[DX][Profiler] Show the inherited roles in the web profiler #12896
Conversation
|
|
||
| public function __construct(SecurityContextInterface $context = null) | ||
| public function __construct(SecurityContextInterface $context = null, RoleHierarchyInterface $roleHierarchy) |
There was a problem hiding this comment.
Should accept null to keep BC, in which case, you just don't get the new feature.
There was a problem hiding this comment.
Will fix right now. BC in case someone has defined his own Collector?
There was a problem hiding this comment.
That's needed also for Silex-WebProfiler for instance.
|
Apparently, that breaks the tests. |
|
@fabpot Yes, I had one local commit missing - now it should be okay. |
| if (!in_array($role, $assignedRoles)) { | ||
| $inheritedRoles[] = $role; | ||
| } | ||
| } |
There was a problem hiding this comment.
just use array_diff() instead of reimplementing in userland. This will be more readable, and the C implementation is likely to win over a userland implementation (even though I haven't benchmarked it and this is not critical here)
|
@stof Thanks for the valuable feedback, has been updated. |
|
@peterrehm Can you also have a look at the tests? |
|
@fabpot It looks like they broke due to the switch to array_diff as suggested by @stof. It is all due to the diff with objects $role1 = new \Symfony\Component\Security\Core\Role\Role('ROLE_USER');
$assignedRoles = array($role1);
$allRoles = array($role1);
var_dump(array_diff($assignedRoles, $allRoles));Fails with the following error: |
|
Now it should be okay. However there are many failing tests due to the depreciation messages. |
|
Thank you @peterrehm. |
…filer (peterrehm) This PR was merged into the 2.7 branch. Discussion ---------- [DX][Profiler] Show the inherited roles in the web profiler | Q | A | ------------- | --- | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #12892 | License | MIT | Doc PR | - Given the following role hierarchy configuration ````php security: role_hierarchy: ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] ROLE_ADMIN: [ROLE_EMPLOYEE] ROLE_EMPLOYEE: [ROLE_SALES] ```` If you were checking the user roles in the web profiler as an user with the assigned role `ROLE_ADMIN` you saw only the following output.  This was kind of tricky since pages where you were checking `is_granted('ROLE_EMPLOYEE')` granted access. Debugging was hard for newcomers to the project if they did not understand the role hierarchy. With this adjustment you will see the assigned roles as well as the inherited roles separately as follows:  Commits ------- 31dc672 Show the inherited roles in the web profiler
Given the following role hierarchy configuration
security: role_hierarchy: ROLE_SUPER_ADMIN: [ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] ROLE_ADMIN: [ROLE_EMPLOYEE] ROLE_EMPLOYEE: [ROLE_SALES]If you were checking the user roles in the web profiler as an user with the assigned
role
ROLE_ADMINyou saw only the following output.This was kind of tricky since pages where you were checking
is_granted('ROLE_EMPLOYEE')granted access. Debugging was hard for newcomers to the project if they did not understand
the role hierarchy.
With this adjustment you will see the assigned roles as well as the inherited roles separately as
follows: