Domain Object exception when trying to put oro code into "/admin" prefix about platform HOT 12 CLOSED

You need to add prefix: /admin to oro_default in your routing file. Change pattern back to just / and clear cache and you should be good to go. You might also want to remove the prefix in oro_auto_routing.

oro_default:
    pattern:  /
    prefix: /admin
    defaults:
        _controller: OroDashboardBundle:Dashboard:index

from platform.

Hi Knoxguru, thanks for getting back to me. If I remove the prefix from oro_auto_routing then the only item in the admin prefix will be the dashboard. I want the entire oro application behind the prefix admin.

from platform.

For routing the entire app to a subfolder the only change you need to make should be to add the 'prefix: /subdolder' to oro_default in your routing.yml file. All other changes you made are unnecessary and should be rolled back.

you can use this command from application root to debug you routing issues:

php app/console router:debug oro_default

Why not just use a symlink or alias to your web folder named admin in your http root?

from platform.

I am not trying to put it in a subfolder, I am just trying to add a prefix to all oro routes. Surely the fact that adding the prefix causes this error to occur is an issue. A prefix is a valid addition to a route so why does it break the application?

from platform.

What is your web root for your installation (ie http://localhost/web/root)?
in your security.yml remove the references to /admin that you added. Add the prefix to oro_default. You can leave the prefix in oro_auto_routing as I don't think it has an effect (at least it didn't for me when I tested).

I'm not totally convinced this is an issue with routes at all but rather your object or a config problem with your firewall. The error you are giving is pretty simple, it expects a getId() method in the object to be present and it is not. Please provide more info as to what you are trying to accomplish and are you using any outside libraries?

from platform.

My web root is just web. So http://localhost/web/app_dev.php works fine. What I want is to be able to run

http://localhost/web/app_dev.php/admin/user/login
or
http://localhost/web/app_dev.php/admin/user

rather than

http://localhost/web/app_dev.php/user/login
or
http://localhost/web/app_dev.php/user

if you have a bundle and it is pointed to in routing.yml then you can just add any prefix you like to the section in routing.yml to make that entire set routes from the bundle have the prefix. This is what I want to do.

My config is from the platform application unchanged and the only third party dependency is phpunit currently.

Are you saying that by copying my routing and security changes from above you cannot replicate the error?

This error is produced by the oro acl extension being passed a request object by the firewall access listener but unlike symfony's acl voter which abstains or grants permission if the object is not a domain object, the oro extension just throws an exception.

Symfony's way:
https://github.com/symfony/Security/blob/master/Acl/Domain/ObjectIdentityRetrievalStrategy.php
See how they catch the domain object error and return null. Then if null, they grant or abstain:
https://github.com/symfony/Security/blob/master/Acl/Voter/AclVoter.php#L76

Oro's way:
https://github.com/orocrm/platform/blob/master/src/Oro/Bundle/SecurityBundle/Acl/Extension/AclExtensionSelector.php#L84
The object is not a domain object but a request object so objectIdAccessor->getId will throw an exception:
https://github.com/orocrm/platform/blob/master/src/Oro/Bundle/SecurityBundle/Acl/Domain/ObjectIdAccessor.php#L27

I don't think I have read that wrong

from platform.

I should also add that my way of updating the routing works if there is no access control list. So prefix: /admin on the oro router makes the oro application run with the url prefix /admin. This whole issue is introduced by the access control list causing the firewall to request a vote on access which does not work in the oro security bundle for request objects

from platform.

@LRotherfield thanks for highlighting this issue. We are going to work on support of different routing configuration per environment (administration routs to be separated from application routs as one use case) and will fix this issue as well.

from platform.

Thank you all. Fix for this will be included in our nearest release.

from platform.

Could you please reference where the fix for that was actually done?

from platform.

Hi @Chrisissorry

Yesterday i tried to set my application to /admin prefix on version 1.10.18. That is what I did. The application works without any issues.

from platform.

@mkudelya Yeah, I was actually looking for the commit where this was fixed. It is this one 6cea004. We are struggling with the issue in #618 and it seems like the changes of above commit got lost during a set of refactorings.

from platform.