From f5024779d615f0563c0f27471c903d7f51564e11 Mon Sep 17 00:00:00 2001 From: Thomas Rothe Date: Fri, 4 Nov 2022 16:06:56 +0100 Subject: [PATCH] add support for filtering by sids --- Dbal/AclProvider.php | 36 +++++++++++++++++++++++++++++++++--- Dbal/MutableAclProvider.php | 23 ++++++----------------- 2 files changed, 39 insertions(+), 20 deletions(-) diff --git a/Dbal/AclProvider.php b/Dbal/AclProvider.php index 712edac..c171fe2 100644 --- a/Dbal/AclProvider.php +++ b/Dbal/AclProvider.php @@ -26,6 +26,8 @@ use Symfony\Component\Security\Acl\Model\AclProviderInterface; use Symfony\Component\Security\Acl\Model\ObjectIdentityInterface; use Symfony\Component\Security\Acl\Model\PermissionGrantingStrategyInterface; +use Symfony\Component\Security\Acl\Model\SecurityIdentityInterface; +use Symfony\Component\Security\Core\Role\Role; /** * An ACL provider implementation. @@ -37,6 +39,7 @@ class AclProvider implements AclProviderInterface { public const MAX_BATCH_SIZE = 30; + private const TOKEN_FILTER_PREFIX = 'IS_AUTHENTICATED_'; /** * @var AclCacheInterface|null @@ -219,9 +222,12 @@ public function findAcls(array $oids, array $sids = []) * * @return string */ - protected function getLookupSql(array $ancestorIds) + protected function getLookupSql(array $ancestorIds/*, array $identityIds = []*/) { - // FIXME: add support for filtering by sids (right now we select all sids) + $identityIds = []; + if (\func_num_args() > 1) { + $identityIds = \func_get_arg(1); + } $sql = << $sids + * * @return \SplObjectStorage mapping object identities to ACL instances * * @throws AclNotFoundException @@ -456,7 +467,7 @@ private function lookupObjectIdentities(array $batch, array $sids, array $oidLoo throw new AclNotFoundException('There is no ACL for the given object identity.'); } - $sql = $this->getLookupSql($ancestorIds); + $sql = $this->getLookupSql($ancestorIds, $this->getIdentityIds($sids)); $stmt = $this->connection->executeQuery($sql); return $this->hydrateObjectIdentities($stmt, $oidLookup, $sids); @@ -669,4 +680,23 @@ private function hydrateObjectIdentities(Result $stmt, array $oidLookup, array $ return $result; } + + + /** + * Retrieves all the security identity ids which need to be queried from the database + * + * @param array $sids + * + * @return array + */ + private function getIdentityIds(array $sids) + { + $filteredSids = \array_filter($sids, function ($sid) { + return false === \strpos($sid->getRole(), self::TOKEN_FILTER_PREFIX); + }); + + return \array_map(function ($sid) { + return $sid->getRole(); + }, $filteredSids); + } } diff --git a/Dbal/MutableAclProvider.php b/Dbal/MutableAclProvider.php index 0d69ca6..7404cde 100644 --- a/Dbal/MutableAclProvider.php +++ b/Dbal/MutableAclProvider.php @@ -839,9 +839,7 @@ private function updateNewFieldAceProperty($name, array $changes) $sids = new \SplObjectStorage(); $classIds = new \SplObjectStorage(); foreach ($changes[1] as $field => $new) { - for ($i = 0, $c = \count($new); $i < $c; ++$i) { - $ace = $new[$i]; - + foreach ($new as $i => $ace) { if (null === $ace->getId()) { if ($sids->contains($ace->getSecurityIdentity())) { $sid = $sids->offsetGet($ace->getSecurityIdentity()); @@ -879,9 +877,7 @@ private function updateOldFieldAceProperty($name, array $changes) { $currentIds = []; foreach ($changes[1] as $field => $new) { - for ($i = 0, $c = \count($new); $i < $c; ++$i) { - $ace = $new[$i]; - + foreach($new as $ace) { if (null !== $ace->getId()) { $currentIds[$ace->getId()] = true; } @@ -889,9 +885,7 @@ private function updateOldFieldAceProperty($name, array $changes) } foreach ($changes[0] as $old) { - for ($i = 0, $c = \count($old); $i < $c; ++$i) { - $ace = $old[$i]; - + foreach($old as $ace) { if (!isset($currentIds[$ace->getId()])) { $this->connection->executeStatement($this->getDeleteAccessControlEntrySql($ace->getId())); unset($this->loadedAces[$ace->getId()]); @@ -911,8 +905,7 @@ private function updateNewAceProperty($name, array $changes) $sids = new \SplObjectStorage(); $classIds = new \SplObjectStorage(); - for ($i = 0, $c = \count($new); $i < $c; ++$i) { - $ace = $new[$i]; + foreach ($new as $i => $ace) { if (null === $ace->getId()) { if ($sids->contains($ace->getSecurityIdentity())) { @@ -951,17 +944,13 @@ private function updateOldAceProperty($name, array $changes) [$old, $new] = $changes; $currentIds = []; - for ($i = 0, $c = \count($new); $i < $c; ++$i) { - $ace = $new[$i]; - + foreach ($new as $ace) { if (null !== $ace->getId()) { $currentIds[$ace->getId()] = true; } } - for ($i = 0, $c = \count($old); $i < $c; ++$i) { - $ace = $old[$i]; - + foreach($old as $ace) { if (!isset($currentIds[$ace->getId()])) { $this->connection->executeStatement($this->getDeleteAccessControlEntrySql($ace->getId())); unset($this->loadedAces[$ace->getId()]);