8d39213f4c
This PR was merged into the 2.5-dev branch.
Discussion
----------
[Security][Acl] Add MutableAclProvider::updateUserSecurityIdentity
| Q | A
| ------------- | ---
| Bug fix? | yes
| New feature? | yes
| BC breaks? | no
| Deprecations? | no
| Tests pass? | yes
| Fixed tickets | #5787
| License | MIT
| Doc PR | symfony/symfony-docs#3319
This provides a very simple function to enable the update of a User's username while keeping its associated ACEs (by updating its corresponding UserSecurityIdentity)
Developers can add a listener on the preUpdate of a user and remove all the related ACLs:
```php
if ($args->hasChangedField('username')) {
$aclProvider = $this->container->get('security.acl.provider');
$oldUsername = $args->getOldValue ('username');
$user = $args->getEntity();
$aclProvider->updateUserSecurityIdentity(UserSecurityIdentity::fromAccount($user) , $oldUsername);
}
```
Among the problems of not updating the UserSecurityIdentity:
- Inconsistent database, referring to a non-existent user.
- The user loses all its associated permissions
- If another user is created with the old username, it will inherit all the first user’s ACEs
This PR intends to fix Issue #5787 and is similar to and inspired from PR #8305.
This will also be heavily impacted by the outcome of #8848
Commits
-------
|
||
|---|---|---|
| .. | ||
| Bridge | ||
| Bundle | ||
| Component | ||