Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
merged branch marcw/patch-security-refresh-user (PR #3402)
Commits ------- 10947cb [DoctrineBridge][Security] Fixes bug that prevents repository's refreshUser from being called Discussion ---------- [Security][DoctrineBridge] Fixes bug that prevents repository's refreshUser from being called --------------------------------------------------------------------------- by marcw at 2012-02-21T08:46:09Z Updated. What do you guys think about this patch ? --------------------------------------------------------------------------- by henrikbjorn at 2012-02-21T08:57:47Z Isnt this a bit dangerous, the custom repository implementing refreshUser should always be called first right? You wouldnt specify the $property property if your class has custom implementations would you? --------------------------------------------------------------------------- by marcw at 2012-02-21T09:05:08Z @henrikbjorn At this time, the refreshUser method is never called from the custom repository, even if you don't specify the "property" property. This patch fixes this. --------------------------------------------------------------------------- by marcw at 2012-02-21T09:44:06Z Updated & Squashed. --------------------------------------------------------------------------- by stof at 2012-02-21T10:03:33Z @marcw please move the retrieval of the id in the ``else`` block, like in my comment as it is useless to do this logic for the case where the userProviderInterface is implemented (and it will answer to @vicb by making it impossible to write it with elseif) --------------------------------------------------------------------------- by marcw at 2012-02-21T10:19:06Z I'm not sure about this, but Isn't the check of the id essential here to ensure that the entity is a persisted one ? --------------------------------------------------------------------------- by stof at 2012-02-21T10:21:55Z @marcw if the interface is used, it means that the user wants to do the work himself. So you should really let him do the way he wants. If he does not use the id to refresh the user, he could choose not to include it in the serialized data. Retrieving the id is needed for the ``find()`` call because we pass the id as argument and so we fail when the serialized data don't contain it --------------------------------------------------------------------------- by marcw at 2012-02-21T10:33:30Z @stof Roger that. I'll do the fix. --------------------------------------------------------------------------- by marcw at 2012-02-21T10:41:58Z Updated & Squashed, again. --------------------------------------------------------------------------- by stof at 2012-02-21T11:00:44Z btw, to answer to your previous question, the exception when retrieving the id does not check if the object is persisted (you need to reach teh DB for this, which is what find() does) but that the id is part of the serialized data to give a better error reporting. --------------------------------------------------------------------------- by fabpot at 2012-03-07T19:39:33Z ready to be merged now? --------------------------------------------------------------------------- by henrikbjorn at 2012-03-08T07:21:37Z would say so. --------------------------------------------------------------------------- by dlsniper at 2012-03-25T11:58:34Z Hi, can this be merged now or not?
- Loading branch information