Feature #27698
Roles should use an adequate data type to get persisted as entities
| Status: | Under Review | Start date: | 2011-06-26 | |
|---|---|---|---|---|
| Priority: | Should have | Due date: | ||
| Assignee: | Rens Admiraal | % Done: | 0% |
|
| Category: | Security | |||
| Target version: | - | |||
| PHP Version: | Complexity: | |||
| Has patch: | No | |||
| Votes: | 1 (View) |
Description
At the moment the roles of an account get saved as a php-serialized array inside "flow3_security_account", e.g.:
a:2:{i:0;s:12:"Adminstrator";i:1;s:4:"User";}
This is due to (in Packages/Framework/FLOW3/Classes/Security/Policy/Role.php)
/** * @var array */ protected $roles = array();
this should be something like this (untested, just to transport the idea, I have no idea of Doctrine)
/** * @var \Doctrine\Common\Collections\ArrayCollection<\F3\FLOW3\Security\Policy\Role> * @ManyToMany */ protected $roles = array();
so that they will get persisted as the already prepared entities \F3\FLOW3\Security\Policy\Role.
Related issues
| related to TYPO3.Flow - Bug #28862: Inconsistent handling of roles as objects and strings in ... | Resolved | 2011-08-09 |
Associated revisions
[!!!][FEATURE] Handle roles consistently as objects
With this change roles are consistently used as objects.
To prevent naming conflicts between roles from different packages the
package key is added to the role names.
The handling of roles now is more strict and does not allow the use of
not configured (non-existent) roles anymore.
Roles are now referenced as real instances instead of their string
identifiers in models. Roles which were defined in policies are now
automatically mirrored to the RoleRepository (usually stored as a
table in a database).
The getRoles() method has been removed from TokenInterface.
Change-Id: I39f335baa01fbe9b883e98e85cb1f063bbaf5744
Resolves: #28862
Resolves: #43578
Related: #37451
Related: #27698
Releases: 2.0, master
[!!!][FEATURE] Handle roles consistently as objects
With this change roles are consistently used as objects.
To prevent naming conflicts between roles from different packages the
package key is added to the role names.
The handling of roles now is more strict and does not allow the use of
not configured (non-existent) roles anymore.
Roles are now referenced as real instances instead of their string
identifiers in models. Roles which were defined in policies are now
automatically mirrored to the RoleRepository (usually stored as a
table in a database).
The getRoles() method has been removed from TokenInterface.
Change-Id: I39f335baa01fbe9b883e98e85cb1f063bbaf5744
Resolves: #28862
Resolves: #43578
Related: #37451
Related: #27698
Releases: 2.0, master
History
Updated by Christopher Hlubek almost 2 years ago
This is due to inconsistent handling of Roles as strings or objects inside TYPO3\FLOW3\Security\Account. And the roles mapping would have to change, too.
Updated by Rens Admiraal 10 months ago
- Assignee set to Rens Admiraal
- Has patch set to No
Updated by Karsten Dambekalns 7 months ago
- Status changed from New to Under Review
- Target version set to 2.0 beta 1
Updated by Karsten Dambekalns 6 months ago
- Target version changed from 2.0 beta 1 to 2.1
Updated by Robert Lemke 29 days ago
- Target version deleted (
2.1)