[Security] added SecurityContextInterface::getUser() #2816
Conversation
This changes helps the common use case of fetching the current user and better complies with the Law of Demeter (http://en.wikipedia.org/wiki/Law_of_Demeter). Before (still works): $token = $context->getToken(); $user = $token ? $token->getUser() : null; After: $user = $context->getUser();
| /** | ||
| * Returns the current user, if one exists. | ||
| * | ||
| * @return mixed Returns either an object which implements __toString(), |
There was a problem hiding this comment.
or the most common case: an object implementing the UserInterface (which does not enforce the __toString method anymore)
There was a problem hiding this comment.
I just copied this comment from elsewhere.
On Dec 8, 2011, at 8:58 AM, Christophe Coevoet
[email protected]
wrote:
@@ -89,4 +89,18 @@ public function setToken(TokenInterface $token = null)
{
$this->token = $token;
}
+
- /**
\* Returns the current user, if one exists.*\* @return mixed Returns either an object which implements __toString(),or the most common case: an object implementing the UserInterface (which does not enforce the
__toStringmethod anymore)
Reply to this email directly or view it on GitHub:
https://github.com/symfony/symfony/pull/2816/files#r280409
There was a problem hiding this comment.
@stof: a plain string is still possible for the user correct? UserInterface is just the only object alloewd?
There was a problem hiding this comment.
yes, they are allowed. this is done for anonymous ones for instance. Both described solutions described in the phpdoc here are right but the third one (and most common) is missing
objects with a __toString method can still be used in the token too. But this can only be used with some weird way to get the user. An implementation of UserProviderInterface must return an instance of UserInterface.
Commits ------- 41872cd [Security] added SecurityContextInterface::getUser() Discussion ---------- [Security] added SecurityContextInterface::getUser() This changes helps the common use case of fetching the current user and better complies with the [Law of Demeter][1]. Before (still works): $token = $context->getToken(); $user = $token ? $token->getUser() : null; After: $user = $context->getUser(); The fine print: ``` Bug fix: no Feature addition: yes Backwards compatibility break: no Symfony2 tests pass: yes Fixes the following tickets: ~ Todo: ~ ``` [1]: http://en.wikipedia.org/wiki/Law_of_Demeter
|
Such a method is better implemented in your application where you can make more assumptions about the user. This general method will result in the same bug reports (especially for anonymous users) that we had before I deliberately removed it. Clear -1 from my POV. |
|
@schmittjoh brings up a good point here about anonymous users being returned. I remember now why it was removed in the first place. A small cookbook article could explain to users how to plug in their own SecurityContext with such a method implemented based on their specific needs. |
|
btw, in the master branch, there is now a |
|
I'm not sure what to say… not building one part of the system properly On Dec 10, 2011, at 12:39 PM, Christophe Coevoet
|
|
I don't understand your message. Which parts are you referring to? What I have a similar method in my application, but the implementation is For reference, I'm using this implementation: /**
* @return User|null
*/
public function getUser()
{
if (null === $token = $this->getToken()) {
return null;
}
$user = $token->getUser();
return $user instanceof User ? $user : null;
}On Sat, Dec 10, 2011 at 10:03 PM, Kris Wallsmith <
|
|
Based on the feedback, I have reverted this PR and made the |
|
revert is here: a78437b |
This changes helps the common use case of fetching the current user and better complies with the Law of Demeter.
Before (still works):
After:
The fine print: