Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

RBAC addRole: The role missing children, if the roles are added in wrong order #23

Open
kenchou opened this issue Jul 29, 2021 · 4 comments
Open

RBAC addRole: The role missing children, if the roles are added in wrong order #23

kenchou opened this issue Jul 29, 2021 · 4 comments
Labels
Awaiting Author Updates Bug Something isn't working

Comments

@kenchou
Copy link

kenchou commented Jul 29, 2021

Bug Report

Q A
Version(s) 3.1.0

Summary

The role permissions are wrong, if the roles are added in a different order

I use the package mezzio/mezzio-authorization-rbac.
some basic role in global.php, and add some debug role in local.php.
After merging, The local configuration is always after the global configuration

P:

  1. Role A is role B's parent, B is A's child
  2. add role with role name (string)

if add A before B, role A has child B, It's OK.
But if add A after B, role A hash no children!

Current behavior

How to reproduce

return [
    // ...
    'mezzio-authorization-rbac' => [
        'roles' => [
            '__member__' => ['SystemAdministrator'],
            '__guest__' => ['__member__'],
            'SystemAdministrator' => [],
        ],
        'permissions' => [
            '__guest__' => [
                'home',
                'account.login',
                'account.logout',
            ],
            '__member__' => [
                'account.profile',
            ],
        ],
    ]
];

if the role 'SystemAdministrator' is after member, it has no children.
if the role 'SystemAdministrator' is before member, the result is OK.

Expected behavior

SystemAdministrator has child member, ignore the order of addition.
@kenchou kenchou added the Bug Something isn't working label Jul 29, 2021
@kenchou kenchou changed the title RBAC addRole: The role permissions are wrong, if the roles are added in a different order RBAC addRole: The role missing children, if the roles are added in a different order Jul 29, 2021
@kenchou kenchou changed the title RBAC addRole: The role missing children, if the roles are added in a different order RBAC addRole: The role missing children, if the roles are added in wrong order Jul 29, 2021
@froschdesign
Copy link
Member

@kenchou
This component does not use are merge anything from configuration files. The configuration is used in a factory of mezzio-authorization-rbac: Mezzio\Authorization\Rbac\LaminasRbacFactory:

https://github.com/mezzio/mezzio-authorization-rbac/blob/979a7e821033fa819730998448491b7b1cd0833e/src/LaminasRbacFactory.php#L43-L45

Please report this problem in the issue tracker of mezzio-authorization-rbac. Thanks!

@froschdesign froschdesign added the Invalid This doesn't seem right label Jul 29, 2021
kenchou added a commit to kenchou/laminas-permissions-rbac that referenced this issue Jul 29, 2021
@kenchou
fix laminas#23
28c7534
@kenchou
Copy link
Author

kenchou commented Jul 29, 2021

mezzio configuration file merge order is OK. global first, local (for dev) overwrite or append it.

The root cause of the problem is addRole from string.
It new instance Even if role already exists (create with createMissingRoles=true)

    public function addRole($role, $parents = null) : void
    {
        if (is_string($role)) {
            $role = new Role($role);
        }

should first try to get an existing instance

$role = $this->roles[$role] ?? new Role($role);

@froschdesign
Copy link
Member

@kenchou
Please create a unit test which demonstrates the problem and send it as pull request to this repository. Thanks in advance! 👍

@froschdesign froschdesign reopened this Jul 29, 2021
@froschdesign froschdesign added Awaiting Author Updates and removed Invalid This doesn't seem right labels Jul 29, 2021
kenchou added a commit to kenchou/laminas-permissions-rbac that referenced this issue Jul 29, 2021
@kenchou
fix laminas#23
07a83aa 
Signed-off-by: Ken Chou <[email protected]>
@kenchou kenchou mentioned this issue Jul 29, 2021
Open
@kenchou
Copy link
Author

kenchou commented Jul 29, 2021

I create a unit test and open a PR:
#24

thx.

gsteel pushed a commit to gsteel/laminas-permissions-rbac that referenced this issue Nov 21, 2024
@kenchou @gsteel
fix laminas#23
b8a55c3 
Signed-off-by: Ken Chou <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Awaiting Author Updates Bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@froschdesign @kenchou