From a94de59f7385fa03b0180f084cc8c33c48775735 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Wed, 4 Oct 2017 11:08:06 +0200 Subject: [PATCH 1/3] Deprecated ACL --- security.rst | 12 ++++++++---- security/acl.rst | 5 +++++ security/acl_advanced.rst | 5 +++++ security/voters.rst | 6 ++---- 4 files changed, 20 insertions(+), 8 deletions(-) diff --git a/security.rst b/security.rst index 43b0cfbba25..0d52d9f0c51 100644 --- a/security.rst +++ b/security.rst @@ -637,10 +637,9 @@ The process of authorization has two different sides: .. tip:: In addition to roles (e.g. ``ROLE_ADMIN``), you can protect a resource - using other attributes/strings (e.g. ``EDIT``) and use voters or Symfony's - ACL system to give these meaning. This might come in handy if you need - to check if user A can "EDIT" some object B (e.g. a Product with id 5). - See :ref:`security-secure-objects`. + using other attributes/strings (e.g. ``EDIT``) and use voters to give these + meaning. This might come in handy if you need to check if user A can "EDIT" + some object B (e.g. a Product with id 5). See :ref:`security-secure-objects`. Roles ~~~~~ @@ -970,6 +969,10 @@ For more details on expressions and security, see :ref:`expressions-security`. Access Control Lists (ACLs): Securing individual Database Objects ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ +.. versionadded:: + ACL support was deprecated in Symfony 3.4 and will be removed in 4.0. Install + the `Symfony ACL bundle`_ if you wan to keep using ACL. + Imagine you are designing a blog where users can comment on your posts. You also want a user to be able to edit their own comments, but not those of other users. Also, as the admin user, you yourself want to be able to edit @@ -1322,3 +1325,4 @@ Other Security Related Topics .. _`frameworkextrabundle documentation`: https://symfony.com/doc/current/bundles/SensioFrameworkExtraBundle/index.html .. _`HWIOAuthBundle`: https://github.com/hwi/HWIOAuthBundle +.. _`Symfony ACL bundle`: https://github.com/symfony/acl-bundle diff --git a/security/acl.rst b/security/acl.rst index 95437575846..e5f5a9ff998 100644 --- a/security/acl.rst +++ b/security/acl.rst @@ -4,6 +4,10 @@ How to Use Access Control Lists (ACLs) ====================================== +.. versionadded:: + ACL support was deprecated in Symfony 3.4 and will be removed in 4.0. Install + the `Symfony ACL bundle`_ if you wan to keep using ACL. + In complex applications, you will often face the problem that access decisions cannot only be based on the person (``Token``) who is requesting access, but also involve a domain object that access is being requested for. This is where @@ -246,4 +250,5 @@ added above: The user is now allowed to view, edit, delete, and un-delete objects. +.. _`Symfony ACL bundle`: https://github.com/symfony/acl-bundle .. _`MongoDBAclBundle`: https://github.com/IamPersistent/MongoDBAclBundle diff --git a/security/acl_advanced.rst b/security/acl_advanced.rst index 6207a05be3f..e5c3f64a3bd 100644 --- a/security/acl_advanced.rst +++ b/security/acl_advanced.rst @@ -4,6 +4,10 @@ How to Use advanced ACL Concepts ================================ +.. versionadded:: + ACL support was deprecated in Symfony 3.4 and will be removed in 4.0. Install + the `Symfony ACL bundle`_ if you wan to keep using ACL. + The aim of this article is to give a more in-depth view of the ACL system, and also explain some of the design decisions behind it. @@ -195,4 +199,5 @@ is applicable, the class-scope ACEs will be checked. If none is applicable, then the process will be repeated with the ACEs of the parent ACL. If no parent ACL exists, an exception will be thrown. +.. _`Symfony ACL bundle`: https://github.com/symfony/acl-bundle .. _JMSSecurityExtraBundle: https://github.com/schmittjoh/JMSSecurityExtraBundle diff --git a/security/voters.rst b/security/voters.rst index 48b6fcf75a2..dbe5fc764fc 100644 --- a/security/voters.rst +++ b/security/voters.rst @@ -4,10 +4,8 @@ How to Use Voters to Check User Permissions =========================================== -In Symfony, you can check the permission to access data by using the -:doc:`ACL module `, which is a bit overwhelming -for many applications. A much easier solution is to work with custom voters, -which are like simple conditional statements. +Security voters are the most granular way of checking permissions (e.g. "can this +specific user edit ta given item?"). This article explains voters in detail. .. tip:: From eb4a0880dcf4ded0c838ade54b1ab0c2115773c5 Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Sun, 8 Oct 2017 22:05:19 +0200 Subject: [PATCH 2/3] Added version numbers to versionadded directives --- security.rst | 4 ++-- security/acl.rst | 2 +- security/acl_advanced.rst | 2 +- security/voters.rst | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/security.rst b/security.rst index 0d52d9f0c51..32d1ccd2f55 100644 --- a/security.rst +++ b/security.rst @@ -969,9 +969,9 @@ For more details on expressions and security, see :ref:`expressions-security`. Access Control Lists (ACLs): Securing individual Database Objects ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ -.. versionadded:: +.. versionadded:: 3.4 ACL support was deprecated in Symfony 3.4 and will be removed in 4.0. Install - the `Symfony ACL bundle`_ if you wan to keep using ACL. + the `Symfony ACL bundle`_ if you want to keep using ACL. Imagine you are designing a blog where users can comment on your posts. You also want a user to be able to edit their own comments, but not those of diff --git a/security/acl.rst b/security/acl.rst index e5f5a9ff998..ec95f04acc9 100644 --- a/security/acl.rst +++ b/security/acl.rst @@ -4,7 +4,7 @@ How to Use Access Control Lists (ACLs) ====================================== -.. versionadded:: +.. versionadded:: 3.4 ACL support was deprecated in Symfony 3.4 and will be removed in 4.0. Install the `Symfony ACL bundle`_ if you wan to keep using ACL. diff --git a/security/acl_advanced.rst b/security/acl_advanced.rst index e5c3f64a3bd..ca88be07c31 100644 --- a/security/acl_advanced.rst +++ b/security/acl_advanced.rst @@ -4,7 +4,7 @@ How to Use advanced ACL Concepts ================================ -.. versionadded:: +.. versionadded:: 3.4 ACL support was deprecated in Symfony 3.4 and will be removed in 4.0. Install the `Symfony ACL bundle`_ if you wan to keep using ACL. diff --git a/security/voters.rst b/security/voters.rst index dbe5fc764fc..fb30f4ce9dc 100644 --- a/security/voters.rst +++ b/security/voters.rst @@ -5,7 +5,7 @@ How to Use Voters to Check User Permissions =========================================== Security voters are the most granular way of checking permissions (e.g. "can this -specific user edit ta given item?"). This article explains voters in detail. +specific user edit the given item?"). This article explains voters in detail. .. tip:: From 3a0cb17a65b49b405f1bf3cf37cce7fd6a25aeaf Mon Sep 17 00:00:00 2001 From: Javier Eguiluz Date: Sun, 29 Oct 2017 12:14:21 +0100 Subject: [PATCH 3/3] Mention that ACL is deprecated in the security config reference --- reference/configuration/security.rst | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/reference/configuration/security.rst b/reference/configuration/security.rst index 6e29ed7bf96..e177d0325bf 100644 --- a/reference/configuration/security.rst +++ b/reference/configuration/security.rst @@ -30,8 +30,10 @@ Each part will be explained in the next section. strategy: affirmative # One of affirmative, consensus, unanimous allow_if_all_abstain: false allow_if_equal_granted_denied: true - acl: + # ACL support was deprecated in Symfony 3.4 and removed in Symfony 4.0 + # Use https://github.com/symfony/acl-bundle instead + acl: # any name configured in doctrine.dbal section connection: ~ cache: