Initial extract from SecurityBundle #2
Conversation
.travis.yml
Outdated
| - php: 7.0 | ||
| env: COMPOSER_FLAGS="" SYMFONY_VERSION="3.0.*" | ||
|
|
||
| before_install: if [[ "$SYMFONY_VERSION" != "" ]]; then composer require --no-update symfony/symfony:${SYMFONY_VERSION}; fi |
There was a problem hiding this comment.
We should disable the Xdebug extension if present and update Composer before doing everything else.
There was a problem hiding this comment.
Maybe we should use a stripped down version of the symfony one?
|
Would be great if can finish this one, merge it so that we can remove that part from Symfony, at least for version 4. |
|
I'll see if I can continue this work soon |
|
Thank you |
Command/InitAclCommand.php
Outdated
| * | ||
| * @author Johannes M. Schmitt <schmittjoh@gmail.com> | ||
| * | ||
| * @final since version 3.4 |
There was a problem hiding this comment.
could you update one more time? see symfony/symfony#23801
|
Okay tests are still a work in progress, I will see if I can fix them at a later point |
|
@ro0NL maybe I'm missing something, but it seems to grab the commands from the bundle itself (see |
|
Composer failures are related to weird |
|
@iltar you need to make AclBundle::registerCommands a noop method to disable auto-discovery. See also security-bundle. |
composer.json
Outdated
| @@ -16,16 +16,33 @@ | |||
| } | |||
| ], | |||
| "require": { | |||
| "php": ">=5.3.9", | |||
| "php": ">=5.5.9", | |||
| "symfony/console": "~3.3|~4.0", | |||
composer.json
Outdated
| "php": ">=5.3.9", | ||
| "php": ">=5.5.9", | ||
| "symfony/console": "~3.3|~4.0", | ||
| "symfony/config": "~3.3|~4.0", |
There was a problem hiding this comment.
transient dep of DI... do we need it explicitly?
composer.json
Outdated
| "symfony/console": "~3.3|~4.0", | ||
| "symfony/config": "~3.3|~4.0", | ||
| "symfony/dependency-injection": "~3.3|~4.0", | ||
| "symfony/framework-bundle": "~3.3|~4.0", |
There was a problem hiding this comment.
require-dev i guess, although we extend from ContainerAwareCommand. Perhaps update to Command directly? Then its a require-dev for sure.
There was a problem hiding this comment.
I aim this version for 3.4, which means I need to support the container variant I believe
There was a problem hiding this comment.
technically yes. But looking at others (twigbundle, securitybundle) they all have framework-bundle in require-dev.
A hard dep on frameworkbundle, solely for ContainerAwareCommand seems like a bad ideaa.. hence it should extend Command ASAP :)
composer.json
Outdated
| "symfony/dependency-injection": "~3.3|~4.0", | ||
| "symfony/framework-bundle": "~3.3|~4.0", | ||
| "symfony/http-kernel": "~3.3|~4.0", | ||
| "symfony/polyfill-php70": "~1.0", | ||
| "symfony/security-acl": "~2.8" |
There was a problem hiding this comment.
yeah, allowing only 2.8 is not a goof idea
There was a problem hiding this comment.
The problem here is that 2.7 is the only one available, idk where the rest comes from, but they are not from the symfony/security-acl repo.
versions : dev-master, 3.0.x-dev, v3.0.0, 2.8.x-dev, v2.8.0, 2.7.x-dev, v2.7.33, v2.7.32, v2.7.31, v2.7.30, v2.7.29, v2.7.28, v2.7.27, v2.7.26, v2.7.25, v2.7.24, v2.7.23, v2.7.22, v2.7.21, v2.7.20, v2.7.19, v2.7.18, v2.7.17, v2.7.16, v2.7.15, v2.7.14, v2.7.13, v2.7.12, v2.7.11, v2.7.10, v2.7.9, v2.7.8, v2.7.7, v2.7.6, v2.7.5, v2.7.4, v2.7.3, v2.7.2, v2.7.1, v2.7.0, v2.7.0-BETA2, v2.7.0-BETA1, 2.6.x-dev, v2.6.13, v2.6.12, v2.6.11, v2.6.10, v2.6.9, v2.6.8, v2.6.7, v2.6.6, v2.6.5, v2.6.4, v2.6.3, v2.6.2, v2.6.1, v2.6.0, v2.6.0-BETA2, v2.6.0-BETA1, 2.5.x-dev, v2.5.12, v2.5.11, v2.5.10, v2.5.9, v2.5.8, v2.5.7, v2.5.6, v2.5.5, v2.5.4, v2.5.3, v2.5.2, v2.5.1, v2.5.0, v2.5.0-RC1, v2.5.0-BETA2, v2.5.0-BETA1, 2.4.x-dev, v2.4.10, v2.4.9, v2.4.8, v2.4.7, v2.4.6, v2.4.5, v2.4.4, v2.4.3, v2.4.2, v2.4.1, v2.4.0, v2.4.0-RC1, v2.4.0-BETA2, v2.4.0-BETA1
composer.json
Outdated
| "symfony/asset": "~3.3|~4.0" | ||
| }, | ||
| "suggest": { | ||
| "doctrine/doctrine-bundle": "To use the default dbal configuration" |
There was a problem hiding this comment.
well no. If you want to use the default DBAL config, you need to use the DoctrineBundle, as it is the one configuring DBAL. If you have DBAL but not DoctrineBundle, you don't have any default DBAL config
| $kernel = $this->createKernel(array('test_case' => 'Acl')); | ||
| $kernel->boot(); | ||
|
|
||
| $application = new Application($kernel); |
There was a problem hiding this comment.
maybe use Console\Application here. One dep less for framework bundle :)
Command/InitAclCommand.php
Outdated
| */ | ||
| public function __construct($connection = null, Schema $schema = null) | ||
| { | ||
| if (!$connection instanceof Connection) { |
There was a problem hiding this comment.
null is deprecated API. New api only allows a connection instance, so phpdoc is leading.
There was a problem hiding this comment.
Then deprecation warning is wrong. It tells me I should not pass a command name anymore. But you also deprecated passing nothing
There was a problem hiding this comment.
well.. we talk about command name as an argument, i.e. $name which is either null|string. Not sure this is really an issue ;-) and should be addressed in core as we did it for all commands this way; see symfony/symfony#23624
There was a problem hiding this comment.
But I was not passing a name, I should get a different deprecation warning telling me that I should now pass a connection. Telling me that I should not pass a command name is pretty much confusing when I'm not passing anything currently.
There was a problem hiding this comment.
and I had not reviewed the Symfony PR yet, but I just added the same comment about deprecation warning message being bad DX currently
There was a problem hiding this comment.
You're right, the message is a bit off-context in case of null passed by default. Then again this only impacts people using the core commands outside the bundle ecosystem. SF itself doesnt trigger it. So im not sure it's really worth the effort, yet this PR can improve it for aclbundle of course :)
There was a problem hiding this comment.
Perhaps a more generic message like Not constructing the command with its required arguments is deprecated... We can copy that easily to other commands.
Command/SetAclCommand.php
Outdated
| */ | ||
| public function __construct($provider = null) | ||
| { | ||
| if (!$provider instanceof MutableAclProviderInterface) { |
DependencyInjection/AclExtension.php
Outdated
| $securityConfig = $container->getExtensionConfig('security'); | ||
| $aclConfig = $container->getExtensionConfig('acl'); | ||
|
|
||
| if (empty($securityConfig['acl'])) { |
There was a problem hiding this comment.
that's broken. $securityConfig is an array of configuration arrays, as arrays are not merged yet at this point (and are never merged inside the container extension config btw).
You need to loop over all of them and check each of them to prepend them (be careful about the order, to avoid reversing the array).
DependencyInjection/AclExtension.php
Outdated
|
|
||
| @trigger_error('As of 3.2 the "security.acl" config is deprecated and will be removed in 4.0. Please configure it under "acl".', E_USER_DEPRECATED); | ||
|
|
||
| if (!empty($aclConfig)) { |
There was a problem hiding this comment.
broken check as well, due to the same merging issue.
Btw, I'm not even sure we need this check. Due to prepending the old config, the config set directly for the bundle will win when merging. But merging will still work.
LICENSE
Outdated
| @@ -1,4 +1,4 @@ | |||
| Copyright (c) 2004-2015 Fabien Potencier | |||
| Copyright (c) 2004-2016 Fabien Potencier | |||
README.md
Outdated
| Resources | ||
| --------- | ||
|
|
||
| * [Contributing](https://symfony.com/doc/current/contributing/index.html) |
There was a problem hiding this comment.
this is wrong, as this bundle is not part of the main repo, so contributing is a bit different
There was a problem hiding this comment.
Changing it to use the same template as the security/acl component
README.md
Outdated
| @@ -0,0 +1,9 @@ | |||
| AclBundle | |||
| ========= | |||
|
|
|||
There was a problem hiding this comment.
As this is the main readme of the repo (not a subtree split), it would be great to have a bit more content in it
Resources/config/security_acl.xml
Outdated
| @@ -0,0 +1,35 @@ | |||
| <?xml version="1.0" encoding="UTF-8"?> | |||
There was a problem hiding this comment.
Can we drop the security_ filename prefix already? As well in service ids.. (security.).
edit: not sure we should though :)
There was a problem hiding this comment.
Honestly I don't dare messing with the services ids. I've never used the ACL features myself so I can't really predict what would happen
There was a problem hiding this comment.
Agree. Lets keep it. Renaming files (acl.xml, dbal.xml) could be considered.
|
Solved a series of issues, but I ran into an error. I must have miss configured something somewhere, but I don't know what. @stof can you check if the extension is more in line with what you mean? The only thing left to do is proper merging, but I'm not sure how to approach that at this point as I don't know which config is coming from the security bundle (doesn't have to be index 0 afaik). I could also simply drop this and throw an error instead. return $previousHandler ? $previousHandler($type, $message, $file, $line) : false;
// where as the signature is:
public function handleError($type, $msg, $file, $line, $context)phpunit bridge and kernel are running 3.3.6 in my local with --prefer-stable. @nicolas-grekas do you know what this should be? |
| CHANGELOG | ||
| ========= | ||
|
|
||
| 3.2.0 |
There was a problem hiding this comment.
Why not 1.0? This is a new bundle and I guess its release cycle will be independent from the Symfony release cycle.
There was a problem hiding this comment.
The ACL component also was released with the 3.x releases for compatibility reasons. I can imagine that it makes sense to release a 3.4 and 4.0 and then just let them go
There was a problem hiding this comment.
Well, we had the symfony/security-acl package before. But there is nothing like an AclBundle yet.
There was a problem hiding this comment.
Makes sense, but Then I'd rather have a 0.9 of sorts and have 1.0 be released without the deprecations that would be fixed in 4.0
There was a problem hiding this comment.
People are upgrading from SF to new acl bundle. Id say this requires the deprecation trigger in SF, which also checks this bundle is enabled (to do the config prepend, disable commands in SF and such). As people are not using acl-bundle today, only security-bundle.
There was a problem hiding this comment.
The problem with this is, that if they install the ACL bundle and copy the configuration, things will break, as it's efficiently going from 3.3 to 4.0. The path you explained only works if developers fix the deprecations before installing the bundle. However, the deprecation for the bundle configuration will be one of the first they see, due to it being in the container build process, rather than run-time.
There was a problem hiding this comment.
Agree portability increases DX 👍 yet this is SF being real friendly to your new lib :)
There was a problem hiding this comment.
Well, together with the old, a new version would be released I suppose, that means that 3.4 and 4.0 would be released at the same time for this bundle, including deprecation fixes.
The version number doesn't concern me, the DX and compatibility with 3.4 does
There was a problem hiding this comment.
What are the deprecations in this bundle? I don't see any.
DependencyInjection/AclExtension.php
Outdated
| */ | ||
| public function prepend(ContainerBuilder $container) | ||
| { | ||
| $securityConfig = $container->getExtensionConfig('security'); |
|
To me, the release cycle for this bundle should be independent from the symfony/symfony one (as pointed by @xabbuh) and so should not include any deprecation and start with |
|
Fair enough, lets work towards that. We'll have to make sure the SecurityBundle indicates that first all deprecations should be fixed. |
|
@iltar See https://github.com/iltar/AclBundle/pull/2. |
Finish extract
|
@chalasr thanks for PR, I've merged it and it looks all green 👍 |
| use Symfony\Component\Console\Output\OutputInterface; | ||
| use Symfony\Component\Security\Acl\Dbal\Schema; | ||
| use Doctrine\DBAL\Connection; | ||
| use Doctrine\DBAL\Schema\SchemaException; |
There was a problem hiding this comment.
When this PR is finally merged, please run PHP CS Fixer to avoid issues like not having use statements sorted alphabetically. Thanks!
Command/InitAclCommand.php
Outdated
| use Doctrine\DBAL\Schema\SchemaException; | ||
|
|
||
| /** | ||
| * Installs the tables required by the ACL system. |
There was a problem hiding this comment.
Installs the tables ... -> Creates the tables ...
Command/InitAclCommand.php
Outdated
| protected function configure() | ||
| { | ||
| $this | ||
| ->setDescription('Mounts ACL tables in the database') |
There was a problem hiding this comment.
Mounts ACL tables... -> Creates ACL tables...
Command/InitAclCommand.php
Outdated
|
|
||
| <info>php %command.full_name%</info> | ||
|
|
||
| The name of the DBAL connection must be configured in your <info>app/config/security.yml</info> configuration file in the <info>security.acl.connection</info> variable. |
There was a problem hiding this comment.
in your <info>app/config/security.yml</info> configuration file <- it's not compatible with modern Symfony apps (it should be config/packages/security.yaml). What if you reword the message to be more neutral?
The name of the DBAL connection must be configured in the <info>security.acl.connection</info>
variable of your main security configuration file.
There was a problem hiding this comment.
Changed it to this, because it seems the config node was wrong in the example:
The name of the DBAL connection must be configured in the
<info>acl.connection</info> variable of your acl configuration file.
| ->addDefaultsIfNotSet() | ||
| ->children() | ||
| ->scalarNode('id')->end() | ||
| ->scalarNode('prefix')->defaultValue('sf2_acl_')->end() |
There was a problem hiding this comment.
Is it possible to rename sf2_acl_ to sf_acl_ or would that change break BC?
There was a problem hiding this comment.
I don't think this will break anything to be honest, unless you want your cache to persist between upgrades.
This PR was merged into the 3.4 branch. Discussion ---------- [SecurityBundle] Deprecate ACL related code | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | yes | Tests pass? | yes/no | Fixed tickets | replaces #23811 | License | MIT | Doc PR | todo Needs symfony/acl-bundle#2 Commits ------- e3b7dc5 [SecurityBundle] Deprecate ACL related code
This PR was merged into the 3.4 branch. Discussion ---------- [SecurityBundle] Deprecate ACL related code | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | yes | Tests pass? | yes/no | Fixed tickets | replaces #23811 | License | MIT | Doc PR | todo Needs symfony/acl-bundle#2 Commits ------- e3b7dc5424 [SecurityBundle] Deprecate ACL related code
|
Thank you @iltar. |
This PR was merged into the 2.8-dev branch. Discussion ---------- Initial extract from SecurityBundle Now that 3.0 is done and 3.1 is in feature freeze, it was a bit easier to extract the ACL part from the security bundle. Note that this is a mere extract and nothing besides of travis.yml is added. _Replaces #1_ Commits ------- 6263c7c Fixed some incorrect references 933b129 Merge pull request #2 from chalasr/feature/initial-extract feccd34 Do not prepend security config 094c4b7 Remove framework-bundle requirement 25185fa Remove security_ prefix from security_*.xml 3e25239 Remove symfony/symfony BC layers from console commands 95ee777 Fix composer requirements 61047c5 Disable bundle commands locator aaff4a7 Added a test-case for the BC layer 6a601de Fixes based on feedback 6eef9a0 Added asset d8eb3a8 Added security csrf 11dc2e6 Added the yaml component 61669b0 Fix lowest version of security-acl 88d9eed port of symfony/symfony#23801 4ef69f4 Changed minimum sf version to 3.3 45a1546 Added validator as dev-req 01ef784 Load the doctrine bundle as well 5f6d0b2 Initial extract from SecurityBundle
|
I would also propose to change the directory structure to src/ and test/ and use autoload-dev. Now it's easy as there is no git history. |
|
Esp. since it's currently missing a |
|
👍 |
Now that 3.0 is done and 3.1 is in feature freeze, it was a bit easier to extract the ACL part from the security bundle. Note that this is a mere extract and nothing besides of travis.yml is added.
Replaces #1