Merge remote branch 'schmittjoh/security'
* schmittjoh/security: [Security/Core] force implementations to accept null values [Security/Acl] some misc fixes [Security/Acl] removed Doctrine dependency from interfaces and moved them to the actual implementation [SecurityBundle] changed expected value for token_provider key in the rememberme section
This commit is contained in:
commit
ace5e26406
@ -22,6 +22,9 @@ PR12 to PR13
|
|||||||
$container->removeDefinition('my_definition');
|
$container->removeDefinition('my_definition');
|
||||||
$definition->replaceArgument(0, 'foo');
|
$definition->replaceArgument(0, 'foo');
|
||||||
|
|
||||||
|
* In the rememberme configuration, the token_provider key now expects a real
|
||||||
|
service id instead of only a suffix.
|
||||||
|
|
||||||
PR11 to PR12
|
PR11 to PR12
|
||||||
------------
|
------------
|
||||||
|
|
||||||
|
@ -35,9 +35,6 @@ class RememberMeFactory implements SecurityFactoryInterface
|
|||||||
|
|
||||||
// remember me services
|
// remember me services
|
||||||
if (isset($config['token_provider'])) {
|
if (isset($config['token_provider'])) {
|
||||||
$config['token-provider'] = $config['token_provider'];
|
|
||||||
}
|
|
||||||
if (isset($config['token-provider'])) {
|
|
||||||
$templateId = 'security.authentication.rememberme.services.persistent';
|
$templateId = 'security.authentication.rememberme.services.persistent';
|
||||||
$rememberMeServicesId = $templateId.'.'.$id;
|
$rememberMeServicesId = $templateId.'.'.$id;
|
||||||
} else {
|
} else {
|
||||||
@ -56,10 +53,9 @@ class RememberMeFactory implements SecurityFactoryInterface
|
|||||||
$rememberMeServices->replaceArgument(1, $config['key']);
|
$rememberMeServices->replaceArgument(1, $config['key']);
|
||||||
$rememberMeServices->replaceArgument(2, $id);
|
$rememberMeServices->replaceArgument(2, $id);
|
||||||
|
|
||||||
if (isset($config['token-provider'])) {
|
if (isset($config['token_provider'])) {
|
||||||
// FIXME: make the naming assumption more flexible
|
|
||||||
$rememberMeServices->addMethodCall('setTokenProvider', array(
|
$rememberMeServices->addMethodCall('setTokenProvider', array(
|
||||||
new Reference('security.rememberme.token.provider.'.$config['token-provider'])
|
new Reference($config['token_provider'])
|
||||||
));
|
));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -10,6 +10,7 @@
|
|||||||
|
|
||||||
namespace Symfony\Component\Security\Acl\Domain;
|
namespace Symfony\Component\Security\Acl\Domain;
|
||||||
|
|
||||||
|
use Doctrine\Common\NotifyPropertyChanged;
|
||||||
use Doctrine\Common\PropertyChangedListener;
|
use Doctrine\Common\PropertyChangedListener;
|
||||||
use Symfony\Component\Security\Acl\Model\AclInterface;
|
use Symfony\Component\Security\Acl\Model\AclInterface;
|
||||||
use Symfony\Component\Security\Acl\Model\AuditableAclInterface;
|
use Symfony\Component\Security\Acl\Model\AuditableAclInterface;
|
||||||
@ -33,7 +34,7 @@ use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
|
|||||||
*
|
*
|
||||||
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
||||||
*/
|
*/
|
||||||
class Acl implements AuditableAclInterface
|
class Acl implements AuditableAclInterface, NotifyPropertyChanged
|
||||||
{
|
{
|
||||||
private $parentAcl;
|
private $parentAcl;
|
||||||
private $permissionGrantingStrategy;
|
private $permissionGrantingStrategy;
|
||||||
|
@ -12,7 +12,7 @@
|
|||||||
namespace Symfony\Component\Security\Acl\Domain;
|
namespace Symfony\Component\Security\Acl\Domain;
|
||||||
|
|
||||||
use Symfony\Component\Security\Acl\Model\AclInterface;
|
use Symfony\Component\Security\Acl\Model\AclInterface;
|
||||||
use Symfony\Component\Security\Acl\Model\FieldAwareEntryInterface;
|
use Symfony\Component\Security\Acl\Model\FieldEntryInterface;
|
||||||
use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
|
use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -20,7 +20,7 @@ use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
|
|||||||
*
|
*
|
||||||
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
||||||
*/
|
*/
|
||||||
class FieldEntry extends Entry implements FieldAwareEntryInterface
|
class FieldEntry extends Entry implements FieldEntryInterface
|
||||||
{
|
{
|
||||||
private $field;
|
private $field;
|
||||||
|
|
||||||
|
@ -30,16 +30,8 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
|
|||||||
const ALL = 'all';
|
const ALL = 'all';
|
||||||
const ANY = 'any';
|
const ANY = 'any';
|
||||||
|
|
||||||
private static $noAceException;
|
|
||||||
private $auditLogger;
|
private $auditLogger;
|
||||||
|
|
||||||
public function __construct()
|
|
||||||
{
|
|
||||||
if (null === static::$noAceException) {
|
|
||||||
static::$noAceException = new NoAceFoundException('No ACE.');
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Sets the audit logger
|
* Sets the audit logger
|
||||||
*
|
*
|
||||||
@ -61,7 +53,7 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
|
|||||||
$aces = $acl->getObjectAces();
|
$aces = $acl->getObjectAces();
|
||||||
|
|
||||||
if (!$aces) {
|
if (!$aces) {
|
||||||
throw static::$noAceException;
|
throw new NoAceFoundException();
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
|
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
|
||||||
@ -69,7 +61,7 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
|
|||||||
$aces = $acl->getClassAces();
|
$aces = $acl->getClassAces();
|
||||||
|
|
||||||
if (!$aces) {
|
if (!$aces) {
|
||||||
throw static::$noAceException;
|
throw $noObjectAce;
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
|
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
|
||||||
@ -79,7 +71,7 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
|
|||||||
return $parentAcl->isGranted($masks, $sids, $administrativeMode);
|
return $parentAcl->isGranted($masks, $sids, $administrativeMode);
|
||||||
}
|
}
|
||||||
|
|
||||||
throw new NoAceFoundException('No applicable ACE was found.');
|
throw $noClassAce;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -92,14 +84,14 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
|
|||||||
try {
|
try {
|
||||||
$aces = $acl->getObjectFieldAces($field);
|
$aces = $acl->getObjectFieldAces($field);
|
||||||
if (!$aces) {
|
if (!$aces) {
|
||||||
throw static::$noAceException;
|
throw new NoAceFoundException();
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
|
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
|
||||||
} catch (NoAceFoundException $noObjectAces) {
|
} catch (NoAceFoundException $noObjectAces) {
|
||||||
$aces = $acl->getClassFieldAces($field);
|
$aces = $acl->getClassFieldAces($field);
|
||||||
if (!$aces) {
|
if (!$aces) {
|
||||||
throw static::$noAceException;
|
throw $noObjectAces;
|
||||||
}
|
}
|
||||||
|
|
||||||
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
|
return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode);
|
||||||
@ -109,7 +101,7 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
|
|||||||
return $parentAcl->isFieldGranted($field, $masks, $sids, $administrativeMode);
|
return $parentAcl->isFieldGranted($field, $masks, $sids, $administrativeMode);
|
||||||
}
|
}
|
||||||
|
|
||||||
throw new NoAceFoundException('No applicable ACE was found.');
|
throw $noClassAces;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -177,7 +169,7 @@ class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
throw static::$noAceException;
|
throw new NoAceFoundException();
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
@ -19,4 +19,8 @@ namespace Symfony\Component\Security\Acl\Exception;
|
|||||||
*/
|
*/
|
||||||
class NoAceFoundException extends Exception
|
class NoAceFoundException extends Exception
|
||||||
{
|
{
|
||||||
|
public function __construct()
|
||||||
|
{
|
||||||
|
parent::__construct('No applicable ACE was found.');
|
||||||
|
}
|
||||||
}
|
}
|
@ -16,7 +16,7 @@ namespace Symfony\Component\Security\Acl\Model;
|
|||||||
*
|
*
|
||||||
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
||||||
*/
|
*/
|
||||||
interface FieldAwareEntryInterface
|
interface FieldEntryInterface extends EntryInterface
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* Returns the field used for this entry.
|
* Returns the field used for this entry.
|
@ -11,8 +11,6 @@
|
|||||||
|
|
||||||
namespace Symfony\Component\Security\Acl\Model;
|
namespace Symfony\Component\Security\Acl\Model;
|
||||||
|
|
||||||
use Doctrine\Common\NotifyPropertyChanged;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* This interface adds mutators for the AclInterface.
|
* This interface adds mutators for the AclInterface.
|
||||||
*
|
*
|
||||||
@ -21,7 +19,7 @@ use Doctrine\Common\NotifyPropertyChanged;
|
|||||||
*
|
*
|
||||||
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
|
||||||
*/
|
*/
|
||||||
interface MutableAclInterface extends AclInterface, NotifyPropertyChanged
|
interface MutableAclInterface extends AclInterface
|
||||||
{
|
{
|
||||||
/**
|
/**
|
||||||
* Deletes a class-based ACE
|
* Deletes a class-based ACE
|
||||||
|
@ -28,7 +28,7 @@ interface SecurityContextInterface
|
|||||||
* @param TokenInterface $token
|
* @param TokenInterface $token
|
||||||
* @return void
|
* @return void
|
||||||
*/
|
*/
|
||||||
function setToken(TokenInterface $token);
|
function setToken(TokenInterface $token = null);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Checks if the attributes are granted against the current authentication token and optionally supplied object.
|
* Checks if the attributes are granted against the current authentication token and optionally supplied object.
|
||||||
|
Reference in New Issue
Block a user