[Security][Acl] enforce string identifiers

2015-05-31 17:00:49 +02:00 · 2015-05-31 17:00:49 +02:00 · bbb1064c99
parent cff69aa18b
commit bbb1064c99
2 changed files with 25 additions and 3 deletions
--- a/src/Symfony/Component/Security/Acl/Domain/ObjectIdentity.php
+++ b/src/Symfony/Component/Security/Acl/Domain/ObjectIdentity.php
@ -36,7 +36,7 @@ final class ObjectIdentity implements ObjectIdentityInterface
     */
    public function __construct($identifier, $type)
    {
-        if (empty($identifier)) {
+        if ('' === $identifier) {
            throw new \InvalidArgumentException('$identifier cannot be empty.');
        }
        if (empty($type)) {
@ -66,7 +66,7 @@ final class ObjectIdentity implements ObjectIdentityInterface
            if ($domainObject instanceof DomainObjectInterface) {
                return new self($domainObject->getObjectIdentifier(), ClassUtils::getRealClass($domainObject));
            } elseif (method_exists($domainObject, 'getId')) {
-                return new self($domainObject->getId(), ClassUtils::getRealClass($domainObject));
+                return new self((string) $domainObject->getId(), ClassUtils::getRealClass($domainObject));
            }
        } catch (\InvalidArgumentException $invalid) {
            throw new InvalidDomainObjectException($invalid->getMessage(), 0, $invalid);
--- a/src/Symfony/Component/Security/Tests/Acl/Domain/ObjectIdentityTest.php
+++ b/src/Symfony/Component/Security/Tests/Acl/Domain/ObjectIdentityTest.php
@ -64,6 +64,26 @@ namespace Symfony\Component\Security\Tests\Acl\Domain
            $this->assertEquals('Symfony\Component\Security\Tests\Acl\Domain\TestDomainObject', $id->getType());
        }

+        public function testFromDomainObjectWithoutInterfaceEnforcesStringIdentifier()
+        {
+            $domainObject = new TestDomainObject();
+            $domainObject->id = 1;
+            $id = ObjectIdentity::fromDomainObject($domainObject);
+
+            $this->assertSame('1', $id->getIdentifier());
+            $this->assertEquals('Symfony\Component\Security\Tests\Acl\Domain\TestDomainObject', $id->getType());
+        }
+
+        public function testFromDomainObjectWithoutInterfaceAllowsZeroAsIdentifier()
+        {
+            $domainObject = new TestDomainObject();
+            $domainObject->id = '0';
+            $id = ObjectIdentity::fromDomainObject($domainObject);
+
+            $this->assertSame('0', $id->getIdentifier());
+            $this->assertEquals('Symfony\Component\Security\Tests\Acl\Domain\TestDomainObject', $id->getType());
+        }
+
        /**
         * @dataProvider getCompareData
         */
@ -89,6 +109,8 @@ namespace Symfony\Component\Security\Tests\Acl\Domain

    class TestDomainObject
    {
+        public $id = 'getId()';
+
        public function getObjectIdentifier()
        {
            return 'getObjectIdentifier()';
@ -96,7 +118,7 @@ namespace Symfony\Component\Security\Tests\Acl\Domain

        public function getId()
        {
-            return 'getId()';
+            return $this->id;
        }
    }
 }