summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJohannes M. Schmitt <schmittjoh@gmail.com>2011-03-09 10:13:07 +0100
committerJohannes M. Schmitt <schmittjoh@gmail.com>2011-03-10 10:25:33 +0100
commite38cdf3bd10bdd9ab9a514c417fabc4c6656e173 (patch)
treecd21285e7b7ef575fd149af2dacc3617fea3a92c
parentb447605b8450af3942f421513fd5ca45490615c1 (diff)
downloadsymfony-security-e38cdf3bd10bdd9ab9a514c417fabc4c6656e173.zip
symfony-security-e38cdf3bd10bdd9ab9a514c417fabc4c6656e173.tar.gz
symfony-security-e38cdf3bd10bdd9ab9a514c417fabc4c6656e173.tar.bz2
[Security] some more visibility changes
Diffstat
-rw-r--r--Acl/Dbal/AclProvider.php40
-rw-r--r--Acl/Dbal/MutableAclProvider.php186
2 files changed, 112 insertions, 114 deletions
diff --git a/Acl/Dbal/AclProvider.php b/Acl/Dbal/AclProvider.php
index 9ce4130..2ef711d 100644
--- a/Acl/Dbal/AclProvider.php
+++ b/Acl/Dbal/AclProvider.php
@@ -38,7 +38,7 @@ class AclProvider implements AclProviderInterface
{
const MAX_BATCH_SIZE = 30;
- protected $aclCache;
+ protected $cache;
protected $connection;
protected $loadedAces;
protected $loadedAcls;
@@ -51,11 +51,11 @@ class AclProvider implements AclProviderInterface
* @param Connection $connection
* @param PermissionGrantingStrategyInterface $permissionGrantingStrategy
* @param array $options
- * @param AclCacheInterface $aclCache
+ * @param AclCacheInterface $cache
*/
- public function __construct(Connection $connection, PermissionGrantingStrategyInterface $permissionGrantingStrategy, array $options, AclCacheInterface $aclCache = null)
+ public function __construct(Connection $connection, PermissionGrantingStrategyInterface $permissionGrantingStrategy, array $options, AclCacheInterface $cache = null)
{
- $this->aclCache = $aclCache;
+ $this->cache = $cache;
$this->connection = $connection;
$this->loadedAces = array();
$this->loadedAcls = array();
@@ -122,8 +122,8 @@ class AclProvider implements AclProviderInterface
}
// check if we can locate the ACL in the cache
- if (!$aclFound && null !== $this->aclCache) {
- $acl = $this->aclCache->getFromCacheByIdentity($oid);
+ if (!$aclFound && null !== $this->cache) {
+ $acl = $this->cache->getFromCacheByIdentity($oid);
if (null !== $acl) {
if ($acl->isSidLoaded($sids)) {
@@ -149,10 +149,10 @@ class AclProvider implements AclProviderInterface
$result->attach($oid, $acl);
$aclFound = true;
} else {
- $this->aclCache->evictFromCacheByIdentity($oid);
+ $this->cache->evictFromCacheByIdentity($oid);
foreach ($this->findChildren($oid) as $childOid) {
- $this->aclCache->evictFromCacheByIdentity($childOid);
+ $this->cache->evictFromCacheByIdentity($childOid);
}
}
}
@@ -170,8 +170,8 @@ class AclProvider implements AclProviderInterface
foreach ($loadedBatch as $loadedOid) {
$loadedAcl = $loadedBatch->offsetGet($loadedOid);
- if (null !== $this->aclCache) {
- $this->aclCache->putInCache($loadedAcl);
+ if (null !== $this->cache) {
+ $this->cache->putInCache($loadedAcl);
}
if (isset($oidLookup[$loadedOid->getIdentifier().$loadedOid->getType()])) {
@@ -204,20 +204,13 @@ class AclProvider implements AclProviderInterface
* Constructs the query used for looking up object identities and associated
* ACEs, and security identities.
*
- * @param array $batch
- * @param array $sids
- * @throws AclNotFoundException
+ * @param array $ancestorIds
* @return string
*/
- protected function getLookupSql(array $batch, array $sids)
+ protected function getLookupSql(array $ancestorIds)
{
// FIXME: add support for filtering by sids (right now we select all sids)
- $ancestorIds = $this->getAncestorIds($batch);
- if (0 === count($ancestorIds)) {
- throw new AclNotFoundException('There is no ACL for the given object identity.');
- }
-
$sql = <<<SELECTCLAUSE
SELECT
o.id as acl_id,
@@ -346,7 +339,7 @@ QUERY;
* @param ObjectIdentityInterface $oid
* @return integer
*/
- protected function retrieveObjectIdentityPrimaryKey(ObjectIdentityInterface $oid)
+ protected final function retrieveObjectIdentityPrimaryKey(ObjectIdentityInterface $oid)
{
return $this->connection->executeQuery($this->getSelectObjectIdentityIdSql($oid))->fetchColumn();
}
@@ -428,7 +421,12 @@ QUERY;
*/
private function lookupObjectIdentities(array $batch, array $sids, array $oidLookup)
{
- $sql = $this->getLookupSql($batch, $sids);
+ $ancestorIds = $this->getAncestorIds($batch);
+ if (!$ancestorIds) {
+ throw new AclNotFoundException('There is no ACL for the given object identity.');
+ }
+
+ $sql = $this->getLookupSql($ancestorIds);
$stmt = $this->connection->executeQuery($sql);
return $this->hydrateObjectIdentities($stmt, $oidLookup, $sids);
diff --git a/Acl/Dbal/MutableAclProvider.php b/Acl/Dbal/MutableAclProvider.php
index 675366a..52d1a9b 100644
--- a/Acl/Dbal/MutableAclProvider.php
+++ b/Acl/Dbal/MutableAclProvider.php
@@ -39,9 +39,9 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf
/**
* {@inheritDoc}
*/
- public function __construct(Connection $connection, PermissionGrantingStrategyInterface $permissionGrantingStrategy, array $options, AclCacheInterface $aclCache = null)
+ public function __construct(Connection $connection, PermissionGrantingStrategyInterface $permissionGrantingStrategy, array $options, AclCacheInterface $cache = null)
{
- parent::__construct($connection, $permissionGrantingStrategy, $options, $aclCache);
+ parent::__construct($connection, $permissionGrantingStrategy, $options, $cache);
$this->propertyChanges = new \SplObjectStorage();
}
@@ -104,8 +104,8 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf
}
// evict the ACL from any caches
- if (null !== $this->aclCache) {
- $this->aclCache->evictFromCacheByIdentity($oid);
+ if (null !== $this->cache) {
+ $this->cache->evictFromCacheByIdentity($oid);
}
}
@@ -312,111 +312,26 @@ class MutableAclProvider extends AclProvider implements MutableAclProviderInterf
$this->propertyChanges->offsetSet($acl, array());
- if (null !== $this->aclCache) {
+ if (null !== $this->cache) {
if (count($sharedPropertyChanges) > 0) {
// FIXME: Currently, there is no easy way to clear the cache for ACLs
// of a certain type. The problem here is that we need to make
// sure to clear the cache of all child ACLs as well, and these
// child ACLs might be of a different class type.
- $this->aclCache->clearCache();
+ $this->cache->clearCache();
} else {
// if there are no shared property changes, it's sufficient to just delete
// the cache for this ACL
- $this->aclCache->evictFromCacheByIdentity($acl->getObjectIdentity());
+ $this->cache->evictFromCacheByIdentity($acl->getObjectIdentity());
foreach ($this->findChildren($acl->getObjectIdentity()) as $childOid) {
- $this->aclCache->evictFromCacheByIdentity($childOid);
+ $this->cache->evictFromCacheByIdentity($childOid);
}
}
}
}
/**
- * Creates the ACL for the passed object identity
- *
- * @param ObjectIdentityInterface $oid
- * @return void
- */
- protected function createObjectIdentity(ObjectIdentityInterface $oid)
- {
- $classId = $this->createOrRetrieveClassId($oid->getType());
-
- $this->connection->executeQuery($this->getInsertObjectIdentitySql($oid->getIdentifier(), $classId, true));
- }
-
- /**
- * Returns the primary key for the passed class type.
- *
- * If the type does not yet exist in the database, it will be created.
- *
- * @param string $classType
- * @return integer
- */
- protected function createOrRetrieveClassId($classType)
- {
- if (false !== $id = $this->connection->executeQuery($this->getSelectClassIdSql($classType))->fetchColumn()) {
- return $id;
- }
-
- $this->connection->executeQuery($this->getInsertClassSql($classType));
-
- return $this->connection->executeQuery($this->getSelectClassIdSql($classType))->fetchColumn();
- }
-
- /**
- * Returns the primary key for the passed security identity.
- *
- * If the security identity does not yet exist in the database, it will be
- * created.
- *
- * @param SecurityIdentityInterface $sid
- * @return integer
- */
- protected function createOrRetrieveSecurityIdentityId(SecurityIdentityInterface $sid)
- {
- if (false !== $id = $this->connection->executeQuery($this->getSelectSecurityIdentityIdSql($sid))->fetchColumn()) {
- return $id;
- }
-
- $this->connection->executeQuery($this->getInsertSecurityIdentitySql($sid));
-
- return $this->connection->executeQuery($this->getSelectSecurityIdentityIdSql($sid))->fetchColumn();
- }
-
- /**
- * Deletes all ACEs for the given object identity primary key.
- *
- * @param integer $oidPK
- * @return void
- */
- protected function deleteAccessControlEntries($oidPK)
- {
- $this->connection->executeQuery($this->getDeleteAccessControlEntriesSql($oidPK));
- }
-
- /**
- * Deletes the object identity from the database.
- *
- * @param integer $pk
- * @return void
- */
- protected function deleteObjectIdentity($pk)
- {
- $this->connection->executeQuery($this->getDeleteObjectIdentitySql($pk));
- }
-
- /**
- * Deletes all entries from the relations table from the database.
- *
- * @param integer $pk
- * @return void
- */
- protected function deleteObjectIdentityRelations($pk)
- {
- $this->connection->executeQuery($this->getDeleteObjectIdentityRelationsSql($pk));
- }
-
- /**
* Constructs the SQL for deleting access control entries.
*
* @param integer $oidPK
@@ -721,6 +636,91 @@ QUERY;
}
/**
+ * Creates the ACL for the passed object identity
+ *
+ * @param ObjectIdentityInterface $oid
+ * @return void
+ */
+ private function createObjectIdentity(ObjectIdentityInterface $oid)
+ {
+ $classId = $this->createOrRetrieveClassId($oid->getType());
+
+ $this->connection->executeQuery($this->getInsertObjectIdentitySql($oid->getIdentifier(), $classId, true));
+ }
+
+ /**
+ * Returns the primary key for the passed class type.
+ *
+ * If the type does not yet exist in the database, it will be created.
+ *
+ * @param string $classType
+ * @return integer
+ */
+ private function createOrRetrieveClassId($classType)
+ {
+ if (false !== $id = $this->connection->executeQuery($this->getSelectClassIdSql($classType))->fetchColumn()) {
+ return $id;
+ }
+
+ $this->connection->executeQuery($this->getInsertClassSql($classType));
+
+ return $this->connection->executeQuery($this->getSelectClassIdSql($classType))->fetchColumn();
+ }
+
+ /**
+ * Returns the primary key for the passed security identity.
+ *
+ * If the security identity does not yet exist in the database, it will be
+ * created.
+ *
+ * @param SecurityIdentityInterface $sid
+ * @return integer
+ */
+ private function createOrRetrieveSecurityIdentityId(SecurityIdentityInterface $sid)
+ {
+ if (false !== $id = $this->connection->executeQuery($this->getSelectSecurityIdentityIdSql($sid))->fetchColumn()) {
+ return $id;
+ }
+
+ $this->connection->executeQuery($this->getInsertSecurityIdentitySql($sid));
+
+ return $this->connection->executeQuery($this->getSelectSecurityIdentityIdSql($sid))->fetchColumn();
+ }
+
+ /**
+ * Deletes all ACEs for the given object identity primary key.
+ *
+ * @param integer $oidPK
+ * @return void
+ */
+ private function deleteAccessControlEntries($oidPK)
+ {
+ $this->connection->executeQuery($this->getDeleteAccessControlEntriesSql($oidPK));
+ }
+
+ /**
+ * Deletes the object identity from the database.
+ *
+ * @param integer $pk
+ * @return void
+ */
+ private function deleteObjectIdentity($pk)
+ {
+ $this->connection->executeQuery($this->getDeleteObjectIdentitySql($pk));
+ }
+
+ /**
+ * Deletes all entries from the relations table from the database.
+ *
+ * @param integer $pk
+ * @return void
+ */
+ private function deleteObjectIdentityRelations($pk)
+ {
+ $this->connection->executeQuery($this->getDeleteObjectIdentityRelationsSql($pk));
+ }
+
+ /**
* This regenerates the ancestor table which is used for fast read access.
*
* @param AclInterface $acl
generated by cgit v1.1 at 2025-05-12 18:10:45 +0000