[ACL RoleSecurityIdentity] check if instance of Role #1538
Labels
Comments
yktd26
added a commit
to yktd26/symfony
that referenced
this issue
Jul 13, 2011
m14t
added a commit
to m14t/symfony-docs
that referenced
this issue
Apr 23, 2013
The documentation seems to assume the implementation present in commit symfony/symfony#1673, which reverted soon after due to a potential, but undisclosed security hole (citation @schmittjoh in symfony/symfony@af70ac8). This incorrect documentation has likely been the source of many of the following issues: * symfony/symfony#1538 - [ACL RoleSecurityIdentity] check if instance of Role * symfony/symfony#1748 - Replace Role to RoleInterface for RoleSecurityIdentity * symfony/symfony#4309 - Issue related to custom group (role) and ACL/ACE * symfony/symfony#5026 - potential bug in Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity * symfony/symfony#5076 - [Acl] altered the behaviour of RoleSecurityIdentity * symfony/symfony#5171 - Fix/role security identity * symfony/symfony#5303 - [Security] Check for RoleInterface instead of Role object in RoleSecurityIdentity * symfony/symfony#5909 - Allow Custom Roles to implement the RoleInterface * symfony/symfony#6012 - Securityidentity fix
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Constructor of Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity
currently it check if the argument is instance of Symfony\Component\Security\Core\Role\Role by
if ($role instanceof Role)Maybe it should be changed to
if ($role instanceof RoleInterface)Because if we use another Role class which implements RoleInterface
it dosen't work when we check access, it will throw a NoAceFoundException when vote
The text was updated successfully, but these errors were encountered: