was found.');
if (!$aces) {
throw static::$noAceException;
}
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
@ -151,12 +159,8 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
foreach ($masks as $requiredMask) {
foreach ($sids as $sid) {
if (!$acl->isSidLoaded($sid)) {
throw new SidNotLoadedException(sprintf('The SID "%s" has not been loaded.', $sid));
}
foreach ($aces as $ace) {
if ($this->isAceApplicable($requiredMask, $sid, $ace)) {
if ($sid->equals($ace->getSecurityIdentity()) && $this->isAceApplicable($requiredMask, $ace)) {
if ($ace->isGranting()) {
if (!$administrativeMode && null !== $this->auditLogger) {
$this->auditLogger->logIfNeeded(true, $ace);
@ -183,7 +187,7 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
return false;
}
throw new NoAceFoundException('No applicable ACE was found.');
throw static::$noAceException;
}
/**
@ -203,17 +207,12 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
* Strategy EQUAL:
* The ACE will be considered applicable when the bitmasks are equal.
*
* @param SecurityIdentityInterface $sid
* @param integer $requiredMask
* @param EntryInterface $ace
* @param int $requiredMask
* @return Boolean
*/
protected function isAceApplicable($requiredMask, SecurityIdentityInterface $sid, EntryInterface $ace)
protected function isAceApplicable($requiredMask, EntryInterface $ace)
{
if (false === $ace->getSecurityIdentity()->equals($sid)) {
return false;
}
$strategy = $ace->getStrategy();
if (self::ALL === $strategy) {
return $requiredMask === ($ace->getMask() & $requiredMask);