From 9749da6e52aa4f942e7e70b359e0c266a5e130e1 Mon Sep 17 00:00:00 2001
From: Johannes Schmitt <schmittjoh@gmail.com>
Date: Sat, 12 Feb 2011 09:07:21 +0100
Subject: [PATCH] [Security] performance improvements of
 PermissionGrantingStrategy

---
 .../Component/Security/Acl/Domain/Acl.php     |  2 +-
 .../Acl/Domain/PermissionGrantingStrategy.php | 41 +++++++++----------
 2 files changed, 21 insertions(+), 22 deletions(-)

diff --git a/src/Symfony/Component/Security/Acl/Domain/Acl.php b/src/Symfony/Component/Security/Acl/Domain/Acl.php
index 37994526ca..6bffe59201 100644
--- a/src/Symfony/Component/Security/Acl/Domain/Acl.php
+++ b/src/Symfony/Component/Security/Acl/Domain/Acl.php
@@ -232,7 +232,7 @@ class Acl implements AuditableAclInterface
      */
     public function isSidLoaded($sids)
     {
-        if (0 === count($this->loadedSids)) {
+        if (!$this->loadedSids) {
             return true;
         }
 
diff --git a/src/Symfony/Component/Security/Acl/Domain/PermissionGrantingStrategy.php b/src/Symfony/Component/Security/Acl/Domain/PermissionGrantingStrategy.php
index dc73572241..d23dc3e12d 100644
--- a/src/Symfony/Component/Security/Acl/Domain/PermissionGrantingStrategy.php
+++ b/src/Symfony/Component/Security/Acl/Domain/PermissionGrantingStrategy.php
@@ -30,8 +30,16 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
     const ALL   = 'all';
     const ANY   = 'any';
 
+    protected static $noAceException;
     protected $auditLogger;
 
+    public function __construct()
+    {
+        if (null === static::$noAceException) {
+            static::$noAceException = new NoAceFoundException('No ACE.');
+        }
+    }
+
     /**
      * Sets the audit logger
      *
@@ -62,16 +70,16 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
             try {
                 $aces = $acl->getObjectAces();
 
-                if (0 === count($aces)) {
-                    throw new NoAceFoundException('No applicable ACE was found.');
+                if (!$aces) {
+                    throw static::$noAceException;
                 }
 
                 return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
             } catch (NoAceFoundException $noObjectAce) {
                 $aces = $acl->getClassAces();
 
-                if (0 === count($aces)) {
-                    throw new NoAceFoundException('No applicable ACE was found.');
+                if (!$aces) {
+                    throw static::$noAceException;
                 }
 
                 return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
@@ -93,15 +101,15 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
         try {
             try {
                 $aces = $acl->getObjectFieldAces($field);
-                if (0 === count($aces)) {
-                    throw new NoAceFoundException('No applicable ACE was found.');
+                if (!$aces) {
+                    throw static::$noAceException;
                 }
 
                 return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
             } catch (NoAceFoundException $noObjectAces) {
                 $aces = $acl->getClassFieldAces($field);
-                if (0 === count($aces)) {
-                    throw new NoAceFoundException('No applicable ACE was found.');
+                if (!$aces) {
+                    throw static::$noAceException;
                 }
 
                 return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
@@ -151,12 +159,8 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
 
         foreach ($masks as $requiredMask) {
             foreach ($sids as $sid) {
-                if (!$acl->isSidLoaded($sid)) {
-                    throw new SidNotLoadedException(sprintf('The SID "%s" has not been loaded.', $sid));
-                }
-
                 foreach ($aces as $ace) {
-                    if ($this->isAceApplicable($requiredMask, $sid, $ace)) {
+                    if ($sid->equals($ace->getSecurityIdentity()) && $this->isAceApplicable($requiredMask, $ace)) {
                         if ($ace->isGranting()) {
                             if (!$administrativeMode && null !== $this->auditLogger) {
                                 $this->auditLogger->logIfNeeded(true, $ace);
@@ -183,7 +187,7 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
             return false;
         }
 
-        throw new NoAceFoundException('No applicable ACE was found.');
+        throw static::$noAceException;
     }
 
     /**
@@ -203,17 +207,12 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
      * Strategy EQUAL:
      * The ACE will be considered applicable when the bitmasks are equal.
      *
-     * @param SecurityIdentityInterface $sid
+     * @param integer $requiredMask
      * @param EntryInterface $ace
-     * @param int $requiredMask
      * @return Boolean
      */
-    protected function isAceApplicable($requiredMask, SecurityIdentityInterface $sid, EntryInterface $ace)
+    protected function isAceApplicable($requiredMask, EntryInterface $ace)
     {
-        if (false === $ace->getSecurityIdentity()->equals($sid)) {
-            return false;
-        }
-
         $strategy = $ace->getStrategy();
         if (self::ALL === $strategy) {
             return $requiredMask === ($ace->getMask() & $requiredMask);