Commitb74593c

committed

Merge branch '2.8'

* 2.8: Fix broken link in security chapter Add version 2.8 to the release roadmap bug#5162 Fix misplelled XliffFileLoader class in the Using Domains (Nicola Pietroluongo) Fix misplelled XliffFileLoader class in the Using Message Domains example Removing a section about Roles that I think has no real use-case add missing security advisories Fix misplelled XliffFileLoader class in the Using Message Domains example Use correct Session namespace

2 parents2e86186 +93ecd0a commitb74593cCopy full SHA for b74593c

File tree

6 files changed

+13

-213

lines changed

book
- internals.rst
- security.rst
components/translation
- introduction.rst
contributing
- code
  - security.rst
- community
  - releases.rst
cookbook/security
- entity_provider.rst

6 files changed

+13

-213

lines changed

`‎book/internals.rst`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -40,8 +40,8 @@ variables:`
`40`	`40`	* The:class:`Symfony\\Component\\HttpFoundation\\Response` class abstracts
`41`	`41`	some PHP functions like ``header()``, ``setcookie()``, and ``echo``;
`42`	`42`
`43`		-* The:class:`Symfony\\Component\\HttpFoundation\\Session` class and
`44`		-:class:`Symfony\\Component\\HttpFoundation\\SessionStorage\\SessionStorageInterface`
	`43`	+* The:class:`Symfony\\Component\\HttpFoundation\\Session\\Session` class and
	`44`	+:class:`Symfony\\Component\\HttpFoundation\\Session\\Storage\\SessionStorageInterface`
`45`	`45`	interface abstract session management ``session_*()`` functions.
`46`	`46`
`47`	`47`	`..note::`

`‎book/security.rst`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
@@ -1069,7 +1069,7 @@ the User object, and use the ``isGranted`` method (or
`1069`	`1069`	`Retrieving the User in a Template`
`1070`	`1070`	`~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
`1071`	`1071`
`1072`		-In a Twig Template this object can be accessed via the `app.user<reference-twig-global-app>`_
	`1072`	+In a Twig Template this object can be accessed via the:ref:`app.user<reference-twig-global-app>`
`1073`	`1073`	`key:`
`1074`	`1074`
`1075`	`1075`	`..configuration-block::`

`‎components/translation/introduction.rst`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -186,7 +186,7 @@ organization, translations were split into three different domains:`
`186`	`186`	`loaded like this::`
`187`	`187`
`188`	`188`	`// ...`
`189`		`- $translator->addLoader('xliff', newXliffLoader());`
	`189`	`+ $translator->addLoader('xliff', newXliffFileLoader());`
`190`	`190`
`191`	`191`	`$translator->addResource('xliff', 'messages.fr.xliff', 'fr_FR');`
`192`	`192`	`$translator->addResource('xliff', 'admin.fr.xliff', 'fr_FR', 'admin');`

`‎contributing/code/security.rst`

Lines changed: 6 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -103,6 +103,12 @@ Security Advisories`
`103`	`103`	`This section indexes security vulnerabilities that were fixed in Symfony`
`104`	`104`	`releases, starting from Symfony 1.0.0:`
`105`	`105`
	`106`	+* April 1, 2015: `CVE-2015-2309: Unsafe methods in the Request class<http://symfony.com/blog/cve-2015-2309-unsafe-methods-in-the-request-class>`_ (Symfony 2.3.27, 2.5.11 and 2.6.6)
	`107`	+* April 1, 2015: `CVE-2015-2308: Esi Code Injection<http://symfony.com/blog/cve-2015-2308-esi-code-injection>`_ (Symfony 2.3.27, 2.5.11 and 2.6.6)
	`108`	+* September 3, 2014: `CVE-2014-6072: CSRF vulnerability in the Web Profiler<http://symfony.com/blog/cve-2014-6072-csrf-vulnerability-in-the-web-profiler>`_ (Symfony 2.3.19, 2.4.9 and 2.5.4)
	`109`	+* September 3, 2014: `CVE-2014-6061: Security issue when parsing the Authorization header<http://symfony.com/blog/cve-2014-6061-security-issue-when-parsing-the-authorization-header>`_ (Symfony 2.3.19, 2.4.9 and 2.5.4)
	`110`	+* September 3, 2014: `CVE-2014-5245: Direct access of ESI URLs behind a trusted proxy<http://symfony.com/blog/cve-2014-5245-direct-access-of-esi-urls-behind-a-trusted-proxy>`_ (Symfony 2.3.19, 2.4.9 and 2.5.4)
	`111`	+* September 3, 2014: `CVE-2014-5244: Denial of service with a malicious HTTP Host header<http://symfony.com/blog/cve-2014-5244-denial-of-service-with-a-malicious-http-host-header>`_ (Symfony 2.3.19, 2.4.9 and 2.5.4)
`106`	`112`	* July 15, 2014: `Security releases: Symfony 2.3.18, 2.4.8, and 2.5.2 released<http://symfony.com/blog/security-releases-cve-2014-4931-symfony-2-3-18-2-4-8-and-2-5-2-released>`_ (`CVE-2014-4931<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-4931>`_)
`107`	`113`	* October 10, 2013: `Security releases: Symfony 2.0.25, 2.1.13, 2.2.9, and 2.3.6 released<http://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released>`_ (`CVE-2013-5958<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-5958>`_)
`108`	`114`	* August 7, 2013: `Security releases: Symfony 2.0.24, 2.1.12, 2.2.5, and 2.3.3 released<http://symfony.com/blog/security-releases-symfony-2-0-24-2-1-12-2-2-5-and-2-3-3-released>`_ (`CVE-2013-4751<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4751>`_ and `CVE-2013-4752<http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4752>`_)

`‎contributing/community/releases.rst`

Lines changed: 3 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -98,7 +98,8 @@ Version Feature Freeze Release End of Maintenance End of Life`
`98`	`98`	`2.4 09/2013 11/2013 09/2014 (10 months [1]_) 01/2015`
`99`	`99`	`2.5 03/2014 05/2014 01/2015 (8 months) 07/2015`
`100`	`100`	`2.6 09/2014 11/2014 07/2015 (8 months) 01/2016`
`101`		`-2.7 03/2015 05/2015 05/2018 (36 months [2]_) 05/2019`
	`101`	`+2.7 03/2015 05/2015 05/2018 (36 months) 05/2019`
	`102`	`+2.8 09/2015 11/2015 11/2018 (36 months [2]_) 11/2019`
`102`	`103`	`3.0 09/2015 11/2015 07/2016 (8 months) 01/2017`
`103`	`104`	`3.1 03/2016 05/2016 01/2017 (8 months) 07/2017`
`104`	`105`	`3.2 09/2016 11/2016 07/2017 (8 months) 01/2018`
`@@ -107,7 +108,7 @@ Version Feature Freeze Release End of Maintenance End of Life`
`107`	`108`	`======= ============== ======= ======================== ===========`
`108`	`109`
`109`	`110`	.. [1]Symfony 2.4 maintenance has been `extended to September 2014`_.
`110`		`-.. [2]Symfony 2.7 is the last version of the Symfony 2.x branch.`
	`111`	`+.. [2]Symfony 2.8 is the last version of the Symfony 2.x branch.`
`111`	`112`
`112`	`113`	`..tip::`
`113`	`114`

`‎cookbook/security/entity_provider.rst`

Lines changed: 0 additions & 207 deletions

Original file line number	Diff line number	Diff line change
`@@ -525,213 +525,6 @@ This tells Symfony to not query automatically for the User. Instead, when`
`525`	`525`	someone logs in, the ``loadUserByUsername()`` method on ``UserRepository``
`526`	`526`	`will be called.`
`527`	`527`
`528`		`-Managing Roles in the Database`
`529`		`-------------------------------`
`530`		`-`
`531`		`-The end of this tutorial focuses on how to store and retrieve a list of roles`
`532`		`-from the database. As mentioned previously, when your user is loaded, its`
`533`		-``getRoles()`` method returns the array of security roles that should be
`534`		`-assigned to the user. You can load this data from anywhere - a hardcoded`
`535`		-list used for all users (e.g. ``array('ROLE_USER')``), a Doctrine array
`536`		-property called ``roles``, or via a Doctrine relationship, as you'll learn
`537`		`-about in this section.`
`538`		`-`
`539`		`-..caution::`
`540`		`-`
`541`		- In a typical setup, you should always return at least 1 role from the ``getRoles()``
`542`		- method. By convention, a role called ``ROLE_USER`` is usually returned.
`543`		`- If you fail to return any roles, it may appear as if your user isn't`
`544`		`- authenticated at all.`
`545`		`-`
`546`		`-..caution::`
`547`		`-`
`548`		`- In order to work with the security configuration examples on this page`
`549`		- all roles must be prefixed with ``ROLE_`` (see
`550`		- the:ref:`section about roles<book-security-roles>` in the book). For
`551`		- example, your roles will be ``ROLE_ADMIN`` or ``ROLE_USER`` instead of
`552`		- ``ADMIN`` or ``USER``.
`553`		`-`
`554`		-In this example, the ``AppBundle:User`` entity class defines a
`555`		-many-to-many relationship with a ``AppBundle:Role`` entity class.
`556`		`-A user can be related to several roles and a role can be composed of`
`557`		-one or more users. The previous ``getRoles()`` method now returns
`558`		-the list of related roles. Notice that ``__construct()`` and ``getRoles()``
`559`		`-methods have changed::`
`560`		`-`
`561`		`- // src/AppBundle/Entity/User.php`
`562`		`- namespace AppBundle\Entity;`
`563`		`-`
`564`		`- use Doctrine\Common\Collections\ArrayCollection;`
`565`		`- // ...`
`566`		`-`
`567`		`- class User implements AdvancedUserInterface, \Serializable`
`568`		`- {`
`569`		`- // ...`
`570`		`-`
`571`		`- /**`
`572`		`- * @ORM\ManyToMany(targetEntity="Role", inversedBy="users")`
`573`		`- *`
`574`		`- */`
`575`		`- private $roles;`
`576`		`-`
`577`		`- public function __construct()`
`578`		`- {`
`579`		`- $this->roles = new ArrayCollection();`
`580`		`- }`
`581`		`-`
`582`		`- public function getRoles()`
`583`		`- {`
`584`		`- return $this->roles->toArray();`
`585`		`- }`
`586`		`-`
`587`		`- // ...`
`588`		`-`
`589`		`- }`
`590`		`-`
`591`		-The ``AppBundle:Role`` entity class defines three fields (``id``,
`592`		-``name`` and ``role``). The unique ``role`` field contains the role name
`593`		-(e.g. ``ROLE_ADMIN``) used by the Symfony security layer to secure parts
`594`		`-of the application::`
`595`		`-`
`596`		`- // src/AppBundle/Entity/Role.php`
`597`		`- namespace AppBundle\Entity;`
`598`		`-`
`599`		`- use Symfony\Component\Security\Core\Role\RoleInterface;`
`600`		`- use Doctrine\Common\Collections\ArrayCollection;`
`601`		`- use Doctrine\ORM\Mapping as ORM;`
`602`		`-`
`603`		`- /**`
`604`		`- * @ORM\Table(name="app_role")`
`605`		`- * @ORM\Entity()`
`606`		`- */`
`607`		`- class Role implements RoleInterface`
`608`		`- {`
`609`		`- /**`
`610`		`- * @ORM\Column(name="id", type="integer")`
`611`		`- * @ORM\Id()`
`612`		`- * @ORM\GeneratedValue(strategy="AUTO")`
`613`		`- */`
`614`		`- private $id;`
`615`		`-`
`616`		`- /**`
`617`		`- * @ORM\Column(name="name", type="string", length=30)`
`618`		`- */`
`619`		`- private $name;`
`620`		`-`
`621`		`- /**`
`622`		`- * @ORM\Column(name="role", type="string", length=20, unique=true)`
`623`		`- */`
`624`		`- private $role;`
`625`		`-`
`626`		`- /**`
`627`		`- * @ORM\ManyToMany(targetEntity="User", mappedBy="roles")`
`628`		`- */`
`629`		`- private $users;`
`630`		`-`
`631`		`- public function __construct()`
`632`		`- {`
`633`		`- $this->users = new ArrayCollection();`
`634`		`- }`
`635`		`-`
`636`		`- /**`
`637`		`- * @see RoleInterface`
`638`		`- */`
`639`		`- public function getRole()`
`640`		`- {`
`641`		`- return $this->role;`
`642`		`- }`
`643`		`-`
`644`		`- // ... getters and setters for each property`
`645`		`- }`
`646`		`-`
`647`		`-For brevity, the getter and setter methods are hidden, but you can`
`648`		-:ref:`generate them<book-doctrine-generating-getters-and-setters>`:
`649`		`-`
`650`		`-..code-block::bash`
`651`		`-`
`652`		`- $ php app/console doctrine:generate:entities AppBundle/Entity/User`
`653`		`-`
`654`		`-Don't forget also to update your database schema:`
`655`		`-`
`656`		`-..code-block::bash`
`657`		`-`
`658`		`- $ php app/console doctrine:schema:update --force`
`659`		`-`
`660`		-This will create the ``app_role`` table and a ``user_role`` that stores
`661`		-the many-to-many relationship between ``app_user`` and ``app_role``. If
`662`		`-you had one user linked to one role, your database might look something like`
`663`		`-this:`
`664`		`-`
`665`		`-..code-block::bash`
`666`		`-`
`667`		`- $ mysql> SELECT* FROM app_role;`
`668`		`- +----+-------+------------+`
`669`		`-\| id\| name\| role\|`
`670`		`- +----+-------+------------+`
`671`		`-\| 1\| admin\| ROLE_ADMIN\|`
`672`		`- +----+-------+------------+`
`673`		`-`
`674`		`- $ mysql> SELECT* FROM user_role;`
`675`		`- +---------+---------+`
`676`		`-\| user_id\| role_id\|`
`677`		`- +---------+---------+`
`678`		`-\| 1\| 1\|`
`679`		`- +---------+---------+`
`680`		`-`
`681`		`-And that's it! When the user logs in, Symfony security system will call the`
`682`		-``User::getRoles`` method. This will return an array of ``Role`` objects
`683`		`-that Symfony will use to determine if the user should have access to certain`
`684`		`-parts of the system.`
`685`		`-`
`686`		`-..sidebar::What's the purpose of the RoleInterface?`
`687`		`-`
`688`		- Notice that the ``Role`` class implements
`689`		-:class:`Symfony\\Component\\Security\\Core\\Role\\RoleInterface`. This is
`690`		- because Symfony's security system requires that the ``User::getRoles`` method
`691`		`- returns an array of either role strings or objects that implement this interface.`
`692`		- If ``Role`` didn't implement this interface, then ``User::getRoles``
`693`		- would need to iterate over all the ``Role`` objects, call ``getRole``
`694`		`- on each, and create an array of strings to return. Both approaches are`
`695`		`- valid and equivalent.`
`696`		`-`
`697`		`-.. _cookbook-doctrine-entity-provider-role-db-schema:`
`698`		`-`
`699`		`-Improving Performance with a Join`
`700`		`-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~`
`701`		`-`
`702`		`-To improve performance and avoid lazy loading of roles when retrieving a user`
`703`		`-from the custom entity provider, you can use a Doctrine join to the roles`
`704`		-relationship in the ``UserRepository::loadUserByUsername()`` method. This will
`705`		`-fetch the user and their associated roles with a single query::`
`706`		`-`
`707`		`- // src/AppBundle/Entity/UserRepository.php`
`708`		`- namespace AppBundle\Entity;`
`709`		`-`
`710`		`- // ...`
`711`		`-`
`712`		`- class UserRepository extends EntityRepository implements UserProviderInterface`
`713`		`- {`
`714`		`- public function loadUserByUsername($username)`
`715`		`- {`
`716`		`- $q = $this`
`717`		`- ->createQueryBuilder('u')`
`718`		`- ->select('u, r')`
`719`		`- ->leftJoin('u.roles', 'r')`
`720`		`- ->where('u.username = :username OR u.email = :email')`
`721`		`- ->setParameter('username', $username)`
`722`		`- ->setParameter('email', $username)`
`723`		`- ->getQuery();`
`724`		`-`
`725`		`- // ...`
`726`		`- }`
`727`		`-`
`728`		`- // ...`
`729`		`- }`
`730`		`-`
`731`		-The ``QueryBuilder::leftJoin()`` method joins and fetches related roles from
`732`		-the ``AppBundle:User`` model class when a user is retrieved by their email
`733`		`-address or username.`
`734`		`-`
`735`	`528`	.. _`cookbook-security-serialize-equatable`:
`736`	`529`
`737`	`530`	`Understanding serialize and how a User is Saved in the Session`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commitb74593c

File tree

6 files changed

6 files changed

`‎book/internals.rst`

`‎book/security.rst`

`‎components/translation/introduction.rst`

`‎contributing/code/security.rst`

`‎contributing/community/releases.rst`

`‎cookbook/security/entity_provider.rst`

0 commit comments