security-acl icon indicating copy to clipboard operation
security-acl copied to clipboard

Published 20 hours ago verified publisher icon symfony

Wrong check role instance in RoleSecurityIdentity class

Open Redigast13 opened this issue 9 years ago • 1 comments

There is a check in constructor of Symfony\Component\Security\Acl\Domain: if ($role instanceof Role) { $role = $role->getRole(); } I think it is better to check on Symfony\Component\Security\Core\Role\RoleInterface instead of Symfony\Component\Security\Core\Role\Role class Pull request: https://github.com/symfony/security-acl/pull/17

Redigast13 avatar Jan 17 '16 08:01 Redigast13

+1

There is a issue with Symfony\Component\Security\Acl\Domain\PermissionGrantingStrategy, on line 144. When you have a Role entity that implements RoleInterface instead of extending Role, the equals method fails, because on the left side, the $sid has a string in the role property, and on the right side, the $ace->getSecurityIdentity() has a RoleInterface object (your entity, instead of expected string). So, the ACL always deny the user that has that role, even if it has granted.

raphahardt avatar Feb 15 '16 17:02 raphahardt