This PR was merged into the 2.6-dev branch.
Discussion
----------
[WebProfilerBundle] Show AJAX requests in the symfony profiler toolbar
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
Adds AJAX requests in the web debug toolbar.
See #8896 for the original discussion.
Commits
-------
16d1b35 optimized JS for the AJAX section of the toolbar
2e708d7 made minor tweaks to JS code
8e4c603 replaced the AJAX icon with a smaller one
b66f39a removed hack
9c74fcc removed uneeded web_profiler.debug_toolbar.excluded_ajax_paths parameter in the container
d43edaf [WebProfilerBundle] improved the ajax section of the WDT
37f7dd7 [WebProfilerBundle] Show AJAX requests in the symfony profiler toolbar
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Validator] Added "payload" option to all constraints for attaching domain-specific data
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #7273
| License | MIT
| Doc PR | TODO
The "payload" option can be used to pass whatever data should be attached to a constraint for an application:
```php
/**
* Domain-specific error codes
* @NotNull(payload="100")
*/
/**
* Structured domain-specific data
* @NotNull(payload={"display": "inline", "highlight": false})
*/
```
The term "payload" is borrowed from JSR-303.
Commits
-------
e8b7c6d [Validator] Added "payload" option to all constraints for attaching domain-specific data
This PR was merged into the 2.6-dev branch.
Discussion
----------
[DependencyInjection] Add a new Syntax to define factories as callables
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | -
From the original PR #9839:
"This pull requests adds a new syntax to define factories based on the syntax for configurators. This is more flexible than the old syntax (factoryMethod and either of factoryClass or factoryService), as it also allows for functions as factories.
Since the service is now a Reference to a Definition it also allows us to inline factories for a small performance improvement and better encapsulation.
Lastly this prevents a bug where a private factory is simple removed because it's not referenced in the graph.
I did not change any of the existing definitions (there's one use of a factory in FrameworkBundle) or automatically use the new internal representation when parsing YAML or XML definitions because this could introduce subtle B/C issues.
"
Commits
-------
187aeee fixed CS
bd8531d added a new Syntax to define factories as callables.
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Translation][changelog] fix typo.
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| License | MIT
Translator::getMessages() was added in 2.6.
Commits
-------
e371bd7 [Translation][changelog] fix typo.
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Security] Split of the SecurityContext
~~_As a reminder, this PR is not ready to be merged. It's merely a proof of concept in which I'm trying to fix a circular dependency with the SecurityContext and the entity manager for Symfony 2.6 and/or 3.0_~~
PR Info
======
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | -
| License | MIT
| Doc PR | https://github.com/symfony/symfony-docs/pull/4188
TODO List
=========
- [x] Split tests for SecurityContext/AuthorizationChecker/TokenStorage
- [x] Fix tests for security usages (only the component has been successfully tested at this point)
- [x] Submit changes to the documentation
- [x] Document the BC breaks
Main Problem for my use case
========================
I've build a bunch of event listeners on `doctrine.event_manager`. They include a Blamable, Revision and Mutation annotation on entities. It works by creating a custom event listener on preFlush which then throws an entityChanged event (also a doctrine hooked up event).
To make it configurable and flexible, we have written a provider for Blamable to provide the username/user-id and a date time (updated-by, updated-at). In order to get that information, we need to look into the SecurityContext to get the current user and ask the user id (custom user implementation).
However, injecting the SecurityContext - or services depending on the SecurityContext - creates a circular reference and causes the container to blurt out an Exception. This is because the SecurityContext uses a UserProvider (indirectly) which has a dependency on doctrine (em, connection). Because it needs doctrine, it's impossible for my listener to inject the SecurityContext as it becomes this:
- SecurityContext requires AuthenticationProvider
- (Simple)AuthenticationProvider requires UserProvider
- UserProvider requires EntityManager
- EntityManager requires _insert connection name here_
- My custom Listener calls addEvent (or something similar) in doctrine which causes a dependency from the EM/Connection to my Listener
- My Listener requires SecurityContext... which finishes the circle.
I've googled for this problem and it wasn't hard to find similar issues, it seems to be a quite common issue regarding the SecurityContext and the EntityManager
- http://stackoverflow.com/questions/7561013/injecting-securitycontext-into-a-listener-prepersist-or-preupdate-in-symfony2-to
- http://stackoverflow.com/questions/8708822/circular-reference-when-injecting-security-context-into-entity-listener-class
- http://stackoverflow.com/questions/17020733/how-to-get-userid-from-eventlistener-which-are-called-from-ajax
- You can find more simply by googling.
The main solution seems to be to lazy load using an additional bundle or as recommended in the above topics, inject the container. Neither of them is really a solution I'm happy with. I don't want my code to know about the Container(Interface), nor do I want to use a another bundle just to get around an issue that a lot of people seem to have with the SecurityContext and EntityManager.
Possible Solutions
==============
I've been thinking about several solutions:
- I could write a service that listens to `kernel.request` and when possible injects the username/user-id into my provider which then can provide it to my listener
- I could use the Container directly
- I can use a lazy service with `symfony/proxy-manager-bridge`
- I can store the user-id in my request
However, those solutions are just not it for me. Depending on an event like `kernel.request` is a bad practice in my opinion, I shouldn't depend on what listeners might be registered. Using the container directly inverses the dependency which is also wrong in my opinion. Using a lazy service will only work around the problem and storing the user-id in my request means I might not always have it (say commands).
Long story short, not what I'm looking for.
Splitting the SecurityContext
======================
So, I ended up at the SecurityContext. Digging back to the real problem, I started asking myself the following questions: why do I have that dependency? Why do I need to have the EntityManager when the only thing I want, is the currently logged in User object? (which is not related to a database). I came to the conclusion that the SecurityContext gives me too many dependencies in order to retrieve a simple Token/User object, which is not really what I want. Most of the times I need the SecurityContext to get the token/user and not for isGranted. Personally I use `@Security` and `access_control` for that.
I came to the conclusion that storing the Token within the SecurityContext wasn't what I found useful due to the dependencies of the SecurityContext. I figured I'd want a storage class with a dependency on the SessionInterface which could autonomously retrieve and store the TokenInterface (`@session` in this case). It would also be handling the storage within the session using get/setToken.
I have proposed this change and had a small discussion with @WouterJ on IRC about my proposal to take out the Token (can be read here http://pastebin.com/8kSvVZtj). Based on his feedback, I have split the isGranted to the AuthorizationChecker(Interface), which now has those dependencies. I have also moved the set/getToken to a TokenStorage.
tldr;
- The getToken en setToken are moved to the TokenStorage(Interface).
- ~~If this idea is feasible, I will also try to get the SecurityContext to actually store and retrieve it from the session instead of `ContextListener::onKernelResponse`. This will just do `$context->setToken($token);` which will handle this storage itself.~~ I still chase this idea but I will create a new PR for this in the future if I find time.
- isGranted is moved to AuthorizationChecker(Interface) so that you don't have a bunch of dependencies you don't need when retrieving the Token/User.
Draft
====
~~This PR is just a draft. I'm looking for feedback if this proposal is A) desired and B) in-line with the developer's ideas regarding the SecurityContext.~~
Changed Components/bundles
=========================
[FrameworkBundle] Updated GlobalVariables, added test for GlobalVariables
[SecurityBundle] Updated service definitions
[Security Component] Deprecated SecurityContext(Interface), added AuthorizationChecker(Interface) and TokenStorage(Interface)
Commits
-------
b967787 Split of the SecurityContext to AuthorizationChecker and TokenStorage
This PR was submitted for the master branch but it was merged into the 2.3 branch instead (closes#11904).
Discussion
----------
Make twig ExceptionController conformed with ExceptionListener
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #9083
| License | MIT
| Doc PR |
Parameter passed to exception controller from exception listener called ``format``, so variable ``_format`` in exception controller always takes default value.
https://github.com/symfony/symfony/blob/master/src/Symfony/Component/HttpKernel/EventListener/ExceptionListener.php#L120
Commits
-------
24c5ba4 Use request format from request in twig ExceptionController
This PR was merged into the 2.3 branch.
Discussion
----------
[Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #11729, #11877
| License | MIT
| Doc PR | -
Commits
-------
759ae1a [Form] Moved POST_MAX_SIZE validation from FormValidator to request handler
4780210 [Form] Add a form error if post_max_size has been reached.
This PR was merged into the 2.4 branch.
Discussion
----------
[Security] [Firewall] Bug fixed in SimplePreAuthenticationListener when createToken() not return TokenInterface object
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | no
| BC breaks? | no
| Deprecations? | no
| Tests pass? | no
| Fixed tickets | #11490, #11414
| License | MIT
| Doc PR |
This is a follow-up for #11414 on the right branch.
Commits
-------
faa8e98 fixed bug
e85cb7f added the possibility to return null from SimplePreAuthenticationListener
This PR was merged into the 2.6-dev branch.
Discussion
----------
[Form] Renamed the option "empty_value" to "placeholder"
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | yes
| Tests pass? | yes
| Fixed tickets | #5791
| License | MIT
| Doc PR | TODO
This PR is changing the "empty_value" option to the more understandable name "placeholder".
In a subsequent PR, the "placeholder" option should also be added to all types that support the "placeholder" HTML5 attribute.
Commits
-------
2b440f3 [Form] Renamed the option "empty_value" to "placeholder"
This PR was merged into the 2.6-dev branch.
Discussion
----------
VarDumper and DebugBundle
| Q | A
| ------------- | ---
| Bug fix? | no
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | none
| License | MIT
| Doc PR | none
From a user land point of view, this PR creates a global `dump()` function that is to be used instead of `var_dump()`. The component can be used standalone in any dev workflow. Please see the [provided README](https://github.com/symfony/symfony/pull/10640/files?short_path=52d526f#diff-52d526f19bc9e3825c80e7694755409c) for details.
When used with the Framework bundle, variables passed to `dump()` are dumped in a new dedicated panel in the web toolbar. The function is also available in twig templates.
Regarding the implementation, I'm pretty sure you'll find a lot to comment. As I'm sure of nothing else, not even the names of things, please do.
I tried to organize this PR in several commits, from the most fundamental algorithm to pure Symfony glue.
I suggest you follow this order while progressing in the review and the discussion around this PR, so that we can together validate commits one after the other.
Don't hesitate to fork the PR and submit PR on it, I'll cherry-pick your patches.
TODO:
- [x] open a doc PR: https://github.com/symfony/symfony-docs/pull/4243
- [x] open a PR on the Standard edition: https://github.com/symfony/symfony-standard/pull/710
- [x] prefix the CSS classes
- [x] tests for the DebugBundle + other Symfony glue classes
- [x] inline css and js for compat with e.g. Silex
- [x] finish and merge nicolas-grekas/Patchwork-Dumper#5 for better UX
- [x] show a dump excerpt on hovering the icon in the toolbar
- [x] verify README and comments
- [x] validate interfaces/names (Caster / Cloner / Dumper)
- [x] validate new VarDumper component + DebugBundle
- [x] validate Resource/ext/ vs independent repos.
- [x] test and define behavior after KernelEvents::RESPONSE
- [x] update dependencies between components/bundles and composer.json files
- [x] no hard dep on iconv
Not for this PR but might be worth later:
- show a light stack trace + timing + memory at debug() calls
- create a "theme" concept for custom colors/UX
Commits
-------
80fd736 [DebugBundle] Enhance some comments
2e167ba [TwigBridge] add Twig dump() function + tests and fixes
0f8d30f [VarDumper] Replace \e with \x1B in CliDumper to support colour in PHP < 5.4
d43ae82 [VarDumper] Add workaround to https://bugs.php.net/65967a8d81e4 [DebugBundle] Inlined assets to avoid installation issues
5f59811 [DebugBundle] Add doc example for Twig usage
e4e00ef [TwigBridge] DumpNode and Token parser
de05cd9 [DebugBundle] enhance dump excerpts
49f13c6 [HttpKernel] add tests for DumpDataCollector
081363c [HttpKernel] tests for DumpListener
0d8a942 [VarDumper] add Stub objects for cutting cleanly and dumping consts
c8746a4 [DebugBundle] add tests for twig and for the bundle
8d5d970 [DebugBundle] adjust after review
eb98c81 [DebugBundle] dump() + better Symfony glue
9dea601 [DebugBundle] global dump() function for daily use
297d373 [VarDumper] README, LICENSE and composer.json
a69e962 [VarDumper] tests for HtmlDumper
5eaa187 [VarDumper] tests for CliDumper
e6dde33 [VarDumper] HTML variant of the CLI dumper
fa81544 [VarDumper] CLI dedicated dumper and related abstract
1d5e3f4 [VarDumper] interface for dumping collected variables
0266072 [VarDumper] casters for DOM objects
c426d8b [VarDumper] casters for Doctrine objects
0a92c08 [VarDumper] casters for PDO related objects
da3e50a [VarDumper] casters for SPL data structures
c91bc83 [VarDumper] casters for exceptions representation
3ddbf4b [VarDumper] add casters for per class/resource custom state extraction
5b7ae28 [VarDumper] symfony_debug ext. fast and memory efficient cloning algo
07135a0 [VarDumper] algo to clone any PHP variable to a breadth-first queue
4bf9300 [Debug] a README for the debug extension
eec5c92 [Debug] Symfony debug extension
