diff options
| -rw-r--r-- | Acl/Domain/AclCollectionCache.php | 66 | ||||
| -rw-r--r-- | Core/User/EntityUserProvider.php | 85 | ||||
| -rw-r--r-- | Http/Firewall/UsernamePasswordFormAuthenticationListener.php | 2 |
3 files changed, 152 insertions, 1 deletions
diff --git a/Acl/Domain/AclCollectionCache.php b/Acl/Domain/AclCollectionCache.php new file mode 100644 index 0000000..5ac8dfa --- /dev/null +++ b/Acl/Domain/AclCollectionCache.php @@ -0,0 +1,66 @@ +<?php + +/* + * This file is part of the Symfony package. + * + * (c) Fabien Potencier <fabien.potencier@symfony-project.com> + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Acl\Domain; + +use Symfony\Component\Security\Acl\Model\AclProviderInterface; +use Symfony\Component\Security\Acl\Model\ObjectIdentityRetrievalStrategyInterface; +use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterface; + +/** + * This service caches ACLs for an entire collection of objects. + * + * @author Johannes M. Schmitt <schmittjoh@gmail.com> + */ +class AclCollectionCache +{ + protected $aclProvider; + protected $objectIdentityRetrievalStrategy; + protected $securityIdentityRetrievalStrategy; + + /** + * Constructor + * + * @param AclProviderInterface $aclProvider + * @param ObjectIdentityRetrievalStrategy $oidRetrievalStrategy + * @param SecurityIdentityRetrievalStrategy $sidRetrievalStrategy + * @return void + */ + public function __construct(AclProviderInterface $aclProvider, ObjectIdentityRetrievalStrategyInterface $oidRetrievalStrategy, SecurityIdentityRetrievalStrategyInterface $sidRetrievalStrategy) + { + $this->aclProvider = $aclProvider; + $this->objectIdentityRetrievalStrategy = $oidRetrievalStrategy; + $this->securityIdentityRetrievalStrategy = $sidRetrievalStrategy; + } + + /** + * Batch loads ACLs for an entire collection; thus, it reduces the number + * of required queries considerably. + * + * @param mixed $collection anything that can be passed to foreach() + * @param array $tokens an array of TokenInterface implementations + * @return void + */ + public function cache($collection, array $tokens = array()) + { + $sids = array(); + foreach ($tokens as $token) { + $sids = array_merge($sids, $this->securityIdentityRetrievalStrategy->getSecurityIdentities($token)); + } + + $oids = array(); + foreach ($collection as $domainObject) { + $oids[] = $this->objectIdentityRetrievalStrategy->getObjectIdentity($domainObject); + } + + $this->aclProvider->findAcls($oids, $sids); + } +}
\ No newline at end of file diff --git a/Core/User/EntityUserProvider.php b/Core/User/EntityUserProvider.php new file mode 100644 index 0000000..89ff443 --- /dev/null +++ b/Core/User/EntityUserProvider.php @@ -0,0 +1,85 @@ +<?php + +/* + * This file is part of the Symfony package. + * + * (c) Fabien Potencier <fabien.potencier@symfony-project.com> + * + * For the full copyright and license information, please view the LICENSE + * file that was distributed with this source code. + */ + +namespace Symfony\Component\Security\Core\User; + +use Doctrine\ORM\EntityManager; +use Symfony\Component\Security\Core\Exception\UnsupportedAccountException; +use Symfony\Component\Security\Core\Exception\UsernameNotFoundException; + +/** + * Wrapper around a Doctrine EntityManager. + * + * Provides easy to use provisioning for Doctrine entity users. + * + * @author Fabien Potencier <fabien.potencier@symfony-project.com> + * @author Johannes M. Schmitt <schmittjoh@gmail.com> + */ +class EntityUserProvider implements UserProviderInterface +{ + protected $class; + protected $repository; + protected $property; + + public function __construct(EntityManager $em, $class, $property = null) + { + $this->class = $class; + + if (false !== strpos($this->class, ':')) { + $this->class = $em->getClassMetadata($class)->name; + } + + $this->repository = $em->getRepository($class); + $this->property = $property; + } + + /** + * {@inheritdoc} + */ + public function loadUserByUsername($username) + { + if (null !== $this->property) { + $user = $this->repository->findOneBy(array($this->property => $username)); + } else { + if (!$this->repository instanceof UserProviderInterface) { + throw new \InvalidArgumentException(sprintf('The Doctrine repository "%s" must implement UserProviderInterface.', get_class($this->repository))); + } + + $user = $this->repository->loadUserByUsername($username); + } + + if (null === $user) { + throw new UsernameNotFoundException(sprintf('User "%s" not found.', $username)); + } + + return $user; + } + + /** + * {@inheritDoc} + */ + public function loadUserByAccount(AccountInterface $account) + { + if (!$account instanceof $this->class) { + throw new UnsupportedAccountException(sprintf('Instances of "%s" are not supported.', get_class($account))); + } + + return $this->loadUserByUsername($account->getUsername()); + } + + /** + * {@inheritDoc} + */ + public function supportsClass($class) + { + return $class === $this->class; + } +} diff --git a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php index 0e3b396..d7518e6 100644 --- a/Http/Firewall/UsernamePasswordFormAuthenticationListener.php +++ b/Http/Firewall/UsernamePasswordFormAuthenticationListener.php @@ -64,7 +64,7 @@ class UsernamePasswordFormAuthenticationListener extends AbstractAuthenticationL if (null !== $this->csrfProvider) { $csrfToken = $request->get($this->options['csrf_parameter']); - if (false === $this->csrfProvider->isTokenValid($this->options['csrf_page_id'], $csrfToken)) { + if (false === $this->csrfProvider->isCsrfTokenValid($this->options['csrf_page_id'], $csrfToken)) { throw new InvalidCsrfTokenException('Invalid CSRF token.'); } } |