Move the ACL part of the Security Component outside of Symfony #8848
Comments
|
+1 |
|
I think that the ACL system is very suited to do what it was designed to do. I know enough projects, and have done plenty of consulting for companies which use it successfully. I see that there is some barrier to use it and the initial set-up is not as fast as writing a voter. However, it scales far better and is much more maintainable as projects grow or requirements change. The probl
8000
em mentioned in #5787 is actually caused due to a bad naming of the While I would love to be part of a team which maintains Security, I do not think it makes sense to maintain ACL separately as it depends on other parts of the Security component which need to be changed to solve some issues that users have (#5787 is a prime example here). Unfortunately, I also have a good number of other open-source projects, so that I cannot spend as much time working on symfony anymore. |
|
+1 I would gladly volunteer to help improving this component. |
|
ACL is always an important part of a big project: Symfony ACL is powerful but also way to complicated. I would like to see something more simple but that it's still extensible. I'm not sure that separating the acl from the Security component would be the right thing to do, it's always part of the security system... |
|
+1 on simplifying |
|
This part is not enough used. I'm agree. But the problem isn't that is unusefull. The problem is that it isn't documented. The examples you can find are full of copy/paste code in controllers that is a bad way for maintenable app. Any big app need Acl. That's my case. |
|
I don't think that the ACL should be pull out of the framework, but this part suffer of a lack of documentation. Clearly. It is the sole part of symfony that I can't understand from A to Z. There is another thing that I don't really understand is the need of the Doctrine DBAL. The ACLProvider API is not hidden behind an interface and made it's hard to swap with another one (it also made it hard to understand). To summarize, I think that the ACLs should be preserved in Symfony, should be documented, and should be maintained. It's a really important and powerfull piece! |
|
@lavoiesl +1 to help improve this component too. |
|
+1 to move it out of the framework. Very useful for complex permissions and voting. Complex to apprehend but useful for early moving projects. But not suited for every projects. We used it at first and now our app is stable, we chose to remove it and implement simpler voters that suit more our needs and are way better in term of performances. |
|
From my point of view the voter have very little visibility, |
|
Nearly ever big framework (CakePHP, Zend) have an ACL Component |
|
Many applications do not need such feature. Maybe this should stay as an official component, branded as core, but not included by default, it could sit in the However, it is not even at that level yet. From what I understand, it was coded this way not to be dependant on Doctrine, but the general feel of the code and usability is not the same as the rest of the framework. I like Drupal’s way of dealing with optional core modules. Usually, when a module gets very popular, it is merged into core, but all modules are still optional. This ensures strong support in future version and a standardized API for all other modules. Examples of this are views and fields API. |
|
I am not against the idea to isolate ACL in a separate component. But as @schmittjoh says, it could be tricky to make this separation as it depends on the some parts of the security component. Difficult but still possible. @lavoiesl You are right, the way it is made looks like Java's and isn't as user-friendly as the other components. It should be right to simplify it's API, but is it possible without loosing the possibilities it offers? |
|
@sukei ACL depends on Security, but not the opposite, you can have a firewall with simple role checking without ACLs, this is why I say it could be separated, but still maintained as a core component. As for the code itself, a bit of refactoring, splitting into different files, less repetition and more documentation should help better understand the way it works and provide better grounds for future improvements. As a start, I was thinking about using Doctrine ORM/ODM. This will allow the removal of everything related to SQL and provide support for foreign keys and events so we can deal with the renaming and deletion of users. |
|
@lavoiesl I totally agree with you, the ACL are independent enough. Big changes have to be done in the bundle that integrate them. As I said, it is still possible to achieve this. On the other side, I don't think that it is a good idea to involve all the Doctrine stack. I think it should be better to hide the AclProvider / MutableAclProvider classes behind a clean interface. Doing so allow the developers to use PDO, Doctrine, whatever to retrieve ACEs. |
|
I don’t agree with you on this, but since we do agree on the fact that it needs some work, I suggest we wait for @fabpot ’s feedback and eventually have this discussion elsewhere. |
|
I am +1 on keeping it in Symfony. I have seen it used in quite a few projects and imho it needs better docs and then it will be used even more. Moving it now is imho too late in the 2.x life cycle. |
|
+1 on simplifying |
|
+1 to simplify / improve |
|
+1 to simplify / improve |
|
I've done some work to integrate deeper the ACL component in SonataAdmin:
Symfony now has an easy to use UI with ACL management. Perhaps more projects will start using ACLs. ACL is a major feature for a framework, Symfony need to have a powerful ACL component in the core framework. The current ACL component is complicated and strong
8000
ly coupled with DBAL. The abstraction layer should be refactored to simplify the use of other systems like MongoDB. I am willing to help enhance this component. |
|
Each respected database system already supports for bitmasks. http://stackoverflow.com/questions/11059182/select-users-from-mysql-database-by-privileges-bitmask And even SQLite http://zetcode.com/db/sqlite/expressions/ Only MongoDB (and maybe some others) don't support bitmask yet.
So there is no direct need in changing that. But I do agree that it would be nice to query for all objects user A can delete. |
It's possible using SQL. Something like that should do the trick: Result: This example uses PostgreSQL, but something similar should be done using an other SGBD. |
This PR was merged into the master branch. Discussion ---------- [Security] Split the component into 3 sub-components Core, ACL, HTTP | Q | A | ------------- | --- | Bug fix? | no | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #9047, #8848 | License | MIT | Doc PR | - The rationale behind this PR is to be able to use any of the sub components without requiring all the dependencies of the other sub components. Specifically, I'd like to use the core utils for an improved CSRF protection mechanism (#6554). Commits ------- 14e9f46 [Security] removed unneeded hard dependencies in Core 5dbec8a [Security] fixed README files 62bda79 [Security] copied the Resources/ directory to Core/Resources/ 7826781 [Security] Split the component into 3 sub-components Core, ACL, HTTP
…ityIdentity (lemoinem) This PR was merged into the 2.5-dev branch. Discussion ---------- [Security][Acl] Add MutableAclProvider::updateUserSecurityIdentity | Q | A | ------------- | --- | Bug fix? | yes | New feature? | yes | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #5787 | License | MIT | Doc PR | symfony/symfony-docs#3319 This provides a very simple function to enable the update of a User's username while keeping its associated ACEs (by updating its corresponding UserSecurityIdentity) Developers can add a listener on the preUpdate of a user and remove all the related ACLs: ```php if ($args->hasChangedField('username')) { $aclProvider = $this->container->get('security.acl.provider'); $oldUsername = $args->getOldValue ('username'); $user = $args->getEntity(); $aclProvider->updateUserSecurityIdentity(UserSecurityIdentity::fromAccount($user) , $oldUsername); } ``` Among the problems of not updating the UserSecurityIdentity: - Inconsistent database, referring to a non-existent user. - The user loses all its associated permissions - If another user is created with the old username, it will inherit all the first user’s ACEs This PR intends to fix Issue #5787 and is similar to and inspired from PR #8305. This will also be heavily impacted by the outcome of #8848 Commits ------- da53d92 [Security][Acl] Fix #5787 : Add MutableAclProvider::updateUserSecurityIdentity
|
@fabpot did you take a decision about this? I'm in the process of use acl or voters and don't want to take a deprectated/not-oficial component for this matter |
|
@ecentinela Security component was split into three subcomponents (see #9064). Acl is still in the core. |
|
@jakzal I saw it, but I don't know if it's the first step to move out the ACL component. |
I've been thinking about this one for a long time now.
The ACL sub-system has been contributed a long time ago but since then it has been abandoned as nobody really maintain it. Personally, I don't want to maintain that part as I don't use it and frankly I don't any valid use cases for it.
So instead of keeping it in Symfony, I propose to create a new repo for it, where a new team can take care of its future (let's say symfony/acl for instance).
ping @schmittjoh
The text was updated successfully, but these errors were encountered: