Fixed some issues of the AccessDecisionManager profiler #18934
Conversation
javiereguiluz
commented
Jun 1, 2016
•
| Q | A |
|---|---|
| Branch? | 3.1 |
| Bug fix? | yes |
| New feature? | no |
| BC breaks? | no |
| Deprecations? | no |
| Tests pass? | yes |
| Fixed tickets | #19022 https://github.com/symfony/symfony-standard/issues/968 schmittjoh/JMSSecurityExtraBundle#207 |
| License | MIT |
| Doc PR | - |
| @@ -66,7 +66,7 @@ public function load(array $configs, ContainerBuilder $container) | |||
| $loader->load('collectors.xml'); | |||
| $loader->load('guard.xml'); | |||
|
|
|||
| if ($container->hasParameter('kernel.debug') && $container->getParameter('kernel.debug')) { | |||
| if ($container->has('profiler')) { | |||
There was a problem hiding this comment.
this is broken, as it will always be false here (DI extensions are isolated from each other). You may need to use a compiler pass instead
There was a problem hiding this comment.
This looks overkill to me. Isn't there any other solution? In other extensions, for example in these lines of FrameworkExtension, they use the same code as here:
if ($container->getParameter('kernel.debug')) {
$loader->load('templating_debug.xml');
// ...
}There was a problem hiding this comment.
The big difference is that parameters are copied to the local container passed to Extension#load(), whereas services aren't.
And btw, this can only be done with kernel.* parameters, as these are set by the Kernel. All other parameters will only be available based on the order of the registered bundles in AppKernel: You don't want to depend on the order.
There was a problem hiding this comment.
@wouterj I don't understand your comment. In any case, I asked why this is wrong:
if ($container->getParameter('kernel.debug')) {
$loader->load('security_debug.xml');
}When this is considered right:
if ($container->getParameter('kernel.debug')) {
$loader->load('templating_debug.xml');
// ...
}There was a problem hiding this comment.
It's about this:
if ($container->has('profiler')) {
// ...
}Versus this:
if ($container->getParameter('kernel.debug')) {
// ...
}The $container parameter of Extension::load() is not the actual container, it's a copy. See https://github.com/symfony/dependency-injection/blob/master/Compiler/MergeExtensionConfigurationPass.php#L47-L49 Only the parameters are copied from actual to tmp container, services aren't.
This is why $container->has('profiler') will always return false.
There was a problem hiding this comment.
Sure. I didn't use $container->has('profiler') at first. I used $container->getParameter('kernel.debug') but I was told that it was not completely right. But I still don't understand, so I can't fix it.
There was a problem hiding this comment.
@javiereguiluz the issue is that kernel.debug is only the default value for enabling the profiler. It is possible to enable it in non-debug mode.
And this mismatch is precisely one of the issues you have to fix, as the profiler always assumes that the debug access decision manager is there.
The alternative would be to handle properly the absence of this service (storing less info in the profiler panel)
| @@ -66,7 +66,7 @@ public function load(array $configs, ContainerBuilder $container) | |||
| $loader->load('collectors.xml'); | |||
| $loader->load('guard.xml'); | |||
|
|
|||
| if ($container->hasParameter('kernel.debug') && $container->getParameter('kernel.debug')) { | |||
| if ($container->getParameter('kernel.debug')) { | |||
| $loader->load('security_debug.xml'); | |||
There was a problem hiding this comment.
@javiereguiluz I tried this PR and the issue still exists :(
https://github.com/symfony/symfony/blob/master/src/Symfony/Bundle/SecurityBundle/Resources/config/collectors.xml#L13: The data_collector.security service ("which is always loaded" L66) require debug.security.access.decision_manager, so when $container->getParameter('kernel.debug') is false this service isn't loaded:
php bin/console --env=dev --no-debug
[Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException]
The service "profiler" has a dependency on a non-existent service "debug.security.access.decision_manager".The road should be here https://github.com/symfony/symfony-standard/issues/968#issuecomment-223022665:
@stof: ... It should be based on whether the profiler is enabled instead of being based on the debug mode ...
There was a problem hiding this comment.
Is it OK to load the collectors.xml file unconditionally? Is it really used when debug = false ? If this can be changed, the solution would be trivial: move $loader->load('collectors.xml'); under the if ($container->getParameter('kernel.debug')) condition.
There was a problem hiding this comment.
well, if you do it, the security panel would not appear when enabling the profiler in no-debug mode, which might be confusing
There was a problem hiding this comment.
Could we check web_profiler.controller.profiler service definition ? it's defined only if WebProfileBundle is enabled. BUT, this would imply that all panels profile should be loaded only if this "WebProfileBundle" is enabled ? Currenly this is not taken into consideration in others collectors.
There was a problem hiding this comment.
@yceruto WebProfilerBundle is not related to enabling the profiler (the bundle does not provide the profiler. It is only about providing a visualization UI).
The proper service would be detecting profiler (coming from FrameworkBundle), but this cannot be done in a DI extension, because DI extension cannot see services defined in other extensions (see the previous discussion)
There was a problem hiding this comment.
@stof you're right, then
... Only the parameters are copied from actual to tmp container ...
We can create a new parameter something like profiler.collect into FrameworkExtension::registerProfilerConfiguration ?:
$container->setParameter('profiler.collect', $config['collect']);and use it here ?
if ($container->hasParameter('profiler.collect') && $container->getParameter('profiler.collect')) {
$loader->load('collectors.xml');
$loader->load('security_debug.xml');
}@javiereguiluz WDYT?
|
@javiereguiluz Can you move this PR forward? Or do you need some help? |
|
@javiereguiluz Any update on this? A solution would be awesome. |
|
@peterrehm I plan to finish this very soon. |
|
I've updated this with a compiler pass, as @stof suggested. |
| @@ -66,10 +66,6 @@ public function load(array $configs, ContainerBuilder $container) | |||
| $loader->load('collectors.xml'); | |||
There was a problem hiding this comment.
@javiereguiluz the issue still occurs if profiler service is not defined, so data_collector.security require of debug.security.access.decision_manager
There was a problem hiding this comment.
Could we solve this via config?
<argument type="service" id="debug.security.access.decision_manager" on-invalid="ignore" />There was a problem hiding this comment.
Or maybe just load the collector in debug?
There was a problem hiding this comment.
@HeahDude apparently we can't do that. See #18934 (comment)
There was a problem hiding this comment.
Ok, I see another solution, now that the security.access.decision_manager is properly decorated, just pass it to the collector instead of the debug.security.access.decision_manager, this line should ensure everything is fine, right?
There was a problem hiding this comment.
👍 Let's try that! Thanks.
|
Some tests are still failing. Given that a new Symfony 3.1 release is imminent, could someone please help me fix this? Thanks! |
|
If passing the |
e5dfabe to
e4cbf01
Compare
| if ($container->hasParameter('kernel.debug') && $container->getParameter('kernel.debug')) { | ||
| $loader->load('security_debug.xml'); | ||
| } | ||
| $loader->load('security_debug.xml'); |
There was a problem hiding this comment.
Why did you remove the debug check?
There was a problem hiding this comment.
Yes but now the check is done in the collector, so no need to load the debug adm when not in debug mode.
| @@ -66,7 +66,7 @@ public function load(array $configs, ContainerBuilder $container) | |||
| $loader->load('collectors.xml'); | |||
| $loader->load('guard.xml'); | |||
|
|
|||
| if ($container->hasParameter('kernel.debug') && $container->getParameter('kernel.debug')) { | |||
| if ($container->getParameter('kernel.debug')) { | |||
There was a problem hiding this comment.
You should keep the check with hasParameter() since some tests are still failing
|
I guess you now need to update the |
|
👍 LGTM now, remaining failures are unrelated. Status: Reviewed |
| @@ -10,7 +10,7 @@ | |||
| <argument type="service" id="security.token_storage" on-invalid="ignore" /> | |||
| <argument type="service" id="security.role_hierarchy" /> | |||
| <argument type="service" id="security.logout_url_generator" /> | |||
| <argument type="service" id="debug.security.access.decision_manager" /> | |||
| <argument type="service" id="security.access.decision_manager" /> | |||
There was a problem hiding this comment.
if the compiler pass was removed then when this argument is changed by debug.security.access.decision_manager ?
I missing something ?
There was a problem hiding this comment.
@yceruto the service is decorated when debug is on by loading security_debug.xml.
|
Thank you @javiereguiluz. |
…aviereguiluz) This PR was squashed before being merged into the 3.1 branch (closes #18934). Discussion ---------- Fixed some issues of the AccessDecisionManager profiler | Q | A | ------------- | --- | Branch? | 3.1 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #19022 https://github.com/symfony/symfony-standard/issues/968 schmittjoh/JMSSecurityExtraBundle#207 | License | MIT | Doc PR | - Commits ------- 082f1b5 Fixed some issues of the AccessDecisionManager profiler
|
It's in the 3.1.x-dev branch, but not in the 3.1.1 tag :( @fabpot could you tag another patch release? |
|
@loostro I think you need to be a bit patient, as @javiereguiluz wrote a new release is around the corner... |