Bug #47429

Global policy files no longer allowed

Added by Thomas Hempel over 2 years ago. Updated about 2 years ago.

Status:New Start date:2013-04-22
Priority:Should have Due date:
Assigned To:- % Done:

0%
Category:Security
Target version:-
PHP Version: Complexity:
Has patch:No Affected Flow version:Git master

Description

Since one of the last changes, global policy files are no longer allowed. After a discussion on the IRC channel, this seems to be a bug.

All that should be checked is wether or not a role is defined in that Policy file not if it exists as it makes sense to configure the acls on installation base.

Other than that, this check should not be executed if the security is disabled at all which it is in my case.

History

#1 Updated by Thomas Hempel over 2 years ago

FYI: I'm not entirely sure what should be allowed in global policy files but I wonder why I am supposed to change the files of a package (which is not necessarily from me) in order to change the acls for, let's say Anonymous.

My global Policy.yaml file looks like this:

Vendor:
  MyPackage:
    acls:
      Anonymous:
        methods:
          updateMethods: GRANT
          createMethods: GRANT
          deleteMethods: GRANT

My local package Policy.yaml looks like:

roles:
  AdminRole: ['EditorRole']
  EditorRole: []

resources:
  entities: []
  methods:
    deleteMethods: 'method(Vendor\MyPackage\Controller\.*->delete.*())'
    updateMethods: 'method(Vendor\MyPackage\Controller\.*->update.*())'
    createMethods: 'method(Vendor\MyPackage\Controller\.*->create.*())'

acls:
  AdminRole:
    methods:
      deleteMethods: GRANT

  EditorRole:
    methods:
      updateMethods: GRANT
      createMethods: GRANT
      deleteMethods: DENY

#2 Updated by Robert Lemke about 2 years ago

  • Target version changed from 2.0 to 2.1

I'm afraid, we'll have to leave it like it is in order to get 2.0 out at some point. Postponing to 2.1.

#3 Updated by Robert Lemke about 2 years ago

  • Target version deleted (2.1)

#4 Updated by Philipp Maier about 2 years ago

Right now, not even Policy.yaml files within the "Vendor.Package/Configuration" folder are working.
After moving the Policy.yaml inside "Vendor.Package/Configuration/Development" it worked again.

This might be a bug, might be intended or just my Flow installation going to hell - I'll test this later with a fresh installation.

#5 Updated by Philipp Maier about 2 years ago

Disregard, updated my git repository URL and updated to current master. Perfectly working now.

Also available in: Atom PDF