Skip to content

Commit 3a79075

Browse files
fabpotfabpot
committed
feature symfony#8305 Added MutableAclProvider::deleteSecurityIdentity (lavoiesl)
This PR was merged into the 2.5-dev branch. Discussion ---------- Added MutableAclProvider::deleteSecurityIdentity This provides a very simple function to enable the deletion of a SecurityIdentity. Developers can add a listener on the delete of a user and remove all the related ACLs. Foreign keys already ensure that the ACEs are properly deleted. Among the problems of not deleting the SecurityIdentity: * Inconsistent database, referring to a non-existent user. * If a user is deleted and another is created with the same name, it will inherit all the old user’s ACEs Not addressed by this PR: Changing a user’s username breaks the related ACLs. See symfony#5787 See also: https://groups.google.com/forum/#!topic/symfony2/mGTXlTWiMs8/discussion Commits ------- bdbbe58 [Security][Acl] Issue symfony#5787 : Added MutableAclProvider::deleteSecurityIdentity
2 parents 1da02d3 + 5646fe0 commit 3a79075

File tree

1 file changed

+27
-0
lines changed

1 file changed

+27
-0
lines changed

Dbal/MutableAclProvider.php

Lines changed: 27 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -108,6 +108,18 @@ public function deleteAcl(ObjectIdentityInterface $oid)
108108
}
109109
}
110110

111+
/**
112+
* Deletes the security identity from the database.
113+
* ACL entries have the CASCADE option on their foreign key so they will also get deleted
114+
*
115+
* @param SecurityIdentityInterface $sid
116+
* @throws \InvalidArgumentException
117+
*/
118+
public function deleteSecurityIdentity(SecurityIdentityInterface $sid)
119+
{
120+
$this->connection->executeQuery($this->getDeleteSecurityIdentityIdSql($sid));
121+
}
122+
111123
/**
112124
* {@inheritDoc}
113125
*/
@@ -622,6 +634,21 @@ protected function getSelectSecurityIdentityIdSql(SecurityIdentityInterface $sid
622634
);
623635
}
624636

637+
/**
638+
* Constructs the SQL to delete a security identity.
639+
*
640+
* @param SecurityIdentityInterface $sid
641+
* @throws \InvalidArgumentException
642+
* @return string
643+
*/
644+
protected function getDeleteSecurityIdentityIdSql(SecurityIdentityInterface $sid)
645+
{
646+
$select = $this->getSelectSecurityIdentityIdSql($sid);
647+
$delete = preg_replace('/^SELECT id FROM/', 'DELETE FROM', $select);
648+
649+
return $delete;
650+
}
651+
625652
/**
626653
* Constructs the SQL for updating an object identity.
627654
*

0 commit comments

Comments
 (0)