Bug #31677

Using current.securityContext Policies.yaml entities section triggers Parser Error

Added by Ferdinand Kuhl over 9 years ago. Updated about 9 years ago.

Status:
Resolved
Priority:
Must have
Assignee:
-
Category:
Security
Start date:
2011-11-08
Due date:
% Done:

100%

Estimated time:
PHP Version:
Has patch:
No
Complexity:

Description

If you use some Content Security Rule like:

resources:
entities:
DigiComp_Fairdrive_Domain_Model_Disposition:
DigiComp_Fairdrive_ForeignDispositions: this.createdfrom != current.securityContext.party

FLOW3 will crash completely with:

: Parse error: syntax error, unexpected $end in [...]FLOW3/Data/Temporary/Development/Cache/Code/FLOW3_Object_Classes/TYPO3_FLOW3_Security_Aspect_PersistenceQueryRewritingAspect_Original.php(374) : eval()'d code


Related issues

Has duplicate TYPO3.Flow - Bug #32629: globalObjects are not available in the security (current.securityContext.party)ClosedKarsten Dambekalns2011-12-16

Actions
#1

Updated by Mr. Hudson over 9 years ago

  • Status changed from New to Under Review

Patch set 1 of change I0a5e0b13339b8571ef043da7dbe34b1c9285deed has been pushed to the review server.
It is available at http://review.typo3.org/6596

#2

Updated by Mr. Hudson over 9 years ago

Patch set 2 of change I0a5e0b13339b8571ef043da7dbe34b1c9285deed has been pushed to the review server.
It is available at http://review.typo3.org/6596

#3

Updated by Mr. Hudson over 9 years ago

Patch set 3 of change I0a5e0b13339b8571ef043da7dbe34b1c9285deed has been pushed to the review server.
It is available at http://review.typo3.org/6596

#4

Updated by Mr. Hudson over 9 years ago

Patch set 4 of change I0a5e0b13339b8571ef043da7dbe34b1c9285deed has been pushed to the review server.
It is available at http://review.typo3.org/6596

#5

Updated by Christopher Hlubek over 9 years ago

Moving over the test discussion here:

We already have functional tests for persistence with entities and repositories in the TYPO3\FLOW3\Tests\Functional\Persistence\Fixtures namespace. Also the Configuration in TYPO3.FLOW3/Configuration/Testing/Policy.yaml could be used for testing (with some comment about the usage).

I think a functional test for content security would best go into a new testcase TYPO3\FLOW3\Tests\Functional\Security\ContentSecurityTest. Take a look at the MethodSecurityTest for a hint about how to authorize different roles in a functional test.

To run a functional test you have to use the FunctionalTests.xml PHPUnit configuration in Build/Common/PhpUnit. For example in the FLOW3 package directory you can call phpunit -c ../../../Build/Common/PhpUnit/FunctionalTests.xml Tests/Functional to run the functional tests.

The test should first cause the error (without your change) and then pass after your fix.

#6

Updated by Gerrit Code Review over 9 years ago

Patch set 5 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6596

#7

Updated by Gerrit Code Review over 9 years ago

Patch set 6 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6596

#8

Updated by Gerrit Code Review over 9 years ago

Patch set 7 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6596

#9

Updated by Gerrit Code Review over 9 years ago

Patch set 8 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6596

#10

Updated by Gerrit Code Review over 9 years ago

Patch set 9 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6596

#11

Updated by Gerrit Code Review over 9 years ago

Patch set 10 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6596

#12

Updated by Rens Admiraal over 9 years ago

  • Target version set to 1.1
#13

Updated by Gerrit Code Review over 9 years ago

Patch set 11 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6596

#14

Updated by Gerrit Code Review over 9 years ago

Patch set 12 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6596

#15

Updated by Gerrit Code Review over 9 years ago

Patch set 13 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6596

#16

Updated by Ferdinand Kuhl about 9 years ago

  • Status changed from Under Review to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF