Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Security] Allow overloading ContextListener::refreshUser() #10792

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 3, 2014
Merged

[Security] Allow overloading ContextListener::refreshUser() #10792

merged 1 commit into from
Jun 3, 2014

Conversation

lstrojny
Copy link
Contributor

Allow overloading refreshUser() for the use case of doing something special with user providers.

Q A
Bug fix? no
New feature? yes
BC breaks? no
Deprecations? no
Tests pass? yes
Fixed tickets n.A.
License MIT
Doc PR n.A.

stloyd
stloyd reviewed Apr 27, 2014
View reviewed changes
src/Symfony/Component/Security/Http/Firewall/ContextListener.php
@@ -138,11 +138,12 @@ public function onKernelResponse(FilterResponseEvent $event)
*
* @param TokenInterface $token
*
* @throws \RuntimeException
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is duplicate of line 143/144.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed, thanks

@stof
Copy link
Member

stof commented Apr 27, 2014

what is your use case ? We don't change the visibility from private to protected without a valid use case for this, as it means we would now have to maintain BC on this extension point until 3.0

@lstrojny
Copy link
Contributor Author

We have a specialized UserProvider interface, where we pass the user + the token and not just the user to refreshUser() in order to check for ROLE_PREVIOUS_ADMIN in case of previous user switch. That role is obviously not present in the user and if certain checks should not be executed on refreshUser() in the UserProvider implementation there is no way to check for ROLE_PREVIOUS_ADMIN.

@lstrojny lstrojny changed the title Allow overloading ContextListener::refreshUser() [Security] Allow overloading ContextListener::refreshUser() Apr 27, 2014
@lstrojny
Copy link
Contributor Author

@fabpot anything we need to do before this can be merged?

@fabpot fabpot merged commit b67ed43 into symfony:master Jun 3, 2014
fabpot added a commit that referenced this pull request Jun 3, 2014
@fabpot
feature #10792 [Security] Allow overloading ContextListener::refreshU…
be6aac2 
…ser() (lstrojny)

This PR was merged into the 2.6-dev branch.

Discussion
----------

[Security] Allow overloading ContextListener::refreshUser()

Allow overloading refreshUser() for the use case of doing something special with user providers.

| Q             | A
| ------------- | ---
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | n.A.
| License       | MIT
| Doc PR        | n.A.

Commits
-------

b67ed43 Allow overloading ContextListener::refreshUser()
@lstrojny lstrojny deleted the overloading/context-listener branch June 10, 2014 12:20
@lstrojny
Copy link
Contributor Author

Can we merge into 2.4 and 2.5?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
Security
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@lstrojny @stof @stloyd @fabpot