From a867ca1d0c8f5384ef18761178b17cc8b0d6d331 Mon Sep 17 00:00:00 2001 From: Robin Chalas Date: Wed, 27 Sep 2017 09:59:35 +0200 Subject: [PATCH] [SecurityBundle] Remove ACL related code --- .../Bundle/SecurityBundle/CHANGELOG.md | 3 + .../SecurityBundle/Command/InitAclCommand.php | 113 ---------- .../SecurityBundle/Command/SetAclCommand.php | 202 ------------------ .../DependencyInjection/MainConfiguration.php | 42 ---- .../DependencyInjection/SecurityExtension.php | 60 ------ .../Resources/config/console.xml | 11 - .../CompleteConfigurationTest.php | 38 ---- .../Fixtures/php/container1_with_acl.php | 101 --------- .../Fixtures/xml/container1_with_acl.xml | 80 ------- .../Fixtures/yml/container1_with_acl.yml | 81 ------- .../Tests/Functional/SetAclCommandTest.php | 177 --------------- 11 files changed, 3 insertions(+), 905 deletions(-) delete mode 100644 src/Symfony/Bundle/SecurityBundle/Command/InitAclCommand.php delete mode 100644 src/Symfony/Bundle/SecurityBundle/Command/SetAclCommand.php delete mode 100644 src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php delete mode 100644 src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_acl.xml delete mode 100644 src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_acl.yml delete mode 100644 src/Symfony/Bundle/SecurityBundle/Tests/Functional/SetAclCommandTest.php diff --git a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md index d5f167f7aeb5e..b5b0f6ec6124e 100644 --- a/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md +++ b/src/Symfony/Bundle/SecurityBundle/CHANGELOG.md @@ -10,6 +10,9 @@ CHANGELOG * `UserPasswordEncoderCommand` does not extend `ContainerAwareCommand` anymore * removed support for voters that don't implement the `VoterInterface` * removed HTTP digest authentication + * removed command `acl:set` along with `SetAclCommand` class + * removed command `init:acl` along with `InitAclCommand` class + * removed `acl` configuration key and related services, use symfony/acl-bundle instead 3.4.0 ----- diff --git a/src/Symfony/Bundle/SecurityBundle/Command/InitAclCommand.php b/src/Symfony/Bundle/SecurityBundle/Command/InitAclCommand.php deleted file mode 100644 index 42e4f8825d888..0000000000000 --- a/src/Symfony/Bundle/SecurityBundle/Command/InitAclCommand.php +++ /dev/null @@ -1,113 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Bundle\SecurityBundle\Command; - -@trigger_error(sprintf('Class "%s" is deprecated since version 3.4 and will be removed in 4.0. Use Symfony\Bundle\AclBundle\Command\SetAclCommand instead.', SetAclCommand::class), E_USER_DEPRECATED); - -use Symfony\Bundle\FrameworkBundle\Command\ContainerAwareCommand; -use Symfony\Component\Console\Input\InputInterface; -use Symfony\Component\Console\Output\ConsoleOutputInterface; -use Symfony\Component\Console\Output\OutputInterface; -use Symfony\Component\Console\Style\SymfonyStyle; -use Symfony\Component\Security\Acl\Dbal\Schema; -use Doctrine\DBAL\Connection; -use Doctrine\DBAL\Schema\SchemaException; - -/** - * Installs the tables required by the ACL system. - * - * @author Johannes M. Schmitt - * - * @deprecated since version 3.4, to be removed in 4.0. See Symfony\Bundle\AclBundle\Command\SetAclCommand instead. - */ -class InitAclCommand extends ContainerAwareCommand -{ - protected static $defaultName = 'init:acl'; - - private $connection; - private $schema; - - public function __construct($connection = null, Schema $schema = null) - { - if (!$connection instanceof Connection) { - parent::__construct($connection); - - return; - } - - parent::__construct(); - - $this->connection = $connection; - $this->schema = $schema; - } - - /** - * {@inheritdoc} - */ - public function isEnabled() - { - if (!$this->connection && !$this->getContainer()->has('security.acl.dbal.connection')) { - return false; - } - - return parent::isEnabled(); - } - - /** - * {@inheritdoc} - */ - protected function configure() - { - $this - ->setDescription('Mounts ACL tables in the database') - ->setHelp(<<<'EOF' -The %command.name% command mounts ACL tables in the database. - - php %command.full_name% - -The name of the DBAL connection must be configured in your app/config/security.yml configuration file in the security.acl.connection variable. - - security: - acl: - connection: default -EOF - ) - ; - } - - /** - * {@inheritdoc} - */ - protected function execute(InputInterface $input, OutputInterface $output) - { - (new SymfonyStyle($input, $output instanceof ConsoleOutputInterface ? $output->getErrorOutput() : $output))->warning('Command "init:acl" is deprecated since version 3.4 and will be removed from SecurityBundle in 4.0. Install symfony/acl-bundle and use "acl:init" instead.'); - - if (null === $this->connection) { - $this->connection = $this->getContainer()->get('security.acl.dbal.connection'); - $this->schema = $this->getContainer()->get('security.acl.dbal.schema'); - } - - try { - $this->schema->addToSchema($this->connection->getSchemaManager()->createSchema()); - } catch (SchemaException $e) { - $output->writeln('Aborting: '.$e->getMessage()); - - return 1; - } - - foreach ($this->schema->toSql($this->connection->getDatabasePlatform()) as $sql) { - $this->connection->exec($sql); - } - - $output->writeln('ACL tables have been initialized successfully.'); - } -} diff --git a/src/Symfony/Bundle/SecurityBundle/Command/SetAclCommand.php b/src/Symfony/Bundle/SecurityBundle/Command/SetAclCommand.php deleted file mode 100644 index c0c51eff4e8c7..0000000000000 --- a/src/Symfony/Bundle/SecurityBundle/Command/SetAclCommand.php +++ /dev/null @@ -1,202 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Bundle\SecurityBundle\Command; - -@trigger_error(sprintf('Class "%s" is deprecated since version 3.4 and will be removed in 4.0. Use Symfony\Bundle\AclBundle\Command\SetAclCommand instead.', SetAclCommand::class), E_USER_DEPRECATED); - -use Symfony\Bundle\FrameworkBundle\Command\ContainerAwareCommand; -use Symfony\Component\Console\Input\InputArgument; -use Symfony\Component\Console\Input\InputInterface; -use Symfony\Component\Console\Input\InputOption; -use Symfony\Component\Console\Output\ConsoleOutputInterface; -use Symfony\Component\Console\Output\OutputInterface; -use Symfony\Component\Console\Style\SymfonyStyle; -use Symfony\Component\Security\Acl\Domain\ObjectIdentity; -use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity; -use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity; -use Symfony\Component\Security\Acl\Exception\AclAlreadyExistsException; -use Symfony\Component\Security\Acl\Permission\MaskBuilder; -use Symfony\Component\Security\Acl\Model\MutableAclProviderInterface; - -/** - * Sets ACL for objects. - * - * @author Kévin Dunglas - * - * @deprecated since version 3.4, to be removed in 4.0. See Symfony\Bundle\AclBundle\Command\SetAclCommand instead. - */ -class SetAclCommand extends ContainerAwareCommand -{ - protected static $defaultName = 'acl:set'; - - private $provider; - - /** - * @param MutableAclProviderInterface $provider - */ - public function __construct($provider = null) - { - if (!$provider instanceof MutableAclProviderInterface) { - parent::__construct($provider); - - return; - } - - parent::__construct(); - - $this->provider = $provider; - } - - /** - * {@inheritdoc} - */ - public function isEnabled() - { - if (null !== $this->provider) { - return parent::isEnabled(); - } - if (!$this->getContainer()->has('security.acl.provider')) { - return false; - } - - $provider = $this->getContainer()->get('security.acl.provider'); - if (!$provider instanceof MutableAclProviderInterface) { - return false; - } - - return parent::isEnabled(); - } - - /** - * {@inheritdoc} - */ - protected function configure() - { - $this - ->setDescription('Sets ACL for objects') - ->setHelp(<<%command.name% command sets ACL. -The ACL system must have been initialized with the init:acl command. - -To set VIEW and EDIT permissions for the user kevin on the instance of -Acme\MyClass having the identifier 42: - - php %command.full_name% --user=Symfony/Component/Security/Core/User/User:kevin VIEW EDIT Acme/MyClass:42 - -Note that you can use / instead of \\ for the namespace delimiter to avoid any -problem. - -To set permissions for a role, use the --role option: - - php %command.full_name% --role=ROLE_USER VIEW Acme/MyClass:1936 - -To set permissions at the class scope, use the --class-scope option: - - php %command.full_name% --class-scope --user=Symfony/Component/Security/Core/User/User:anne OWNER Acme/MyClass:42 - -EOF - ) - ->addArgument('arguments', InputArgument::IS_ARRAY | InputArgument::REQUIRED, 'A list of permissions and object identities (class name and ID separated by a column)') - ->addOption('user', null, InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY, 'A list of security identities') - ->addOption('role', null, InputOption::VALUE_REQUIRED | InputOption::VALUE_IS_ARRAY, 'A list of roles') - ->addOption('class-scope', null, InputOption::VALUE_NONE, 'Use class-scope entries') - ; - } - - /** - * {@inheritdoc} - */ - protected function execute(InputInterface $input, OutputInterface $output) - { - (new SymfonyStyle($input, $output instanceof ConsoleOutputInterface ? $output->getErrorOutput() : $output))->warning('Command "acl:set" is deprecated since version 3.4 and will be removed from SecurityBundle in 4.0. Install symfony/acl-bundle to use this command.'); - - if (null === $this->provider) { - $this->provider = $this->getContainer()->get('security.acl.provider'); - } - - // Parse arguments - $objectIdentities = array(); - $maskBuilder = $this->getMaskBuilder(); - foreach ($input->getArgument('arguments') as $argument) { - $data = explode(':', $argument, 2); - - if (count($data) > 1) { - $objectIdentities[] = new ObjectIdentity($data[1], strtr($data[0], '/', '\\')); - } else { - $maskBuilder->add($data[0]); - } - } - - // Build permissions mask - $mask = $maskBuilder->get(); - - $userOption = $input->getOption('user'); - $roleOption = $input->getOption('role'); - $classScopeOption = $input->getOption('class-scope'); - - if (empty($userOption) && empty($roleOption)) { - throw new \InvalidArgumentException('A Role or a User must be specified.'); - } - - // Create security identities - $securityIdentities = array(); - - if ($userOption) { - foreach ($userOption as $user) { - $data = explode(':', $user, 2); - - if (1 === count($data)) { - throw new \InvalidArgumentException('The user must follow the format "Acme/MyUser:username".'); - } - - $securityIdentities[] = new UserSecurityIdentity($data[1], strtr($data[0], '/', '\\')); - } - } - - if ($roleOption) { - foreach ($roleOption as $role) { - $securityIdentities[] = new RoleSecurityIdentity($role); - } - } - - // Sets ACL - foreach ($objectIdentities as $objectIdentity) { - // Creates a new ACL if it does not already exist - try { - $this->provider->createAcl($objectIdentity); - } catch (AclAlreadyExistsException $e) { - } - - $acl = $this->provider->findAcl($objectIdentity, $securityIdentities); - - foreach ($securityIdentities as $securityIdentity) { - if ($classScopeOption) { - $acl->insertClassAce($securityIdentity, $mask); - } else { - $acl->insertObjectAce($securityIdentity, $mask); - } - } - - $this->provider->updateAcl($acl); - } - } - - /** - * Gets the mask builder. - * - * @return MaskBuilder - */ - protected function getMaskBuilder() - { - return new MaskBuilder(); - } -} diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php index 533b52cd4b1c6..078817b3be97e 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php @@ -106,7 +106,6 @@ public function getConfigTreeBuilder() ->end() ; - $this->addAclSection($rootNode); $this->addEncodersSection($rootNode); $this->addProvidersSection($rootNode); $this->addFirewallsSection($rootNode, $this->factories); @@ -116,47 +115,6 @@ public function getConfigTreeBuilder() return $tb; } - private function addAclSection(ArrayNodeDefinition $rootNode) - { - $rootNode - ->children() - ->arrayNode('acl') - ->setDeprecated('The "security.acl" configuration key is deprecated since version 3.4 and will be removed in 4.0. Install symfony/acl-bundle and use the "acl" key instead.') - ->children() - ->scalarNode('connection') - ->defaultNull() - ->info('any name configured in doctrine.dbal section') - ->end() - ->arrayNode('cache') - ->addDefaultsIfNotSet() - ->children() - ->scalarNode('id')->end() - ->scalarNode('prefix')->defaultValue('sf2_acl_')->end() - ->end() - ->end() - ->scalarNode('provider')->end() - ->arrayNode('tables') - ->addDefaultsIfNotSet() - ->children() - ->scalarNode('class')->defaultValue('acl_classes')->end() - ->scalarNode('entry')->defaultValue('acl_entries')->end() - ->scalarNode('object_identity')->defaultValue('acl_object_identities')->end() - ->scalarNode('object_identity_ancestors')->defaultValue('acl_object_identity_ancestors')->end() - ->scalarNode('security_identity')->defaultValue('acl_security_identities')->end() - ->end() - ->end() - ->arrayNode('voter') - ->addDefaultsIfNotSet() - ->children() - ->booleanNode('allow_if_object_identity_unavailable')->defaultTrue()->end() - ->end() - ->end() - ->end() - ->end() - ->end() - ; - } - private function addRoleHierarchySection(ArrayNodeDefinition $rootNode) { $rootNode diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php index 9462575f3453e..b727c699da4b2 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php @@ -11,8 +11,6 @@ namespace Symfony\Bundle\SecurityBundle\DependencyInjection; -use Symfony\Bundle\SecurityBundle\Command\InitAclCommand; -use Symfony\Bundle\SecurityBundle\Command\SetAclCommand; use Symfony\Bundle\SecurityBundle\Command\UserPasswordEncoderCommand; use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\SecurityFactoryInterface; use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\UserProvider\UserProviderFactoryInterface; @@ -113,68 +111,10 @@ public function load(array $configs, ContainerBuilder $container) $container->getDefinition(UserPasswordEncoderCommand::class)->replaceArgument(1, array_keys($config['encoders'])); } - // load ACL - if (isset($config['acl'])) { - $this->aclLoad($config['acl'], $container); - } else { - $container->removeDefinition(InitAclCommand::class); - $container->removeDefinition(SetAclCommand::class); - } - $container->registerForAutoconfiguration(VoterInterface::class) ->addTag('security.voter'); } - private function aclLoad($config, ContainerBuilder $container) - { - if (!interface_exists('Symfony\Component\Security\Acl\Model\AclInterface')) { - throw new \LogicException('You must install symfony/security-acl in order to use the ACL functionality.'); - } - - $loader = new XmlFileLoader($container, new FileLocator(__DIR__.'/../Resources/config')); - $loader->load('security_acl.xml'); - - if (isset($config['cache']['id'])) { - $container->setAlias('security.acl.cache', $config['cache']['id'])->setPrivate(true); - } - $container->getDefinition('security.acl.voter.basic_permissions')->addArgument($config['voter']['allow_if_object_identity_unavailable']); - - // custom ACL provider - if (isset($config['provider'])) { - $container->setAlias('security.acl.provider', $config['provider'])->setPrivate(true); - - return; - } - - $this->configureDbalAclProvider($config, $container, $loader); - } - - private function configureDbalAclProvider(array $config, ContainerBuilder $container, $loader) - { - $loader->load('security_acl_dbal.xml'); - - if (null !== $config['connection']) { - $container->setAlias('security.acl.dbal.connection', sprintf('doctrine.dbal.%s_connection', $config['connection']))->setPrivate(true); - } - - $container - ->getDefinition('security.acl.dbal.schema_listener') - ->addTag('doctrine.event_listener', array( - 'connection' => $config['connection'], - 'event' => 'postGenerateSchema', - 'lazy' => true, - )) - ; - - $container->getDefinition('security.acl.cache.doctrine')->addArgument($config['cache']['prefix']); - - $container->setParameter('security.acl.dbal.class_table_name', $config['tables']['class']); - $container->setParameter('security.acl.dbal.entry_table_name', $config['tables']['entry']); - $container->setParameter('security.acl.dbal.oid_table_name', $config['tables']['object_identity']); - $container->setParameter('security.acl.dbal.oid_ancestors_table_name', $config['tables']['object_identity_ancestors']); - $container->setParameter('security.acl.dbal.sid_table_name', $config['tables']['security_identity']); - } - /** * Loads the web configuration. * diff --git a/src/Symfony/Bundle/SecurityBundle/Resources/config/console.xml b/src/Symfony/Bundle/SecurityBundle/Resources/config/console.xml index b375d95effe5c..34feeeb9e8fd5 100644 --- a/src/Symfony/Bundle/SecurityBundle/Resources/config/console.xml +++ b/src/Symfony/Bundle/SecurityBundle/Resources/config/console.xml @@ -7,17 +7,6 @@ - - - - - - - - - - - diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php index 138c7e9233480..d274d4005e854 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php @@ -36,20 +36,6 @@ public function testRolesHierarchy() ), $container->getParameter('security.role_hierarchy.roles')); } - /** - * @group legacy - * @expectedDeprecation The "security.acl" configuration key is deprecated since version 3.4 and will be removed in 4.0. Install symfony/acl-bundle and use the "acl" key instead. - */ - public function testRolesHierarchyWithAcl() - { - $container = $this->getContainer('container1_with_acl'); - $this->assertEquals(array( - 'ROLE_ADMIN' => array('ROLE_USER'), - 'ROLE_SUPER_ADMIN' => array('ROLE_USER', 'ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH'), - 'ROLE_REMOTE' => array('ROLE_USER', 'ROLE_ADMIN'), - ), $container->getParameter('security.role_hierarchy.roles')); - } - public function testUserProviders() { $container = $this->getContainer('container1'); @@ -324,30 +310,6 @@ public function testEncoders() )), $container->getDefinition('security.encoder_factory.generic')->getArguments()); } - /** - * @group legacy - * @expectedDeprecation The "security.acl" configuration key is deprecated since version 3.4 and will be removed in 4.0. Install symfony/acl-bundle and use the "acl" key instead. - */ - public function testAcl() - { - $container = $this->getContainer('container1_with_acl'); - - $this->assertTrue($container->hasDefinition('security.acl.dbal.provider')); - $this->assertEquals('security.acl.dbal.provider', (string) $container->getAlias('security.acl.provider')); - } - - /** - * @group legacy - * @expectedDeprecation The "security.acl" configuration key is deprecated since version 3.4 and will be removed in 4.0. Install symfony/acl-bundle and use the "acl" key instead. - */ - public function testCustomAclProvider() - { - $container = $this->getContainer('custom_acl_provider'); - - $this->assertFalse($container->hasDefinition('security.acl.dbal.provider')); - $this->assertEquals('foo', (string) $container->getAlias('security.acl.provider')); - } - public function testRememberMeThrowExceptionsDefault() { $container = $this->getContainer('container1'); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php deleted file mode 100644 index 268ced04dbfb4..0000000000000 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/container1_with_acl.php +++ /dev/null @@ -1,101 +0,0 @@ -loadFromExtension('security', array( - 'acl' => array(), - 'encoders' => array( - 'JMS\FooBundle\Entity\User1' => 'plaintext', - 'JMS\FooBundle\Entity\User2' => array( - 'algorithm' => 'sha1', - 'encode_as_base64' => false, - 'iterations' => 5, - ), - 'JMS\FooBundle\Entity\User3' => array( - 'algorithm' => 'md5', - ), - 'JMS\FooBundle\Entity\User4' => array( - 'id' => 'security.encoder.foo', - ), - 'JMS\FooBundle\Entity\User5' => array( - 'algorithm' => 'pbkdf2', - 'hash_algorithm' => 'sha1', - 'encode_as_base64' => false, - 'iterations' => 5, - 'key_length' => 30, - ), - 'JMS\FooBundle\Entity\User6' => array( - 'algorithm' => 'bcrypt', - 'cost' => 15, - ), - ), - 'providers' => array( - 'default' => array( - 'memory' => array( - 'users' => array( - 'foo' => array('password' => 'foo', 'roles' => 'ROLE_USER'), - ), - ), - ), - 'digest' => array( - 'memory' => array( - 'users' => array( - 'foo' => array('password' => 'foo', 'roles' => 'ROLE_USER, ROLE_ADMIN'), - ), - ), - ), - 'basic' => array( - 'memory' => array( - 'users' => array( - 'foo' => array('password' => '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33', 'roles' => 'ROLE_SUPER_ADMIN'), - 'bar' => array('password' => '0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33', 'roles' => array('ROLE_USER', 'ROLE_ADMIN')), - ), - ), - ), - 'service' => array( - 'id' => 'user.manager', - ), - 'chain' => array( - 'chain' => array( - 'providers' => array('service', 'basic'), - ), - ), - ), - - 'firewalls' => array( - 'simple' => array('pattern' => '/login', 'security' => false), - 'secure' => array('stateless' => true, - 'http_basic' => true, - 'form_login' => true, - 'anonymous' => true, - 'switch_user' => true, - 'x509' => true, - 'remote_user' => true, - 'logout' => true, - 'remember_me' => array('secret' => 'TheSecret'), - 'user_checker' => null, - ), - 'host' => array( - 'pattern' => '/test', - 'host' => 'foo\\.example\\.org', - 'methods' => array('GET', 'POST'), - 'anonymous' => true, - 'http_basic' => true, - ), - 'with_user_checker' => array( - 'user_checker' => 'app.user_checker', - 'anonymous' => true, - 'http_basic' => true, - ), - ), - - 'access_control' => array( - array('path' => '/blog/524', 'role' => 'ROLE_USER', 'requires_channel' => 'https', 'methods' => array('get', 'POST')), - array('path' => '/blog/.*', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY'), - array('path' => '/blog/524', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY', 'allow_if' => "token.getUsername() matches '/^admin/'"), - ), - - 'role_hierarchy' => array( - 'ROLE_ADMIN' => 'ROLE_USER', - 'ROLE_SUPER_ADMIN' => array('ROLE_USER', 'ROLE_ADMIN', 'ROLE_ALLOWED_TO_SWITCH'), - 'ROLE_REMOTE' => 'ROLE_USER,ROLE_ADMIN', - ), -)); diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_acl.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_acl.xml deleted file mode 100644 index 7797c38287193..0000000000000 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/container1_with_acl.xml +++ /dev/null @@ -1,80 +0,0 @@ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - app.user_checker - - - ROLE_USER - ROLE_USER,ROLE_ADMIN,ROLE_ALLOWED_TO_SWITCH - ROLE_USER,ROLE_ADMIN - - - - - - diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_acl.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_acl.yml deleted file mode 100644 index 40e0f1a81e2f6..0000000000000 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/container1_with_acl.yml +++ /dev/null @@ -1,81 +0,0 @@ -security: - acl: ~ - encoders: - JMS\FooBundle\Entity\User1: plaintext - JMS\FooBundle\Entity\User2: - algorithm: sha1 - encode_as_base64: false - iterations: 5 - JMS\FooBundle\Entity\User3: - algorithm: md5 - JMS\FooBundle\Entity\User4: - id: security.encoder.foo - JMS\FooBundle\Entity\User5: - algorithm: pbkdf2 - hash_algorithm: sha1 - encode_as_base64: false - iterations: 5 - key_length: 30 - JMS\FooBundle\Entity\User6: - algorithm: bcrypt - cost: 15 - - providers: - default: - memory: - users: - foo: { password: foo, roles: ROLE_USER } - digest: - memory: - users: - foo: { password: foo, roles: 'ROLE_USER, ROLE_ADMIN' } - basic: - memory: - users: - foo: { password: 0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33, roles: ROLE_SUPER_ADMIN } - bar: { password: 0beec7b5ea3f0fdbc95d0dd47f3c5bc275da8a33, roles: [ROLE_USER, ROLE_ADMIN] } - service: - id: user.manager - chain: - chain: - providers: [service, basic] - - - firewalls: - simple: { pattern: /login, security: false } - secure: - stateless: true - http_basic: true - form_login: true - anonymous: true - switch_user: true - x509: true - remote_user: true - logout: true - remember_me: - secret: TheSecret - user_checker: ~ - - host: - pattern: /test - host: foo\.example\.org - methods: [GET,POST] - anonymous: true - http_basic: true - - with_user_checker: - anonymous: ~ - http_basic: ~ - user_checker: app.user_checker - - role_hierarchy: - ROLE_ADMIN: ROLE_USER - ROLE_SUPER_ADMIN: [ROLE_USER, ROLE_ADMIN, ROLE_ALLOWED_TO_SWITCH] - ROLE_REMOTE: ROLE_USER,ROLE_ADMIN - - access_control: - - { path: /blog/524, role: ROLE_USER, requires_channel: https, methods: [get, POST]} - - - path: /blog/.* - role: IS_AUTHENTICATED_ANONYMOUSLY - - { path: /blog/524, role: IS_AUTHENTICATED_ANONYMOUSLY, allow_if: "token.getUsername() matches '/^admin/'" } diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SetAclCommandTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SetAclCommandTest.php deleted file mode 100644 index a658126fce347..0000000000000 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/SetAclCommandTest.php +++ /dev/null @@ -1,177 +0,0 @@ - - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Bundle\SecurityBundle\Tests\Functional; - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ -use Symfony\Bundle\FrameworkBundle\Console\Application; -use Symfony\Bundle\SecurityBundle\Command\SetAclCommand; -use Symfony\Component\Console\Tester\CommandTester; -use Symfony\Component\Security\Acl\Domain\ObjectIdentity; -use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity; -use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity; -use Symfony\Component\Security\Acl\Exception\NoAceFoundException; -use Symfony\Component\Security\Acl\Permission\BasicPermissionMap; - -/** - * Tests SetAclCommand. - * - * @author Kévin Dunglas - * @requires extension pdo_sqlite - * @group legacy - */ -class SetAclCommandTest extends WebTestCase -{ - const OBJECT_CLASS = 'Symfony\Bundle\SecurityBundle\Tests\Functional\Bundle\AclBundle\Entity\Car'; - const SECURITY_CLASS = 'Symfony\Component\Security\Core\User\User'; - - public function testSetAclUser() - { - $objectId = 1; - $securityUsername1 = 'kevin'; - $securityUsername2 = 'anne'; - $grantedPermission1 = 'VIEW'; - $grantedPermission2 = 'EDIT'; - - $application = $this->getApplication(); - $application->add(new SetAclCommand($application->getKernel()->getContainer()->get('test.security.acl.provider'))); - - $setAclCommand = $application->find('acl:set'); - $setAclCommandTester = new CommandTester($setAclCommand); - $setAclCommandTester->execute(array( - 'command' => 'acl:set', - 'arguments' => array($grantedPermission1, $grantedPermission2, sprintf('%s:%s', self::OBJECT_CLASS, $objectId)), - '--user' => array(sprintf('%s:%s', self::SECURITY_CLASS, $securityUsername1), sprintf('%s:%s', self::SECURITY_CLASS, $securityUsername2)), - )); - - $objectIdentity = new ObjectIdentity($objectId, self::OBJECT_CLASS); - $securityIdentity1 = new UserSecurityIdentity($securityUsername1, self::SECURITY_CLASS); - $securityIdentity2 = new UserSecurityIdentity($securityUsername2, self::SECURITY_CLASS); - $permissionMap = new BasicPermissionMap(); - - /** @var \Symfony\Component\Security\Acl\Model\AclProviderInterface $aclProvider */ - $aclProvider = $application->getKernel()->getContainer()->get('test.security.acl.provider'); - $acl = $aclProvider->findAcl($objectIdentity, array($securityIdentity1)); - - $this->assertTrue($acl->isGranted($permissionMap->getMasks($grantedPermission1, null), array($securityIdentity1))); - $this->assertTrue($acl->isGranted($permissionMap->getMasks($grantedPermission1, null), array($securityIdentity2))); - $this->assertTrue($acl->isGranted($permissionMap->getMasks($grantedPermission2, null), array($securityIdentity2))); - - try { - $acl->isGranted($permissionMap->getMasks('OWNER', null), array($securityIdentity1)); - $this->fail('NoAceFoundException not throwed'); - } catch (NoAceFoundException $e) { - } - - try { - $acl->isGranted($permissionMap->getMasks('OPERATOR', null), array($securityIdentity2)); - $this->fail('NoAceFoundException not throwed'); - } catch (NoAceFoundException $e) { - } - } - - public function testSetAclRole() - { - $objectId = 1; - $securityUsername = 'kevin'; - $grantedPermission = 'VIEW'; - $role = 'ROLE_ADMIN'; - - $application = $this->getApplication(); - $application->add(new SetAclCommand($application->getKernel()->getContainer()->get('test.security.acl.provider'))); - - $setAclCommand = $application->find('acl:set'); - $setAclCommandTester = new CommandTester($setAclCommand); - $setAclCommandTester->execute(array( - 'command' => 'acl:set', - 'arguments' => array($grantedPermission, sprintf('%s:%s', str_replace('\\', '/', self::OBJECT_CLASS), $objectId)), - '--role' => array($role), - )); - - $objectIdentity = new ObjectIdentity($objectId, self::OBJECT_CLASS); - $userSecurityIdentity = new UserSecurityIdentity($securityUsername, self::SECURITY_CLASS); - $roleSecurityIdentity = new RoleSecurityIdentity($role); - $permissionMap = new BasicPermissionMap(); - - /** @var \Symfony\Component\Security\Acl\Model\AclProviderInterface $aclProvider */ - $aclProvider = $application->getKernel()->getContainer()->get('test.security.acl.provider'); - $acl = $aclProvider->findAcl($objectIdentity, array($roleSecurityIdentity, $userSecurityIdentity)); - - $this->assertTrue($acl->isGranted($permissionMap->getMasks($grantedPermission, null), array($roleSecurityIdentity))); - $this->assertTrue($acl->isGranted($permissionMap->getMasks($grantedPermission, null), array($roleSecurityIdentity))); - - try { - $acl->isGranted($permissionMap->getMasks('VIEW', null), array($userSecurityIdentity)); - $this->fail('NoAceFoundException not throwed'); - } catch (NoAceFoundException $e) { - } - - try { - $acl->isGranted($permissionMap->getMasks('OPERATOR', null), array($userSecurityIdentity)); - $this->fail('NoAceFoundException not throwed'); - } catch (NoAceFoundException $e) { - } - } - - public function testSetAclClassScope() - { - $objectId = 1; - $grantedPermission = 'VIEW'; - $role = 'ROLE_USER'; - - $application = $this->getApplication(); - $application->add(new SetAclCommand($application->getKernel()->getContainer()->get('test.security.acl.provider'))); - - $setAclCommand = $application->find('acl:set'); - $setAclCommandTester = new CommandTester($setAclCommand); - $setAclCommandTester->execute(array( - 'command' => 'acl:set', - 'arguments' => array($grantedPermission, sprintf('%s:%s', self::OBJECT_CLASS, $objectId)), - '--class-scope' => true, - '--role' => array($role), - )); - - $objectIdentity1 = new ObjectIdentity($objectId, self::OBJECT_CLASS); - $objectIdentity2 = new ObjectIdentity(2, self::OBJECT_CLASS); - $roleSecurityIdentity = new RoleSecurityIdentity($role); - $permissionMap = new BasicPermissionMap(); - - /** @var \Symfony\Component\Security\Acl\Model\AclProviderInterface $aclProvider */ - $aclProvider = $application->getKernel()->getContainer()->get('test.security.acl.provider'); - - $acl1 = $aclProvider->findAcl($objectIdentity1, array($roleSecurityIdentity)); - $this->assertTrue($acl1->isGranted($permissionMap->getMasks($grantedPermission, null), array($roleSecurityIdentity))); - - $acl2 = $aclProvider->createAcl($objectIdentity2); - $this->assertTrue($acl2->isGranted($permissionMap->getMasks($grantedPermission, null), array($roleSecurityIdentity))); - } - - private function getApplication() - { - $kernel = $this->createKernel(array('test_case' => 'Acl')); - $kernel->boot(); - - $application = new Application($kernel); - - $initAclCommand = $application->find('init:acl'); - $initAclCommandTester = new CommandTester($initAclCommand); - $initAclCommandTester->execute(array('command' => 'init:acl')); - - return $application; - } -} pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy