Avoid collisions with cache keys at AbstractAdmin::isGranted()

sonata-project · Apr 14, 2020 · 0365019 · 0365019
1 parent df94e19
commit 0365019
Show file tree

Hide file tree

Showing 2 changed files with 35 additions and 13 deletions.
diff --git a/src/Admin/AbstractAdmin.php b/src/Admin/AbstractAdmin.php
@@ -2417,7 +2417,8 @@ public function getSecurityHandler()
 
     public function isGranted($name, $object = null)
     {
-        $key = md5(json_encode($name).($object ? '/'.spl_object_hash($object) : ''));
+        $objectRef = $object ? '/'.spl_object_hash($object).'#'.$this->id($object) : '';
+        $key = md5(json_encode($name).$objectRef);
 
         if (!\array_key_exists($key, $this->cacheIsGranted)) {
             $this->cacheIsGranted[$key] = $this->securityHandler->isGranted($this, $name, $object ?: $this);

diff --git a/tests/Admin/AdminTest.php b/tests/Admin/AdminTest.php
@@ -1294,35 +1294,56 @@ public function testDeterminedPerPageValue(): void
     public function testIsGranted(): void
     {
         $admin = new PostAdmin('sonata.post.admin.post', 'Acme\NewsBundle\Entity\Post', 'Sonata\NewsBundle\Controller\PostAdminController');
+        $modelManager = $this->createStub(ModelManagerInterface::class);
+        $modelManager
+            ->method('getNormalizedIdentifier')
+            ->willReturnCallback(static function (?object $entity = null): ?string {
+                return $entity ? $entity->id : null;
+            });
 
-        $entity = new \stdClass();
+        $admin->setModelManager($modelManager);
+
+        $entity1 = new \stdClass();
+        $entity1->id = '1';
 
         $securityHandler = $this->createMock(AclSecurityHandlerInterface::class);
         $securityHandler
+            ->expects($this->exactly(6))
             ->method('isGranted')
             ->willReturnCallback(static function (
                 AdminInterface $adminIn,
                 string $attributes,
-                $object = null
+                ?object $object = null
             ) use (
                 $admin,
-                $entity
+                $entity1
             ): bool {
-                if ($admin === $adminIn && 'FOO' === $attributes) {
-                    if (($object === $admin) || ($object === $entity)) {
-                        return true;
-                    }
-                }
-
-                return false;
+                return $admin === $adminIn && 'FOO' === $attributes &&
+                    ($object === $admin || $object === $entity1);
             });
 
         $admin->setSecurityHandler($securityHandler);
 
         $this->assertTrue($admin->isGranted('FOO'));
-        $this->assertTrue($admin->isGranted('FOO', $entity));
+        $this->assertTrue($admin->isGranted('FOO'));
+        $this->assertTrue($admin->isGranted('FOO', $entity1));
+        $this->assertTrue($admin->isGranted('FOO', $entity1));
+        $this->assertFalse($admin->isGranted('BAR'));
         $this->assertFalse($admin->isGranted('BAR'));
-        $this->assertFalse($admin->isGranted('BAR', $entity));
+        $this->assertFalse($admin->isGranted('BAR', $entity1));
+        $this->assertFalse($admin->isGranted('BAR', $entity1));
+
+        $entity2 = new \stdClass();
+        $entity2->id = '2';
+
+        $this->assertFalse($admin->isGranted('BAR', $entity2));
+        $this->assertFalse($admin->isGranted('BAR', $entity2));
+
+        $entity3 = new \stdClass();
+        $entity3->id = '3';
+
+        $this->assertFalse($admin->isGranted('BAR', $entity3));
+        $this->assertFalse($admin->isGranted('BAR', $entity3));
     }
 
     public function testSupportsPreviewMode(): void