[WIP] Deprecate AbstractAdmin::isGranted #4287
Conversation
| @@ -422,8 +422,6 @@ | |||
| */ | |||
| protected $securityInformation = array(); | |||
|
|
|||
| protected $cacheIsGranted = array(); | |||
There was a problem hiding this comment.
Removing a protected method is a BC-break. Accessing it could be deprecated mith magic methods if deemed worth it. WDYT @sonata-project/contributors ?
There was a problem hiding this comment.
Accessing it could be deprecated mith magic methods if deemed worth it.
Dunno, dou you have some samples?
We can start by adding @deprecated annotation for IDE.
There was a problem hiding this comment.
There was a problem hiding this comment.
@soullivaneuh yes, and a very fresh one at that : https://github.com/sonata-project/SonataAdminBundle/pull/4284/files#diff-f06e49acf2d25569dcbac961750bdb33R113 (I like this one better, more mutualization).
There was a problem hiding this comment.
@greg0ire the example you showed would not work. Magic methods are only called if property is inaccessible. I can make the property private instead of protected. Moreover, is it a BC break to make the property noop?
There was a problem hiding this comment.
Oh right, but neither would your example work then, I guess… BTW, what do you mean by "noop" here?
There was a problem hiding this comment.
I mean will always be empty, never read or write by sonata, so it may break classes extending AbstractAdmin, no?
There was a problem hiding this comment.
Oh I see… well it might. But then again, every single change you do can be considered a BC-break if you think hard enough. I think in this case it's ok to dismiss this one.
There was a problem hiding this comment.
I added the magic methods and deprecated annotations.
| @@ -10,6 +10,13 @@ | |||
| </parameters> | |||
| <services> | |||
| <service id="sonata.admin.security.handler.noop" class="%sonata.admin.security.handler.noop.class%" public="false"/> | |||
| <service id="sonata.admin.security.handler.cache" | |||
| class="Sonata\AdminBundle\Security\Handler\CacheSecurityHandler" | |||
| decorates="sonata.admin.security.handler" | |||
There was a problem hiding this comment.
Nice! Didn't know this feature.
There was a problem hiding this comment.
Sadly I can't use this feature introduced in Symfony 2.5. Can I directly set the sonata.admin.security.handler to be the cache one and use the security.handler configuration value as first argument?
There was a problem hiding this comment.
Argh. Yes, sure. But please add NEXT_MAJOR instructions explaining how to switch to native decoration
|
|
||
| use Sonata\AdminBundle\Admin\AdminInterface; | ||
|
|
||
| class CacheSecurityHandler implements SecurityHandlerInterface |
There was a problem hiding this comment.
Please make this class final.
There was a problem hiding this comment.
How about suffixing the class name with Decorator ?
|
|
||
| /** | ||
| * @param SecurityHandlerInterface $handler | ||
| */ |
There was a problem hiding this comment.
Personal opinion : I'd remove this phpdoc.
There was a problem hiding this comment.
Other constructors have param comments on constructors. IMHO, should be kept for consistency.
There was a problem hiding this comment.
We should keep the @param comments, because they could describe the parameters with more information
There was a problem hiding this comment.
Yeah but when they don't, what's the point?
There was a problem hiding this comment.
We always keept the comments so far. Wouldn't StyleCI fix them automatically?
|
|
||
| use Sonata\AdminBundle\Admin\AdminInterface; | ||
|
|
||
| class SecurityExtension extends \Twig_Extension |
There was a problem hiding this comment.
Please make this class final (extending twig extensions is deprecated anyway I think)
| @@ -422,8 +422,6 @@ | |||
| */ | |||
| protected $securityInformation = array(); | |||
|
|
|||
| protected $cacheIsGranted = array(); | |||
There was a problem hiding this comment.
Accessing it could be deprecated mith magic methods if deemed worth it.
Dunno, dou you have some samples?
We can start by adding @deprecated annotation for IDE.
| } | ||
| @trigger_error( | ||
| 'The '.__METHOD__.' method is deprecated since version 3.12 and will be removed in 4.0.'. | ||
| ' Use Sonata\AdminBundle\Security\Handler\SecurityHandlerInterface::isGranted instead.', |
There was a problem hiding this comment.
This method is also use from twig quite often.
We should tell the twig function replacement on this message too.
Not sure if this optimization would be worth it (and why there is a cache system in the first place). Not sure I get what you mean by decorating the SecurityHandler once per class either. Do you mean the customization happens by replacing the decorated handler with something else?
Are you should the security handler is not called with null from anywhere? Maybe there is a use-case for this… |
Decorating once per class means having one instance of the |
|
How should I handle the deprecation in About the new twig function, is this really useful or we just let users write |
You add the
I think |
Have you an idea about how to handle this? |
|
Maybe there : https://github.com/sonata-project/SonataAdminBundle/blob/3.x/Controller/CRUDController.php#L980 , by getting the service and injecting the admin into it? |
|
To keep BC, would configuring the twig extension in CRUDController::render be better? Looks like the admin twig property may not be |
|
You're right, the latest the better, so just before rendering would be ideal in this case. |
| @trigger_error(sprintf( | ||
| 'Using the "%s::$%s" property is deprecated since version 3.x and will be removed in 4.0.', | ||
| __CLASS__, | ||
| $name), |
There was a problem hiding this comment.
This is a PSR2 violation, not fixed by php-cs-fixer yet but I made a PR
should be
$name
), E_USER_DEPRECATED);
People should be able to pass the admin they want anyway, I think sometimes they want to check permissions in the parent admin for instance, it should be possible. |
|
I updated the |
| * NEXT_MAJOR: remove this property, the __get, __set, __isset, __unset magic methods and the | ||
| * triggerPropertyDeprecation method. | ||
| */ | ||
| private $cacheIsGranted = array(); |
There was a problem hiding this comment.
making it private instead of protected is a BC break, too, isn't it?
There was a problem hiding this comment.
Magic methods are added to avoid BC break.
There was a problem hiding this comment.
realized this afterwards ;-)
There was a problem hiding this comment.
By the way, doesn't this magic make the property suddenly "public"?
There was a problem hiding this comment.
Technically, yes. But too many protection around this property can create BC breaks when all those stuff is removed. See symfony/symfony#20769 (comment).
There was a problem hiding this comment.
Ok 👍 Let's keep it (relatively) simple
| @@ -3326,4 +3380,16 @@ private function buildRoutes() | |||
| $extension->configureRoutes($this, $this->routes); | |||
| } | |||
| } | |||
|
|
|||
| /** | |||
| * @internal | |||
There was a problem hiding this comment.
we should add a NEXT_MAJOR here
There was a problem hiding this comment.
I added a global NEXT_MAJOR on the $cacheIsGranted property. Should I dispatch the comment here and to magic methods too?
There was a problem hiding this comment.
not sure, what do you think @greg0ire ?
global NEXT_MAJOR is good enough, this will be done by a human who can read.
AbstractAdmin::isGranted is now deprecated.
Use Sonata\AdminBundle\Security\Handler\SecurityHandlerInterface::isGranted instead.
In twig templates, use sonata_is_granted instead of admin.is_granted
|
Is everybody ok with code? If so, I will write the docs, changelog and upgrade notes. About codacy, it fails because I set |
|
I'm ok with it! |
|
Looks good to me 👍 |
|
@fbourigault please add something to the Changelog in your PR header, I prepared that for you! |
|
@OskarStark I added the changelog entries. What do you mean by tests? I already wrote Should I add something in an UPGRADE file? I'm going to update the documentation. |
|
Tests are fine 👍
yes, please! |
|
When updating documentation I get worried about the new use of checking permissions. Before we just had to call Does anyone have an idea about how to avoid this extra argument? |
If the first argument is an instance of AdminInterface, use it also as third argument? |
|
Wait, it's always supposed to be an |
The third argument could be an object if you want to check rights against a specific object. |
|
I was talking about the first object. But the third is optional anyway, right? |
|
First argument is type hinted to be and |
|
Indeed… It means we have even more things to move out of the admin. The first argument is only needed to retrieve |
|
After an instructive discussion with @greg0ire on slack, I'm pausing this PR to make an alternative proposal. Stay tuned :) |
|
Why don't we use hasAccess instead of isGranted and do not introduce that twig function @fbourigault ? |
| /** | ||
| * @param AdminInterface $admin | ||
| */ | ||
| public function setAdmin(AdminInterface $admin) |
There was a problem hiding this comment.
This looks so wrong. Why would you inject one AdminInterface instance here? Twig extensions are stateless
|
Could you please rebase your PR and fix merge conflicts? |
|
Any progress here @fbourigault ? |
|
I didn't get anything that satisfy myself to make a good deprecation of the isGranted method. Moreover, as I have less and less interest in Sonata, I can't find time to work on this PR. Feel free to close it or keep it open to let someone else continue this work. |
| */ | ||
| public function isGranted(AdminInterface $admin, $attributes, $object = null) | ||
| { | ||
| $key = md5(json_encode($attributes)).'/'.spl_object_hash($object); |
There was a problem hiding this comment.
spl_object_hash($object) throws an error if it is null.
I am targetting this branch, because I'm adding deprecation notices.
Closes #4095.
Changelog
To do
sonata_is_granted.CacheSecurityHandlertests.Subject
This PR remove a responsibility from the
AbstractAdminclass. TheAbstractAdmin::isGrantedmethod is now deprecated.SecurityHandlerInterface::isGrantedhas now to be called directly.The caching feature has been moved to a new
CacheSecurityHandlerwhich decorates thesonata.admin.security.handlerservice.A twig function is added to replace
admin.is_grantedcalls.There is no longer cache if admin security_handler is customized. Should I decorate the SecurityHandler once per admin class?
SecurityHandlerInterface::isGrantedthird argument was either the object or the admin when called throughAbstractAdmin::isGranted. Does using null asSecurityHandlerInterface::isGrantedthird argument has also to be deprecated?