Git Product home page Git Product logo

mongodbaclbundle's People

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar avatar avatar avatar

Forkers

mdrollette dao spike008t newbridgegreen alextesteo skv-headless kukulili-labs labs-scnm evertharmeling lexwolfy narretz arrobeusa jvandesande monbro cordoval notrix iampersistent cobrowser netvlies alex-85 joaoalves89 pwalkow bravehurts2 pipo02mix mipnamic medhadj mywebcom hatemben

mongodbaclbundle's Issues

composer.json and last mongodb bundle version error

The last version of mongodb has no alias anymore (1.0.x-dev), so composer update doesn't work with last version. Since there is already 3 forks about this issue, can you please fix this ?

Thank you in advance.

No error is thrown if collections dont exist

I had the issue, that I am using the ACL model for my functional tests as well.

As I had not initialised both collections (inside my test database), it was accepting creating masks any way. It should throw here some error, that would be way better.

ACEs are not deleted when deleting ACL on Class (not instance object)

Hi, first of all, thanks a lot for your work on this bundle which is precious!

Still, I'm experiencing an issue with ACL and ACEs applied on Class.

When I'm deleting an ACL applied on a Class (not an instance object), I expect it to delete each linked ACEs from it. But, apparently, it doesn't work.
After some searches, I found that in MongoDB, the Document created inside "acl_entry" Collection has a field called "class" with my Class namespace. That's cool.

But since there's no reference to the Object Identity Document (registered in the "acl_oid" Collection) inside any of the ACE Document fields (from "acl_entry" Collection), when I try to call deleteAcl() method from the ACL Provider, I expect it to delete the ACL, the Object Identity and all of its ACEs.

Instead, it deletes the Object Identity perfectly, BUT finds no reference to this Object Identity in the ACEs list (since it's just a string field called "class"), and thus, all of its ACEs are still registered in the Database after the deletion.

Can you explain to me the correct way to achieve a cascading deletion directly by deleting the ACL?

After trying to find out why this behavior happens, I found this line in your code (file IamPersistent\MongoDBAclBundle\Security\Acl\MutableAclProvider, line 461) returning NULL when $name === "classAces".

Is it the explanation?

Undefined index: ancestors

When some documents are removed, I've got this notice:

Notice: Undefined index: ancestors in /blablabla/vendor/iampersistent/mongodb-acl-bundle/IamPersistent/MongoDBAclBundle/Security/Acl/MutableAclProvider.php line 81

I can't really say when exactly this exception is thrown, sometimes it works well, sometimes not. This happend for different documents.

Choosing the mongoId for the UserSecurityIdentity

When it comes to the case, that a user wants to change his username / email address, all the previous granted permissions gonna be lost.

Wouldnt it be nice to allow a selection between the username / email and MongoId of the user document?

How can I retrieve class acl for a object not persisted yet

I am trying to check if an user can create a specify object, doing something like that

$aclManager->isGranted(BasicPermissionMap::PERMISSION_CREATE, $document)

Under hood Acl manager is calling Acl voter to check the grant. And this Acl voter is calling Acl provider to guess all acl attached to this document.

//$oid is the $document
$acl = $this->aclProvider->findAcl($oid, $sids);

This bundle is looking for the object identity in 'lookupObjectIdentities' method

// FIXME: add support for filtering by sids (right now we select all sids)
$objIdentities = $this->getObjectIdentities($batch);
if (!$objIdentities->hasNext()) {
    throw new AclNotFoundException('There is no ACL for the given object identity.');
}

Inside 'getObjectIdentities' Acl provider get all oids related with this object, and in our case this is empty, because this object is new and there is not any oid persisted. My expectation is after that is checking class aces to look if there is an acl allowing to create this object but the exception thrown because not oids were found do not allow continue the process. Acl voter is catching this exception and returning denied (without check CREATE mask in class level).

} catch (AclNotFoundException $noAcl) {
    if (null !== $this->logger) {
        $this->logger->debug('No ACL found for the object identity. Voting to deny access.');
    }
    return self::ACCESS_DENIED;
}

What I expect is that Acl provider would return the acl I have set for the class of this document. Is wrong my approach?

This is my class acl for the $document I want to get permissions.

{
  "_id" : "5566edd02f19945b638b4576",
  "aceOrder" : 0,
  "securityIdentity" : {
      "username" : "beheerders_jopie_5566edd0b1b1b",
      "class" : "Cobrowser\\PersistenceBundle\\Document\\UserGroup"
  },
  "mask" : 2,
  "granting" : true,
  "grantingStrategy" : "all",
  "auditSuccess" : false,
  "auditFailure" : false,
  "class" : "Cobrowser\\PersistenceBundle\\Document\\User"
}

Thanks in advance

Deviation: classAce not connected to object identity

Using MongoDB, $acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER); etc. results in an acl_entity that is disconnected from the class object identity. Result is, that the aclProvider does not get the classAces if you pass an $object to ->isGranted.

Using ->insertobjectAce, the reference to the oid is saved in the ace. Missing altogether is a way to identify an ace as being of type class.

Using mysql, this is done by setting object_identity_id to NULL, and I guess the reference is then established with the class_id (type in MongoDB).

Mongodbacl deviation

deleteAcl() method of IamPersistent\MongoDBAclBundle\Security\Acl\MutableAclProvider does not work completely well

IamPersistent\MongoDBAclBundle\Security\Acl\MutableAclProvider::deleteAcl($objectIdentity) removes all object identities related with deleting ACL from acl_oid collection, but does not remove entries from acl_entry.

I wanted to write a function that rebuild my applications ACLs for chosen entities. (So delete all object and class-scope ACL entries, and insert a new ones). Here is my test code:

$entities = $entityRepo->findAll();
        foreach($entities as $entityObject)
        {
            $objectIdentity = ObjectIdentity::fromDomainObject($entityObject);

            $aclProvider->deleteAcl($objectIdentity); // delete
            $objectAcl = $aclProvider->createAcl($objectIdentity); // create new

            $user = $entityObject->getUser();
            $userIdentity = UserSecurityIdentity::fromAccount($user);

            // privs for Author
            $objectAcl->insertObjectAce($userIdentity, MaskBuilder::MASK_OPERATOR);

            $aclProvider->updateAcl($objectAcl);
        }

I've cleared manually both mongo collections and run the function. That is the result:

{ "_id" : ObjectId("52a48450ac8678dd1a000001"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000000")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000003"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000002")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000005"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000004")) }
> db.acl_oid.find()
{ "_id" : ObjectId("52a48450ac8678dd1a000000"), "identifier" : "52a09c2aac8678fb06000000", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
{ "_id" : ObjectId("52a48450ac8678dd1a000002"), "identifier" : "52a09e3bac8678be70000000", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
{ "_id" : ObjectId("52a48450ac8678dd1a000004"), "identifier" : "52a09ed0ac86788d74000003", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }

So everything was fine. Three identity objects, three entries.

But after second call of the function:

> db.acl_entry.find().length()
6
> db.acl_oid.find().length()
3

> db.acl_entry.find()
{ "_id" : ObjectId("52a48450ac8678dd1a000001"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000000")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000003"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000002")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000005"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000004")) }
{ "_id" : ObjectId("52a48494ac8678f01a000001"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48494ac8678f01a000000")) }
{ "_id" : ObjectId("52a48494ac8678f01a000003"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48494ac8678f01a000002")) }
{ "_id" : ObjectId("52a48494ac8678f01a000005"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48494ac8678f01a000004")) }
> db.acl_oid.find()
{ "_id" : ObjectId("52a48494ac8678f01a000000"), "identifier" : "52a09c2aac8678fb06000000", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
{ "_id" : ObjectId("52a48494ac8678f01a000002"), "identifier" : "52a09e3bac8678be70000000", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
{ "_id" : ObjectId("52a48494ac8678f01a000004"), "identifier" : "52a09ed0ac86788d74000003", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }


> db.acl_entry.find()
{ "_id" : ObjectId("52a48450ac8678dd1a000001"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000000")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000003"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000002")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000005"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000004")) }
{ "_id" : ObjectId("52a48494ac8678f01a000001"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48494ac8678f01a000000")) }
{ "_id" : ObjectId("52a48494ac8678f01a000003"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48494ac8678f01a000002")) }
{ "_id" : ObjectId("52a48494ac8678f01a000005"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48494ac8678f01a000004")) }
> db.acl_oid.find()
{ "_id" : ObjectId("52a48494ac8678f01a000000"), "identifier" : "52a09c2aac8678fb06000000", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
{ "_id" : ObjectId("52a48494ac8678f01a000002"), "identifier" : "52a09e3bac8678be70000000", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
{ "_id" : ObjectId("52a48494ac8678f01a000004"), "identifier" : "52a09ed0ac86788d74000003", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }

There was 6 entries and 3 objects. So there were left 3 acl-entries which are pointing on not-existing acl-identities:

{ "_id" : ObjectId("52a48450ac8678dd1a000001"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000000")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000003"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000002")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000005"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000004")) }

I think this is a bug, but I can be wrong. So please tell me if I'm doing something wrong.

Not compatible with Symfony 2.3 when running composer update

When updating to symfony 2.3 I got the following error message for this bundle:

- Installation request for iampersistent/mongodb-acl-bundle dev-master -> satisfiable by iampersistent/mongodb-acl-bundle[dev-master].
- Conclusion: remove symfony/symfony v2.3.0
- iampersistent/mongodb-acl-bundle dev-master requires symfony/security >=2.1-dev,<2.3-dev -> satisfiable by symfony/symfony[v2.1.0, v2.1.1, v2.1.10, v2.1.11, v2.1.2, v2.1.3, v2.1.4, v2.1.5, v2.1.6, v2.1.7, v2.1.8, v2.1.9, v2.2.0, v2.2.1, v2.2.2], symfony/security[v2.1.0, v2.1.1, v2.1.10, v2.1.11, v2.1.2, v2.1.3, v2.1.4, v2.1.5, v2.1.6, v2.1.7, v2.1.8, v2.1.9, v2.2.0, v2.2.1, v2.2.2].

Can not call init method from outside

It would be nice to keep the acl init process more modularised. So that you can call the command "init:acl:mongodb" as a simple method from outside. It would be already helpful, if the codeblock inside IamPersistent\MongoDBAclBundle\Command\InitAclMongoDBCommand::execute() would live in its own function without any parameter. So you could easily create an instance of it, set the container and execute the init function.

Maintance? Symfony ~3.0

Hi,

Is this bundle still maintained?
If so is there possibility to raise the version for symfony to ~3.0 in composer.json?

Cheers!

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.