Skip to content

Fix custom Roles in entity_provider cookbook. #2541

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
May 3, 2013
Merged

Fix custom Roles in entity_provider cookbook. #2541

merged 1 commit into from
May 3, 2013

Conversation

m14t
Copy link
Contributor

@m14t m14t commented Apr 23, 2013

Q A
Doc fix? yes
New docs? no
Applies to Symfony version 2.0
Fixed tickets I don't believe this fixes any PR's, but does relate to many rejected PR's on symfony/symfony (listed below)

The current documentation seems to assume the implementation present in commit
symfony/symfony#1673, which was reverted soon after its addition due to a potential, but undisclosed security hole (citation @schmittjoh in symfony/symfony@af70ac8).

This incorrect documentation has likely been the source of many
of the following issues:

merk
merk reviewed Apr 23, 2013
View reviewed changes
cookbook/security/entity_provider.rst
@@ -461,7 +460,7 @@ that forces it to have a ``getRole()`` method::
* @ORM\Table(name="acme_groups")
* @ORM\Entity()
*/
class Group implements RoleInterface
class Group implements Role
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

class Group extends Role

@m14t
Fix custom Roles in entity_provider cookbook.
dd04a2e 
The documentation seems to assume the implementation present in commit
symfony/symfony#1673, which reverted soon after due
to a potential, but undisclosed security hole (citation @schmittjoh in symfony/symfony@af70ac8).

This incorrect documentation has likely been the source of many
of the following issues:
* symfony/symfony#1538 - [ACL RoleSecurityIdentity] check if instance of Role
* symfony/symfony#1748 - Replace Role to RoleInterface for RoleSecurityIdentity
* symfony/symfony#4309 - Issue related to custom group (role) and ACL/ACE
* symfony/symfony#5026 - potential bug in Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity
* symfony/symfony#5076 - [Acl] altered the behaviour of RoleSecurityIdentity
* symfony/symfony#5171 - Fix/role security identity
* symfony/symfony#5303 - [Security] Check for RoleInterface instead of Role object in RoleSecurityIdentity
* symfony/symfony#5909 - Allow Custom Roles to implement the RoleInterface
* symfony/symfony#6012 - Securityidentity fix
@wouterj
Copy link
Member

wouterj commented Apr 23, 2013

👍

weaverryan added a commit that referenced this pull request May 3, 2013
@weaverryan
Merge pull request #2541 from m14t/roleVsRoleInterfaceBug
920b330 
Fix custom Roles in entity_provider cookbook.
@weaverryan weaverryan merged commit 920b330 into symfony:2.0 May 3, 2013
@weaverryan
Copy link
Member

Thanks Matt! What a mysterious situation :).

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@m14t @wouterj @weaverryan @merk