Created
September 3, 2012 07:39
-
-
Save binabik/3607658 to your computer and use it in GitHub Desktop.
Custom SecurityIdentityRetrieval
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<?php | |
namespace LL\Infrastructure\Permissions; | |
use Symfony\Component\Security\Core\Role\RoleInterface; | |
use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity; | |
use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity; | |
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken; | |
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; | |
use Symfony\Component\Security\Acl\Model\SecurityIdentityRetrievalStrategyInterface; | |
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver; | |
use Symfony\Component\Security\Core\Role\RoleHierarchyInterface; | |
use Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter; | |
/** | |
* Strategy for retrieving security identities. Seeing as the Symfony devs don't | |
* want to fix a bug related to Roles and RoleInterfaces, this class minimally extends | |
* the default SecurityIdentityRetrievalStrategy. | |
* | |
*/ | |
class LLSecurityIdentityRetrievalStrategy implements SecurityIdentityRetrievalStrategyInterface | |
{ | |
private $roleHierarchy; | |
private $authenticationTrustResolver; | |
/** | |
* Constructor | |
* | |
* @param RoleHierarchyInterface $roleHierarchy | |
* @param AuthenticationTrustResolver $authenticationTrustResolver | |
*/ | |
public function __construct(RoleHierarchyInterface $roleHierarchy, AuthenticationTrustResolver $authenticationTrustResolver) | |
{ | |
$this->roleHierarchy = $roleHierarchy; | |
$this->authenticationTrustResolver = $authenticationTrustResolver; | |
} | |
/** | |
* {@inheritDoc} | |
*/ | |
public function getSecurityIdentities(TokenInterface $token) | |
{ | |
$sids = array(); | |
// add user security identity | |
if (!$token instanceof AnonymousToken) { | |
try { | |
$sids[] = UserSecurityIdentity::fromToken($token); | |
} catch (\InvalidArgumentException $invalid) { | |
// ignore, user has no user security identity | |
} | |
} | |
// add all reachable roles | |
foreach ($this->roleHierarchy->getReachableRoles($token->getRoles()) as $role) { | |
// THIS IS THE FIX DONE BY SIMON. :) | |
if ($role instanceof RoleInterface) | |
$sids[] = new RoleSecurityIdentity($role->getRole()); | |
else | |
$sids[] = new RoleSecurityIdentity($role); | |
} | |
// add built-in special roles | |
if ($this->authenticationTrustResolver->isFullFledged($token)) { | |
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_FULLY); | |
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED); | |
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); | |
} elseif ($this->authenticationTrustResolver->isRememberMe($token)) { | |
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED); | |
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); | |
} elseif ($this->authenticationTrustResolver->isAnonymous($token)) { | |
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY); | |
} | |
return $sids; | |
} | |
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# app/config/security.yml | |
parameters: | |
security.acl.permission.map.class: LL\Infrastructure\Permissions\LLPermissionResolver | |
security.acl.security_identity_retrieval_strategy.class: LL\Infrastructure\Permissions\LLSecurityIdentityRetrievalStrategy | |
security.acl.permission_evaluator.class: LL\Infrastructure\Permissions\LLPermissionEvaluator |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I have similar issue when my users are changing their username, which is really annoying... Does your class works well in that purpose?