Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
fixes #1538#1673
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
fixes #1538#1673
Uh oh!
There was an error while loading.Please reload this page.
Conversation
Commits-------26ff05bfixes#1538Discussion----------fixes#1538Constructor of Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity--------------------------------------------------------------------------------------------------------currently it check if the argument is instance of Symfony\Component\Security\Core\Role\Role by``if ($role instanceof Role)``Maybe it should be changed to``if ($role instanceof RoleInterface)``Because if we use another Role class which implements RoleInterfaceit dosen't work when we check access, it will throw a *NoAceFoundException* when vote
mltrx commentedSep 6, 2011
Oh, why it was reverted? Mistake? |
jalliot commentedSep 6, 2011
@halmit Because@schmittjoh said it introduced a security vulnerability (but never said what) |
mltrx commentedSep 6, 2011
For now im extending my Role class with Symfony\Component\Security\Core\Role\Role instead of raw implementing RoleInterface (i need that fix otherwise). Im not using private parent "role" field at all, so extending with Symfony Role class doesn't have any sense. I have own private field called "name". |
The documentation seems to assume the implementation present in commitsymfony/symfony#1673, which reverted soon after dueto a potential, but undisclosed security hole (citation@schmittjoh insymfony/symfony@af70ac8).This incorrect documentation has likely been the source of manyof the following issues:*symfony/symfony#1538 - [ACL RoleSecurityIdentity] check if instance of Role*symfony/symfony#1748 - Replace Role to RoleInterface for RoleSecurityIdentity*symfony/symfony#4309 - Issue related to custom group (role) and ACL/ACE*symfony/symfony#5026 - potential bug in Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity*symfony/symfony#5076 - [Acl] altered the behaviour of RoleSecurityIdentity*symfony/symfony#5171 - Fix/role security identity*symfony/symfony#5303 - [Security] Check for RoleInterface instead of Role object in RoleSecurityIdentity*symfony/symfony#5909 - Allow Custom Roles to implement the RoleInterface*symfony/symfony#6012 - Securityidentity fix
Constructor of Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity
currently it check if the argument is instance of Symfony\Component\Security\Core\Role\Role by
if ($role instanceof Role)Maybe it should be changed to
if ($role instanceof RoleInterface)Because if we use another Role class which implements RoleInterface
it dosen't work when we check access, it will throw aNoAceFoundException when vote