zerodine / mongodbaclbundle Goto Github PK
View Code? Open in Web Editor NEWThis bundle allows the use of MongoDB as the storage layer for the Symfony ACLs component.
This bundle allows the use of MongoDB as the storage layer for the Symfony ACLs component.
Has:
$query = array(
"parent" => $parentId,
);
need:
$query = array(
"parent._id" => $parentId,
);
Mongo 3.4
The last version of mongodb has no alias anymore (1.0.x-dev), so composer update doesn't work with last version. Since there is already 3 forks about this issue, can you please fix this ?
Thank you in advance.
When it comes to the case, that a user wants to change his username / email address, all the previous granted permissions gonna be lost.
Wouldnt it be nice to allow a selection between the username / email and MongoId of the user document?
When some documents are removed, I've got this notice:
Notice: Undefined index: ancestors in /blablabla/vendor/iampersistent/mongodb-acl-bundle/IamPersistent/MongoDBAclBundle/Security/Acl/MutableAclProvider.php line 81
I can't really say when exactly this exception is thrown, sometimes it works well, sometimes not. This happend for different documents.
Using MongoDB, $acl->insertClassAce($securityIdentity, MaskBuilder::MASK_OWNER);
etc. results in an acl_entity that is disconnected from the class object identity. Result is, that the aclProvider does not get the classAces if you pass an $object to ->isGranted.
Using ->insertobjectAce, the reference to the oid is saved in the ace. Missing altogether is a way to identify an ace as being of type class.
Using mysql, this is done by setting object_identity_id to NULL, and I guess the reference is then established with the class_id (type in MongoDB).
Hi,
Do you mind to support this bundle and update to working with future versions of symfony?
It would be nice to keep the acl init process more modularised. So that you can call the command "init:acl:mongodb" as a simple method from outside. It would be already helpful, if the codeblock inside IamPersistent\MongoDBAclBundle\Command\InitAclMongoDBCommand::execute() would live in its own function without any parameter. So you could easily create an instance of it, set the container and execute the init function.
IamPersistent\MongoDBAclBundle\Security\Acl\MutableAclProvider::deleteAcl($objectIdentity) removes all object identities related with deleting ACL from acl_oid collection, but does not remove entries from acl_entry.
I wanted to write a function that rebuild my applications ACLs for chosen entities. (So delete all object and class-scope ACL entries, and insert a new ones). Here is my test code:
$entities = $entityRepo->findAll();
foreach($entities as $entityObject)
{
$objectIdentity = ObjectIdentity::fromDomainObject($entityObject);
$aclProvider->deleteAcl($objectIdentity); // delete
$objectAcl = $aclProvider->createAcl($objectIdentity); // create new
$user = $entityObject->getUser();
$userIdentity = UserSecurityIdentity::fromAccount($user);
// privs for Author
$objectAcl->insertObjectAce($userIdentity, MaskBuilder::MASK_OPERATOR);
$aclProvider->updateAcl($objectAcl);
}
I've cleared manually both mongo collections and run the function. That is the result:
{ "_id" : ObjectId("52a48450ac8678dd1a000001"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000000")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000003"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000002")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000005"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000004")) }
> db.acl_oid.find()
{ "_id" : ObjectId("52a48450ac8678dd1a000000"), "identifier" : "52a09c2aac8678fb06000000", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
{ "_id" : ObjectId("52a48450ac8678dd1a000002"), "identifier" : "52a09e3bac8678be70000000", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
{ "_id" : ObjectId("52a48450ac8678dd1a000004"), "identifier" : "52a09ed0ac86788d74000003", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
So everything was fine. Three identity objects, three entries.
But after second call of the function:
> db.acl_entry.find().length()
6
> db.acl_oid.find().length()
3
> db.acl_entry.find()
{ "_id" : ObjectId("52a48450ac8678dd1a000001"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000000")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000003"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000002")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000005"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000004")) }
{ "_id" : ObjectId("52a48494ac8678f01a000001"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48494ac8678f01a000000")) }
{ "_id" : ObjectId("52a48494ac8678f01a000003"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48494ac8678f01a000002")) }
{ "_id" : ObjectId("52a48494ac8678f01a000005"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48494ac8678f01a000004")) }
> db.acl_oid.find()
{ "_id" : ObjectId("52a48494ac8678f01a000000"), "identifier" : "52a09c2aac8678fb06000000", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
{ "_id" : ObjectId("52a48494ac8678f01a000002"), "identifier" : "52a09e3bac8678be70000000", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
{ "_id" : ObjectId("52a48494ac8678f01a000004"), "identifier" : "52a09ed0ac86788d74000003", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
> db.acl_entry.find()
{ "_id" : ObjectId("52a48450ac8678dd1a000001"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000000")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000003"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000002")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000005"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000004")) }
{ "_id" : ObjectId("52a48494ac8678f01a000001"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48494ac8678f01a000000")) }
{ "_id" : ObjectId("52a48494ac8678f01a000003"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48494ac8678f01a000002")) }
{ "_id" : ObjectId("52a48494ac8678f01a000005"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48494ac8678f01a000004")) }
> db.acl_oid.find()
{ "_id" : ObjectId("52a48494ac8678f01a000000"), "identifier" : "52a09c2aac8678fb06000000", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
{ "_id" : ObjectId("52a48494ac8678f01a000002"), "identifier" : "52a09e3bac8678be70000000", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
{ "_id" : ObjectId("52a48494ac8678f01a000004"), "identifier" : "52a09ed0ac86788d74000003", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
There was 6 entries and 3 objects. So there were left 3 acl-entries which are pointing on not-existing acl-identities:
{ "_id" : ObjectId("52a48450ac8678dd1a000001"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000000")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000003"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000002")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000005"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000004")) }
I think this is a bug, but I can be wrong. So please tell me if I'm doing something wrong.
Hi,
Is this bundle still maintained?
If so is there possibility to raise the version for symfony to ~3.0 in composer.json?
Cheers!
When updating to symfony 2.3 I got the following error message for this bundle:
- Installation request for iampersistent/mongodb-acl-bundle dev-master -> satisfiable by iampersistent/mongodb-acl-bundle[dev-master].
- Conclusion: remove symfony/symfony v2.3.0
- iampersistent/mongodb-acl-bundle dev-master requires symfony/security >=2.1-dev,<2.3-dev -> satisfiable by symfony/symfony[v2.1.0, v2.1.1, v2.1.10, v2.1.11, v2.1.2, v2.1.3, v2.1.4, v2.1.5, v2.1.6, v2.1.7, v2.1.8, v2.1.9, v2.2.0, v2.2.1, v2.2.2], symfony/security[v2.1.0, v2.1.1, v2.1.10, v2.1.11, v2.1.2, v2.1.3, v2.1.4, v2.1.5, v2.1.6, v2.1.7, v2.1.8, v2.1.9, v2.2.0, v2.2.1, v2.2.2].
I had the issue, that I am using the ACL model for my functional tests as well.
As I had not initialised both collections (inside my test database), it was accepting creating masks any way. It should throw here some error, that would be way better.
2.1 will be on the master branch all 2.0 work will continue on the 2.0 branch
Hi, first of all, thanks a lot for your work on this bundle which is precious!
Still, I'm experiencing an issue with ACL and ACEs applied on Class.
When I'm deleting an ACL applied on a Class (not an instance object), I expect it to delete each linked ACEs from it. But, apparently, it doesn't work.
After some searches, I found that in MongoDB, the Document created inside "acl_entry" Collection has a field called "class" with my Class namespace. That's cool.
But since there's no reference to the Object Identity Document (registered in the "acl_oid" Collection) inside any of the ACE Document fields (from "acl_entry" Collection), when I try to call deleteAcl() method from the ACL Provider, I expect it to delete the ACL, the Object Identity and all of its ACEs.
Instead, it deletes the Object Identity perfectly, BUT finds no reference to this Object Identity in the ACEs list (since it's just a string field called "class"), and thus, all of its ACEs are still registered in the Database after the deletion.
Can you explain to me the correct way to achieve a cascading deletion directly by deleting the ACL?
After trying to find out why this behavior happens, I found this line in your code (file IamPersistent\MongoDBAclBundle\Security\Acl\MutableAclProvider
, line 461
) returning NULL when $name === "classAces".
Is it the explanation?
I am trying to check if an user can create a specify object, doing something like that
$aclManager->isGranted(BasicPermissionMap::PERMISSION_CREATE, $document)
Under hood Acl manager is calling Acl voter to check the grant. And this Acl voter is calling Acl provider to guess all acl attached to this document.
//$oid is the $document
$acl = $this->aclProvider->findAcl($oid, $sids);
This bundle is looking for the object identity in 'lookupObjectIdentities' method
// FIXME: add support for filtering by sids (right now we select all sids)
$objIdentities = $this->getObjectIdentities($batch);
if (!$objIdentities->hasNext()) {
throw new AclNotFoundException('There is no ACL for the given object identity.');
}
Inside 'getObjectIdentities' Acl provider get all oids related with this object, and in our case this is empty, because this object is new and there is not any oid persisted. My expectation is after that is checking class aces to look if there is an acl allowing to create this object but the exception thrown because not oids were found do not allow continue the process. Acl voter is catching this exception and returning denied (without check CREATE mask in class level).
} catch (AclNotFoundException $noAcl) {
if (null !== $this->logger) {
$this->logger->debug('No ACL found for the object identity. Voting to deny access.');
}
return self::ACCESS_DENIED;
}
What I expect is that Acl provider would return the acl I have set for the class of this document. Is wrong my approach?
This is my class acl for the $document I want to get permissions.
{
"_id" : "5566edd02f19945b638b4576",
"aceOrder" : 0,
"securityIdentity" : {
"username" : "beheerders_jopie_5566edd0b1b1b",
"class" : "Cobrowser\\PersistenceBundle\\Document\\UserGroup"
},
"mask" : 2,
"granting" : true,
"grantingStrategy" : "all",
"auditSuccess" : false,
"auditFailure" : false,
"class" : "Cobrowser\\PersistenceBundle\\Document\\User"
}
Thanks in advance
If acl caching is enabled, acl provider is calling $this->updateAceIdentityMap($acl) on results from cache, bus this method is only implemented in Symfony ORM AclProvider implementation.
To reproduce bug just enable DoctrineAclCache and double check for same permissions.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.