merged branch marcw/patch-security-refresh-user (PR #3402)

Commits ------- 10947cb [DoctrineBridge][Security] Fixes bug that prevents repository's refreshUser from being called Discussion ---------- [Security][DoctrineBridge] Fixes bug that prevents repository's refreshUser from being called --------------------------------------------------------------------------- by marcw at 2012-02-21T08:46:09Z Updated. What do you guys think about this patch ? --------------------------------------------------------------------------- by henrikbjorn at 2012-02-21T08:57:47Z Isnt this a bit dangerous, the custom repository implementing refreshUser should always be called first right? You wouldnt specify the $property property if your class has custom implementations would you? --------------------------------------------------------------------------- by marcw at 2012-02-21T09:05:08Z @henrikbjorn At this time, the refreshUser method is never called from the custom repository, even if you don't specify the "property" property. This patch fixes this. --------------------------------------------------------------------------- by marcw at 2012-02-21T09:44:06Z Updated & Squashed. --------------------------------------------------------------------------- by stof at 2012-02-21T10:03:33Z @marcw please move the retrieval of the id in the ``else`` block, like in my comment as it is useless to do this logic for the case where the userProviderInterface is implemented (and it will answer to @vicb by making it impossible to write it with elseif) --------------------------------------------------------------------------- by marcw at 2012-02-21T10:19:06Z I'm not sure about this, but Isn't the check of the id essential here to ensure that the entity is a persisted one ? --------------------------------------------------------------------------- by stof at 2012-02-21T10:21:55Z @marcw if the interface is used, it means that the user wants to do the work himself. So you should really let him do the way he wants. If he does not use the id to refresh the user, he could choose not to include it in the serialized data. Retrieving the id is needed for the ``find()`` call because we pass the id as argument and so we fail when the serialized data don't contain it --------------------------------------------------------------------------- by marcw at 2012-02-21T10:33:30Z @stof Roger that. I'll do the fix. --------------------------------------------------------------------------- by marcw at 2012-02-21T10:41:58Z Updated & Squashed, again. --------------------------------------------------------------------------- by stof at 2012-02-21T11:00:44Z btw, to answer to your previous question, the exception when retrieving the id does not check if the object is persisted (you need to reach teh DB for this, which is what find() does) but that the id is part of the serialized data to give a better error reporting. --------------------------------------------------------------------------- by fabpot at 2012-03-07T19:39:33Z ready to be merged now? --------------------------------------------------------------------------- by henrikbjorn at 2012-03-08T07:21:37Z would say so. --------------------------------------------------------------------------- by dlsniper at 2012-03-25T11:58:34Z Hi, can this be merged now or not?
symfony · Mar 26, 2012 · 1aaf5c9 · 1aaf5c9
2 parents 8e71361 + 10947cb
commit 1aaf5c9
Showing 1 changed file with 17 additions and 13 deletions.
diff --git a/src/Symfony/Bridge/Doctrine/Security/User/EntityUserProvider.php b/src/Symfony/Bridge/Doctrine/Security/User/EntityUserProvider.php
@@ -77,20 +77,24 @@ public function refreshUser(UserInterface $user)
             throw new UnsupportedUserException(sprintf('Instances of "%s" are not supported.', get_class($user)));
         }
 
-        // The user must be reloaded via the primary key as all other data
-        // might have changed without proper persistence in the database.
-        // That's the case when the user has been changed by a form with
-        // validation errors.
-        if (!$id = $this->metadata->getIdentifierValues($user)) {
-            throw new \InvalidArgumentException("You cannot refresh a user ".
-                "from the EntityUserProvider that does not contain an identifier. ".
-                "The user object has to be serialized with its own identifier " .
-                "mapped by Doctrine."
-            );
-        }
+        if ($this->repository instanceof UserProviderInterface) {
+            $refreshedUser = $this->repository->refreshUser($user);
+        } else {
+            // The user must be reloaded via the primary key as all other data
+            // might have changed without proper persistence in the database.
+            // That's the case when the user has been changed by a form with
+            // validation errors.
+            if (!$id = $this->metadata->getIdentifierValues($user)) {
+                throw new \InvalidArgumentException("You cannot refresh a user ".
+                    "from the EntityUserProvider that does not contain an identifier. ".
+                    "The user object has to be serialized with its own identifier " .
+                    "mapped by Doctrine."
+                );
+            }
 
-        if (null === $refreshedUser = $this->repository->find($id)) {
-            throw new UsernameNotFoundException(sprintf('User with id %s not found', json_encode($id)));
+            if (null === $refreshedUser = $this->repository->find($id)) {
+                throw new UsernameNotFoundException(sprintf('User with id %s not found', json_encode($id)));
+            }
         }
 
         return $refreshedUser;