diff options
| author | Nicolas Grekas <nicolas.grekas@gmail.com> | 2015-08-01 12:05:47 +0200 |
|---|---|---|
| committer | Nicolas Grekas <nicolas.grekas@gmail.com> | 2015-08-01 12:05:47 +0200 |
| commit | c63a0c6b5f1d05f1e57d8b29cf2c38b770fad5b3 (patch) | |
| tree | 0239e276f5957263774224d1f9d6128f2302111a /Acl/Domain | |
| parent | 6de838905fc31153ba80ad1a8f0919fe8ab58ad1 (diff) | |
| parent | b60dfa578d6ab5e1766af7adb3f882e585ed161e (diff) | |
| download | symfony-security-c63a0c6b5f1d05f1e57d8b29cf2c38b770fad5b3.zip symfony-security-c63a0c6b5f1d05f1e57d8b29cf2c38b770fad5b3.tar.gz symfony-security-c63a0c6b5f1d05f1e57d8b29cf2c38b770fad5b3.tar.bz2 | |
Merge branch '2.8'
* 2.8:
[Locale] Add missing @group legacy annotations
[Form] Add missing @group legacy annotations
[Form] Use FQCN form types
Fix security-acl deps
Fix typo
[Security] Removed security-acl from the core
fixed typos
Fix doctrine mapping validation type error
Remove skipping of tests based on ICU data version whenever possible
Fix the handling of null as locale in the stub intl classes
do not dump leading backslashes in class names
fix issue #15377
Skip ::class constant
[Config] type specific check for emptiness
[Form] Deprecated FormTypeInterface::getName() and passing of type instances
Conflicts:
UPGRADE-2.8.md
composer.json
src/Symfony/Bridge/Doctrine/composer.json
src/Symfony/Bridge/Twig/composer.json
src/Symfony/Bundle/SecurityBundle/composer.json
src/Symfony/Component/ClassLoader/ClassMapGenerator.php
src/Symfony/Component/DependencyInjection/Tests/ContainerTest.php
src/Symfony/Component/Form/Tests/AbstractExtensionTest.php
src/Symfony/Component/Form/Tests/AbstractLayoutTest.php
src/Symfony/Component/Form/Tests/SimpleFormTest.php
src/Symfony/Component/Locale/Tests/LocaleTest.php
src/Symfony/Component/Locale/Tests/Stub/StubLocaleTest.php
src/Symfony/Component/Security/Acl/README.md
src/Symfony/Component/Security/Acl/composer.json
Diffstat (limited to 'Acl/Domain')
| -rw-r--r-- | Acl/Domain/Acl.php | 667 | ||||
| -rw-r--r-- | Acl/Domain/AclCollectionCache.php | 65 | ||||
| -rw-r--r-- | Acl/Domain/AuditLogger.php | 51 | ||||
| -rw-r--r-- | Acl/Domain/DoctrineAclCache.php | 229 | ||||
| -rw-r--r-- | Acl/Domain/Entry.php | 208 | ||||
| -rw-r--r-- | Acl/Domain/FieldEntry.php | 74 | ||||
| -rw-r--r-- | Acl/Domain/ObjectIdentity.php | 114 | ||||
| -rw-r--r-- | Acl/Domain/ObjectIdentityRetrievalStrategy.php | 35 | ||||
| -rw-r--r-- | Acl/Domain/PermissionGrantingStrategy.php | 211 | ||||
| -rw-r--r-- | Acl/Domain/RoleSecurityIdentity.php | 73 | ||||
| -rw-r--r-- | Acl/Domain/SecurityIdentityRetrievalStrategy.php | 78 | ||||
| -rw-r--r-- | Acl/Domain/UserSecurityIdentity.php | 124 |
12 files changed, 0 insertions, 1929 deletions
diff --git a/Acl/Domain/Acl.php b/Acl/Domain/Acl.php deleted file mode 100644 index f417c8f..0000000 --- a/Acl/Domain/Acl.php +++ /dev/null @@ -1,667 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Acl\Domain; - -use Doctrine\Common\NotifyPropertyChanged; -use Doctrine\Common\PropertyChangedListener; -use Symfony\Component\Security\Acl\Model\AclInterface; -use Symfony\Component\Security\Acl\Model\AuditableAclInterface; -use Symfony\Component\Security\Acl\Model\EntryInterface; -use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface; -use Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface; -use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface; - -/** - * An ACL implementation. - * - * Each object identity has exactly one associated ACL. Each ACL can have four - * different types of ACEs (class ACEs, object ACEs, class field ACEs, object field - * ACEs). - * - * You should not iterate over the ACEs yourself, but instead use isGranted(), - * or isFieldGranted(). These will utilize an implementation of PermissionGrantingStrategy - * internally. - * - * @author Johannes M. Schmitt <schmittjoh@gmail.com> - */ -class Acl implements AuditableAclInterface, NotifyPropertyChanged -{ - private $parentAcl; - private $permissionGrantingStrategy; - private $objectIdentity; - private $classAces = array(); - private $classFieldAces = array(); - private $objectAces = array(); - private $objectFieldAces = array(); - private $id; - private $loadedSids; - private $entriesInheriting; - private $listeners = array(); - - /** - * Constructor. - * - * @param int $id - * @param ObjectIdentityInterface $objectIdentity - * @param PermissionGrantingStrategyInterface $permissionGrantingStrategy - * @param array $loadedSids - * @param bool $entriesInheriting - */ - public function __construct($id, ObjectIdentityInterface $objectIdentity, PermissionGrantingStrategyInterface $permissionGrantingStrategy, array $loadedSids = array(), $entriesInheriting) - { - $this->id = $id; - $this->objectIdentity = $objectIdentity; - $this->permissionGrantingStrategy = $permissionGrantingStrategy; - $this->loadedSids = $loadedSids; - $this->entriesInheriting = $entriesInheriting; - } - - /** - * Adds a property changed listener. - * - * @param PropertyChangedListener $listener - */ - public function addPropertyChangedListener(PropertyChangedListener $listener) - { - $this->listeners[] = $listener; - } - - /** - * {@inheritdoc} - */ - public function deleteClassAce($index) - { - $this->deleteAce('classAces', $index); - } - - /** - * {@inheritdoc} - */ - public function deleteClassFieldAce($index, $field) - { - $this->deleteFieldAce('classFieldAces', $index, $field); - } - - /** - * {@inheritdoc} - */ - public function deleteObjectAce($index) - { - $this->deleteAce('objectAces', $index); - } - - /** - * {@inheritdoc} - */ - public function deleteObjectFieldAce($index, $field) - { - $this->deleteFieldAce('objectFieldAces', $index, $field); - } - - /** - * {@inheritdoc} - */ - public function getClassAces() - { - return $this->classAces; - } - - /** - * {@inheritdoc} - */ - public function getClassFieldAces($field) - { - return isset($this->classFieldAces[$field]) ? $this->classFieldAces[$field] : array(); - } - - /** - * {@inheritdoc} - */ - public function getObjectAces() - { - return $this->objectAces; - } - - /** - * {@inheritdoc} - */ - public function getObjectFieldAces($field) - { - return isset($this->objectFieldAces[$field]) ? $this->objectFieldAces[$field] : array(); - } - - /** - * {@inheritdoc} - */ - public function getId() - { - return $this->id; - } - - /** - * {@inheritdoc} - */ - public function getObjectIdentity() - { - return $this->objectIdentity; - } - - /** - * {@inheritdoc} - */ - public function getParentAcl() - { - return $this->parentAcl; - } - - /** - * {@inheritdoc} - */ - public function insertClassAce(SecurityIdentityInterface $sid, $mask, $index = 0, $granting = true, $strategy = null) - { - $this->insertAce('classAces', $index, $mask, $sid, $granting, $strategy); - } - - /** - * {@inheritdoc} - */ - public function insertClassFieldAce($field, SecurityIdentityInterface $sid, $mask, $index = 0, $granting = true, $strategy = null) - { - $this->insertFieldAce('classFieldAces', $index, $field, $mask, $sid, $granting, $strategy); - } - - /** - * {@inheritdoc} - */ - public function insertObjectAce(SecurityIdentityInterface $sid, $mask, $index = 0, $granting = true, $strategy = null) - { - $this->insertAce('objectAces', $index, $mask, $sid, $granting, $strategy); - } - - /** - * {@inheritdoc} - */ - public function insertObjectFieldAce($field, SecurityIdentityInterface $sid, $mask, $index = 0, $granting = true, $strategy = null) - { - $this->insertFieldAce('objectFieldAces', $index, $field, $mask, $sid, $granting, $strategy); - } - - /** - * {@inheritdoc} - */ - public function isEntriesInheriting() - { - return $this->entriesInheriting; - } - - /** - * {@inheritdoc} - */ - public function isFieldGranted($field, array $masks, array $securityIdentities, $administrativeMode = false) - { - return $this->permissionGrantingStrategy->isFieldGranted($this, $field, $masks, $securityIdentities, $administrativeMode); - } - - /** - * {@inheritdoc} - */ - public function isGranted(array $masks, array $securityIdentities, $administrativeMode = false) - { - return $this->permissionGrantingStrategy->isGranted($this, $masks, $securityIdentities, $administrativeMode); - } - - /** - * {@inheritdoc} - */ - public function isSidLoaded($sids) - { - if (!$this->loadedSids) { - return true; - } - - if (!is_array($sids)) { - $sids = array($sids); - } - - foreach ($sids as $sid) { - if (!$sid instanceof SecurityIdentityInterface) { - throw new \InvalidArgumentException( - '$sid must be an instance of SecurityIdentityInterface.'); - } - - foreach ($this->loadedSids as $loadedSid) { - if ($loadedSid->equals($sid)) { - continue 2; - } - } - - return false; - } - - return true; - } - - /** - * Implementation for the \Serializable interface. - * - * @return string - */ - public function serialize() - { - return serialize(array( - null === $this->parentAcl ? null : $this->parentAcl->getId(), - $this->objectIdentity, - $this->classAces, - $this->classFieldAces, - $this->objectAces, - $this->objectFieldAces, - $this->id, - $this->loadedSids, - $this->entriesInheriting, - )); - } - - /** - * Implementation for the \Serializable interface. - * - * @param string $serialized - */ - public function unserialize($serialized) - { - list($this->parentAcl, - $this->objectIdentity, - $this->classAces, - $this->classFieldAces, - $this->objectAces, - $this->objectFieldAces, - $this->id, - $this->loadedSids, - $this->entriesInheriting - ) = unserialize($serialized); - - $this->listeners = array(); - } - - /** - * {@inheritdoc} - */ - public function setEntriesInheriting($boolean) - { - if ($this->entriesInheriting !== $boolean) { - $this->onPropertyChanged('entriesInheriting', $this->entriesInheriting, $boolean); - $this->entriesInheriting = $boolean; - } - } - - /** - * {@inheritdoc} - */ - public function setParentAcl(AclInterface $acl = null) - { - if (null !== $acl && null === $acl->getId()) { - throw new \InvalidArgumentException('$acl must have an ID.'); - } - - if ($this->parentAcl !== $acl) { - $this->onPropertyChanged('parentAcl', $this->parentAcl, $acl); - $this->parentAcl = $acl; - } - } - - /** - * {@inheritdoc} - */ - public function updateClassAce($index, $mask, $strategy = null) - { - $this->updateAce('classAces', $index, $mask, $strategy); - } - - /** - * {@inheritdoc} - */ - public function updateClassFieldAce($index, $field, $mask, $strategy = null) - { - $this->updateFieldAce('classFieldAces', $index, $field, $mask, $strategy); - } - - /** - * {@inheritdoc} - */ - public function updateObjectAce($index, $mask, $strategy = null) - { - $this->updateAce('objectAces', $index, $mask, $strategy); - } - - /** - * {@inheritdoc} - */ - public function updateObjectFieldAce($index, $field, $mask, $strategy = null) - { - $this->updateFieldAce('objectFieldAces', $index, $field, $mask, $strategy); - } - - /** - * {@inheritdoc} - */ - public function updateClassAuditing($index, $auditSuccess, $auditFailure) - { - $this->updateAuditing($this->classAces, $index, $auditSuccess, $auditFailure); - } - - /** - * {@inheritdoc} - */ - public function updateClassFieldAuditing($index, $field, $auditSuccess, $auditFailure) - { - if (!isset($this->classFieldAces[$field])) { - throw new \InvalidArgumentException(sprintf('There are no ACEs for field "%s".', $field)); - } - - $this->updateAuditing($this->classFieldAces[$field], $index, $auditSuccess, $auditFailure); - } - - /** - * {@inheritdoc} - */ - public function updateObjectAuditing($index, $auditSuccess, $auditFailure) - { - $this->updateAuditing($this->objectAces, $index, $auditSuccess, $auditFailure); - } - - /** - * {@inheritdoc} - */ - public function updateObjectFieldAuditing($index, $field, $auditSuccess, $auditFailure) - { - if (!isset($this->objectFieldAces[$field])) { - throw new \InvalidArgumentException(sprintf('There are no ACEs for field "%s".', $field)); - } - - $this->updateAuditing($this->objectFieldAces[$field], $index, $auditSuccess, $auditFailure); - } - - /** - * Deletes an ACE. - * - * @param string $property - * @param int $index - * - * @throws \OutOfBoundsException - */ - private function deleteAce($property, $index) - { - $aces = &$this->$property; - if (!isset($aces[$index])) { - throw new \OutOfBoundsException(sprintf('The index "%d" does not exist.', $index)); - } - - $oldValue = $this->$property; - unset($aces[$index]); - $this->$property = array_values($this->$property); - $this->onPropertyChanged($property, $oldValue, $this->$property); - - for ($i = $index, $c = count($this->$property); $i < $c; ++$i) { - $this->onEntryPropertyChanged($aces[$i], 'aceOrder', $i + 1, $i); - } - } - - /** - * Deletes a field-based ACE. - * - * @param string $property - * @param int $index - * @param string $field - * - * @throws \OutOfBoundsException - */ - private function deleteFieldAce($property, $index, $field) - { - $aces = &$this->$property; - if (!isset($aces[$field][$index])) { - throw new \OutOfBoundsException(sprintf('The index "%d" does not exist.', $index)); - } - - $oldValue = $this->$property; - unset($aces[$field][$index]); - $aces[$field] = array_values($aces[$field]); - $this->onPropertyChanged($property, $oldValue, $this->$property); - - for ($i = $index, $c = count($aces[$field]); $i < $c; ++$i) { - $this->onEntryPropertyChanged($aces[$field][$i], 'aceOrder', $i + 1, $i); - } - } - - /** - * Inserts an ACE. - * - * @param string $property - * @param int $index - * @param int $mask - * @param SecurityIdentityInterface $sid - * @param bool $granting - * @param string $strategy - * - * @throws \OutOfBoundsException - * @throws \InvalidArgumentException - */ - private function insertAce($property, $index, $mask, SecurityIdentityInterface $sid, $granting, $strategy = null) - { - if ($index < 0 || $index > count($this->$property)) { - throw new \OutOfBoundsException(sprintf('The index must be in the interval [0, %d].', count($this->$property))); - } - - if (!is_int($mask)) { - throw new \InvalidArgumentException('$mask must be an integer.'); - } - - if (null === $strategy) { - if (true === $granting) { - $strategy = PermissionGrantingStrategy::ALL; - } else { - $strategy = PermissionGrantingStrategy::ANY; - } - } - - $aces = &$this->$property; - $oldValue = $this->$property; - if (isset($aces[$index])) { - $this->$property = array_merge( - array_slice($this->$property, 0, $index), - array(true), - array_slice($this->$property, $index) - ); - - for ($i = $index, $c = count($this->$property) - 1; $i < $c; ++$i) { - $this->onEntryPropertyChanged($aces[$i + 1], 'aceOrder', $i, $i + 1); - } - } - - $aces[$index] = new Entry(null, $this, $sid, $strategy, $mask, $granting, false, false); - $this->onPropertyChanged($property, $oldValue, $this->$property); - } - - /** - * Inserts a field-based ACE. - * - * @param string $property - * @param int $index - * @param string $field - * @param int $mask - * @param SecurityIdentityInterface $sid - * @param bool $granting - * @param string $strategy - * - * @throws \InvalidArgumentException - * @throws \OutOfBoundsException - */ - private function insertFieldAce($property, $index, $field, $mask, SecurityIdentityInterface $sid, $granting, $strategy = null) - { - if (0 === strlen($field)) { - throw new \InvalidArgumentException('$field cannot be empty.'); - } - - if (!is_int($mask)) { - throw new \InvalidArgumentException('$mask must be an integer.'); - } - - if (null === $strategy) { - if (true === $granting) { - $strategy = PermissionGrantingStrategy::ALL; - } else { - $strategy = PermissionGrantingStrategy::ANY; - } - } - - $aces = &$this->$property; - if (!isset($aces[$field])) { - $aces[$field] = array(); - } - - if ($index < 0 || $index > count($aces[$field])) { - throw new \OutOfBoundsException(sprintf('The index must be in the interval [0, %d].', count($this->$property))); - } - - $oldValue = $aces; - if (isset($aces[$field][$index])) { - $aces[$field] = array_merge( - array_slice($aces[$field], 0, $index), - array(true), - array_slice($aces[$field], $index) - ); - - for ($i = $index, $c = count($aces[$field]) - 1; $i < $c; ++$i) { - $this->onEntryPropertyChanged($aces[$field][$i + 1], 'aceOrder', $i, $i + 1); - } - } - - $aces[$field][$index] = new FieldEntry(null, $this, $field, $sid, $strategy, $mask, $granting, false, false); - $this->onPropertyChanged($property, $oldValue, $this->$property); - } - - /** - * Updates an ACE. - * - * @param string $property - * @param int $index - * @param int $mask - * @param string $strategy - * - * @throws \OutOfBoundsException - */ - private function updateAce($property, $index, $mask, $strategy = null) - { - $aces = &$this->$property; - if (!isset($aces[$index])) { - throw new \OutOfBoundsException(sprintf('The index "%d" does not exist.', $index)); - } - - $ace = $aces[$index]; - if ($mask !== $oldMask = $ace->getMask()) { - $this->onEntryPropertyChanged($ace, 'mask', $oldMask, $mask); - $ace->setMask($mask); - } - if (null !== $strategy && $strategy !== $oldStrategy = $ace->getStrategy()) { - $this->onEntryPropertyChanged($ace, 'strategy', $oldStrategy, $strategy); - $ace->setStrategy($strategy); - } - } - - /** - * Updates auditing for an ACE. - * - * @param array &$aces - * @param int $index - * @param bool $auditSuccess - * @param bool $auditFailure - * - * @throws \OutOfBoundsException - */ - private function updateAuditing(array &$aces, $index, $auditSuccess, $auditFailure) - { - if (!isset($aces[$index])) { - throw new \OutOfBoundsException(sprintf('The index "%d" does not exist.', $index)); - } - - if ($auditSuccess !== $aces[$index]->isAuditSuccess()) { - $this->onEntryPropertyChanged($aces[$index], 'auditSuccess', !$auditSuccess, $auditSuccess); - $aces[$index]->setAuditSuccess($auditSuccess); - } - - if ($auditFailure !== $aces[$index]->isAuditFailure()) { - $this->onEntryPropertyChanged($aces[$index], 'auditFailure', !$auditFailure, $auditFailure); - $aces[$index]->setAuditFailure($auditFailure); - } - } - - /** - * Updates a field-based ACE. - * - * @param string $property - * @param int $index - * @param string $field - * @param int $mask - * @param string $strategy - * - * @throws \InvalidArgumentException - * @throws \OutOfBoundsException - */ - private function updateFieldAce($property, $index, $field, $mask, $strategy = null) - { - if (0 === strlen($field)) { - throw new \InvalidArgumentException('$field cannot be empty.'); - } - - $aces = &$this->$property; - if (!isset($aces[$field][$index])) { - throw new \OutOfBoundsException(sprintf('The index "%d" does not exist.', $index)); - } - - $ace = $aces[$field][$index]; - if ($mask !== $oldMask = $ace->getMask()) { - $this->onEntryPropertyChanged($ace, 'mask', $oldMask, $mask); - $ace->setMask($mask); - } - if (null !== $strategy && $strategy !== $oldStrategy = $ace->getStrategy()) { - $this->onEntryPropertyChanged($ace, 'strategy', $oldStrategy, $strategy); - $ace->setStrategy($strategy); - } - } - - /** - * Called when a property of the ACL changes. - * - * @param string $name - * @param mixed $oldValue - * @param mixed $newValue - */ - private function onPropertyChanged($name, $oldValue, $newValue) - { - foreach ($this->listeners as $listener) { - $listener->propertyChanged($this, $name, $oldValue, $newValue); - } - } - - /** - * Called when a property of an ACE associated with this ACL changes. - * - * @param EntryInterface $entry - * @param string $name - * @param mixed $oldValue - * @param mixed $newValue - */ - private function onEntryPropertyChanged(EntryInterface $entry, $name, $oldValue, $newValue) - { - foreach ($this->listeners as $listener) { - $listener->propertyChanged($entry, $name, $oldValue, $newValue); - } - } -} diff --git a/Acl/Domain/AclCollectionCache.php b/Acl/Domain/AclCollectionCache.php deleted file mode 100644 index 5dfef08..0000000 --- a/Acl/Domain/AclCollectionCache.php +++ /dev/null @@ -1,65 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Acl\Domain; - -use Symfony\Component\Security\Acl\Model\AclProviderInterface; -use Symfony\Component\Security\Acl\Model\ObjectIdentityRetrievalStrategyInterface; -use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterface; -use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; - -/** - * This service caches ACLs for an entire collection of objects. - * - * @author Johannes M. Schmitt <schmittjoh@gmail.com> - */ -class AclCollectionCache -{ - private $aclProvider; - private $objectIdentityRetrievalStrategy; - private $securityIdentityRetrievalStrategy; - - /** - * Constructor. - * - * @param AclProviderInterface $aclProvider - * @param ObjectIdentityRetrievalStrategyInterface $oidRetrievalStrategy - * @param SecurityIdentityRetrievalStrategyInterface $sidRetrievalStrategy - */ - public function __construct(AclProviderInterface $aclProvider, ObjectIdentityRetrievalStrategyInterface $oidRetrievalStrategy, SecurityIdentityRetrievalStrategyInterface $sidRetrievalStrategy) - { - $this->aclProvider = $aclProvider; - $this->objectIdentityRetrievalStrategy = $oidRetrievalStrategy; - $this->securityIdentityRetrievalStrategy = $sidRetrievalStrategy; - } - - /** - * Batch loads ACLs for an entire collection; thus, it reduces the number - * of required queries considerably. - * - * @param mixed $collection anything that can be passed to foreach() - * @param TokenInterface[] $tokens an array of TokenInterface implementations - */ - public function cache($collection, array $tokens = array()) - { - $sids = array(); - foreach ($tokens as $token) { - $sids = array_merge($sids, $this->securityIdentityRetrievalStrategy->getSecurityIdentities($token)); - } - - $oids = array(); - foreach ($collection as $domainObject) { - $oids[] = $this->objectIdentityRetrievalStrategy->getObjectIdentity($domainObject); - } - - $this->aclProvider->findAcls($oids, $sids); - } -} diff --git a/Acl/Domain/AuditLogger.php b/Acl/Domain/AuditLogger.php deleted file mode 100644 index e3f3bdd..0000000 --- a/Acl/Domain/AuditLogger.php +++ /dev/null @@ -1,51 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Acl\Domain; - -use Symfony\Component\Security\Acl\Model\AuditableEntryInterface; -use Symfony\Component\Security\Acl\Model\EntryInterface; -use Symfony\Component\Security\Acl\Model\AuditLoggerInterface; - -/** - * Base audit logger implementation. - * - * @author Johannes M. Schmitt <schmittjoh@gmail.com> - */ -abstract class AuditLogger implements AuditLoggerInterface -{ - /** - * Performs some checks if logging was requested. - * - * @param bool $granted - * @param EntryInterface $ace - */ - public function logIfNeeded($granted, EntryInterface $ace) - { - if (!$ace instanceof AuditableEntryInterface) { - return; - } - - if ($granted && $ace->isAuditSuccess()) { - $this->doLog($granted, $ace); - } elseif (!$granted && $ace->isAuditFailure()) { - $this->doLog($granted, $ace); - } - } - - /** - * This method is only called when logging is needed. - * - * @param bool $granted - * @param EntryInterface $ace - */ - abstract protected function doLog($granted, EntryInterface $ace); -} diff --git a/Acl/Domain/DoctrineAclCache.php b/Acl/Domain/DoctrineAclCache.php deleted file mode 100644 index 667a19e..0000000 --- a/Acl/Domain/DoctrineAclCache.php +++ /dev/null @@ -1,229 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Acl\Domain; - -use Doctrine\Common\Cache\Cache; -use Doctrine\Common\Cache\CacheProvider; -use Symfony\Component\Security\Acl\Model\AclCacheInterface; -use Symfony\Component\Security\Acl\Model\AclInterface; -use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface; -use Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface; - -/** - * This class is a wrapper around the actual cache implementation. - * - * @author Johannes M. Schmitt <schmittjoh@gmail.com> - */ -class DoctrineAclCache implements AclCacheInterface -{ - const PREFIX = 'sf2_acl_'; - - private $cache; - private $prefix; - private $permissionGrantingStrategy; - - /** - * Constructor. - * - * @param Cache $cache - * @param PermissionGrantingStrategyInterface $permissionGrantingStrategy - * @param string $prefix - * - * @throws \InvalidArgumentException - */ - public function __construct(Cache $cache, PermissionGrantingStrategyInterface $permissionGrantingStrategy, $prefix = self::PREFIX) - { - if (0 === strlen($prefix)) { - throw new \InvalidArgumentException('$prefix cannot be empty.'); - } - - $this->cache = $cache; - $this->permissionGrantingStrategy = $permissionGrantingStrategy; - $this->prefix = $prefix; - } - - /** - * {@inheritdoc} - */ - public function clearCache() - { - if ($this->cache instanceof CacheProvider) { - $this->cache->deleteAll(); - } - } - - /** - * {@inheritdoc} - */ - public function evictFromCacheById($aclId) - { - $lookupKey = $this->getAliasKeyForIdentity($aclId); - if (!$this->cache->contains($lookupKey)) { - return; - } - - $key = $this->cache->fetch($lookupKey); - if ($this->cache->contains($key)) { - $this->cache->delete($key); - } - - $this->cache->delete($lookupKey); - } - - /** - * {@inheritdoc} - */ - public function evictFromCacheByIdentity(ObjectIdentityInterface $oid) - { - $key = $this->getDataKeyByIdentity($oid); - if (!$this->cache->contains($key)) { - return; - } - - $this->cache->delete($key); - } - - /** - * {@inheritdoc} - */ - public function getFromCacheById($aclId) - { - $lookupKey = $this->getAliasKeyForIdentity($aclId); - if (!$this->cache->contains($lookupKey)) { - return; - } - - $key = $this->cache->fetch($lookupKey); - if (!$this->cache->contains($key)) { - $this->cache->delete($lookupKey); - - return; - } - - return $this->unserializeAcl($this->cache->fetch($key)); - } - - /** - * {@inheritdoc} - */ - public function getFromCacheByIdentity(ObjectIdentityInterface $oid) - { - $key = $this->getDataKeyByIdentity($oid); - if (!$this->cache->contains($key)) { - return; - } - - return $this->unserializeAcl($this->cache->fetch($key)); - } - - /** - * {@inheritdoc} - */ - public function putInCache(AclInterface $acl) - { - if (null === $acl->getId()) { - throw new \InvalidArgumentException('Transient ACLs cannot be cached.'); - } - - if (null !== $parentAcl = $acl->getParentAcl()) { - $this->putInCache($parentAcl); - } - - $key = $this->getDataKeyByIdentity($acl->getObjectIdentity()); - $this->cache->save($key, serialize($acl)); - $this->cache->save($this->getAliasKeyForIdentity($acl->getId()), $key); - } - - /** - * Unserializes the ACL. - * - * @param string $serialized - * - * @return AclInterface - */ - private function unserializeAcl($serialized) - { - $acl = unserialize($serialized); - - if (null !== $parentId = $acl->getParentAcl()) { - $parentAcl = $this->getFromCacheById($parentId); - - if (null === $parentAcl) { - return; - } - - $acl->setParentAcl($parentAcl); - } - - $reflectionProperty = new \ReflectionProperty($acl, 'permissionGrantingStrategy'); - $reflectionProperty->setAccessible(true); - $reflectionProperty->setValue($acl, $this->permissionGrantingStrategy); - $reflectionProperty->setAccessible(false); - - $aceAclProperty = new \ReflectionProperty('Symfony\Component\Security\Acl\Domain\Entry', 'acl'); - $aceAclProperty->setAccessible(true); - - foreach ($acl->getObjectAces() as $ace) { - $aceAclProperty->setValue($ace, $acl); - } - foreach ($acl->getClassAces() as $ace) { - $aceAclProperty->setValue($ace, $acl); - } - - $aceClassFieldProperty = new \ReflectionProperty($acl, 'classFieldAces'); - $aceClassFieldProperty->setAccessible(true); - foreach ($aceClassFieldProperty->getValue($acl) as $aces) { - foreach ($aces as $ace) { - $aceAclProperty->setValue($ace, $acl); - } - } - $aceClassFieldProperty->setAccessible(false); - - $aceObjectFieldProperty = new \ReflectionProperty($acl, 'objectFieldAces'); - $aceObjectFieldProperty->setAccessible(true); - foreach ($aceObjectFieldProperty->getValue($acl) as $aces) { - foreach ($aces as $ace) { - $aceAclProperty->setValue($ace, $acl); - } - } - $aceObjectFieldProperty->setAccessible(false); - - $aceAclProperty->setAccessible(false); - - return $acl; - } - - /** - * Returns the key for the object identity. - * - * @param ObjectIdentityInterface $oid - * - * @return string - */ - private function getDataKeyByIdentity(ObjectIdentityInterface $oid) - { - return $this->prefix.md5($oid->getType()).sha1($oid->getType()) - .'_'.md5($oid->getIdentifier()).sha1($oid->getIdentifier()); - } - - /** - * Returns the alias key for the object identity key. - * - * @param string $aclId - * - * @return string - */ - private function getAliasKeyForIdentity($aclId) - { - return $this->prefix.$aclId; - } -} diff --git a/Acl/Domain/Entry.php b/Acl/Domain/Entry.php deleted file mode 100644 index 55c4b37..0000000 --- a/Acl/Domain/Entry.php +++ /dev/null @@ -1,208 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Acl\Domain; - -use Symfony\Component\Security\Acl\Model\AclInterface; -use Symfony\Component\Security\Acl\Model\AuditableEntryInterface; -use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface; - -/** - * Auditable ACE implementation. - * - * @author Johannes M. Schmitt <schmittjoh@gmail.com> - */ -class Entry implements AuditableEntryInterface -{ - private $acl; - private $mask; - private $id; - private $securityIdentity; - private $strategy; - private $auditFailure; - private $auditSuccess; - private $granting; - - /** - * Constructor. - * - * @param int $id - * @param AclInterface $acl - * @param SecurityIdentityInterface $sid - * @param string $strategy - * @param int $mask - * @param bool $granting - * @param bool $auditFailure - * @param bool $auditSuccess - */ - public function __construct($id, AclInterface $acl, SecurityIdentityInterface $sid, $strategy, $mask, $granting, $auditFailure, $auditSuccess) - { - $this->id = $id; - $this->acl = $acl; - $this->securityIdentity = $sid; - $this->strategy = $strategy; - $this->mask = $mask; - $this->granting = $granting; - $this->auditFailure = $auditFailure; - $this->auditSuccess = $auditSuccess; - } - - /** - * {@inheritdoc} - */ - public function getAcl() - { - return $this->acl; - } - - /** - * {@inheritdoc} - */ - public function getMask() - { - return $this->mask; - } - - /** - * {@inheritdoc} - */ - public function getId() - { - return $this->id; - } - - /** - * {@inheritdoc} - */ - public function getSecurityIdentity() - { - return $this->securityIdentity; - } - - /** - * {@inheritdoc} - */ - public function getStrategy() - { - return $this->strategy; - } - - /** - * {@inheritdoc} - */ - public function isAuditFailure() - { - return $this->auditFailure; - } - - /** - * {@inheritdoc} - */ - public function isAuditSuccess() - { - return $this->auditSuccess; - } - - /** - * {@inheritdoc} - */ - public function isGranting() - { - return $this->granting; - } - - /** - * Turns on/off auditing on permissions denials. - * - * Do never call this method directly. Use the respective methods on the - * AclInterface instead. - * - * @param bool $boolean - */ - public function setAuditFailure($boolean) - { - $this->auditFailure = $boolean; - } - - /** - * Turns on/off auditing on permission grants. - * - * Do never call this method directly. Use the respective methods on the - * AclInterface instead. - * - * @param bool $boolean - */ - public function setAuditSuccess($boolean) - { - $this->auditSuccess = $boolean; - } - - /** - * Sets the permission mask. - * - * Do never call this method directly. Use the respective methods on the - * AclInterface instead. - * - * @param int $mask - */ - public function setMask($mask) - { - $this->mask = $mask; - } - - /** - * Sets the mask comparison strategy. - * - * Do never call this method directly. Use the respective methods on the - * AclInterface instead. - * - * @param string $strategy - */ - public function setStrategy($strategy) - { - $this->strategy = $strategy; - } - - /** - * Implementation of \Serializable. - * - * @return string - */ - public function serialize() - { - return serialize(array( - $this->mask, - $this->id, - $this->securityIdentity, - $this->strategy, - $this->auditFailure, - $this->auditSuccess, - $this->granting, - )); - } - - /** - * Implementation of \Serializable. - * - * @param string $serialized - */ - public function unserialize($serialized) - { - list($this->mask, - $this->id, - $this->securityIdentity, - $this->strategy, - $this->auditFailure, - $this->auditSuccess, - $this->granting - ) = unserialize($serialized); - } -} diff --git a/Acl/Domain/FieldEntry.php b/Acl/Domain/FieldEntry.php deleted file mode 100644 index 86b1e5b..0000000 --- a/Acl/Domain/FieldEntry.php +++ /dev/null @@ -1,74 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Acl\Domain; - -use Symfony\Component\Security\Acl\Model\AclInterface; -use Symfony\Component\Security\Acl\Model\FieldEntryInterface; -use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface; - -/** - * Field-aware ACE implementation which is auditable. - * - * @author Johannes M. Schmitt <schmittjoh@gmail.com> - */ -class FieldEntry extends Entry implements FieldEntryInterface -{ - private $field; - - /** - * Constructor. - * - * @param int $id - * @param AclInterface $acl - * @param string $field - * @param SecurityIdentityInterface $sid - * @param string $strategy - * @param int $mask - * @param bool $granting - * @param bool $auditFailure - * @param bool $auditSuccess - */ - public function __construct($id, AclInterface $acl, $field, SecurityIdentityInterface $sid, $strategy, $mask, $granting, $auditFailure, $auditSuccess) - { - parent::__construct($id, $acl, $sid, $strategy, $mask, $granting, $auditFailure, $auditSuccess); - - $this->field = $field; - } - - /** - * {@inheritdoc} - */ - public function getField() - { - return $this->field; - } - - /** - * {@inheritdoc} - */ - public function serialize() - { - return serialize(array( - $this->field, - parent::serialize(), - )); - } - - /** - * {@inheritdoc} - */ - public function unserialize($serialized) - { - list($this->field, $parentStr) = unserialize($serialized); - parent::unserialize($parentStr); - } -} diff --git a/Acl/Domain/ObjectIdentity.php b/Acl/Domain/ObjectIdentity.php deleted file mode 100644 index 871bda7..0000000 --- a/Acl/Domain/ObjectIdentity.php +++ /dev/null @@ -1,114 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Acl\Domain; - -use Symfony\Component\Security\Core\Util\ClassUtils; -use Symfony\Component\Security\Acl\Exception\InvalidDomainObjectException; -use Symfony\Component\Security\Acl\Model\DomainObjectInterface; -use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface; - -/** - * ObjectIdentity implementation. - * - * @author Johannes M. Schmitt <schmittjoh@gmail.com> - */ -final class ObjectIdentity implements ObjectIdentityInterface -{ - private $identifier; - private $type; - - /** - * Constructor. - * - * @param string $identifier - * @param string $type - * - * @throws \InvalidArgumentException - */ - public function __construct($identifier, $type) - { - if ('' === $identifier) { - throw new \InvalidArgumentException('$identifier cannot be empty.'); - } - if (empty($type)) { - throw new \InvalidArgumentException('$type cannot be empty.'); - } - - $this->identifier = $identifier; - $this->type = $type; - } - - /** - * Constructs an ObjectIdentity for the given domain object. - * - * @param object $domainObject - * - * @throws InvalidDomainObjectException - * - * @return ObjectIdentity - */ - public static function fromDomainObject($domainObject) - { - if (!is_object($domainObject)) { - throw new InvalidDomainObjectException('$domainObject must be an object.'); - } - - try { - if ($domainObject instanceof DomainObjectInterface) { - return new self($domainObject->getObjectIdentifier(), ClassUtils::getRealClass($domainObject)); - } elseif (method_exists($domainObject, 'getId')) { - return new self((string) $domainObject->getId(), ClassUtils::getRealClass($domainObject)); - } - } catch (\InvalidArgumentException $e) { - throw new InvalidDomainObjectException($e->getMessage(), 0, $e); - } - - throw new InvalidDomainObjectException('$domainObject must either implement the DomainObjectInterface, or have a method named "getId".'); - } - - /** - * {@inheritdoc} - */ - public function getIdentifier() - { - return $this->identifier; - } - - /** - * {@inheritdoc} - */ - public function getType() - { - return $this->type; - } - - /** - * {@inheritdoc} - */ - public function equals(ObjectIdentityInterface $identity) - { - // comparing the identifier with === might lead to problems, so we - // waive this restriction - return $this->identifier == $identity->getIdentifier() - && $this->type === $identity->getType(); - } - - /** - * Returns a textual representation of this object identity. - * - * @return string - */ - public function __toString() - { - return sprintf('ObjectIdentity(%s, %s)', $this->identifier, $this->type); - } -} diff --git a/Acl/Domain/ObjectIdentityRetrievalStrategy.php b/Acl/Domain/ObjectIdentityRetrievalStrategy.php deleted file mode 100644 index 80de6e0..0000000 --- a/Acl/Domain/ObjectIdentityRetrievalStrategy.php +++ /dev/null @@ -1,35 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Acl\Domain; - -use Symfony\Component\Security\Acl\Exception\InvalidDomainObjectException; -use Symfony\Component\Security\Acl\Model\ObjectIdentityRetrievalStrategyInterface; - -/** - * Strategy to be used for retrieving object identities from domain objects. - * - * @author Johannes M. Schmitt <schmittjoh@gmail.com> - */ -class ObjectIdentityRetrievalStrategy implements ObjectIdentityRetrievalStrategyInterface -{ - /** - * {@inheritdoc} - */ - public function getObjectIdentity($domainObject) - { - try { - return ObjectIdentity::fromDomainObject($domainObject); - } catch (InvalidDomainObjectException $e) { - return; - } - } -} diff --git a/Acl/Domain/PermissionGrantingStrategy.php b/Acl/Domain/PermissionGrantingStrategy.php deleted file mode 100644 index 742c4e5..0000000 --- a/Acl/Domain/PermissionGrantingStrategy.php +++ /dev/null @@ -1,211 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Acl\Domain; - -use Symfony\Component\Security\Acl\Exception\NoAceFoundException; -use Symfony\Component\Security\Acl\Model\AclInterface; -use Symfony\Component\Security\Acl\Model\AuditLoggerInterface; -use Symfony\Component\Security\Acl\Model\EntryInterface; -use Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface; -use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface; - -/** - * The permission granting strategy to apply to the access control list. - * - * @author Johannes M. Schmitt <schmittjoh@gmail.com> - */ -class PermissionGrantingStrategy implements PermissionGrantingStrategyInterface -{ - const EQUAL = 'equal'; - const ALL = 'all'; - const ANY = 'any'; - - private $auditLogger; - - /** - * Sets the audit logger. - * - * @param AuditLoggerInterface $auditLogger - */ - public function setAuditLogger(AuditLoggerInterface $auditLogger) - { - $this->auditLogger = $auditLogger; - } - - /** - * {@inheritdoc} - */ - public function isGranted(AclInterface $acl, array $masks, array $sids, $administrativeMode = false) - { - try { - try { - $aces = $acl->getObjectAces(); - - if (!$aces) { - throw new NoAceFoundException(); - } - - return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode); - } catch (NoAceFoundException $e) { - $aces = $acl->getClassAces(); - - if (!$aces) { - throw $e; - } - - return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode); - } - } catch (NoAceFoundException $e) { - if ($acl->isEntriesInheriting() && null !== $parentAcl = $acl->getParentAcl()) { - return $parentAcl->isGranted($masks, $sids, $administrativeMode); - } - - throw $e; - } - } - - /** - * {@inheritdoc} - */ - public function isFieldGranted(AclInterface $acl, $field, array $masks, array $sids, $administrativeMode = false) - { - try { - try { - $aces = $acl->getObjectFieldAces($field); - if (!$aces) { - throw new NoAceFoundException(); - } - - return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode); - } catch (NoAceFoundException $e) { - $aces = $acl->getClassFieldAces($field); - if (!$aces) { - throw $e; - } - - return $this->hasSufficientPermissions($acl, $aces, $masks, $sids, $administrativeMode); - } - } catch (NoAceFoundException $e) { - if ($acl->isEntriesInheriting() && null !== $parentAcl = $acl->getParentAcl()) { - return $parentAcl->isFieldGranted($field, $masks, $sids, $administrativeMode); - } - - throw $e; - } - } - - /** - * Makes an authorization decision. - * - * The order of ACEs, and SIDs is significant; the order of permission masks - * not so much. It is important to note that the more specific security - * identities should be at the beginning of the SIDs array in order for this - * strategy to produce intuitive authorization decisions. - * - * First, we will iterate over permissions, then over security identities. - * For each combination of permission, and identity we will test the - * available ACEs until we find one which is applicable. - * - * The first applicable ACE will make the ultimate decision for the - * permission/identity combination. If it is granting, this method will return - * true, if it is denying, the method will continue to check the next - * permission/identity combination. - * - * This process is repeated until either a granting ACE is found, or no - * permission/identity combinations are left. Finally, we will either throw - * an NoAceFoundException, or deny access. - * - * @param AclInterface $acl - * @param EntryInterface[] $aces An array of ACE to check against - * @param array $masks An array of permission masks - * @param SecurityIdentityInterface[] $sids An array of SecurityIdentityInterface implementations - * @param bool $administrativeMode True turns off audit logging - * - * @return bool true, or false; either granting, or denying access respectively. - * - * @throws NoAceFoundException - */ - private function hasSufficientPermissions(AclInterface $acl, array $aces, array $masks, array $sids, $administrativeMode) - { - $firstRejectedAce = null; - - foreach ($masks as $requiredMask) { - foreach ($sids as $sid) { - foreach ($aces as $ace) { - if ($sid->equals($ace->getSecurityIdentity()) && $this->isAceApplicable($requiredMask, $ace)) { - if ($ace->isGranting()) { - if (!$administrativeMode && null !== $this->auditLogger) { - $this->auditLogger->logIfNeeded(true, $ace); - } - - return true; - } - - if (null === $firstRejectedAce) { - $firstRejectedAce = $ace; - } - - break 2; - } - } - } - } - - if (null !== $firstRejectedAce) { - if (!$administrativeMode && null !== $this->auditLogger) { - $this->auditLogger->logIfNeeded(false, $firstRejectedAce); - } - - return false; - } - - throw new NoAceFoundException(); - } - - /** - * Determines whether the ACE is applicable to the given permission/security - * identity combination. - * - * Per default, we support three different comparison strategies. - * - * Strategy ALL: - * The ACE will be considered applicable when all the turned-on bits in the - * required mask are also turned-on in the ACE mask. - * - * Strategy ANY: - * The ACE will be considered applicable when any of the turned-on bits in - * the required mask is also turned-on the in the ACE mask. - * - * Strategy EQUAL: - * The ACE will be considered applicable when the bitmasks are equal. - * - * @param int $requiredMask - * @param EntryInterface $ace - * - * @return bool - * - * @throws \RuntimeException if the ACE strategy is not supported - */ - private function isAceApplicable($requiredMask, EntryInterface $ace) - { - $strategy = $ace->getStrategy(); - if (self::ALL === $strategy) { - return $requiredMask === ($ace->getMask() & $requiredMask); - } elseif (self::ANY === $strategy) { - return 0 !== ($ace->getMask() & $requiredMask); - } elseif (self::EQUAL === $strategy) { - return $requiredMask === $ace->getMask(); - } - - throw new \RuntimeException(sprintf('The strategy "%s" is not supported.', $strategy)); - } -} diff --git a/Acl/Domain/RoleSecurityIdentity.php b/Acl/Domain/RoleSecurityIdentity.php deleted file mode 100644 index c28a1c5..0000000 --- a/Acl/Domain/RoleSecurityIdentity.php +++ /dev/null @@ -1,73 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Acl\Domain; - -use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface; -use Symfony\Component\Security\Core\Role\Role; - -/** - * A SecurityIdentity implementation for roles. - * - * @author Johannes M. Schmitt <schmittjoh@gmail.com> - */ -final class RoleSecurityIdentity implements SecurityIdentityInterface -{ - private $role; - - /** - * Constructor. - * - * @param mixed $role a Role instance, or its string representation - */ - public function __construct($role) - { - if ($role instanceof Role) { - $role = $role->getRole(); - } - - $this->role = $role; - } - - /** - * Returns the role name. - * - * @return string - */ - public function getRole() - { - return $this->role; - } - - /** - * {@inheritdoc} - */ - public function equals(SecurityIdentityInterface $sid) - { - if (!$sid instanceof self) { - return false; - } - - return $this->role === $sid->getRole(); - } - - /** - * Returns a textual representation of this security identity. - * - * This is solely used for debugging purposes, not to make an equality decision. - * - * @return string - */ - public function __toString() - { - return sprintf('RoleSecurityIdentity(%s)', $this->role); - } -} diff --git a/Acl/Domain/SecurityIdentityRetrievalStrategy.php b/Acl/Domain/SecurityIdentityRetrievalStrategy.php deleted file mode 100644 index a08f67e..0000000 --- a/Acl/Domain/SecurityIdentityRetrievalStrategy.php +++ /dev/null @@ -1,78 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Acl\Domain; - -use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; -use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; -use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterface; -use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver; -use Symfony\Component\Security\Core\Role\RoleHierarchyInterface; -use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter; - -/** - * Strategy for retrieving security identities. - * - * @author Johannes M. Schmitt <schmittjoh@gmail.com> - */ -class SecurityIdentityRetrievalStrategy implements SecurityIdentityRetrievalStrategyInterface -{ - private $roleHierarchy; - private $authenticationTrustResolver; - - /** - * Constructor. - * - * @param RoleHierarchyInterface $roleHierarchy - * @param AuthenticationTrustResolver $authenticationTrustResolver - */ - public function __construct(RoleHierarchyInterface $roleHierarchy, AuthenticationTrustResolver $authenticationTrustResolver) - { - $this->roleHierarchy = $roleHierarchy; - $this->authenticationTrustResolver = $authenticationTrustResolver; - } - - /** - * {@inheritdoc} - */ - public function getSecurityIdentities(TokenInterface $token) - { - $sids = array(); - - // add user security identity - if (!$token instanceof AnonymousToken) { - try { - $sids[] = UserSecurityIdentity::fromToken($token); - } catch (\InvalidArgumentException $e) { - // ignore, user has no user security identity - } - } - - // add all reachable roles - foreach ($this->roleHierarchy->getReachableRoles($token->getRoles()) as $role) { - $sids[] = new RoleSecurityIdentity($role); - } - - // add built-in special roles - if ($this->authenticationTrustResolver->isFullFledged($token)) { - $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_FULLY); - $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED); - $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); - } elseif ($this->authenticationTrustResolver->isRememberMe($token)) { - $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED); - $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); - } elseif ($this->authenticationTrustResolver->isAnonymous($token)) { - $sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); - } - - return $sids; - } -} diff --git a/Acl/Domain/UserSecurityIdentity.php b/Acl/Domain/UserSecurityIdentity.php deleted file mode 100644 index ea17c63..0000000 --- a/Acl/Domain/UserSecurityIdentity.php +++ /dev/null @@ -1,124 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Acl\Domain; - -use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; -use Symfony\Component\Security\Core\User\UserInterface; -use Symfony\Component\Security\Core\Util\ClassUtils; -use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface; - -/** - * A SecurityIdentity implementation used for actual users. - * - * @author Johannes M. Schmitt <schmittjoh@gmail.com> - */ -final class UserSecurityIdentity implements SecurityIdentityInterface -{ - private $username; - private $class; - - /** - * Constructor. - * - * @param string $username the username representation - * @param string $class the user's fully qualified class name - * - * @throws \InvalidArgumentException - */ - public function __construct($username, $class) - { - if ('' === $username || null === $username) { - throw new \InvalidArgumentException('$username must not be empty.'); - } - if (empty($class)) { - throw new \InvalidArgumentException('$class must not be empty.'); - } - - $this->username = (string) $username; - $this->class = $class; - } - - /** - * Creates a user security identity from a UserInterface. - * - * @param UserInterface $user - * - * @return UserSecurityIdentity - */ - public static function fromAccount(UserInterface $user) - { - return new self($user->getUsername(), ClassUtils::getRealClass($user)); - } - - /** - * Creates a user security identity from a TokenInterface. - * - * @param TokenInterface $token - * - * @return UserSecurityIdentity - */ - public static function fromToken(TokenInterface $token) - { - $user = $token->getUser(); - - if ($user instanceof UserInterface) { - return self::fromAccount($user); - } - - return new self((string) $user, is_object($user) ? ClassUtils::getRealClass($user) : ClassUtils::getRealClass($token)); - } - - /** - * Returns the username. - * - * @return string - */ - public function getUsername() - { - return $this->username; - } - - /** - * Returns the user's class name. - * - * @return string - */ - public function getClass() - { - return $this->class; - } - - /** - * {@inheritdoc} - */ - public function equals(SecurityIdentityInterface $sid) - { - if (!$sid instanceof self) { - return false; - } - - return $this->username === $sid->getUsername() - && $this->class === $sid->getClass(); - } - - /** - * A textual representation of this security identity. - * - * This is not used for equality comparison, but only for debugging. - * - * @return string - */ - public function __toString() - { - return sprintf('UserSecurityIdentity(%s, %s)', $this->username, $this->class); - } -} |