Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

deleteAcl() method of IamPersistent\MongoDBAclBundle\Security\Acl\MutableAclProvider does not work completely well #24

Open
kamil-jakubowski opened this issue Dec 8, 2013 · 3 comments
Open

deleteAcl() method of IamPersistent\MongoDBAclBundle\Security\Acl\MutableAclProvider does not work completely well #24

kamil-jakubowski opened this issue Dec 8, 2013 · 3 comments

Comments

@kamil-jakubowski
Copy link

IamPersistent\MongoDBAclBundle\Security\Acl\MutableAclProvider::deleteAcl($objectIdentity) removes all object identities related with deleting ACL from acl_oid collection, but does not remove entries from acl_entry.

I wanted to write a function that rebuild my applications ACLs for chosen entities. (So delete all object and class-scope ACL entries, and insert a new ones). Here is my test code:

$entities = $entityRepo->findAll();
        foreach($entities as $entityObject)
        {
            $objectIdentity = ObjectIdentity::fromDomainObject($entityObject);

            $aclProvider->deleteAcl($objectIdentity); // delete
            $objectAcl = $aclProvider->createAcl($objectIdentity); // create new

            $user = $entityObject->getUser();
            $userIdentity = UserSecurityIdentity::fromAccount($user);

            // privs for Author
            $objectAcl->insertObjectAce($userIdentity, MaskBuilder::MASK_OPERATOR);

            $aclProvider->updateAcl($objectAcl);
        }

I've cleared manually both mongo collections and run the function. That is the result:

{ "_id" : ObjectId("52a48450ac8678dd1a000001"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000000")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000003"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000002")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000005"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000004")) }
> db.acl_oid.find()
{ "_id" : ObjectId("52a48450ac8678dd1a000000"), "identifier" : "52a09c2aac8678fb06000000", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
{ "_id" : ObjectId("52a48450ac8678dd1a000002"), "identifier" : "52a09e3bac8678be70000000", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
{ "_id" : ObjectId("52a48450ac8678dd1a000004"), "identifier" : "52a09ed0ac86788d74000003", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }

So everything was fine. Three identity objects, three entries.

But after second call of the function:

> db.acl_entry.find().length()
6
> db.acl_oid.find().length()
3

> db.acl_entry.find()
{ "_id" : ObjectId("52a48450ac8678dd1a000001"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000000")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000003"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000002")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000005"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000004")) }
{ "_id" : ObjectId("52a48494ac8678f01a000001"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48494ac8678f01a000000")) }
{ "_id" : ObjectId("52a48494ac8678f01a000003"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48494ac8678f01a000002")) }
{ "_id" : ObjectId("52a48494ac8678f01a000005"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48494ac8678f01a000004")) }
> db.acl_oid.find()
{ "_id" : ObjectId("52a48494ac8678f01a000000"), "identifier" : "52a09c2aac8678fb06000000", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
{ "_id" : ObjectId("52a48494ac8678f01a000002"), "identifier" : "52a09e3bac8678be70000000", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
{ "_id" : ObjectId("52a48494ac8678f01a000004"), "identifier" : "52a09ed0ac86788d74000003", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }


> db.acl_entry.find()
{ "_id" : ObjectId("52a48450ac8678dd1a000001"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000000")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000003"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000002")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000005"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000004")) }
{ "_id" : ObjectId("52a48494ac8678f01a000001"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48494ac8678f01a000000")) }
{ "_id" : ObjectId("52a48494ac8678f01a000003"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48494ac8678f01a000002")) }
{ "_id" : ObjectId("52a48494ac8678f01a000005"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48494ac8678f01a000004")) }
> db.acl_oid.find()
{ "_id" : ObjectId("52a48494ac8678f01a000000"), "identifier" : "52a09c2aac8678fb06000000", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
{ "_id" : ObjectId("52a48494ac8678f01a000002"), "identifier" : "52a09e3bac8678be70000000", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }
{ "_id" : ObjectId("52a48494ac8678f01a000004"), "identifier" : "52a09ed0ac86788d74000003", "type" : "Zeno\\MedicalJournalBundle\\Document\\Pain", "entriesInheriting" : true }

There was 6 entries and 3 objects. So there were left 3 acl-entries which are pointing on not-existing acl-identities:

{ "_id" : ObjectId("52a48450ac8678dd1a000001"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000000")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000003"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000002")) }
{ "_id" : ObjectId("52a48450ac8678dd1a000005"), "aceOrder" : 0, "securityIdentity" : { "username" : "[email protected]", "class" : "Zeno\\UserBundle\\Document\\User" }, "mask" : 32, "granting" : true, "grantingStrategy" : "all", "auditSuccess" : false, "auditFailure" : false, "objectIdentity" : DBRef("acl_oid", ObjectId("52a48450ac8678dd1a000004")) }

I think this is a bug, but I can be wrong. So please tell me if I'm doing something wrong.
@cordoval
Copy link
Contributor

cordoval commented Dec 8, 2013

could you please fork SE and plug the bundle and reproduce the problem in your fork? That will easy for taking a look 👶 thanks

@danez
Copy link
Contributor

danez commented Dec 21, 2013

Can you check if this is fixed in dev-master.
I think it should be because of fcbf527

@cordoval
Copy link
Contributor

@danez i will take a stab, but just curious it would be a good idea to create a sandbox for this setup, thoughts? so to test, reproduce stuff and show good practices integration

👶

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@danez @cordoval @kamil-jakubowski