Skip to content
Browse files

merged branch jalliot/acl_proxies-2 (PR #3826)

Commits
-------

6483d88 [Security][ACL] Fixed ObjectIdentity::fromDomainObject and UserSecurityIdentity::from(Account|Token) when working with proxies

Discussion
----------

[WIP] Fixed ACL handling of Doctrine proxies

Bug fix: yes
Feature addition: no
Backwards compatibility break: no
Symfony2 tests pass: [![Build Status](https://secure.travis-ci.org/jalliot/symfony.png?branch=acl_proxies-2)](http://travis-ci.org/jalliot/symfony)
Fixes the following tickets: #3818, #2611, #2056, #2048, #2035 and probably others
Todo: Fix tests, update changelog

Hi,

As per @fabpot's request, here is #3818 ported to `master`.

> Here is a new attempt to fix all the issues related to Symfony ACL identities and Doctrine proxies.
> It only fixes the issue for Doctrine >=2.2 (older versions of Doctrine will still not work properly with ACL because `Doctrine\Common\Util\ClassUtils` didn't exist before and proxy naming strategy was not consistent between all Doctrine implementations (ORM/ODM/etc.)).

/cc @schmittjoh @beberlei

---------------------------------------------------------------------------

by schmittjoh at 2012-04-09T00:07:52Z

I'm -1 on adding a dependency on the Doctrine class.

The naming scheme was designed in a generic way, we should just copy the method.

---------------------------------------------------------------------------

by jalliot at 2012-04-09T00:13:07Z

@schmittjoh The ACL component requires Doctrine DBAL already (and as such Common) so I don't think this is really an issue at the moment. If (when?) the component is refactored to be decoupled from Doctrine, then maybe we will have to change that.
But I can also copy the class (where?) if you think it is better :)

---------------------------------------------------------------------------

by schmittjoh at 2012-04-09T01:01:27Z

I'd suggest ``Symfony\Component\Security\Core\Util\ClassUtils``.

---------------------------------------------------------------------------

by jalliot at 2012-04-09T11:16:19Z

@fabpot @schmittjoh It's done: I've backported the ClassUtils class and its tests from Doctrine Common into the Security component. Maybe this PR can be merged into 2.0 as well now, what do you think?

---------------------------------------------------------------------------

by oscherler at 2012-04-11T06:27:20Z

There seems to be a consensus that ACLs don’t (fully?) work with Doctrine < 2.2, i.e. in Symfony 2.0. Can it therefore be documented somewhere, typically on the main documentation page on the subject? http://symfony.com/doc/current/cookbook/security/acl.html

---------------------------------------------------------------------------

by jalliot at 2012-04-11T07:36:25Z

@oscherler You can make ACL work with Doctrine < 2.2 and without this patch if you use something like this code (note this is for ORM only but it can be adapted for ODM; it also assumes that your identifier can be retrieved with `getId()`):

``` php
<?php

use Doctrine\ORM\Proxy\Proxy;
use Symfony\Component\Acl\Domain\ObjectIdentity;

$domainObject = ... // some Doctrine entity (maybe a proxy...)

if ($domainObject instanceof Proxy) {
    $objectIdentity = new ObjectIdentity($domainObject->getId(), get_parent_class($domainObject));
} else {
    $objectIdentity = new ObjectIdentity($domainObject->getId(), get_class($domainObject));
}
```
It is ugly but it is the only way to get the correct identity for < 2.2. Never use `ObjectIdentity::fromDomainObject` with a proxy and without this patch!
The same applies to `UserSecurityIdentity`.

This should indeed be documented in the doc for 2.0. /cc @weaverryan

---------------------------------------------------------------------------

by jalliot at 2012-04-11T22:34:37Z

I just fixed the tests and squashed the commits.
I didn't write a test for `UserSecurityIdentity::fromAccount` and `fromToken` because I didn't really have time to look for a clean solution (without creating a full UserInterface implementation for instance...). Anyway the test for `ObjectIdentity::fromDomainObject` should be enough I guess...
Don't hesitate to add one if you think it is necessary. /cc @schmittjoh

@fabpot Apart from @beberlei approval to use MIT license, I think it is ready for merge.
  • Loading branch information...
2 parents b47cb35 + 6483d88 commit dd5d7f2fbe434cf9e1820efcbd926e06b0d549fb @fabpot fabpot committed Apr 12, 2012
View
5 src/Symfony/Component/Security/Acl/Domain/ObjectIdentity.php
@@ -11,6 +11,7 @@
namespace Symfony\Component\Security\Acl\Domain;
+use Symfony\Component\Security\Core\Util\ClassUtils;
use Symfony\Component\Security\Acl\Exception\InvalidDomainObjectException;
use Symfony\Component\Security\Acl\Model\DomainObjectInterface;
use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface;
@@ -59,9 +60,9 @@ static public function fromDomainObject($domainObject)
try {
if ($domainObject instanceof DomainObjectInterface) {
- return new self($domainObject->getObjectIdentifier(), get_class($domainObject));
+ return new self($domainObject->getObjectIdentifier(), ClassUtils::getRealClass($domainObject));
} elseif (method_exists($domainObject, 'getId')) {
- return new self($domainObject->getId(), get_class($domainObject));
+ return new self($domainObject->getId(), ClassUtils::getRealClass($domainObject));
}
} catch (\InvalidArgumentException $invalid) {
throw new InvalidDomainObjectException($invalid->getMessage(), 0, $invalid);
View
5 src/Symfony/Component/Security/Acl/Domain/UserSecurityIdentity.php
@@ -13,6 +13,7 @@
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\User\UserInterface;
+use Symfony\Component\Security\Core\Util\ClassUtils;
use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface;
/**
@@ -52,7 +53,7 @@ public function __construct($username, $class)
*/
static public function fromAccount(UserInterface $user)
{
- return new self($user->getUsername(), get_class($user));
+ return new self($user->getUsername(), ClassUtils::getRealClass($user));
}
/**
@@ -69,7 +70,7 @@ static public function fromToken(TokenInterface $token)
return self::fromAccount($user);
}
- return new self((string) $user, is_object($user)? get_class($user) : get_class($token));
+ return new self((string) $user, is_object($user) ? ClassUtils::getRealClass($user) : ClassUtils::getRealClass($token));
}
/**
View
55 src/Symfony/Component/Security/Core/Util/ClassUtils.php
@@ -0,0 +1,55 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Util;
+
+/**
+ * Class related functionality for objects that
+ * might or might not be proxy objects at the moment.
+ *
+ * @see Doctrine\Common\Util\ClassUtils
+ *
+ * @author Benjamin Eberlei <kontakt@beberlei.de>
+ * @author Johannes Schmitt <schmittjoh@gmail.com>
+ */
+class ClassUtils
+{
+ /**
+ * Marker for Proxy class names.
+ *
+ * @var string
+ */
+ const MARKER = '__CG__';
+
+ /**
+ * Length of the proxy marker
+ *
+ * @var int
+ */
+ const MARKER_LENGTH = 6;
+
+ /**
+ * Gets the real class name of a class name that could be a proxy.
+ *
+ * @param string|object
+ * @return string
+ */
+ public static function getRealClass($object)
+ {
+ $class = is_object($object) ? get_class($object) : $object;
+
+ if (false === $pos = strrpos($class, '\\'.self::MARKER.'\\')) {
+ return $class;
+ }
+
+ return substr($class, $pos + self::MARKER_LENGTH + 2);
+ }
+}
View
153 src/Symfony/Component/Security/Tests/Acl/Domain/ObjectIdentityTest.php
@@ -9,83 +9,108 @@
* file that was distributed with this source code.
*/
-namespace Symfony\Component\Security\Tests\Acl\Domain;
-
-use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
-
-class ObjectIdentityTest extends \PHPUnit_Framework_TestCase
+namespace Symfony\Component\Security\Tests\Acl\Domain
{
- public function testConstructor()
+ use Symfony\Component\Security\Acl\Domain\ObjectIdentity;
+
+ class ObjectIdentityTest extends \PHPUnit_Framework_TestCase
{
- $id = new ObjectIdentity('fooid', 'footype');
-
- $this->assertEquals('fooid', $id->getIdentifier());
- $this->assertEquals('footype', $id->getType());
- }
-
- public function testFromDomainObjectPrefersInterfaceOverGetId()
- {
- $domainObject = $this->getMock('Symfony\Component\Security\Acl\Model\DomainObjectInterface');
- $domainObject
- ->expects($this->once())
- ->method('getObjectIdentifier')
- ->will($this->returnValue('getObjectIdentifier()'))
- ;
- $domainObject
- ->expects($this->never())
- ->method('getId')
- ->will($this->returnValue('getId()'))
- ;
-
- $id = ObjectIdentity::fromDomainObject($domainObject);
- $this->assertEquals('getObjectIdentifier()', $id->getIdentifier());
- }
+ public function testConstructor()
+ {
+ $id = new ObjectIdentity('fooid', 'footype');
+
+ $this->assertEquals('fooid', $id->getIdentifier());
+ $this->assertEquals('footype', $id->getType());
+ }
- public function testFromDomainObjectWithoutInterface()
- {
- $id = ObjectIdentity::fromDomainObject(new TestDomainObject());
- $this->assertEquals('getId()', $id->getIdentifier());
- }
+ // Test that constructor never changes passed type, even with proxies
+ public function testConstructorWithProxy()
+ {
+ $id = new ObjectIdentity('fooid', 'Acme\DemoBundle\Proxy\__CG__\Symfony\Component\Security\Tests\Acl\Domain\TestDomainObject');
- /**
- * @dataProvider getCompareData
- */
- public function testEquals($oid1, $oid2, $equal)
- {
- if ($equal) {
- $this->assertTrue($oid1->equals($oid2));
- } else {
- $this->assertFalse($oid1->equals($oid2));
+ $this->assertEquals('fooid', $id->getIdentifier());
+ $this->assertEquals('Acme\DemoBundle\Proxy\__CG__\Symfony\Component\Security\Tests\Acl\Domain\TestDomainObject', $id->getType());
+ }
+
+ public function testFromDomainObjectPrefersInterfaceOverGetId()
+ {
+ $domainObject = $this->getMock('Symfony\Component\Security\Acl\Model\DomainObjectInterface');
+ $domainObject
+ ->expects($this->once())
+ ->method('getObjectIdentifier')
+ ->will($this->returnValue('getObjectIdentifier()'))
+ ;
+ $domainObject
+ ->expects($this->never())
+ ->method('getId')
+ ->will($this->returnValue('getId()'))
+ ;
+
+ $id = ObjectIdentity::fromDomainObject($domainObject);
+ $this->assertEquals('getObjectIdentifier()', $id->getIdentifier());
+ }
+
+ public function testFromDomainObjectWithoutInterface()
+ {
+ $id = ObjectIdentity::fromDomainObject(new TestDomainObject());
+ $this->assertEquals('getId()', $id->getIdentifier());
+ $this->assertEquals('Symfony\Component\Security\Tests\Acl\Domain\TestDomainObject', $id->getType());
}
- }
- public function getCompareData()
- {
- return array(
- array(new ObjectIdentity('123', 'foo'), new ObjectIdentity('123', 'foo'), true),
- array(new ObjectIdentity('123', 'foo'), new ObjectIdentity(123, 'foo'), true),
- array(new ObjectIdentity('1', 'foo'), new ObjectIdentity('2', 'foo'), false),
- array(new ObjectIdentity('1', 'bla'), new ObjectIdentity('1', 'blub'), false),
- );
+ public function testFromDomainObjectWithProxy()
+ {
+ $id = ObjectIdentity::fromDomainObject(new \Acme\DemoBundle\Proxy\__CG__\Symfony\Component\Security\Tests\Acl\Domain\TestDomainObject());
+ $this->assertEquals('getId()', $id->getIdentifier());
+ $this->assertEquals('Symfony\Component\Security\Tests\Acl\Domain\TestDomainObject', $id->getType());
+ }
+
+ /**
+ * @dataProvider getCompareData
+ */
+ public function testEquals($oid1, $oid2, $equal)
+ {
+ if ($equal) {
+ $this->assertTrue($oid1->equals($oid2));
+ } else {
+ $this->assertFalse($oid1->equals($oid2));
+ }
+ }
+
+ public function getCompareData()
+ {
+ return array(
+ array(new ObjectIdentity('123', 'foo'), new ObjectIdentity('123', 'foo'), true),
+ array(new ObjectIdentity('123', 'foo'), new ObjectIdentity(123, 'foo'), true),
+ array(new ObjectIdentity('1', 'foo'), new ObjectIdentity('2', 'foo'), false),
+ array(new ObjectIdentity('1', 'bla'), new ObjectIdentity('1', 'blub'), false),
+ );
+ }
+
+ protected function setUp()
+ {
+ if (!class_exists('Doctrine\DBAL\DriverManager')) {
+ $this->markTestSkipped('The Doctrine2 DBAL is required for this test');
+ }
+ }
}
-
- protected function setUp()
+
+ class TestDomainObject
{
- if (!class_exists('Doctrine\DBAL\DriverManager')) {
- $this->markTestSkipped('The Doctrine2 DBAL is required for this test');
+ public function getObjectIdentifier()
+ {
+ return 'getObjectIdentifier()';
+ }
+
+ public function getId()
+ {
+ return 'getId()';
}
}
}
-class TestDomainObject
+namespace Acme\DemoBundle\Proxy\__CG__\Symfony\Component\Security\Tests\Acl\Domain
{
- public function getObjectIdentifier()
- {
- return 'getObjectIdentifier()';
- }
-
- public function getId()
+ class TestDomainObject extends \Symfony\Component\Security\Tests\Acl\Domain\TestDomainObject
{
- return 'getId()';
}
}
View
9 src/Symfony/Component/Security/Tests/Acl/Domain/UserSecurityIdentityTest.php
@@ -24,6 +24,15 @@ public function testConstructor()
$this->assertEquals('Foo', $id->getClass());
}
+ // Test that constructor never changes the type, even for proxies
+ public function testContructorWithProxy()
+ {
+ $id = new UserSecurityIdentity('foo', 'Acme\DemoBundle\Proxy\__CG__\Symfony\Component\Security\Tests\Acl\Domain\Foo');
+
+ $this->assertEquals('foo', $id->getUsername());
+ $this->assertEquals('Acme\DemoBundle\Proxy\__CG__\Symfony\Component\Security\Tests\Acl\Domain\Foo', $id->getClass());
+ }
+
/**
* @dataProvider getCompareData
*/
View
41 src/Symfony/Component/Security/Tests/Core/Util/ClassUtilsTest.php
@@ -0,0 +1,41 @@
+<?php
+
+namespace Symfony\Component\Security\Tests\Core\Util
+{
+ use Symfony\Component\Security\Core\Util\ClassUtils;
+
+ class ClassUtilsTest extends \PHPUnit_Framework_TestCase
+ {
+ static public function dataGetClass()
+ {
+ return array(
+ array('stdClass', 'stdClass'),
+ array('Symfony\Component\Security\Core\Util\ClassUtils', 'Symfony\Component\Security\Core\Util\ClassUtils'),
+ array('MyProject\Proxies\__CG__\stdClass', 'stdClass'),
+ array('MyProject\Proxies\__CG__\OtherProject\Proxies\__CG__\stdClass', 'stdClass'),
+ array('MyProject\Proxies\__CG__\Symfony\Component\Security\Tests\Core\Util\ChildObject', 'Symfony\Component\Security\Tests\Core\Util\ChildObject'),
+ array(new TestObject(), 'Symfony\Component\Security\Tests\Core\Util\TestObject'),
+ array(new \Acme\DemoBundle\Proxy\__CG__\Symfony\Component\Security\Tests\Core\Util\TestObject(), 'Symfony\Component\Security\Tests\Core\Util\TestObject'),
+ );
+ }
+
+ /**
+ * @dataProvider dataGetClass
+ */
+ public function testGetRealClass($object, $expectedClassName)
+ {
+ $this->assertEquals($expectedClassName, ClassUtils::getRealClass($object));
+ }
+ }
+
+ class TestObject
+ {
+ }
+}
+
+namespace Acme\DemoBundle\Proxy\__CG__\Symfony\Component\Security\Tests\Core\Util
+{
+ class TestObject extends \Symfony\Component\Security\Tests\Core\Util\TestObject
+ {
+ }
+}

0 comments on commit dd5d7f2

Please sign in to comment.
Something went wrong with that request. Please try again.