[Security][Acl] enforce string identifiers

xabbuh · xabbuh · commit 1bd6c22e4ef5 · 2015-05-31T17:00:49.000+02:00
diff --git a/Acl/Domain/ObjectIdentity.php b/Acl/Domain/ObjectIdentity.php
@@ -36,7 +36,7 @@ final class ObjectIdentity implements ObjectIdentityInterface
      */
     public function __construct($identifier, $type)
     {
-        if (empty($identifier)) {
+        if ('' === $identifier) {
             throw new \InvalidArgumentException('$identifier cannot be empty.');
         }
         if (empty($type)) {
@@ -66,7 +66,7 @@ public static function fromDomainObject($domainObject)
             if ($domainObject instanceof DomainObjectInterface) {
                 return new self($domainObject->getObjectIdentifier(), ClassUtils::getRealClass($domainObject));
             } elseif (method_exists($domainObject, 'getId')) {
-                return new self($domainObject->getId(), ClassUtils::getRealClass($domainObject));
+                return new self((string) $domainObject->getId(), ClassUtils::getRealClass($domainObject));
             }
         } catch (\InvalidArgumentException $invalid) {
             throw new InvalidDomainObjectException($invalid->getMessage(), 0, $invalid);
diff --git a/Tests/Acl/Domain/ObjectIdentityTest.php b/Tests/Acl/Domain/ObjectIdentityTest.php
@@ -64,6 +64,26 @@ public function testFromDomainObjectWithProxy()
             $this->assertEquals('Symfony\Component\Security\Tests\Acl\Domain\TestDomainObject', $id->getType());
         }
 
+        public function testFromDomainObjectWithoutInterfaceEnforcesStringIdentifier()
+        {
+            $domainObject = new TestDomainObject();
+            $domainObject->id = 1;
+            $id = ObjectIdentity::fromDomainObject($domainObject);
+
+            $this->assertSame('1', $id->getIdentifier());
+            $this->assertEquals('Symfony\Component\Security\Tests\Acl\Domain\TestDomainObject', $id->getType());
+        }
+
+        public function testFromDomainObjectWithoutInterfaceAllowsZeroAsIdentifier()
+        {
+            $domainObject = new TestDomainObject();
+            $domainObject->id = '0';
+            $id = ObjectIdentity::fromDomainObject($domainObject);
+
+            $this->assertSame('0', $id->getIdentifier());
+            $this->assertEquals('Symfony\Component\Security\Tests\Acl\Domain\TestDomainObject', $id->getType());
+        }
+
         /**
          * @dataProvider getCompareData
          */
@@ -89,14 +109,16 @@ public function getCompareData()
 
     class TestDomainObject
     {
+        public $id = 'getId()';
+
         public function getObjectIdentifier()
         {
             return 'getObjectIdentifier()';
         }
 
         public function getId()
         {
-            return 'getId()';
+            return $this->id;
         }
     }
 }

Original file line number	Diff line number	Diff line change
`@@ -36,7 +36,7 @@ final class ObjectIdentity implements ObjectIdentityInterface`
`36`	`36`	`*/`
`37`	`37`	`public function __construct($identifier, $type)`
`38`	`38`	`{`
`39`		`- if (empty($identifier)) {`
	`39`	`+ if ('' === $identifier) {`
`40`	`40`	`throw new \InvalidArgumentException('$identifier cannot be empty.');`
`41`	`41`	`}`
`42`	`42`	`if (empty($type)) {`
`@@ -66,7 +66,7 @@ public static function fromDomainObject($domainObject)`
`66`	`66`	`if ($domainObject instanceof DomainObjectInterface) {`
`67`	`67`	`return new self($domainObject->getObjectIdentifier(), ClassUtils::getRealClass($domainObject));`
`68`	`68`	`} elseif (method_exists($domainObject, 'getId')) {`
`69`		`- return new self($domainObject->getId(), ClassUtils::getRealClass($domainObject));`
	`69`	`+ return new self((string) $domainObject->getId(), ClassUtils::getRealClass($domainObject));`
`70`	`70`	`}`
`71`	`71`	`} catch (\InvalidArgumentException $invalid) {`
`72`	`72`	`throw new InvalidDomainObjectException($invalid->getMessage(), 0, $invalid);`
Original file line number	Diff line number	Diff line change
`@@ -64,6 +64,26 @@ public function testFromDomainObjectWithProxy()`
`64`	`64`	`$this->assertEquals('Symfony\Component\Security\Tests\Acl\Domain\TestDomainObject', $id->getType());`
`65`	`65`	`}`
`66`	`66`
	`67`	`+ public function testFromDomainObjectWithoutInterfaceEnforcesStringIdentifier()`
	`68`	`+ {`
	`69`	`+ $domainObject = new TestDomainObject();`
	`70`	`+ $domainObject->id = 1;`
	`71`	`+ $id = ObjectIdentity::fromDomainObject($domainObject);`
	`72`	`+`
	`73`	`+ $this->assertSame('1', $id->getIdentifier());`
	`74`	`+ $this->assertEquals('Symfony\Component\Security\Tests\Acl\Domain\TestDomainObject', $id->getType());`
	`75`	`+ }`
	`76`	`+`
	`77`	`+ public function testFromDomainObjectWithoutInterfaceAllowsZeroAsIdentifier()`
	`78`	`+ {`
	`79`	`+ $domainObject = new TestDomainObject();`
	`80`	`+ $domainObject->id = '0';`
	`81`	`+ $id = ObjectIdentity::fromDomainObject($domainObject);`
	`82`	`+`
	`83`	`+ $this->assertSame('0', $id->getIdentifier());`
	`84`	`+ $this->assertEquals('Symfony\Component\Security\Tests\Acl\Domain\TestDomainObject', $id->getType());`
	`85`	`+ }`
	`86`	`+`
`67`	`87`	`/**`
`68`	`88`	`* @dataProvider getCompareData`
`69`	`89`	`*/`
`@@ -89,14 +109,16 @@ public function getCompareData()`
`89`	`109`
`90`	`110`	`class TestDomainObject`
`91`	`111`	`{`
	`112`	`+ public $id = 'getId()';`
	`113`	`+`
`92`	`114`	`public function getObjectIdentifier()`
`93`	`115`	`{`
`94`	`116`	`return 'getObjectIdentifier()';`
`95`	`117`	`}`
`96`	`118`
`97`	`119`	`public function getId()`
`98`	`120`	`{`
`99`		`- return 'getId()';`
	`121`	`+ return $this->id;`
`100`	`122`	`}`
`101`	`123`	`}`
`102`	`124`	`}`