JMSSecurityExtraBundle icon indicating copy to clipboard operation
JMSSecurityExtraBundle copied to clipboard

Published 20 hours ago verified publisher icon schmittjoh

Annotation inheritance not works

Open brizzz opened this issue 12 years ago • 5 comments

Hi,

After upgrade from 1.0.x to 1.2.* (actually upgrade symfony from 2.0 to 2.1.2) the inheritance of annotation not works any more. And all of my inherited methods become unsecured.

This is my case:

//BaseController.php
class BaseController extends Controller{
    /**
     * @Secure(roles="ROLE_MASTER")
     * 
     */
    public function newAction()
    {
      //some actions
    }
}

//ArticleController.php
class ArticleController extends BaseController{
    //not even override of parent method
}

Before upgrade the ArticleController::newAction() method was secured. Now it is not and I have to duplicate a lot of code.

Is this fiture or bug? Maybe I do something wrong.

Sorry for my english.

brizzz avatar Oct 20 '12 16:10 brizzz

An ugly way of working around this is to override all the child actions and define the security annotation on the child method:

//BaseController.php

use JMS\SecurityExtraBundle\Annotation\Secure;

class BaseController extends Controller{
    /**
     * @Secure(roles="ROLE_MASTER")
     * 
     */
    public function newAction()
    {
        //some actions
    }
}

//ArticleController.php

use JMS\SecurityExtraBundle\Annotation\Secure;
use JMS\SecurityExtraBundle\Annotation\SatisfiesParentSecurityPolicy;

class ArticleController extends BaseController{
    /**
     * @Secure(roles="ROLE_MASTER")
     * @SatisfiesParentSecurityPolicy
     * 
     */
    public function newAction()
    {
        return self::parent();
    }
}

pretty dangerous though since you have to override every action and you may not realize if you forget one or if you're adding new actions to the parent

kralos avatar Dec 17 '12 03:12 kralos

Should be solved here

https://github.com/schmittjoh/JMSSecurityExtraBundle/pull/128

mmoreram avatar May 09 '13 15:05 mmoreram

+1 Have the same issue. Workaround:

    /**
     * @Secure(roles="ROLE_MASTER")
     * @SatisfiesParentSecurityPolicy
     * 
     */
    public function newAction()
    {
        return self::parent();
    }

is quite annoying when you have to copy paste more annotations (eg. Route, Template, ParamConverter).

Matzz avatar May 22 '13 08:05 Matzz

This is not a workaround... It simply works, but should not be done never.

mmoreram avatar May 22 '13 09:05 mmoreram

Overriding all the child actions somewhat defies the purpose of inheritance. I have the same problem with routes I'd like to inherit to specialized controllers.

carlwitt avatar Aug 09 '13 21:08 carlwitt