feature symfony#8305 Added MutableAclProvider::deleteSecurityIdentity…

… (lavoiesl) This PR was merged into the 2.5-dev branch. Discussion ---------- Added MutableAclProvider::deleteSecurityIdentity This provides a very simple function to enable the deletion of a SecurityIdentity. Developers can add a listener on the delete of a user and remove all the related ACLs. Foreign keys already ensure that the ACEs are properly deleted. Among the problems of not deleting the SecurityIdentity: * Inconsistent database, referring to a non-existent user. * If a user is deleted and another is created with the same name, it will inherit all the old user’s ACEs Not addressed by this PR: Changing a user’s username breaks the related ACLs. See symfony#5787 See also: https://groups.google.com/forum/#!topic/symfony2/mGTXlTWiMs8/discussion Commits ------- bdbbe58 [Security][Acl] Issue symfony#5787 : Added MutableAclProvider::deleteSecurityIdentity
jderusse · Dec 27, 2013 · 3a79075 · 3a79075
2 parents 1da02d3 + 5646fe0
commit 3a79075
Showing 1 changed file with 27 additions and 0 deletions.
diff --git a/Dbal/MutableAclProvider.php b/Dbal/MutableAclProvider.php
@@ -108,6 +108,18 @@ public function deleteAcl(ObjectIdentityInterface $oid)
         }
     }
 
+    /**
+     * Deletes the security identity from the database.
+     * ACL entries have the CASCADE option on their foreign key so they will also get deleted
+     *
+     * @param SecurityIdentityInterface $sid
+     * @throws \InvalidArgumentException
+     */
+    public function deleteSecurityIdentity(SecurityIdentityInterface $sid)
+    {
+        $this->connection->executeQuery($this->getDeleteSecurityIdentityIdSql($sid));
+    }
+
     /**
      * {@inheritDoc}
      */
@@ -622,6 +634,21 @@ protected function getSelectSecurityIdentityIdSql(SecurityIdentityInterface $sid
         );
     }
 
+    /**
+     * Constructs the SQL to delete a security identity.
+     *
+     * @param SecurityIdentityInterface $sid
+     * @throws \InvalidArgumentException
+     * @return string
+     */
+    protected function getDeleteSecurityIdentityIdSql(SecurityIdentityInterface $sid)
+    {
+        $select = $this->getSelectSecurityIdentityIdSql($sid);
+        $delete = preg_replace('/^SELECT id FROM/', 'DELETE FROM', $select);
+
+        return $delete;
+    }
+
     /**
      * Constructs the SQL for updating an object identity.
      *