Add own role context provider, & remove usage of kernel PurgeClientIn…

…terface (#43) * Move Role Context Provider from kernel to http cahce bundle * Drop extending kernel PurgeClientInterface * Remove usage of kernel Purge Client * Remove Role Id from kernel also from arguments passed to FosHttpCache
ezsystems · Dec 18, 2017 · d453214 · d453214
1 parent 764ede5
commit d453214
Show file tree

Hide file tree

Showing 11 changed files with 313 additions and 171 deletions.
diff --git a/spec/DependencyInjection/Compiler/KernelPassSpec.php b/spec/DependencyInjection/Compiler/KernelPassSpec.php
@@ -6,6 +6,7 @@
 use PhpSpec\ObjectBehavior;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Definition;
+use Symfony\Component\DependencyInjection\Reference;
 
 class KernelPassSpec extends ObjectBehavior
 {
@@ -14,9 +15,10 @@ function it_is_initializable()
         $this->shouldHaveType(KernelPass::class);
     }
 
-    function it_disables_the_kernels_httpcache_services(ContainerBuilder $container, Definition $cacheClearer)
+    function it_disables_the_kernels_httpcache_services(ContainerBuilder $container, Definition $cacheClearer, Definition $hashGenerator)
     {
         $container->getAlias('ezpublish.http_cache.purge_client')->willReturn('some_random_id');
+        $container->hasAlias('ezpublish.http_cache.purger')->willReturn(true);
         $container->getAlias('ezpublish.http_cache.purger')->willReturn('some_random_id');
         $container->getDefinitions()->willReturn([
             'ezpublish.http_cache.witness_service' => new Definition(),
@@ -52,6 +54,23 @@ function it_disables_the_kernels_httpcache_services(ContainerBuilder $container,
             ]
         ])->shouldBeCalled();
 
+        $container->hasDefinition('ezpublish.user.identity_definer.role_id')->willReturn(true);
+        $container->removeDefinition('ezpublish.user.identity_definer.role_id')->willReturn(true);
+        $container->getDefinition('fos_http_cache.user_context.hash_generator')->willReturn($hashGenerator);
+        $hashGenerator->getArguments()->willReturn([
+            [
+                $ref1 = new Reference('ezplatform.http_cache.user_context_provider.role_identify'),
+                $ref2 = new Reference('ezpublish.user.hash_generator'),
+                new Reference('ezpublish.user.identity_definer.role_id'),
+            ]
+        ]);
+        $hashGenerator->setArguments([
+            [
+                $ref1,
+                $ref2,
+            ]
+        ])->shouldBeCalled();
+
         $container->getParameter('ezpublish.http_cache.purge_type')->shouldBeCalled();
         $container->setParameter('ezplatform.http_cache.purge_type', null)->shouldBeCalled();
 

diff --git a/src/ContextProvider/RoleIdentify.php b/src/ContextProvider/RoleIdentify.php
@@ -0,0 +1,65 @@
+<?php
+
+/**
+ * @copyright Copyright (C) eZ Systems AS. All rights reserved.
+ * @license For full copyright and license information view LICENSE file distributed with this source code.
+ */
+namespace EzSystems\PlatformHttpCacheBundle\ContextProvider;
+
+use eZ\Publish\API\Repository\Repository;
+use FOS\HttpCache\UserContext\ContextProviderInterface;
+use FOS\HttpCache\UserContext\UserContext;
+
+/**
+ * Identity definer based on current user role ids and role limitations.
+ *
+ * This will make sure user context hash is unique for all users that share same rights.
+ *
+ * Note:
+ * If you need to vary by user this could be done with own vary by header logic to be able to vary by session id.
+ * For user unique policies like Owner limitation, make sure to handle this in controller/view layer, in
+ * the future there might be a way in api to give hints to view/controllers about this more cleanly.
+ */
+class RoleIdentify implements ContextProviderInterface
+{
+    /**
+     * @var \eZ\Publish\Core\Repository\Repository
+     */
+    protected $repository;
+
+    public function __construct(Repository $repository)
+    {
+        $this->repository = $repository;
+    }
+
+    public function updateUserContext(UserContext $context)
+    {
+        $user = $this->repository->getCurrentUser();
+        /** @var \eZ\Publish\API\Repository\Values\User\RoleAssignment[] $roleAssignments */
+        $roleAssignments = $this->repository->sudo(
+            function (Repository $repository) use ($user) {
+                return $repository->getRoleService()->getRoleAssignmentsForUser($user, true);
+            }
+        );
+
+        $roleIds = array();
+        $limitationValues = array();
+        /** @var \eZ\Publish\API\Repository\Values\User\UserRoleAssignment $roleAssignment */
+        foreach ($roleAssignments as $roleAssignment) {
+            $roleId = $roleAssignment->getRole()->id;
+            $roleIds[] = $roleId;
+            $limitation = $roleAssignment->getRoleLimitation();
+            // If a limitation is present, store the limitation values by roleId
+            if ($limitation !== null) {
+                $limitationValuesKey = sprintf('%s-%s', $roleId, $limitation->getIdentifier());
+                $limitationValues[$limitationValuesKey] = array();
+                foreach ($limitation->limitationValues as $value) {
+                    $limitationValues[$limitationValuesKey][] = $value;
+                }
+            }
+        }
+
+        $context->addParameter('roleIdList', $roleIds);
+        $context->addParameter('roleLimitationList', $limitationValues);
+    }
+}
diff --git a/src/DependencyInjection/Compiler/KernelPass.php b/src/DependencyInjection/Compiler/KernelPass.php
@@ -7,6 +7,7 @@
 
 use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
 use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Reference;
 
 /**
  * Disables some of the http-cache services declared by the kernel so that
@@ -25,8 +26,13 @@ public function process(ContainerBuilder $container)
                 $container->removeDefinition($id);
             }
         }
-        $container->removeAlias('ezpublish.http_cache.purger');
+
+        if ($container->hasAlias('ezpublish.http_cache.purger')) {
+            $container->removeAlias('ezpublish.http_cache.purger');
+        }
+
         $this->symfonyPre34BC($container);
+        $this->removeKernelRoleIdContextProvider($container);
 
         // Let's re-export purge_type setting so that driver's don't have to depend on kernel in order to acquire it
         $container->setParameter('ezplatform.http_cache.purge_type', $container->getParameter('ezpublish.http_cache.purge_type'));
@@ -54,6 +60,31 @@ protected function symfonyPre34BC(ContainerBuilder $container)
         $container->getDefinition('cache_clearer')->setArguments($arguments);
     }
 
+    /**
+     * @param ContainerBuilder $container
+     */
+    protected function removeKernelRoleIdContextProvider(ContainerBuilder $container)
+    {
+        if (!$container->hasDefinition('ezpublish.user.identity_definer.role_id')) {
+            return;
+        }
+
+        // As we set role identify ourselves here we remove varant from kernel if it is there.
+        // We don't touch ezpublish.user.hash_generator, as it's deprecated extension point by kernel
+        $container->removeDefinition('ezpublish.user.identity_definer.role_id');
+
+        // Also remove from arguments already passed to FOSHttpCache via compiler pass there.
+        $arguments = $container->getDefinition('fos_http_cache.user_context.hash_generator')->getArguments();
+        $arguments[0] = array_values(array_filter($arguments[0], function (Reference $argument) {
+            if ((string)$argument === 'ezpublish.user.identity_definer.role_id') {
+                return false;
+            }
+
+            return true;
+        }));
+        $container->getDefinition('fos_http_cache.user_context.hash_generator')->setArguments($arguments);
+    }
+
     /**
      * @param string $id
      *

diff --git a/src/PurgeClient/PurgeClientInterface.php b/src/PurgeClient/PurgeClientInterface.php
@@ -1,19 +1,15 @@
 <?php
 
 /**
- * File containing the Cache PurgeClientInterface class.
- *
  * @copyright Copyright (C) eZ Systems AS. All rights reserved.
  * @license For full copyright and license information view LICENSE file distributed with this source code.
  */
 namespace EzSystems\PlatformHttpCacheBundle\PurgeClient;
 
-use eZ\Publish\Core\MVC\Symfony\Cache\PurgeClientInterface as KernelPurgeClientInterface;
-
 /**
- * KernelPurgeClientInterface is deprecated, and will be removed in a later version when compatibility with ezpublish-kernel 6.x is dropped.
+ * Interface for Purge Clients.
  */
-interface PurgeClientInterface extends KernelPurgeClientInterface
+interface PurgeClientInterface
 {
     /**
      * Triggers the cache purge of $tags.

diff --git a/src/Resources/config/services.yml b/src/Resources/config/services.yml
@@ -40,3 +40,8 @@ services:
          - '%ezplatform.http_cache.tags.header%'
          - '@ezplatform.http_cache.purge_client'
 
+    ezplatform.http_cache.user_context_provider.role_identify:
+        class: EzSystems\PlatformHttpCacheBundle\ContextProvider\RoleIdentify
+        arguments: ["@ezpublish.api.repository"]
+        tags:
+            - { name: fos_http_cache.user_context_provider }
diff --git a/src/SignalSlot/AbstractSlot.php b/src/SignalSlot/AbstractSlot.php
@@ -8,7 +8,7 @@
  */
 namespace EzSystems\PlatformHttpCacheBundle\SignalSlot;
 
-use eZ\Publish\Core\MVC\Symfony\Cache\PurgeClientInterface;
+use EzSystems\PlatformHttpCacheBundle\PurgeClient\PurgeClientInterface;
 use eZ\Publish\Core\SignalSlot\Signal;
 use eZ\Publish\Core\SignalSlot\Slot;
 
@@ -18,12 +18,12 @@
 abstract class AbstractSlot extends Slot
 {
     /**
-     * @var \eZ\Publish\Core\MVC\Symfony\Cache\PurgeClientInterface
+     * @var \EzSystems\PlatformHttpCacheBundle\PurgeClient\PurgeClientInterface
      */
     protected $purgeClient;
 
     /**
-     * @param \eZ\Publish\Core\MVC\Symfony\Cache\PurgeClientInterface $purgeClient
+     * @param \EzSystems\PlatformHttpCacheBundle\PurgeClient\PurgeClientInterface $purgeClient
      */
     public function __construct(PurgeClientInterface $purgeClient)
     {

diff --git a/src/SignalSlot/HttpCacheSlot.php b/src/SignalSlot/HttpCacheSlot.php
diff --git a/src/SignalSlot/PublishVersionSlot.php b/src/SignalSlot/PublishVersionSlot.php
@@ -8,7 +8,7 @@
  */
 namespace EzSystems\PlatformHttpCacheBundle\SignalSlot;
 
-use eZ\Publish\Core\MVC\Symfony\Cache\PurgeClientInterface;
+use EzSystems\PlatformHttpCacheBundle\PurgeClient\PurgeClientInterface;
 use eZ\Publish\Core\SignalSlot\Signal;
 use eZ\Publish\SPI\Persistence\Content\Location\Handler;
 
@@ -23,7 +23,7 @@ class PublishVersionSlot extends AbstractContentSlot
     private $locationHandler;
 
     /**
-     * @param \eZ\Publish\Core\MVC\Symfony\Cache\PurgeClientInterface $purgeClient
+     * @param \EzSystems\PlatformHttpCacheBundle\PurgeClient\PurgeClientInterface $purgeClient
      * @param \eZ\Publish\SPI\Persistence\Content\Location\Handler $spiLocationHandler
      */
     public function __construct(PurgeClientInterface $purgeClient, Handler $spiLocationHandler)

diff --git a/src/SignalSlot/PurgeAllHttpCacheSlot.php b/src/SignalSlot/PurgeAllHttpCacheSlot.php
diff --git a/src/SignalSlot/PurgeForContentHttpCacheSlot.php b/src/SignalSlot/PurgeForContentHttpCacheSlot.php