fix possible duplicate security identities
This commit is contained in:
Johannes M. Schmitt
Fabien Potencier
parent
2daa6b5bfe
commit
a99d8c8558
@ -371,7 +371,10 @@ class AclProvider implements AclProviderInterface
|
||||
if (!isset($loadedAces[$aceId])) {
|
||||
if (!isset($sids[$key = ($username?'1':'0').$securityIdentifier])) {
|
||||
if ($username) {
|
||||
$sids[$key] = new UserSecurityIdentity($securityIdentifier);
|
||||
$sids[$key] = new UserSecurityIdentity(
|
||||
substr($securityIdentifier, 1 + $pos = strpos($securityIdentifier, '-')),
|
||||
substr($securityIdentifier, 0, $pos)
|
||||
);
|
||||
} else {
|
||||
$sids[$key] = new RoleSecurityIdentity($securityIdentifier);
|
||||
}
|
||||
|
||||
@ -591,7 +591,7 @@ QUERY;
|
||||
protected function getInsertSecurityIdentitySql(SecurityIdentityInterface $sid)
|
||||
{
|
||||
if ($sid instanceof UserSecurityIdentity) {
|
||||
$identifier = $sid->getUsername();
|
||||
$identifier = $sid->getClass().'-'.$sid->getUsername();
|
||||
$username = true;
|
||||
} else if ($sid instanceof RoleSecurityIdentity) {
|
||||
$identifier = $sid->getRole();
|
||||
@ -659,7 +659,7 @@ QUERY;
|
||||
protected function getSelectSecurityIdentityIdSql(SecurityIdentityInterface $sid)
|
||||
{
|
||||
if ($sid instanceof UserSecurityIdentity) {
|
||||
$identifier = $sid->getUsername();
|
||||
$identifier = $sid->getClass().'-'.$sid->getUsername();
|
||||
$username = true;
|
||||
} else if ($sid instanceof RoleSecurityIdentity) {
|
||||
$identifier = $sid->getRole();
|
||||
|
||||
@ -15,35 +15,35 @@ use Doctrine\DBAL\Schema\Schema as BaseSchema;
|
||||
|
||||
/**
|
||||
* The schema used for the ACL system.
|
||||
*
|
||||
*
|
||||
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
||||
*/
|
||||
class Schema extends BaseSchema
|
||||
{
|
||||
protected $options;
|
||||
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*
|
||||
*
|
||||
* @param array $options the names for tables
|
||||
* @return void
|
||||
*/
|
||||
public function __construct(array $options)
|
||||
{
|
||||
parent::__construct();
|
||||
|
||||
|
||||
$this->options = $options;
|
||||
|
||||
|
||||
$this->addClassTable();
|
||||
$this->addSecurityIdentitiesTable();
|
||||
$this->addObjectIdentitiesTable();
|
||||
$this->addObjectIdentityAncestorsTable();
|
||||
$this->addEntryTable();
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Adds the class table to the schema
|
||||
*
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
protected function addClassTable()
|
||||
@ -54,16 +54,16 @@ class Schema extends BaseSchema
|
||||
$table->setPrimaryKey(array('id'));
|
||||
$table->addUniqueIndex(array('class_type'));
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Adds the entry table to the schema
|
||||
*
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
protected function addEntryTable()
|
||||
{
|
||||
$table = $this->createTable($this->options['entry_table_name']);
|
||||
|
||||
|
||||
$table->addColumn('id', 'integer', array('unsigned' => true, 'autoincrement' => 'auto'));
|
||||
$table->addColumn('class_id', 'integer', array('unsigned' => true));
|
||||
$table->addColumn('object_identity_id', 'integer', array('unsigned' => true, 'notnull' => false));
|
||||
@ -75,70 +75,70 @@ class Schema extends BaseSchema
|
||||
$table->addColumn('granting_strategy', 'string', array('length' => 30));
|
||||
$table->addColumn('audit_success', 'boolean', array('default' => 0));
|
||||
$table->addColumn('audit_failure', 'boolean', array('default' => 0));
|
||||
|
||||
|
||||
$table->setPrimaryKey(array('id'));
|
||||
$table->addUniqueIndex(array('class_id', 'object_identity_id', 'field_name', 'ace_order'));
|
||||
$table->addIndex(array('class_id', 'object_identity_id', 'security_identity_id'));
|
||||
|
||||
|
||||
$table->addForeignKeyConstraint($this->getTable($this->options['class_table_name']), array('class_id'), array('id'), array('onDelete' => 'CASCADE', 'onUpdate' => 'CASCADE'));
|
||||
$table->addForeignKeyConstraint($this->getTable($this->options['oid_table_name']), array('object_identity_id'), array('id'), array('onDelete' => 'CASCADE', 'onUpdate' => 'CASCADE'));
|
||||
$table->addForeignKeyConstraint($this->getTable($this->options['sid_table_name']), array('security_identity_id'), array('id'), array('onDelete' => 'CASCADE', 'onUpdate' => 'CASCADE'));
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Adds the object identity table to the schema
|
||||
*
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
protected function addObjectIdentitiesTable()
|
||||
{
|
||||
$table = $this->createTable($this->options['oid_table_name']);
|
||||
|
||||
|
||||
$table->addColumn('id', 'integer', array('unsigned' => true, 'autoincrement' => 'auto'));
|
||||
$table->addColumn('class_id', 'integer', array('unsigned' => true));
|
||||
$table->addColumn('object_identifier', 'string', array('length' => 100));
|
||||
$table->addColumn('parent_object_identity_id', 'integer', array('unsigned' => true, 'notnull' => false));
|
||||
$table->addColumn('entries_inheriting', 'boolean', array('default' => 0));
|
||||
|
||||
|
||||
$table->setPrimaryKey(array('id'));
|
||||
$table->addUniqueIndex(array('object_identifier', 'class_id'));
|
||||
$table->addIndex(array('parent_object_identity_id'));
|
||||
|
||||
|
||||
$table->addForeignKeyConstraint($table, array('parent_object_identity_id'), array('id'), array('onDelete' => 'RESTRICT', 'onUpdate' => 'RESTRICT'));
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Adds the object identity relation table to the schema
|
||||
*
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
protected function addObjectIdentityAncestorsTable()
|
||||
{
|
||||
$table = $this->createTable($this->options['oid_ancestors_table_name']);
|
||||
|
||||
|
||||
$table->addColumn('object_identity_id', 'integer', array('unsigned' => true));
|
||||
$table->addColumn('ancestor_id', 'integer', array('unsigned' => true));
|
||||
|
||||
|
||||
$table->setPrimaryKey(array('object_identity_id', 'ancestor_id'));
|
||||
|
||||
$oidTable = $this->getTable($this->options['oid_table_name']);
|
||||
$table->addForeignKeyConstraint($oidTable, array('object_identity_id'), array('id'), array('onDelete' => 'CASCADE', 'onUpdate' => 'CASCADE'));
|
||||
$table->addForeignKeyConstraint($oidTable, array('ancestor_id'), array('id'), array('onDelete' => 'CASCADE', 'onUpdate' => 'CASCADE'));
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Adds the security identity table to the schema
|
||||
*
|
||||
*
|
||||
* @return void
|
||||
*/
|
||||
protected function addSecurityIdentitiesTable()
|
||||
{
|
||||
$table = $this->createTable($this->options['sid_table_name']);
|
||||
|
||||
|
||||
$table->addColumn('id', 'integer', array('unsigned' => true, 'autoincrement' => 'auto'));
|
||||
$table->addColumn('identifier', 'string', array('length' => 100));
|
||||
$table->addColumn('identifier', 'string', array('length' => 200));
|
||||
$table->addColumn('username', 'boolean', array('default' => 0));
|
||||
|
||||
|
||||
$table->setPrimaryKey(array('id'));
|
||||
$table->addUniqueIndex(array('identifier', 'username'));
|
||||
}
|
||||
|
||||
@ -34,10 +34,10 @@ class ObjectIdentity implements ObjectIdentityInterface
|
||||
*/
|
||||
public function __construct($identifier, $type)
|
||||
{
|
||||
if (0 === strlen($identifier)) {
|
||||
if (empty($identifier)) {
|
||||
throw new \InvalidArgumentException('$identifier cannot be empty.');
|
||||
}
|
||||
if (0 === strlen($type)) {
|
||||
if (empty($type)) {
|
||||
throw new \InvalidArgumentException('$type cannot be empty.');
|
||||
}
|
||||
|
||||
|
||||
@ -2,6 +2,7 @@
|
||||
|
||||
namespace Symfony\Component\Security\Acl\Domain;
|
||||
|
||||
use Symfony\Component\Security\User\AccountInterface;
|
||||
use Symfony\Component\Security\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterface;
|
||||
use Symfony\Component\Security\Authentication\AuthenticationTrustResolver;
|
||||
@ -46,9 +47,11 @@ class SecurityIdentityRetrievalStrategy implements SecurityIdentityRetrievalStra
|
||||
public function getSecurityIdentities(TokenInterface $token)
|
||||
{
|
||||
$sids = array();
|
||||
|
||||
if (false === $this->authenticationTrustResolver->isAnonymous($token)) {
|
||||
$sids[] = new UserSecurityIdentity($token);
|
||||
|
||||
// add user security identity
|
||||
$user = $token->getUser();
|
||||
if ($user instanceof AccountInterface) {
|
||||
$sids[] = UserSecurityIdentity::fromAccount($user);
|
||||
}
|
||||
|
||||
// add all reachable roles
|
||||
|
||||
@ -2,8 +2,8 @@
|
||||
|
||||
namespace Symfony\Component\Security\Acl\Domain;
|
||||
|
||||
use Symfony\Component\Security\User\AccountInterface;
|
||||
use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
|
||||
use Symfony\Component\Security\Authentication\Token\TokenInterface;
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony framework.
|
||||
@ -17,34 +17,41 @@ use Symfony\Component\Security\Authentication\Token\TokenInterface;
|
||||
/**
|
||||
* A SecurityIdentity implementation used for actual users
|
||||
*
|
||||
* FIXME: We need to also store the user provider id since the
|
||||
* username might not be unique across all available user
|
||||
* providers.
|
||||
*
|
||||
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
||||
*/
|
||||
class UserSecurityIdentity implements SecurityIdentityInterface
|
||||
{
|
||||
protected $username;
|
||||
protected $class;
|
||||
|
||||
/**
|
||||
* Constructor
|
||||
*
|
||||
* @param mixed $username the username representation, or a TokenInterface
|
||||
* implementation
|
||||
* @return void
|
||||
* @param string $username the username representation
|
||||
* @param string $class the user's fully qualified class name
|
||||
*/
|
||||
public function __construct($username)
|
||||
public function __construct($username, $class)
|
||||
{
|
||||
if ($username instanceof TokenInterface) {
|
||||
$username = (string) $username;
|
||||
}
|
||||
|
||||
if (0 === strlen($username)) {
|
||||
if (empty($username)) {
|
||||
throw new \InvalidArgumentException('$username must not be empty.');
|
||||
}
|
||||
if (empty($class)) {
|
||||
throw new \InvalidArgumentException('$class must not be empty.');
|
||||
}
|
||||
|
||||
$this->username = $username;
|
||||
$this->class = $class;
|
||||
}
|
||||
|
||||
/**
|
||||
* Creates a user security identity from an AccountInterface
|
||||
*
|
||||
* @param AccountInterface $user
|
||||
* @return UserSecurityIdentity
|
||||
*/
|
||||
public static function fromAccount(AccountInterface $user)
|
||||
{
|
||||
return new self((string) $user, get_class($user));
|
||||
}
|
||||
|
||||
/**
|
||||
@ -57,6 +64,16 @@ class UserSecurityIdentity implements SecurityIdentityInterface
|
||||
return $this->username;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the user's class name
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public function getClass()
|
||||
{
|
||||
return $this->class;
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritDoc}
|
||||
*/
|
||||
@ -66,7 +83,8 @@ class UserSecurityIdentity implements SecurityIdentityInterface
|
||||
return false;
|
||||
}
|
||||
|
||||
return $this->username === $sid->getUsername();
|
||||
return $this->username === $sid->getUsername()
|
||||
&& $this->class === $sid->getClass();
|
||||
}
|
||||
|
||||
/**
|
||||
@ -78,6 +96,6 @@ class UserSecurityIdentity implements SecurityIdentityInterface
|
||||
*/
|
||||
public function __toString()
|
||||
{
|
||||
return sprintf('UserSecurityIdentity(%s)', $this->username);
|
||||
return sprintf('UserSecurityIdentity(%s, %s)', $this->username, $this->class);
|
||||
}
|
||||
}
|
||||
@ -16,7 +16,7 @@ class AclProviderTest extends \PHPUnit_Framework_TestCase
|
||||
protected $insertOidStmt;
|
||||
protected $insertOidAncestorStmt;
|
||||
protected $insertSidStmt;
|
||||
|
||||
|
||||
/**
|
||||
* @expectedException Symfony\Component\Security\Acl\Exception\AclNotFoundException
|
||||
* @expectedMessage There is no ACL for the given object identity.
|
||||
@ -25,7 +25,7 @@ class AclProviderTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
$this->getProvider()->findAcl(new ObjectIdentity('foo', 'foo'));
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @expectedException Symfony\Component\Security\Acl\Exception\AclNotFoundException
|
||||
*/
|
||||
@ -34,18 +34,18 @@ class AclProviderTest extends \PHPUnit_Framework_TestCase
|
||||
$oids = array();
|
||||
$oids[] = new ObjectIdentity('1', 'foo');
|
||||
$oids[] = new ObjectIdentity('foo', 'foo');
|
||||
|
||||
|
||||
$this->getProvider()->findAcls($oids);
|
||||
}
|
||||
|
||||
|
||||
public function testFindAcls()
|
||||
{
|
||||
$oids = array();
|
||||
$oids[] = new ObjectIdentity('1', 'foo');
|
||||
$oids[] = new ObjectIdentity('2', 'foo');
|
||||
|
||||
|
||||
$provider = $this->getProvider();
|
||||
|
||||
|
||||
$acls = $provider->findAcls($oids);
|
||||
$this->assertInstanceOf('SplObjectStorage', $acls);
|
||||
$this->assertEquals(2, count($acls));
|
||||
@ -54,28 +54,28 @@ class AclProviderTest extends \PHPUnit_Framework_TestCase
|
||||
$this->assertTrue($oids[0]->equals($acl0->getObjectIdentity()));
|
||||
$this->assertTrue($oids[1]->equals($acl1->getObjectIdentity()));
|
||||
}
|
||||
|
||||
|
||||
public function testFindAclCachesAclInMemory()
|
||||
{
|
||||
$oid = new ObjectIdentity('1', 'foo');
|
||||
$provider = $this->getProvider();
|
||||
|
||||
|
||||
$acl = $provider->findAcl($oid);
|
||||
$this->assertSame($acl, $cAcl = $provider->findAcl($oid));
|
||||
|
||||
|
||||
$cAces = $cAcl->getObjectAces();
|
||||
foreach ($acl->getObjectAces() as $index => $ace) {
|
||||
$this->assertSame($ace, $cAces[$index]);
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
public function testFindAcl()
|
||||
{
|
||||
$oid = new ObjectIdentity('1', 'foo');
|
||||
$provider = $this->getProvider();
|
||||
|
||||
|
||||
$acl = $provider->findAcl($oid);
|
||||
|
||||
|
||||
$this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\Acl', $acl);
|
||||
$this->assertTrue($oid->equals($acl->getObjectIdentity()));
|
||||
$this->assertEquals(4, $acl->getId());
|
||||
@ -83,7 +83,7 @@ class AclProviderTest extends \PHPUnit_Framework_TestCase
|
||||
$this->assertEquals(0, count($this->getField($acl, 'classFieldAces')));
|
||||
$this->assertEquals(3, count($acl->getObjectAces()));
|
||||
$this->assertEquals(0, count($this->getField($acl, 'objectFieldAces')));
|
||||
|
||||
|
||||
$aces = $acl->getObjectAces();
|
||||
$this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\Entry', $aces[0]);
|
||||
$this->assertTrue($aces[0]->isGranting());
|
||||
@ -91,53 +91,54 @@ class AclProviderTest extends \PHPUnit_Framework_TestCase
|
||||
$this->assertTrue($aces[0]->isAuditFailure());
|
||||
$this->assertEquals('all', $aces[0]->getStrategy());
|
||||
$this->assertSame(2, $aces[0]->getMask());
|
||||
|
||||
|
||||
// check ACE are in correct order
|
||||
$i = 0;
|
||||
foreach ($aces as $index => $ace) {
|
||||
$this->assertEquals($i, $index);
|
||||
$i++;
|
||||
}
|
||||
|
||||
|
||||
$sid = $aces[0]->getSecurityIdentity();
|
||||
$this->assertInstanceOf('Symfony\Component\Security\Acl\Domain\UserSecurityIdentity', $sid);
|
||||
$this->assertEquals('john.doe', $sid->getUsername());
|
||||
$this->assertEquals('SomeClass', $sid->getClass());
|
||||
}
|
||||
|
||||
|
||||
protected function setUp()
|
||||
{
|
||||
$this->con = DriverManager::getConnection(array(
|
||||
'driver' => 'pdo_sqlite',
|
||||
'memory' => true,
|
||||
));
|
||||
|
||||
|
||||
// import the schema
|
||||
$schema = new Schema($options = $this->getOptions());
|
||||
foreach ($schema->toSql($this->con->getDatabasePlatform()) as $sql) {
|
||||
$this->con->exec($sql);
|
||||
}
|
||||
|
||||
|
||||
// populate the schema with some test data
|
||||
$this->insertClassStmt = $this->con->prepare('INSERT INTO acl_classes (id, class_type) VALUES (?, ?)');
|
||||
foreach ($this->getClassData() as $data) {
|
||||
$this->insertClassStmt->execute($data);
|
||||
}
|
||||
|
||||
|
||||
$this->insertSidStmt = $this->con->prepare('INSERT INTO acl_security_identities (id, identifier, username) VALUES (?, ?, ?)');
|
||||
foreach ($this->getSidData() as $data) {
|
||||
$this->insertSidStmt->execute($data);
|
||||
}
|
||||
|
||||
|
||||
$this->insertOidStmt = $this->con->prepare('INSERT INTO acl_object_identities (id, class_id, object_identifier, parent_object_identity_id, entries_inheriting) VALUES (?, ?, ?, ?, ?)');
|
||||
foreach ($this->getOidData() as $data) {
|
||||
$this->insertOidStmt->execute($data);
|
||||
}
|
||||
|
||||
|
||||
$this->insertEntryStmt = $this->con->prepare('INSERT INTO acl_entries (id, class_id, object_identity_id, field_name, ace_order, security_identity_id, mask, granting, granting_strategy, audit_success, audit_failure) VALUES (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)');
|
||||
foreach ($this->getEntryData() as $data) {
|
||||
$this->insertEntryStmt->execute($data);
|
||||
}
|
||||
|
||||
|
||||
$this->insertOidAncestorStmt = $this->con->prepare('INSERT INTO acl_object_identity_ancestors (object_identity_id, ancestor_id) VALUES (?, ?)');
|
||||
foreach ($this->getOidAncestorData() as $data) {
|
||||
$this->insertOidAncestorStmt->execute($data);
|
||||
@ -148,15 +149,15 @@ class AclProviderTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
$this->con = null;
|
||||
}
|
||||
|
||||
|
||||
protected function getField($object, $field)
|
||||
{
|
||||
$reflection = new \ReflectionProperty($object, $field);
|
||||
$reflection->setAccessible(true);
|
||||
|
||||
|
||||
return $reflection->getValue($object);
|
||||
}
|
||||
|
||||
|
||||
protected function getEntryData()
|
||||
{
|
||||
// id, cid, oid, field, order, sid, mask, granting, strategy, a success, a failure
|
||||
@ -168,7 +169,7 @@ class AclProviderTest extends \PHPUnit_Framework_TestCase
|
||||
array(5, 3, 4, null, 1, 3, 1, 1, 'all', 1, 1),
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
protected function getOidData()
|
||||
{
|
||||
// id, cid, oid, parent_oid, entries_inheriting
|
||||
@ -180,7 +181,7 @@ class AclProviderTest extends \PHPUnit_Framework_TestCase
|
||||
array(5, 3, '2', 2, 1),
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
protected function getOidAncestorData()
|
||||
{
|
||||
return array(
|
||||
@ -197,19 +198,19 @@ class AclProviderTest extends \PHPUnit_Framework_TestCase
|
||||
array(5, 5),
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
protected function getSidData()
|
||||
{
|
||||
return array(
|
||||
array(1, 'john.doe', 1),
|
||||
array(2, 'john.doe@foo.com', 1),
|
||||
array(3, '123', 1),
|
||||
array(4, 'ROLE_USER', 1),
|
||||
array(1, 'SomeClass-john.doe', 1),
|
||||
array(2, 'MyClass-john.doe@foo.com', 1),
|
||||
array(3, 'FooClass-123', 1),
|
||||
array(4, 'MooClass-ROLE_USER', 1),
|
||||
array(5, 'ROLE_USER', 0),
|
||||
array(6, 'IS_AUTHENTICATED_FULLY', 0),
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
protected function getClassData()
|
||||
{
|
||||
return array(
|
||||
@ -218,7 +219,7 @@ class AclProviderTest extends \PHPUnit_Framework_TestCase
|
||||
array(3, 'foo'),
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
protected function getOptions()
|
||||
{
|
||||
return array(
|
||||
@ -229,12 +230,12 @@ class AclProviderTest extends \PHPUnit_Framework_TestCase
|
||||
'entry_table_name' => 'acl_entries',
|
||||
);
|
||||
}
|
||||
|
||||
|
||||
protected function getStrategy()
|
||||
{
|
||||
return new PermissionGrantingStrategy();
|
||||
}
|
||||
|
||||
|
||||
protected function getProvider()
|
||||
{
|
||||
return new AclProvider($this->con, $this->getStrategy(), $this->getOptions());
|
||||
|
||||
@ -185,8 +185,8 @@ class MutableAclProviderTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
$provider = $this->getProvider();
|
||||
$acl = $provider->createAcl(new ObjectIdentity(1, 'Foo'));
|
||||
$ace = new Entry(1, $acl, new UserSecurityIdentity('foo'), 'all', 1, true, true, true);
|
||||
$ace2 = new Entry(2, $acl, new UserSecurityIdentity('foo'), 'all', 1, true, true, true);
|
||||
$ace = new Entry(1, $acl, new UserSecurityIdentity('foo', 'FooClass'), 'all', 1, true, true, true);
|
||||
$ace2 = new Entry(2, $acl, new UserSecurityIdentity('foo', 'FooClass'), 'all', 1, true, true, true);
|
||||
$propertyChanges = $this->getField($provider, 'propertyChanges');
|
||||
|
||||
$provider->propertyChanged($ace, 'mask', 1, 3);
|
||||
@ -286,7 +286,7 @@ class MutableAclProviderTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
$provider = $this->getProvider();
|
||||
$acl = $provider->createAcl(new ObjectIdentity(1, 'Foo'));
|
||||
$sid = new UserSecurityIdentity('johannes');
|
||||
$sid = new UserSecurityIdentity('johannes', 'FooClass');
|
||||
$acl->setEntriesInheriting(!$acl->isEntriesInheriting());
|
||||
|
||||
$acl->insertObjectAce($sid, 1);
|
||||
|
||||
@ -259,25 +259,25 @@ class AclTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
$acl = $this->getAcl();
|
||||
|
||||
$this->assertTrue($acl->isSidLoaded(new UserSecurityIdentity('foo')));
|
||||
$this->assertTrue($acl->isSidLoaded(new RoleSecurityIdentity('ROLE_FOO')));
|
||||
$this->assertTrue($acl->isSidLoaded(new UserSecurityIdentity('foo', 'Foo')));
|
||||
$this->assertTrue($acl->isSidLoaded(new RoleSecurityIdentity('ROLE_FOO', 'Foo')));
|
||||
}
|
||||
|
||||
public function testIsSidLoaded()
|
||||
{
|
||||
$acl = new Acl(1, new ObjectIdentity('1', 'foo'), new PermissionGrantingStrategy(), array(new UserSecurityIdentity('foo'), new UserSecurityIdentity('johannes')), true);
|
||||
$acl = new Acl(1, new ObjectIdentity('1', 'foo'), new PermissionGrantingStrategy(), array(new UserSecurityIdentity('foo', 'Foo'), new UserSecurityIdentity('johannes', 'Bar')), true);
|
||||
|
||||
$this->assertTrue($acl->isSidLoaded(new UserSecurityIdentity('foo')));
|
||||
$this->assertTrue($acl->isSidLoaded(new UserSecurityIdentity('johannes')));
|
||||
$this->assertTrue($acl->isSidLoaded(new UserSecurityIdentity('foo', 'Foo')));
|
||||
$this->assertTrue($acl->isSidLoaded(new UserSecurityIdentity('johannes', 'Bar')));
|
||||
$this->assertTrue($acl->isSidLoaded(array(
|
||||
new UserSecurityIdentity('foo'),
|
||||
new UserSecurityIdentity('johannes'),
|
||||
new UserSecurityIdentity('foo', 'Foo'),
|
||||
new UserSecurityIdentity('johannes', 'Bar'),
|
||||
)));
|
||||
$this->assertFalse($acl->isSidLoaded(new RoleSecurityIdentity('ROLE_FOO')));
|
||||
$this->assertFalse($acl->isSidLoaded(new UserSecurityIdentity('schmittjoh@gmail.com')));
|
||||
$this->assertFalse($acl->isSidLoaded(new UserSecurityIdentity('schmittjoh@gmail.com', 'Moo')));
|
||||
$this->assertFalse($acl->isSidLoaded(array(
|
||||
new UserSecurityIdentity('foo'),
|
||||
new UserSecurityIdentity('johannes'),
|
||||
new UserSecurityIdentity('foo', 'Foo'),
|
||||
new UserSecurityIdentity('johannes', 'Bar'),
|
||||
new RoleSecurityIdentity('ROLE_FOO'),
|
||||
)));
|
||||
}
|
||||
@ -343,7 +343,7 @@ class AclTest extends \PHPUnit_Framework_TestCase
|
||||
public function testUpdateFieldAce($type)
|
||||
{
|
||||
$acl = $this->getAcl();
|
||||
$acl->{'insert'.$type}('foo', new UserSecurityIdentity('foo'), 1);
|
||||
$acl->{'insert'.$type}('foo', new UserSecurityIdentity('foo', 'Foo'), 1);
|
||||
|
||||
$listener = $this->getListener(array(
|
||||
'mask', 'mask', 'strategy'
|
||||
|
||||
@ -60,7 +60,7 @@ class DoctrineAclCacheTest extends \PHPUnit_Framework_TestCase
|
||||
$acl = new Acl($id, new ObjectIdentity($id, 'foo'), $this->getPermissionGrantingStrategy(), array(), $depth > 0);
|
||||
|
||||
// insert some ACEs
|
||||
$sid = new UserSecurityIdentity('johannes');
|
||||
$sid = new UserSecurityIdentity('johannes', 'Foo');
|
||||
$acl->insertClassAce($sid, 1);
|
||||
$acl->insertClassFieldAce('foo', $sid, 1);
|
||||
$acl->insertObjectAce($sid, 1);
|
||||
|
||||
@ -30,7 +30,7 @@ class PermissionGrantingStrategyTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
$strategy = new PermissionGrantingStrategy();
|
||||
$acl = $this->getAcl($strategy);
|
||||
$sid = new UserSecurityIdentity('johannes');
|
||||
$sid = new UserSecurityIdentity('johannes', 'Foo');
|
||||
|
||||
$acl->insertClassAce($sid, 1);
|
||||
$acl->insertObjectAce($sid, 1, 0, false);
|
||||
@ -41,7 +41,7 @@ class PermissionGrantingStrategyTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
$strategy = new PermissionGrantingStrategy();
|
||||
$acl = $this->getAcl($strategy);
|
||||
$sid = new UserSecurityIdentity('johannes');
|
||||
$sid = new UserSecurityIdentity('johannes', 'Foo');
|
||||
|
||||
$acl->insertClassAce($sid, 1);
|
||||
$this->assertTrue($strategy->isGranted($acl, array(1), array($sid)));
|
||||
@ -50,7 +50,7 @@ class PermissionGrantingStrategyTest extends \PHPUnit_Framework_TestCase
|
||||
public function testIsGrantedFavorsLocalAcesOverParentAclAces()
|
||||
{
|
||||
$strategy = new PermissionGrantingStrategy();
|
||||
$sid = new UserSecurityIdentity('johannes');
|
||||
$sid = new UserSecurityIdentity('johannes', 'Foo');
|
||||
|
||||
$acl = $this->getAcl($strategy);
|
||||
$acl->insertClassAce($sid, 1);
|
||||
@ -65,8 +65,8 @@ class PermissionGrantingStrategyTest extends \PHPUnit_Framework_TestCase
|
||||
public function testIsGrantedFallsBackToParentAcesIfNoLocalAcesAreApplicable()
|
||||
{
|
||||
$strategy = new PermissionGrantingStrategy();
|
||||
$sid = new UserSecurityIdentity('johannes');
|
||||
$anotherSid = new UserSecurityIdentity('ROLE_USER');
|
||||
$sid = new UserSecurityIdentity('johannes', 'Foo');
|
||||
$anotherSid = new UserSecurityIdentity('ROLE_USER', 'Foo');
|
||||
|
||||
$acl = $this->getAcl($strategy);
|
||||
$acl->insertClassAce($anotherSid, 1, 0, false);
|
||||
@ -85,7 +85,7 @@ class PermissionGrantingStrategyTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
$strategy = new PermissionGrantingStrategy();
|
||||
$acl = $this->getAcl($strategy);
|
||||
$sid = new UserSecurityIdentity('johannes');
|
||||
$sid = new UserSecurityIdentity('johannes', 'Foo');
|
||||
|
||||
$strategy->isGranted($acl, array(1), array($sid));
|
||||
}
|
||||
@ -94,7 +94,7 @@ class PermissionGrantingStrategyTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
$strategy = new PermissionGrantingStrategy();
|
||||
$acl = $this->getAcl($strategy);
|
||||
$sid = new UserSecurityIdentity('johannes');
|
||||
$sid = new UserSecurityIdentity('johannes', 'Foo');
|
||||
$aSid = new RoleSecurityIdentity('ROLE_USER');
|
||||
|
||||
$acl->insertClassAce($aSid, 1);
|
||||
@ -111,7 +111,7 @@ class PermissionGrantingStrategyTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
$strategy = new PermissionGrantingStrategy();
|
||||
$acl = $this->getAcl($strategy);
|
||||
$sid = new UserSecurityIdentity('johannes');
|
||||
$sid = new UserSecurityIdentity('johannes', 'Foo');
|
||||
|
||||
$logger = $this->getMock('Symfony\Component\Security\Acl\Model\AuditLoggerInterface');
|
||||
$logger
|
||||
@ -130,7 +130,7 @@ class PermissionGrantingStrategyTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
$strategy = new PermissionGrantingStrategy();
|
||||
$acl = $this->getAcl($strategy);
|
||||
$sid = new UserSecurityIdentity('johannes');
|
||||
$sid = new UserSecurityIdentity('johannes', 'Foo');
|
||||
|
||||
$logger = $this->getMock('Symfony\Component\Security\Acl\Model\AuditLoggerInterface');
|
||||
$logger
|
||||
@ -152,7 +152,7 @@ class PermissionGrantingStrategyTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
$strategy = new PermissionGrantingStrategy();
|
||||
$acl = $this->getAcl($strategy);
|
||||
$sid = new UserSecurityIdentity('johannes');
|
||||
$sid = new UserSecurityIdentity('johannes', 'Foo');
|
||||
|
||||
$acl->insertObjectAce($sid, $aceMask, 0, true, $maskStrategy);
|
||||
|
||||
|
||||
@ -13,17 +13,17 @@ class RoleSecurityIdentityTest extends \PHPUnit_Framework_TestCase
|
||||
public function testConstructor()
|
||||
{
|
||||
$id = new RoleSecurityIdentity('ROLE_FOO');
|
||||
|
||||
|
||||
$this->assertEquals('ROLE_FOO', $id->getRole());
|
||||
}
|
||||
|
||||
|
||||
public function testConstructorWithRoleInstance()
|
||||
{
|
||||
$id = new RoleSecurityIdentity(new Role('ROLE_FOO'));
|
||||
|
||||
|
||||
$this->assertEquals('ROLE_FOO', $id->getRole());
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @dataProvider getCompareData
|
||||
*/
|
||||
@ -36,14 +36,14 @@ class RoleSecurityIdentityTest extends \PHPUnit_Framework_TestCase
|
||||
$this->assertFalse($id1->equals($id2));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
public function getCompareData()
|
||||
{
|
||||
return array(
|
||||
array(new RoleSecurityIdentity('ROLE_FOO'), new RoleSecurityIdentity('ROLE_FOO'), true),
|
||||
array(new RoleSecurityIdentity('ROLE_FOO'), new RoleSecurityIdentity(new Role('ROLE_FOO')), true),
|
||||
array(new RoleSecurityIdentity('ROLE_USER'), new RoleSecurityIdentity('ROLE_FOO'), false),
|
||||
array(new RoleSecurityIdentity('ROLE_FOO'), new UserSecurityIdentity('ROLE_FOO'), false),
|
||||
array(new RoleSecurityIdentity('ROLE_FOO'), new UserSecurityIdentity('ROLE_FOO', 'Foo'), false),
|
||||
);
|
||||
}
|
||||
}
|
||||
@ -13,23 +13,21 @@ class SecurityIdentityRetrievalStrategyTest extends \PHPUnit_Framework_TestCase
|
||||
/**
|
||||
* @dataProvider getSecurityIdentityRetrievalTests
|
||||
*/
|
||||
public function testGetSecurityIdentities($username, array $roles, $authenticationStatus, array $sids)
|
||||
public function testGetSecurityIdentities($user, array $roles, $authenticationStatus, array $sids)
|
||||
{
|
||||
$strategy = $this->getStrategy($roles, $authenticationStatus);
|
||||
$token = $this->getMock('Symfony\Component\Security\Authentication\Token\TokenInterface');
|
||||
|
||||
if ('anonymous' !== $authenticationStatus) {
|
||||
$token
|
||||
->expects($this->once())
|
||||
->method('__toString')
|
||||
->will($this->returnValue($username))
|
||||
;
|
||||
}
|
||||
$token = $this->getMock('Symfony\Component\Security\Authentication\Token\TokenInterface');
|
||||
$token
|
||||
->expects($this->once())
|
||||
->method('getRoles')
|
||||
->will($this->returnValue(array('foo')))
|
||||
;
|
||||
$token
|
||||
->expects($this->once())
|
||||
->method('getUser')
|
||||
->will($this->returnValue($user))
|
||||
;
|
||||
|
||||
$extractedSids = $strategy->getSecurityIdentities($token);
|
||||
|
||||
@ -47,16 +45,16 @@ class SecurityIdentityRetrievalStrategyTest extends \PHPUnit_Framework_TestCase
|
||||
public function getSecurityIdentityRetrievalTests()
|
||||
{
|
||||
return array(
|
||||
array('johannes', array('ROLE_USER', 'ROLE_SUPERADMIN'), 'fullFledged', array(
|
||||
new UserSecurityIdentity('johannes'),
|
||||
array($this->getAccount('johannes', 'FooUser'), array('ROLE_USER', 'ROLE_SUPERADMIN'), 'fullFledged', array(
|
||||
new UserSecurityIdentity('johannes', 'FooUser'),
|
||||
new RoleSecurityIdentity('ROLE_USER'),
|
||||
new RoleSecurityIdentity('ROLE_SUPERADMIN'),
|
||||
new RoleSecurityIdentity('IS_AUTHENTICATED_FULLY'),
|
||||
new RoleSecurityIdentity('IS_AUTHENTICATED_REMEMBERED'),
|
||||
new RoleSecurityIdentity('IS_AUTHENTICATED_ANONYMOUSLY'),
|
||||
)),
|
||||
array('foo', array('ROLE_FOO'), 'rememberMe', array(
|
||||
new UserSecurityIdentity('foo'),
|
||||
array($this->getAccount('foo', 'FooBarUser'), array('ROLE_FOO'), 'rememberMe', array(
|
||||
new UserSecurityIdentity('foo', 'FooBarUser'),
|
||||
new RoleSecurityIdentity('ROLE_FOO'),
|
||||
new RoleSecurityIdentity('IS_AUTHENTICATED_REMEMBERED'),
|
||||
new RoleSecurityIdentity('IS_AUTHENTICATED_ANONYMOUSLY'),
|
||||
@ -68,6 +66,18 @@ class SecurityIdentityRetrievalStrategyTest extends \PHPUnit_Framework_TestCase
|
||||
);
|
||||
}
|
||||
|
||||
protected function getAccount($username, $class)
|
||||
{
|
||||
$account = $this->getMock('Symfony\Component\Security\User\AccountInterface', array(), array(), $class);
|
||||
$account
|
||||
->expects($this->once())
|
||||
->method('__toString')
|
||||
->will($this->returnValue($username))
|
||||
;
|
||||
|
||||
return $account;
|
||||
}
|
||||
|
||||
protected function getStrategy(array $roles = array(), $authenticationStatus = 'fullFledged')
|
||||
{
|
||||
$roleHierarchy = $this->getMock('Symfony\Component\Security\Role\RoleHierarchyInterface');
|
||||
@ -124,7 +134,7 @@ class SecurityIdentityRetrievalStrategyTest extends \PHPUnit_Framework_TestCase
|
||||
->will($this->returnValue(false))
|
||||
;
|
||||
}
|
||||
|
||||
|
||||
|
||||
return new SecurityIdentityRetrievalStrategy($roleHierarchy, $trustResolver);
|
||||
}
|
||||
|
||||
@ -10,25 +10,12 @@ class UserSecurityIdentityTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
public function testConstructor()
|
||||
{
|
||||
$id = new UserSecurityIdentity('foo');
|
||||
|
||||
$id = new UserSecurityIdentity('foo', 'Foo');
|
||||
|
||||
$this->assertEquals('foo', $id->getUsername());
|
||||
$this->assertEquals('Foo', $id->getClass());
|
||||
}
|
||||
|
||||
public function testConstructorWithToken()
|
||||
{
|
||||
$token = $this->getMock('Symfony\Component\Security\Authentication\Token\TokenInterface');
|
||||
$token
|
||||
->expects($this->once())
|
||||
->method('__toString')
|
||||
->will($this->returnValue('foo'))
|
||||
;
|
||||
|
||||
$id = new UserSecurityIdentity($token);
|
||||
|
||||
$this->assertEquals('foo', $id->getUsername());
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @dataProvider getCompareData
|
||||
*/
|
||||
@ -41,21 +28,23 @@ class UserSecurityIdentityTest extends \PHPUnit_Framework_TestCase
|
||||
$this->assertFalse($id1->equals($id2));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
public function getCompareData()
|
||||
{
|
||||
$token = $this->getMock('Symfony\Component\Security\Authentication\Token\TokenInterface');
|
||||
$token
|
||||
$account = $this->getMock('Symfony\Component\Security\User\AccountInterface');
|
||||
$account
|
||||
->expects($this->once())
|
||||
->method('__toString')
|
||||
->will($this->returnValue('foo'))
|
||||
;
|
||||
|
||||
|
||||
return array(
|
||||
array(new UserSecurityIdentity('foo'), new UserSecurityIdentity('foo'), true),
|
||||
array(new UserSecurityIdentity('foo'), new UserSecurityIdentity($token), true),
|
||||
array(new UserSecurityIdentity('bla'), new UserSecurityIdentity('blub'), false),
|
||||
array(new UserSecurityIdentity('foo'), new RoleSecurityIdentity('foo'), false),
|
||||
array(new UserSecurityIdentity('foo', 'Foo'), new UserSecurityIdentity('foo', 'Foo'), true),
|
||||
array(new UserSecurityIdentity('foo', 'Bar'), new UserSecurityIdentity('foo', 'Foo'), false),
|
||||
array(new UserSecurityIdentity('foo', 'Foo'), new UserSecurityIdentity('bar', 'Foo'), false),
|
||||
array(new UserSecurityIdentity('foo', 'Foo'), UserSecurityIdentity::fromAccount($account), false),
|
||||
array(new UserSecurityIdentity('bla', 'Foo'), new UserSecurityIdentity('blub', 'Foo'), false),
|
||||
array(new UserSecurityIdentity('foo', 'Foo'), new RoleSecurityIdentity('foo'), false),
|
||||
);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user