diogo/symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Security] performance improvements of PermissionGrantingStrategy

Browse Source
This commit is contained in:
Johannes Schmitt 2011-02-12 09:07:21 +01:00 committed by Fabien Potencier
parent 19bbafc441
commit 9749da6e52
2 changed files with 21 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Symfony/Component/Security/Acl/Domain/Acl.php
View File

@ -232,7 +232,7 @@ class Acl implements AuditableAclInterface
*/ */
public function isSidLoaded($sids) public function isSidLoaded($sids)
{ {
if (0 === count($this->loadedSids)) { if (!$this->loadedSids) {
return true; return true;
} }

41
src/Symfony/Component/Security/Acl/Domain/PermissionGrantingStrategy.php
View File

@ -30,8 +30,16 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
const ALL = 'all'; const ALL = 'all';
const ANY = 'any'; const ANY = 'any';
protected static $noAceException;
protected $auditLogger; protected $auditLogger;
public function __construct()
{
if (null === static::$noAceException) {
static::$noAceException = new NoAceFoundException('No ACE.');
}
}
/** /**
* Sets the audit logger * Sets the audit logger
* *
@ -62,16 +70,16 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
try { try {
$aces = $acl->getObjectAces(); $aces = $acl->getObjectAces();
if (0 === count($aces)) { if (!$aces) {
throw new NoAceFoundException('No applicable ACE was found.'); throw static::$noAceException;
} }
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode); return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
} catch (NoAceFoundException $noObjectAce) { } catch (NoAceFoundException $noObjectAce) {
$aces = $acl->getClassAces(); $aces = $acl->getClassAces();
if (0 === count($aces)) { if (!$aces) {
throw new NoAceFoundException('No applicable ACE was found.'); throw static::$noAceException;
} }
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode); return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
@ -93,15 +101,15 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
try { try {
try { try {
$aces = $acl->getObjectFieldAces($field); $aces = $acl->getObjectFieldAces($field);
if (0 === count($aces)) { if (!$aces) {
throw new NoAceFoundException('No applicable ACE was found.'); throw static::$noAceException;
} }
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode); return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
} catch (NoAceFoundException $noObjectAces) { } catch (NoAceFoundException $noObjectAces) {
$aces = $acl->getClassFieldAces($field); $aces = $acl->getClassFieldAces($field);
if (0 === count($aces)) { if (!$aces) {
throw new NoAceFoundException('No applicable ACE was found.'); throw static::$noAceException;
} }
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode); return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
@ -151,12 +159,8 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
foreach ($masks as $requiredMask) { foreach ($masks as $requiredMask) {
foreach ($sids as $sid) { foreach ($sids as $sid) {
if (!$acl->isSidLoaded($sid)) {
throw new SidNotLoadedException(sprintf('The SID "%s" has not been loaded.', $sid));
}
foreach ($aces as $ace) { foreach ($aces as $ace) {
if ($this->isAceApplicable($requiredMask, $sid, $ace)) { if ($sid->equals($ace->getSecurityIdentity()) && $this->isAceApplicable($requiredMask, $ace)) {
if ($ace->isGranting()) { if ($ace->isGranting()) {
if (!$administrativeMode && null !== $this->auditLogger) { if (!$administrativeMode && null !== $this->auditLogger) {
$this->auditLogger->logIfNeeded(true, $ace); $this->auditLogger->logIfNeeded(true, $ace);
@ -183,7 +187,7 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
return false; return false;
} }
throw new NoAceFoundException('No applicable ACE was found.'); throw static::$noAceException;
} }
/** /**
@ -203,17 +207,12 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
* Strategy EQUAL: * Strategy EQUAL:
* The ACE will be considered applicable when the bitmasks are equal. * The ACE will be considered applicable when the bitmasks are equal.
* *
* @param SecurityIdentityInterface $sid * @param integer $requiredMask
* @param EntryInterface $ace * @param EntryInterface $ace
* @param int $requiredMask
* @return Boolean * @return Boolean
*/ */
protected function isAceApplicable($requiredMask, SecurityIdentityInterface $sid, EntryInterface $ace) protected function isAceApplicable($requiredMask, EntryInterface $ace)
{ {
if (false === $ace->getSecurityIdentity()->equals($sid)) {
return false;
}
$strategy = $ace->getStrategy(); $strategy = $ace->getStrategy();
if (self::ALL === $strategy) { if (self::ALL === $strategy) {
return $requiredMask === ($ace->getMask() & $requiredMask); return $requiredMask === ($ace->getMask() & $requiredMask);