-
-
Notifications
You must be signed in to change notification settings - Fork 9.6k
Show more information in the security profiler #17887
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Closed
Changes from all commits
Commits
Show all changes
15 commits
Select commit
Hold shift + click to select a range
4f37d7a
Show more information in the security profiler
javiereguiluz c9bfc30
Try to fix the test issues
javiereguiluz 5e46d23
Minor refactoring
javiereguiluz 879d671
Another refactor to fix tests
javiereguiluz 378db40
Fixed the PHPdoc od the new class
javiereguiluz 9349fdf
Made the changes asked for by reviewers
javiereguiluz 597bc48
Improvements after Iltar's review
javiereguiluz ca6da19
Fixed fabbot issues
javiereguiluz e20948e
Fixes and tweaks
javiereguiluz 367f8ea
Improved the string representation of the objects
javiereguiluz 89bc8c0
Display the contents when the object is not a true object
javiereguiluz 97111f3
Made code more robust
javiereguiluz 8b36d15
Take care of the null objects
javiereguiluz 4864976
Fixed a syntax error
javiereguiluz f3db034
Minor Twig change
javiereguiluz File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
12 changes: 12 additions & 0 deletions
12
src/Symfony/Bundle/SecurityBundle/Resources/config/security_debug.xml
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,12 @@ | ||
<?xml version="1.0" ?> | ||
|
||
<container xmlns="http://symfony.com/schema/dic/services" | ||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" | ||
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd"> | ||
|
||
<services> | ||
<service id="debug.security.access.decision_manager" class="Symfony\Component\Security\Core\Authorization\DebugAccessDecisionManager" decorates="security.access.decision_manager" public="false"> | ||
<argument type="service" id="debug.security.access.decision_manager.inner" /> | ||
</service> | ||
</services> | ||
</container> |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
120 changes: 120 additions & 0 deletions
120
src/Symfony/Component/Security/Core/Authorization/DebugAccessDecisionManager.php
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,120 @@ | ||
<?php | ||
|
||
/* | ||
* This file is part of the Symfony package. | ||
* | ||
* (c) Fabien Potencier <fabien@symfony.com> | ||
* | ||
* For the full copyright and license information, please view the LICENSE | ||
* file that was distributed with this source code. | ||
*/ | ||
|
||
namespace Symfony\Component\Security\Core\Authorization; | ||
|
||
use Doctrine\Common\Util\ClassUtils; | ||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; | ||
|
||
/** | ||
* Decorates the original AccessDecisionManager class to log information | ||
* about the security voters and the decisions made by them. | ||
* | ||
* @author Javier Eguiluz <javier.eguiluz@gmail.com> | ||
* | ||
* @internal | ||
*/ | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. This class should probably be marked as being |
||
class DebugAccessDecisionManager implements AccessDecisionManagerInterface | ||
{ | ||
private $manager; | ||
private $strategy; | ||
private $voters; | ||
private $decisionLog = array(); | ||
|
||
public function __construct(AccessDecisionManager $manager) | ||
{ | ||
$this->manager = $manager; | ||
|
||
// The strategy is stored in a private property of the decorated service | ||
$reflection = new \ReflectionProperty($manager, 'strategy'); | ||
$reflection->setAccessible(true); | ||
$this->strategy = $reflection->getValue($manager); | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function decide(TokenInterface $token, array $attributes, $object = null) | ||
{ | ||
$result = $this->manager->decide($token, $attributes, $object); | ||
|
||
$this->decisionLog[] = array( | ||
'attributes' => $attributes, | ||
'object' => $this->getStringRepresentation($object), | ||
'result' => $result, | ||
); | ||
|
||
return $result; | ||
} | ||
|
||
/** | ||
* {@inheritdoc} | ||
*/ | ||
public function setVoters(array $voters) | ||
{ | ||
$this->voters = $voters; | ||
} | ||
|
||
/** | ||
* @return string | ||
*/ | ||
public function getStrategy() | ||
{ | ||
// The $strategy property is misleading because it stores the name of its | ||
// method (e.g. 'decideAffirmative') instead of the original strategy name | ||
// (e.g. 'affirmative') | ||
return strtolower(substr($this->strategy, 6)); | ||
} | ||
|
||
/** | ||
* @return array | ||
*/ | ||
public function getVoters() | ||
{ | ||
return $this->voters; | ||
} | ||
|
||
/** | ||
* @return array | ||
*/ | ||
public function getDecisionLog() | ||
{ | ||
return $this->decisionLog; | ||
} | ||
|
||
/** | ||
* @param mixed $object | ||
* | ||
* @return string | ||
*/ | ||
private function getStringRepresentation($object) | ||
{ | ||
if (null === $object) { | ||
return 'NULL'; | ||
} | ||
|
||
if (!is_object($object)) { | ||
return sprintf('%s (%s)', gettype($object), $object); | ||
} | ||
|
||
$objectClass = class_exists('Doctrine\Common\Util\ClassUtils') ? ClassUtils::getClass($object) : get_class($object); | ||
|
||
if (method_exists($object, 'getId')) { | ||
$objectAsString = sprintf('ID: %s', $object->getId()); | ||
} elseif (method_exists($object, '__toString')) { | ||
$objectAsString = (string) $object; | ||
} else { | ||
$objectAsString = sprintf('object hash: %s', spl_object_hash($object)); | ||
} | ||
|
||
return sprintf('%s (%s)', $objectClass, $objectAsString); | ||
} | ||
} |
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Both the
getDecisionLog()
andgetStrategy()
methods may not exist.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could typehint against the
DebugAccessDecisionManager
, good to let it crash if you run this incorrectly imoThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've made this change. Is this what you suggested?