Bug #31997
Security Context::hasRole should also work recursively; this makes <f:security.ifHasRole> work recursively as well
Status: | Resolved | Start date: | 2011-11-22 | |
---|---|---|---|---|
Priority: | Should have | Due date: | ||
Assigned To: | Sebastian Kurfuerst | % Done: | 100% |
|
Category: | Security | |||
Target version: | TYPO3 Flow Base Distribution - 1.1 | |||
PHP Version: | Complexity: | |||
Has patch: | No | Affected Flow version: | FLOW3 1.0.0 |
Description
Security Context::getRoles() returns ALL roles, while Security Context::hasRole checks only inside the first-level roles of the token. This needs to be fixed and made consistent.
Associated revisions
[BUGFIX] Context::hasRole() now checks roles recursively
Previously, hasRole() only considered the first level of roles of a
token. getRoles() instead always considered all roles, including those
on a lower level.
This patch fixes the behavior of hasRole() by checking for roles
recursively. As before, the "Everybody" role is a role even non-
authenticated and anonymous users have.
This also fixes <f:security.ifHasRole>, as this ViewHelper directly uses
Context::getRoles.
Fixes: #31997
Releases: 1.1
Change-Id: I4a2c5ed8013c1d2a02dd569da6efa4101a5f7792
History
#1 Updated by Mr. Jenkins over 3 years ago
Patch set 1 of change I4a2c5ed8013c1d2a02dd569da6efa4101a5f7792 has been pushed to the review server.
It is available at http://review.typo3.org/6859
#2 Updated by Karsten Dambekalns over 3 years ago
- Status changed from Accepted to Under Review
#3 Updated by Gerrit Code Review over 3 years ago
Patch set 2 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6859
#4 Updated by Karsten Dambekalns over 3 years ago
- Target version changed from 1.0.2 to 1.0.3
#5 Updated by Gerrit Code Review over 3 years ago
Patch set 3 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6859
#6 Updated by Karsten Dambekalns over 3 years ago
- Target version changed from 1.0.3 to 1.0.4
#7 Updated by Gerrit Code Review over 3 years ago
Patch set 4 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6859
#8 Updated by Karsten Dambekalns over 3 years ago
- Target version changed from 1.0.4 to 1.1
#9 Updated by Gerrit Code Review over 3 years ago
Patch set 5 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6859
#10 Updated by Gerrit Code Review over 3 years ago
Patch set 6 for branch master has been pushed to the review server.
It is available at http://review.typo3.org/6859
#11 Updated by Sebastian Kurfuerst over 3 years ago
- Status changed from Under Review to Resolved
- % Done changed from 0 to 100
Applied in changeset 861231e1eff72b53d3dd415c496bed2b29752358.