New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Security: IAuthorizator needs IIdentity #941

Open
wants to merge 6 commits into
base: master
from

Conversation

Projects
None yet
8 participants
@enumag
Contributor

enumag commented Jan 28, 2013

See the RFC on Nette forum (czech only).

@fprochazka

This comment has been minimized.

Show comment
Hide comment
@fprochazka

fprochazka Jan 28, 2013

Contributor

👍 Chtělo by to pár testů :)

Contributor

fprochazka commented Jan 28, 2013

👍 Chtělo by to pár testů :)

@enumag

This comment has been minimized.

Show comment
Hide comment
@enumag

enumag Jan 28, 2013

Contributor

@hosiplan: Ono v podstatě stačí upravit stávající testy, ale to bude chvíli trvat. Mezitím si pls přečti RFC. :-)

Contributor

enumag commented Jan 28, 2013

@hosiplan: Ono v podstatě stačí upravit stávající testy, ale to bude chvíli trvat. Mezitím si pls přečti RFC. :-)

@hrach

View changes

Show outdated Hide outdated Nette/Security/Permission.php
@Majkl578

View changes

Show outdated Hide outdated Nette/Security/Permission.php
@tomaswindsor

View changes

Show outdated Hide outdated Nette/Security/Permission.php
@Majkl578

This comment has been minimized.

Show comment
Hide comment
@Majkl578

Majkl578 Jan 30, 2013

Contributor

Přemýšlím nad tím a ta vazba přímo na IIdentity mi přijde poměrně zbytečná, až nežádoucí.
Říkám si, jestli by nebylo lepší něco obecnějšího, např. IRoleSet nebo IRolesProvider s metodou getRoles(). IIdentity by jej a) extendovalo a zůstalo současné chování, b) neextendovalo a možnost rolí by zůstala plně v moci uživatele (programátora). Druhá varianta by mi nejspíš dávala větší smysl, sám jsem dělal několik projektů, kde jsem role vůbec nepoužíval a musel hloupě vytvářet metodu getRoles vracející prázdné pole. Zároveň by nebyl problém používat i nadále Permission zcela nezávisle na IIdentity/User (jako tomu bylo doposud a což tento pull request znemožňuje).

Přesunuto k diskusi na fórum.

Contributor

Majkl578 commented Jan 30, 2013

Přemýšlím nad tím a ta vazba přímo na IIdentity mi přijde poměrně zbytečná, až nežádoucí.
Říkám si, jestli by nebylo lepší něco obecnějšího, např. IRoleSet nebo IRolesProvider s metodou getRoles(). IIdentity by jej a) extendovalo a zůstalo současné chování, b) neextendovalo a možnost rolí by zůstala plně v moci uživatele (programátora). Druhá varianta by mi nejspíš dávala větší smysl, sám jsem dělal několik projektů, kde jsem role vůbec nepoužíval a musel hloupě vytvářet metodu getRoles vracející prázdné pole. Zároveň by nebyl problém používat i nadále Permission zcela nezávisle na IIdentity/User (jako tomu bylo doposud a což tento pull request znemožňuje).

Přesunuto k diskusi na fórum.

@Majkl578

View changes

Show outdated Hide outdated Nette/Security/Permission.php
@enumag

This comment has been minimized.

Show comment
Hide comment
@enumag

enumag Feb 7, 2013

Contributor

Please review.

Contributor

enumag commented Feb 7, 2013

Please review.

@dg

This comment has been minimized.

Show comment
Hide comment
@dg

dg Mar 11, 2013

Member

Ještě jiný směr, kam by se to mohlo ubírat: http://forum.nette.org/cs/13458-security-iauthorizator-a-identita#p99180

Member

dg commented Mar 11, 2013

Ještě jiný směr, kam by se to mohlo ubírat: http://forum.nette.org/cs/13458-security-iauthorizator-a-identita#p99180

@enumag

This comment has been minimized.

Show comment
Hide comment
@enumag

enumag Jun 26, 2013

Contributor

@dg Even if the final implementation will be different, the first commit should be merged.

This is taking as long as I was afraid it would so I've already implemented this as an extension.

Contributor

enumag commented Jun 26, 2013

@dg Even if the final implementation will be different, the first commit should be merged.

This is taking as long as I was afraid it would so I've already implemented this as an extension.

@redwormik

This comment has been minimized.

Show comment
Hide comment
@redwormik

redwormik Jul 10, 2013

Hi there! I see two small User-related BC breaks:

  1. Logged in User which was given NULL identity by IAuthenticator (rare, I know) is now seen as logged out.
  2. getRoles() (and isInRole()) used to reflect whether the user was logged in, now they can use roles from IIdentity of logged out user.

redwormik commented Jul 10, 2013

Hi there! I see two small User-related BC breaks:

  1. Logged in User which was given NULL identity by IAuthenticator (rare, I know) is now seen as logged out.
  2. getRoles() (and isInRole()) used to reflect whether the user was logged in, now they can use roles from IIdentity of logged out user.
@enumag

This comment has been minimized.

Show comment
Hide comment
@enumag

enumag Jul 10, 2013

Contributor

@redwormik

  1. That's a bug. The login method should throw an exception if NULL was returned by the IAuthenticator.
  2. I didn't like the inconsistency that User::getRoles() and Identity::getRoles() had different return values but now that I think about it again it's probably better.

This pull request is probably not going to be merged so it's useless to push the fix here. I will fix both in my extension though.

Contributor

enumag commented Jul 10, 2013

@redwormik

  1. That's a bug. The login method should throw an exception if NULL was returned by the IAuthenticator.
  2. I didn't like the inconsistency that User::getRoles() and Identity::getRoles() had different return values but now that I think about it again it's probably better.

This pull request is probably not going to be merged so it's useless to push the fix here. I will fix both in my extension though.

@dg dg removed this from the 2.2 milestone Jun 19, 2014

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment