Skip to content

Commit

Permalink
feature #24318 [SecurityBundle] Deprecate ACL related code (chalasr)
Browse files Browse the repository at this point in the history 
This PR was merged into the 3.4 branch.

Discussion
----------

[SecurityBundle] Deprecate ACL related code

| Q             | A
| ------------- | ---
| Branch?       | 3.4
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | yes
| Tests pass?   | yes/no
| Fixed tickets | replaces #23811
| License       | MIT
| Doc PR        | todo

Needs symfony/acl-bundle#2

Commits
-------

e3b7dc5 [SecurityBundle] Deprecate ACL related code
  • Loading branch information
@fabpot
fabpot committed Sep 26, 2017
2 parents efdba48 + e3b7dc5 commit 8a752c3
Show file tree
Hide file tree
Showing 14 changed files with 315 additions and 46 deletions.
9 changes: 5 additions & 4 deletions UPGRADE-3.4.md
View file
Expand Up @@ -289,10 +289,11 @@ SecurityBundle
`Doctrine\DBAL\Connection` as first argument. Not passing it is
deprecated and will throw a `TypeError` in 4.0.

* `SetAclCommand::__construct()` now takes an instance of
`Symfony\Component\Security\Acl\Model\MutableAclProviderInterfaceConnection`
as first argument. Not passing it is deprecated and will throw a `TypeError`
in 4.0.
* The `acl:set` command has been deprecated along with the `SetAclCommand` class,
both will be removed in 4.0. Install symfony/acl-bundle instead

* The `init:acl` command has been deprecated along with the `InitAclCommand` class,
both will be removed in 4.0. Install symfony/acl-bundle and use `acl:init` instead

* Added `logout_on_user_change` to the firewall options. This config item will
trigger a logout when the user has changed. Should be set to true to avoid
Expand Down
7 changes: 2 additions & 5 deletions UPGRADE-4.0.md
View file
Expand Up @@ -667,12 +667,9 @@ SecurityBundle

* `UserPasswordEncoderCommand` does not extend `ContainerAwareCommand` nor implement `ContainerAwareInterface` anymore.

* `InitAclCommand::__construct()` now requires an instance of
`Doctrine\DBAL\Connection` as first argument.
* `InitAclCommand` has been removed. Use `Symfony\Bundle\AclBundle\Command\InitAclCommand` instead

* `SetAclCommand::__construct()` now requires an instance of
`Symfony\Component\Security\Acl\Model\MutableAclProviderInterfaceConnection`
as first argument.
* `SetAclCommand` has been removed. Use `Symfony\Bundle\AclBundle\Command\SetAclCommand` instead

* The firewall option `logout_on_user_change` is now always true, which will
trigger a logout if the user changes between requests.
Expand Down
7 changes: 2 additions & 5 deletions src/Symfony/Bundle/SecurityBundle/CHANGELOG.md
View file
Expand Up @@ -8,15 +8,12 @@ CHANGELOG
`VoterInterface` on the class is now deprecated and will be removed in 4.0.
* [BC BREAK] `FirewallContext::getListeners()` now returns `\Traversable|array`
* added info about called security listeners in profiler
* `InitAclCommand::__construct()` now takes an instance of
`Doctrine\DBAL\Connection` as first argument
* `SetAclCommand::__construct()` now takes an instance of
`Symfony\Component\Security\Acl\Model\MutableAclProviderInterfaceConnection`
as first argument
* Added `logout_on_user_change` to the firewall options. This config item will
trigger a logout when the user has changed. Should be set to true to avoid
deprecations in the configuration.
* deprecated HTTP digest authentication
* deprecated command `acl:set` along with `SetAclCommand` class
* deprecated command `init:acl` along with `InitAclCommand` class

3.3.0
-----
Expand Down
17 changes: 7 additions & 10 deletions src/Symfony/Bundle/SecurityBundle/Command/InitAclCommand.php
View file
Expand Up @@ -11,9 +11,13 @@

namespace Symfony\Bundle\SecurityBundle\Command;

@trigger_error(sprintf('Class "%s" is deprecated since version 3.4 and will be removed in 4.0. Use Symfony\Bundle\AclBundle\Command\SetAclCommand instead.', SetAclCommand::class), E_USER_DEPRECATED);

use Symfony\Bundle\FrameworkBundle\Command\ContainerAwareCommand;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\ConsoleOutputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Style\SymfonyStyle;
use Symfony\Component\Security\Acl\Dbal\Schema;
use Doctrine\DBAL\Connection;
use Doctrine\DBAL\Schema\SchemaException;
Expand All @@ -23,7 +27,7 @@
*
* @author Johannes M. Schmitt <schmittjoh@gmail.com>
*
* @final since version 3.4
* @deprecated since version 3.4, to be removed in 4.0. See Symfony\Bundle\AclBundle\Command\SetAclCommand instead.
*/
class InitAclCommand extends ContainerAwareCommand
{
Expand All @@ -32,15 +36,9 @@ class InitAclCommand extends ContainerAwareCommand
private $connection;
private $schema;

/**
* @param Connection $connection
* @param Schema $schema
*/
public function __construct($connection = null, Schema $schema = null)
{
if (!$connection instanceof Connection) {
@trigger_error(sprintf('%s() expects an instance of "%s" as first argument since version 3.4. Not passing it is deprecated and will throw a TypeError in 4.0.', __METHOD__, Connection::class), E_USER_DEPRECATED);

parent::__construct($connection);

return;
Expand All @@ -54,8 +52,6 @@ public function __construct($connection = null, Schema $schema = null)

/**
* {@inheritdoc}
*
* BC to be removed in 4.0
*/
public function isEnabled()
{
Expand Down Expand Up @@ -93,7 +89,8 @@ protected function configure()
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
// BC to be removed in 4.0
(new SymfonyStyle($input, $output instanceof ConsoleOutputInterface ? $output->getErrorOutput() : $output))->warning('Command "init:acl" is deprecated since version 3.4 and will be removed from SecurityBundle in 4.0. Install symfony/acl-bundle and use "acl:init" instead.');

if (null === $this->connection) {
$this->connection = $this->getContainer()->get('security.acl.dbal.connection');
$this->schema = $this->getContainer()->get('security.acl.dbal.schema');
Expand Down
15 changes: 7 additions & 8 deletions src/Symfony/Bundle/SecurityBundle/Command/SetAclCommand.php
View file
Expand Up @@ -11,11 +11,15 @@

namespace Symfony\Bundle\SecurityBundle\Command;

@trigger_error(sprintf('Class "%s" is deprecated since version 3.4 and will be removed in 4.0. Use Symfony\Bundle\AclBundle\Command\SetAclCommand instead.', SetAclCommand::class), E_USER_DEPRECATED);

use Symfony\Bundle\FrameworkBundle\Command\ContainerAwareCommand;
use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Output\ConsoleOutputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Style\SymfonyStyle;
use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity;
use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity;
Expand All @@ -28,7 +32,7 @@
*
* @author Kévin Dunglas <kevin@les-tilleuls.coop>
*
* @final since version 3.4
* @deprecated since version 3.4, to be removed in 4.0. See Symfony\Bundle\AclBundle\Command\SetAclCommand instead.
*/
class SetAclCommand extends ContainerAwareCommand
{
Expand All @@ -42,8 +46,6 @@ class SetAclCommand extends ContainerAwareCommand
public function __construct($provider = null)
{
if (!$provider instanceof MutableAclProviderInterface) {
@trigger_error(sprintf('%s() expects an instance of "%s" as first argument since version 3.4. Not passing it is deprecated and will throw a TypeError in 4.0.', __METHOD__, MutableAclProviderInterface::class), E_USER_DEPRECATED);

parent::__construct($provider);

return;
Expand All @@ -56,8 +58,6 @@ public function __construct($provider = null)

/**
* {@inheritdoc}
*
* BC to be removed in 4.0
*/
public function isEnabled()
{
Expand Down Expand Up @@ -117,7 +117,8 @@ protected function configure()
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
// BC to be removed in 4.0
(new SymfonyStyle($input, $output instanceof ConsoleOutputInterface ? $output->getErrorOutput() : $output))->warning('Command "acl:set" is deprecated since version 3.4 and will be removed from SecurityBundle in 4.0. Install symfony/acl-bundle to use this command.');

if (null === $this->provider) {
$this->provider = $this->getContainer()->get('security.acl.provider');
}
Expand Down Expand Up @@ -192,8 +193,6 @@ protected function execute(InputInterface $input, OutputInterface $output)
/**
* Gets the mask builder.
*
* BC to be removed in 4.0
*
* @return MaskBuilder
*/
protected function getMaskBuilder()
Expand Down
1 change: 1 addition & 0 deletions src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
View file
Expand Up @@ -121,6 +121,7 @@ private function addAclSection(ArrayNodeDefinition $rootNode)
$rootNode
->children()
->arrayNode('acl')
->setDeprecated('The "security.acl" configuration key is deprecated since version 3.4 and will be removed in 4.0. Install symfony/acl-bundle and use the "acl" key instead.')
->children()
->scalarNode('connection')
->defaultNull()
Expand Down
31 changes: 24 additions & 7 deletions src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
View file
Expand Up @@ -22,8 +22,6 @@

abstract class CompleteConfigurationTest extends TestCase
{
private static $containerCache = array();

abstract protected function getLoader(ContainerBuilder $container);

abstract protected function getFileExtension();
Expand All @@ -38,6 +36,20 @@ public function testRolesHierarchy()
), $container->getParameter('security.role_hierarchy.roles'));
}

/**
* @group legacy
* @expectedDeprecation The "security.acl" configuration key is deprecated since version 3.4 and will be removed in 4.0. Install symfony/acl-bundle and use the "acl" key instead.
*/
public function testRolesHierarchyWithAcl()
{
$container = $this->getContainer('container1_with_acl');
$this->assertEquals(array(
'ROLE_ADMIN' => array('ROLE_USER'),
'ROLE_SUPER_ADMIN' => array('ROLE_USER', 'ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH'),
'ROLE_REMOTE' => array('ROLE_USER', 'ROLE_ADMIN'),
), $container->getParameter('security.role_hierarchy.roles'));
}

public function testUserProviders()
{
$container = $this->getContainer('container1');
Expand Down Expand Up @@ -439,14 +451,22 @@ public function testEncoders()
)), $container->getDefinition('security.encoder_factory.generic')->getArguments());
}

/**
* @group legacy
* @expectedDeprecation The "security.acl" configuration key is deprecated since version 3.4 and will be removed in 4.0. Install symfony/acl-bundle and use the "acl" key instead.
*/
public function testAcl()
{
$container = $this->getContainer('container1');
$container = $this->getContainer('container1_with_acl');

$this->assertTrue($container->hasDefinition('security.acl.dbal.provider'));
$this->assertEquals('security.acl.dbal.provider', (string) $container->getAlias('security.acl.provider'));
}

/**
* @group legacy
* @expectedDeprecation The "security.acl" configuration key is deprecated since version 3.4 and will be removed in 4.0. Install symfony/acl-bundle and use the "acl" key instead.
*/
public function testCustomAclProvider()
{
$container = $this->getContainer('custom_acl_provider');
Expand Down Expand Up @@ -546,9 +566,6 @@ protected function getContainer($file)
{
$file = $file.'.'.$this->getFileExtension();

if (isset(self::$containerCache[$file])) {
return self::$containerCache[$file];
}
$container = new ContainerBuilder();
$security = new SecurityExtension();
$container->registerExtension($security);
Expand All @@ -561,6 +578,6 @@ protected function getContainer($file)
$container->getCompilerPassConfig()->setRemovingPasses(array());
$container->compile();

return self::$containerCache[$file] = $container;
return $container;
}
}
1 change: 0 additions & 1 deletion src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1.php
View file
@@ -1,7 +1,6 @@
<?php

$container->loadFromExtension('security', array(
'acl' => array(),
'encoders' => array(
'JMS\FooBundle\Entity\User1' => 'plaintext',
'JMS\FooBundle\Entity\User2' => array(
Expand Down
102 changes: 102 additions & 0 deletions ...fony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php
View file
@@ -0,0 +1,102 @@
<?php

$container->loadFromExtension('security', array(
'acl' => array(),
'encoders' => array(
'JMS\FooBundle\Entity\User1' => 'plaintext',
'JMS\FooBundle\Entity\User2' => array(
'algorithm' => 'sha1',
'encode_as_base64' => false,
'iterations' => 5,
),
'JMS\FooBundle\Entity\User3' => array(
'algorithm' => 'md5',
),
'JMS\FooBundle\Entity\User4' => array(
'id' => 'security.encoder.foo',
),
'JMS\FooBundle\Entity\User5' => array(
'algorithm' => 'pbkdf2',
'hash_algorithm' => 'sha1',
'encode_as_base64' => false,
'iterations' => 5,
'key_length' => 30,
),
'JMS\FooBundle\Entity\User6' => array(
'algorithm' => 'bcrypt',
'cost' => 15,
),
),
'providers' => array(
'default' => array(
'memory' => array(
'users' => array(
'foo' => array('password' => 'foo', 'roles' => 'ROLE_USER'),
),
),
),
'digest' => array(
'memory' => array(
'users' => array(
'foo' => array('password' => 'foo', 'roles' => 'ROLE_USER, ROLE_ADMIN'),
),
),
),
'basic' => array(
'memory' => array(
'users' => array(
'foo' => array('password' => '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33', 'roles' => 'ROLE_SUPER_ADMIN'),
'bar' => array('password' => '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33', 'roles' => array('ROLE_USER', 'ROLE_ADMIN')),
),
),
),
'service' => array(
'id' => 'user.manager',
),
'chain' => array(
'chain' => array(
'providers' => array('service', 'basic'),
),
),
),

'firewalls' => array(
'simple' => array('pattern' => '/login', 'security' => false),
'secure' => array('stateless' => true,
'http_basic' => true,
'http_digest' => array('secret' => 'TheSecret'),
'form_login' => true,
'anonymous' => true,
'switch_user' => true,
'x509' => true,
'remote_user' => true,
'logout' => true,
'remember_me' => array('secret' => 'TheSecret'),
'user_checker' => null,
),
'host' => array(
'pattern' => '/test',
'host' => 'foo\\.example\\.org',
'methods' => array('GET', 'POST'),
'anonymous' => true,
'http_basic' => true,
),
'with_user_checker' => array(
'user_checker' => 'app.user_checker',
'anonymous' => true,
'http_basic' => true,
),
),

'access_control' => array(
array('path' => '/blog/524', 'role' => 'ROLE_USER', 'requires_channel' => 'https', 'methods' => array('get', 'POST')),
array('path' => '/blog/.*', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY'),
array('path' => '/blog/524', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY', 'allow_if' => "token.getUsername() matches '/^admin/'"),
),

'role_hierarchy' => array(
'ROLE_ADMIN' => 'ROLE_USER',
'ROLE_SUPER_ADMIN' => array('ROLE_USER', 'ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH'),
'ROLE_REMOTE' => 'ROLE_USER,ROLE_ADMIN',
),
));
2 changes: 0 additions & 2 deletions src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1.xml
View file
Expand Up @@ -6,8 +6,6 @@
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">

<config>
<acl />

<encoder class="JMS\FooBundle\Entity\User1" algorithm="plaintext" />

<encoder class="JMS\FooBundle\Entity\User2" algorithm="sha1" encode-as-base64="false" iterations="5" />
Expand Down

0 comments on commit 8a752c3

Please sign in to comment.