Removed the AddSecurityCallsPass

This compiler pass breaks the use of the security component and does
not add any value as the access control map and the role hierarchy
can (and should) be defined in the security config directly.

Command/DumpActionRolesCommand.php

@@ -24,13 +24,17 @@ use Symfony\Component\Config\Resource\FileResource;
 
 class DumpActionRolesCommand extends Command
 {
-
     public function configure()
     {
         $this->setName('sonata:admin:dump-action-roles');
-        $this->setDescription('');
-        $this->addOption('format', null, InputOption::VALUE_OPTIONAL, 'define the output format (default: yaml)', 'yaml');
-        $this->addOption('prefix', null, InputOption::VALUE_OPTIONAL, 'define the admin route prefix (default: /admin)', '/admin');
+        $this->setDescription('Dumps a set of access control rules for the classes');
+        $this->addOption('format', null, InputOption::VALUE_OPTIONAL, 'define the output format', 'yaml');
+        $this->addOption('prefix', null, InputOption::VALUE_OPTIONAL, 'define the admin route prefix', '/admin');
+        $this->setHelp(<<<EOF
+Dumps a role hierachy and a set of access control rules using a different role
+for each admin actions.
+EOF
+            );
     }
 
     public function execute(InputInterface $input, OutputInterface $output)
@@ -70,7 +74,7 @@ class DumpActionRolesCommand extends Command
     public function dumpYaml(OutputInterface $output, array $infos)
     {
 
-        $output->writeln('sonata_admin:');
+        $output->writeln('security:');
         $output->writeln('    access_control:');
         foreach ($infos as $groups) {
             foreach ($groups as $group) {
@@ -115,4 +119,4 @@ class DumpActionRolesCommand extends Command
         $collection->addPrefix($prefix);
         return $collection;
     }
-}
+}

DependencyInjection/AddSecurityCallsPass.php

@@ -1,101 +0,0 @@
-<?php
-
-/*
- * This file is part of the Sonata project.
- *
- * (c) Thomas Rabaix <thomas.rabaix@sonata-project.org>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-namespace Sonata\AdminBundle\DependencyInjection;
-
-use Symfony\Component\DependencyInjection\Definition;
-use Symfony\Component\DependencyInjection\ContainerBuilder;
-use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
-use Symfony\Component\DependencyInjection\Reference;
-use Symfony\Component\DependencyInjection\ContainerInterface;
-
-/**
- * This code append Admin security roles
- *
- * @author Thomas Rabaix <thomas.rabaix@sonata-project.org>
- * @author Fabien Potencier <fabien@symfony.com>
- * @author Johannes M. Schmitt <schmittjoh@gmail.com>
- */
-class AddSecurityCallsPass implements CompilerPassInterface
-{
-    /**
-     * {@inheritDoc}
-     */
-    public function process(ContainerBuilder $container)
-    {
-        $definition = $container->getDefinition('sonata_dummy_security');
-        $container->removeDefinition('sonata_dummy_security');
-
-        $config = $definition->getArguments();
-
-        $this->createAuthorization($config, $container);
-        $this->createRoleHierarchy($config, $container);
-    }
-
-    private function createRoleHierarchy($config, ContainerBuilder $container)
-    {
-        if (!isset($config['role_hierarchy'])) {
-            $container->removeDefinition('security.access.role_hierarchy_voter');
-
-            return;
-        }
-
-        $parameters = (array) $container->getParameter('security.role_hierarchy.roles');
-
-        $container->setParameter('security.role_hierarchy.roles', array_merge($parameters, $config['role_hierarchy']));
-        $container->removeDefinition('security.access.simple_role_voter');
-    }
-
-    private function createAuthorization($config, ContainerBuilder $container)
-    {
-        if (!$config['access_control']) {
-            return;
-        }
-
-        foreach ($config['access_control'] as $access) {
-            $matcher = $this->createRequestMatcher(
-                $container,
-                $access['path'],
-                $access['host'],
-                count($access['methods']) === 0 ? null : $access['methods'],
-                $access['ip']
-            );
-
-            $container->getDefinition('security.access_map')
-                      ->addMethodCall('add', array($matcher, $access['roles'], $access['requires_channel']));
-        }
-    }
-
-    private function createRequestMatcher($container, $path = null, $host = null, $methods = null, $ip = null, array $attributes = array())
-    {
-        $serialized = serialize(array($path, $host, $methods, $ip, $attributes));
-        $id = 'security.request_matcher.'.md5($serialized).sha1($serialized);
-
-        if (isset($this->requestMatchers[$id])) {
-            return $this->requestMatchers[$id];
-        }
-
-        // only add arguments that are necessary
-        $arguments = array($path, $host, $methods, $ip, $attributes);
-        while (count($arguments) > 0 && !end($arguments)) {
-            array_pop($arguments);
-        }
-
-        $container
-            ->register($id, '%security.matcher.class%')
-            ->setPublic(false)
-            ->setArguments($arguments)
-        ;
-
-        return $this->requestMatchers[$id] = new Reference($id);
-    }
-
-}

DependencyInjection/Configuration.php

@@ -37,8 +37,6 @@ class Configuration
         $rootNode = $treeBuilder->root('sonata_admin', 'array');
 
         $this->addTemplateSection($rootNode);
-        $this->addAccessControlSection($rootNode);
-        $this->addRoleHierarchySection($rootNode);
 
         return $treeBuilder->buildTree();
     }
@@ -56,56 +54,4 @@ class Configuration
             ->end()
         ->end();
     }
-
-    private function addAccessControlSection(ArrayNodeDefinition $rootNode)
-    {
-        $rootNode
-            ->fixXmlConfig('rule', 'access_control')
-            ->children()
-                ->arrayNode('access_control')
-                    ->cannotBeOverwritten()
-                    ->prototype('array')
-                        ->children()
-                            ->scalarNode('requires_channel')->defaultNull()->end()
-                            ->scalarNode('path')->defaultNull()->end()
-                            ->scalarNode('host')->defaultNull()->end()
-                            ->scalarNode('ip')->defaultNull()->end()
-                            ->arrayNode('methods')
-                                ->beforeNormalization()->ifString()->then(function($v) { return preg_split('/\s*,\s*/', $v); })->end()
-                                ->prototype('scalar')->end()
-                            ->end()
-                        ->end()
-                        ->fixXmlConfig('role')
-                        ->children()
-                            ->arrayNode('roles')
-                                ->beforeNormalization()->ifString()->then(function($v) { return preg_split('/\s*,\s*/', $v); })->end()
-                                ->prototype('scalar')->end()
-                            ->end()
-                        ->end()
-                    ->end()
-                ->end()
-            ->end()
-        ;
-    }
-
-    private function addRoleHierarchySection(ArrayNodeDefinition $rootNode)
-    {
-        $rootNode
-            ->fixXmlConfig('role', 'role_hierarchy')
-            ->children()
-                ->arrayNode('role_hierarchy')
-                    ->useAttributeAsKey('id')
-                    ->prototype('array')
-                        ->performNoDeepMerging()
-                        ->beforeNormalization()->ifString()->then(function($v) { return array('value' => $v); })->end()
-                        ->beforeNormalization()
-                            ->ifTrue(function($v) { return is_array($v) && isset($v['value']); })
-                            ->then(function($v) { return preg_split('/\s*,\s*/', $v['value']); })
-                        ->end()
-                        ->prototype('scalar')->end()
-                    ->end()
-                ->end()
-            ->end()
-        ;
-    }
 }

DependencyInjection/SonataAdminExtension.php

@@ -59,8 +59,6 @@ class SonataAdminExtension extends Extension
 
         // setups parameters with values in config.yml, default values from external files used if not
         $this->configSetupTemplates($config, $container);
-
-        $container->setDefinition('sonata_dummy_security', new Definition('stdClass', $config));
     }
 
     protected function configSetupTemplates($config, $container)

SonataAdminBundle.php

@@ -13,7 +13,6 @@ namespace Sonata\AdminBundle;
 use Symfony\Component\HttpKernel\Bundle\Bundle;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Sonata\AdminBundle\DependencyInjection\AddDependencyCallsPass;
-use Sonata\AdminBundle\DependencyInjection\AddSecurityCallsPass;
 
 class SonataAdminBundle extends Bundle
 {
@@ -23,6 +22,5 @@ class SonataAdminBundle extends Bundle
         parent::build($container);
 
         $container->addCompilerPass(new AddDependencyCallsPass());
-        $container->addCompilerPass(new AddSecurityCallsPass());
     }
 }