diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2013-12-27 17:31:41 +0100 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2013-12-27 17:31:41 +0100 |
| commit | 63903803dccb799e3ae52538b68411fc9889d3d5 (patch) | |
| tree | 794bec73c196126c31fb9df46b7c4ceed79156fc | |
| parent | 7553159be393b2a5adaf195dd1a212276930cfd9 (diff) | |
| parent | 1112d2c68059f6fe658f7655560084d20091e064 (diff) | |
| download | symfony-security-63903803dccb799e3ae52538b68411fc9889d3d5.zip symfony-security-63903803dccb799e3ae52538b68411fc9889d3d5.tar.gz symfony-security-63903803dccb799e3ae52538b68411fc9889d3d5.tar.bz2 | |
feature #8305 Added MutableAclProvider::deleteSecurityIdentity (lavoiesl)
This PR was merged into the 2.5-dev branch.
Discussion
----------
Added MutableAclProvider::deleteSecurityIdentity
This provides a very simple function to enable the deletion of a SecurityIdentity.
Developers can add a listener on the delete of a user and remove all the related ACLs.
Foreign keys already ensure that the ACEs are properly deleted.
Among the problems of not deleting the SecurityIdentity:
* Inconsistent database, referring to a non-existent user.
* If a user is deleted and another is created with the same name, it will inherit all the old user’s ACEs
Not addressed by this PR: Changing a user’s username breaks the related ACLs. See #5787
See also: https://groups.google.com/forum/#!topic/symfony2/mGTXlTWiMs8/discussion
Commits
-------
bdbbe58 [Security][Acl] Issue #5787 : Added MutableAclProvider::deleteSecurityIdentity
| -rw-r--r-- | Acl/Dbal/MutableAclProvider.php | 27 |
1 files changed, 27 insertions, 0 deletions
diff --git a/Acl/Dbal/MutableAclProvider.php b/Acl/Dbal/MutableAclProvider.php index 54bef68..e4b2a75 100644 --- a/Acl/Dbal/MutableAclProvider.php +++ b/Acl/Dbal/MutableAclProvider.php @@ -109,6 +109,18 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf } /** + * Deletes the security identity from the database. + * ACL entries have the CASCADE option on their foreign key so they will also get deleted + * + * @param SecurityIdentityInterface $sid + * @throws \InvalidArgumentException + */ + public function deleteSecurityIdentity(SecurityIdentityInterface $sid) + { + $this->connection->executeQuery($this->getDeleteSecurityIdentityIdSql($sid)); + } + + /** * {@inheritDoc} */ public function findAcls(array $oids, array $sids = array()) @@ -623,6 +635,21 @@ QUERY; } /** + * Constructs the SQL to delete a security identity. + * + * @param SecurityIdentityInterface $sid + * @throws \InvalidArgumentException + * @return string + */ + protected function getDeleteSecurityIdentityIdSql(SecurityIdentityInterface $sid) + { + $select = $this->getSelectSecurityIdentityIdSql($sid); + $delete = preg_replace('/^SELECT id FROM/', 'DELETE FROM', $select); + + return $delete; + } + + /** * Constructs the SQL for updating an object identity. * * @param integer $pk |