[Security] Add retrieval of encompassing role names#1
Open
PierreCapel wants to merge 1 commit into7.1from
Open
[Security] Add retrieval of encompassing role names#1PierreCapel wants to merge 1 commit into7.1from
PierreCapel wants to merge 1 commit into7.1from
Conversation
PierreCapel
force-pushed
the
feat/security-get-reached-role-names
branch
2 times, most recently
from
9e694b8 to
7d22ee3
Compare
The aim of this method is to provide a handy way of getting the roles that encompass (or are parent of) an array of roles. It is similar to the getReachableRoleNames from the same interface but instead of retrieving the children roles it retrieves the parent roles. A typical use case would be when we get a user role from a database and need to get all the roles that also have access to what this role can access.
PierreCapel
force-pushed
the
feat/security-get-reached-role-names
branch
from
7d22ee3 to
60372a5
Compare
PierreCapel
pushed a commit
that referenced
this pull request
Mar 14, 2024
…hen publishing a message. (jwage) This PR was squashed before being merged into the 6.4 branch. Discussion ---------- [Messenger] [Amqp] Handle AMQPConnectionException when publishing a message. | Q | A | ------------- | --- | Branch? | 6.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | Fix symfony#36538 Fix symfony#48241 | License | MIT If you have a message handler that dispatches messages to another queue, you can encounter `AMQPConnectionException` with the message "Library error: a SSL error occurred" or "a socket error occurred" depending on if you are using tls or not or if you are running behind a load balancer or not. You can manually reproduce this issue by dispatching a message where the handler then dispatches another message to a different queue, then go to rabbitmq admin and close the connection manually, then dispatch another message and when the message handler goes to dispatch the other message, you will get this exception: ``` a socket error occurred #0 /vagrant/vendor/symfony/amqp-messenger/Transport/AmqpTransport.php(60): Symfony\Component\Messenger\Bridge\Amqp\Transport\AmqpSender->send() #1 /vagrant/vendor/symfony/messenger/Middleware/SendMessageMiddleware.php(62): Symfony\Component\Messenger\Bridge\Amqp\Transport\AmqpTransport->send() symfony#2 /vagrant/vendor/symfony/messenger/Middleware/FailedMessageProcessingMiddleware.php(34): Symfony\Component\Messenger\Middleware\SendMessageMiddleware->handle() symfony#3 /vagrant/vendor/symfony/messenger/Middleware/DispatchAfterCurrentBusMiddleware.php(61): Symfony\Component\Messenger\Middleware\FailedMessageProcessingMiddleware->handle() symfony#4 /vagrant/vendor/symfony/messenger/Middleware/RejectRedeliveredMessageMiddleware.php(41): Symfony\Component\Messenger\Middleware\DispatchAfterCurrentBusMiddleware->handle() symfony#5 /vagrant/vendor/symfony/messenger/Middleware/AddBusNameStampMiddleware.php(37): Symfony\Component\Messenger\Middleware\RejectRedeliveredMessageMiddleware->handle() symfony#6 /vagrant/vendor/symfony/messenger/Middleware/TraceableMiddleware.php(40): Symfony\Component\Messenger\Middleware\AddBusNameStampMiddleware->handle() symfony#7 /vagrant/vendor/symfony/messenger/MessageBus.php(70): Symfony\Component\Messenger\Middleware\TraceableMiddleware->handle() symfony#8 /vagrant/vendor/symfony/messenger/TraceableMessageBus.php(38): Symfony\Component\Messenger\MessageBus->dispatch() symfony#9 /vagrant/src/Messenger/MessageBus.php(37): Symfony\Component\Messenger\TraceableMessageBus->dispatch() symfony#10 /vagrant/vendor/symfony/mailer/Mailer.php(66): App\Messenger\MessageBus->dispatch() symfony#11 /vagrant/src/Mailer/Mailer.php(83): Symfony\Component\Mailer\Mailer->send() symfony#12 /vagrant/src/Mailer/Mailer.php(96): App\Mailer\Mailer->send() symfony#13 /vagrant/src/MessageHandler/Trading/StrategySubscriptionMessageHandler.php(118): App\Mailer\Mailer->sendEmail() symfony#14 /vagrant/src/MessageHandler/Trading/StrategySubscriptionMessageHandler.php(72): App\MessageHandler\Trading\StrategySubscriptionMessageHandler->handle() symfony#15 /vagrant/vendor/symfony/messenger/Middleware/HandleMessageMiddleware.php(152): App\MessageHandler\Trading\StrategySubscriptionMessageHandler->__invoke() symfony#16 /vagrant/vendor/symfony/messenger/Middleware/HandleMessageMiddleware.php(91): Symfony\Component\Messenger\Middleware\HandleMessageMiddleware->callHandler() symfony#17 /vagrant/vendor/symfony/messenger/Middleware/SendMessageMiddleware.php(71): Symfony\Component\Messenger\Middleware\HandleMessageMiddleware->handle() symfony#18 /vagrant/vendor/symfony/messenger/Middleware/FailedMessageProcessingMiddleware.php(34): Symfony\Component\Messenger\Middleware\SendMessageMiddleware->handle() symfony#19 /vagrant/vendor/symfony/messenger/Middleware/DispatchAfterCurrentBusMiddleware.php(68): Symfony\Component\Messenger\Middleware\FailedMessageProcessingMiddleware->handle() symfony#20 /vagrant/vendor/symfony/messenger/Middleware/RejectRedeliveredMessageMiddleware.php(41): Symfony\Component\Messenger\Middleware\DispatchAfterCurrentBusMiddleware->handle() symfony#21 /vagrant/vendor/symfony/messenger/Middleware/AddBusNameStampMiddleware.php(37): Symfony\Component\Messenger\Middleware\RejectRedeliveredMessageMiddleware->handle() symfony#22 /vagrant/vendor/symfony/messenger/Middleware/TraceableMiddleware.php(40): Symfony\Component\Messenger\Middleware\AddBusNameStampMiddleware->handle() symfony#23 /vagrant/vendor/symfony/messenger/MessageBus.php(70): Symfony\Component\Messenger\Middleware\TraceableMiddleware->handle() symfony#24 /vagrant/vendor/symfony/messenger/TraceableMessageBus.php(38): Symfony\Component\Messenger\MessageBus->dispatch() symfony#25 /vagrant/vendor/symfony/messenger/RoutableMessageBus.php(54): Symfony\Component\Messenger\TraceableMessageBus->dispatch() symfony#26 /vagrant/vendor/symfony/messenger/Worker.php(162): Symfony\Component\Messenger\RoutableMessageBus->dispatch() symfony#27 /vagrant/vendor/symfony/messenger/Worker.php(109): Symfony\Component\Messenger\Worker->handleMessage() symfony#28 /vagrant/vendor/symfony/messenger/Command/ConsumeMessagesCommand.php(238): Symfony\Component\Messenger\Worker->run() symfony#29 /vagrant/vendor/symfony/console/Command/Command.php(326): Symfony\Component\Messenger\Command\ConsumeMessagesCommand->execute() symfony#30 /vagrant/vendor/symfony/console/Application.php(1096): Symfony\Component\Console\Command\Command->run() symfony#31 /vagrant/vendor/symfony/framework-bundle/Console/Application.php(126): Symfony\Component\Console\Application->doRunCommand() symfony#32 /vagrant/vendor/symfony/console/Application.php(324): Symfony\Bundle\FrameworkBundle\Console\Application->doRunCommand() symfony#33 /vagrant/vendor/symfony/framework-bundle/Console/Application.php(80): Symfony\Component\Console\Application->doRun() symfony#34 /vagrant/vendor/symfony/console/Application.php(175): Symfony\Bundle\FrameworkBundle\Console\Application->doRun() symfony#35 /vagrant/vendor/symfony/runtime/Runner/Symfony/ConsoleApplicationRunner.php(49): Symfony\Component\Console\Application->run() symfony#36 /vagrant/vendor/autoload_runtime.php(29): Symfony\Component\Runtime\Runner\Symfony\ConsoleApplicationRunner->run() symfony#37 /vagrant/bin/console(11): require_once('...') symfony#38 {main} ``` TODO: - [x] Add test for retry logic when publishing messages Commits ------- f123370 [Messenger] [Amqp] Handle AMQPConnectionException when publishing a message.
nicolas-grekas
added a commit
that referenced
this pull request
Jan 30, 2026
…eout must be positive` (Jeroeny) This PR was merged into the 6.4 branch. Discussion ---------- [HttpClient] Fix `Warning: curl_multi_select(): timeout must be positive` | Q | A | ------------- | --- | Branch? | 6.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | License | MIT Full error text: `ErrorException: Warning: curl_multi_select(): timeout must be between 0 and 2147484` Somehow this timeout is a negative float in some cases. I haven't been able to reproduce it manually. Here's an example: <img width="979" height="920" alt="image" src="https://github.com/user-attachments/assets/57e44026-cb1a-412c-acb2-b94ec13de48e" /> ``` ErrorException: Warning: curl_multi_select(): timeout must be between 0 and 2147484 #0 /vendor/symfony/http-client/Response/CurlResponse.php(342): Symfony\Component\HttpClient\Response\CurlResponse::select #1 /vendor/symfony/http-client/Response/TransportResponseTrait.php(298): Symfony\Component\HttpClient\Response\CurlResponse::stream symfony#2 /vendor/symfony/http-client/Response/CommonResponseTrait.php(148): Symfony\Component\HttpClient\Response\CurlResponse::initialize symfony#3 /vendor/symfony/http-client/Response/TransportResponseTrait.php(130): Symfony\Component\HttpClient\Response\CurlResponse::doDestruct symfony#4 /vendor/symfony/http-client/Response/CurlResponse.php(242): Symfony\Component\HttpClient\Response\CurlResponse::__destruct symfony#5 /vendor/sentry/sentry/src/Client.php(177): Sentry\Client::captureEvent symfony#6 /vendor/sentry/sentry/src/State/Hub.php(155): Sentry\State\Hub::captureEvent symfony#7 /vendor/sentry/sentry/src/Tracing/Transaction.php(188): Sentry\Tracing\Transaction::finish symfony#8 /vendor/..redacted(): ...::shutdownHandler symfony#9 [internal](0) ``` Not sure if this is the place to enforce the `>=0` float or in https://github.com/symfony/symfony/blob/7.4/src/Symfony/Component/HttpClient/Response/CurlResponse.php#L363 Commits ------- 17eec0c Fix Warning: curl_multi_select(): timeout must be positive
nicolas-grekas
added a commit
that referenced
this pull request
Jan 30, 2026
…tion (xabbuh) This PR was merged into the 7.4 branch. Discussion ---------- [FrameworkBundle] fix routing config type information | Q | A | ------------- | --- | Branch? | 7.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | | License | MIT tackling these issues reported by PHPStan: ``` ------ --------------------------------------------------------------------------------------------------------------------------------------------- Line config/reference.php ------ --------------------------------------------------------------------------------------------------------------------------------------------- 1339 Parameter #1 $config (array{'when@dev'?: array<string, array{alias: string, deprecated?: array{package: string, version: string, message?: string}}|array{path: array<string, string>|string, controller?: string, methods?: list<string>|string, requirements?: array<string, string> , defaults?: array<string, mixed>, options?: array<string, mixed>, host?: array<string, string>|string, schemes?: list<string>|string, ...} |array{resource: string, type?: string, exclude?: list<string>|string, prefix?: array<string, string>|string, name_prefix?: string, trailin g_slash_on_root?: bool, controller?: string, methods?: list<string>|string, ...}>, 'when@prod'?: array<string, array{alias: string, depreca ted?: array{package: string, version: string, message?: string}}|array{path: array<string, string>|string, controller?: string, methods?: l ist<string>|string, requirements?: array<string, string>, defaults?: array<string, mixed>, options?: array<string, mixed>, host?: array<str ing, string>|string, schemes?: list<string>|string, ...}|array{resource: string, type?: string, exclude?: list<string>|string, prefix?: arr ay<string, string>|string, name_prefix?: string, trailing_slash_on_root?: bool, controller?: string, methods?: list<string>|string, ...}>, 'when@test'?: array<string, array{alias: string, deprecated?: array{package: string, version: string, message?: string}}|array{path: array< string, string>|string, controller?: string, methods?: list<string>|string, requirements?: array<string, string>, defaults?: array<string, mixed>, options?: array<string, mixed>, host?: array<string, string>|string, schemes?: list<string>|string, ...}|array{resource: string, ty pe?: string, exclude?: list<string>|string, prefix?: array<string, string>|string, name_prefix?: string, trailing_slash_on_root?: bool, con troller?: string, methods?: list<string>|string, ...}>}) of method Symfony\Component\Routing\Loader\Configurator\Routes::config() should be contravariant with parameter $config (array<string, array<string, array<int<0, max>|string, mixed>|bool|string>>) of method Symfony\Component\Routing\Loader\Configurator\RoutesReference::config() 🪪 method.childParameterType 1341 Method Symfony\Component\Routing\Loader\Configurator\Routes::config() should return array{'when@dev'?: array<string, array{alias: string, deprecated?: array{package: string, version: string, message?: string}}|array{path: array<string, string>|string, controller?: string, meth ods?: list<string>|string, requirements?: array<string, string>, defaults?: array<string, mixed>, options?: array<string, mixed>, host?: ar ray<string, string>|string, schemes?: list<string>|string, ...}|array{resource: string, type?: string, exclude?: list<string>|string, prefi x?: array<string, string>|string, name_prefix?: string, trailing_slash_on_root?: bool, controller?: string, methods?: list<string>|string, ...}>, 'when@prod'?: array<string, array{alias: string, deprecated?: array{package: string, version: string, message?: string}}|array{path: array<string, string>|string, controller?: string, methods?: list<string>|string, requirements?: array<string, string>, defaults?: array<st ring, mixed>, options?: array<string, mixed>, host?: array<string, string>|string, schemes?: list<string>|string, ...}|array{resource: stri ng, type?: string, exclude?: list<string>|string, prefix?: array<string, string>|string, name_prefix?: string, trailing_slash_on_root?: boo l, controller?: string, methods?: list<string>|string, ...}>, 'when@test'?: array<string, array{alias: string, deprecated?: array{package: string, version: string, message?: string}}|array{path: array<string, string>|string, controller?: string, methods?: list<string>|string, r equirements?: array<string, string>, defaults?: array<string, mixed>, options?: array<string, mixed>, host?: array<string, string>|string, schemes?: list<string>|string, ...}|array{resource: string, type?: string, exclude?: list<string>|string, prefix?: array<string, string>|st ring, name_prefix?: string, trailing_slash_on_root?: bool, controller?: string, methods?: list<string>|string, ...}>} but returns array<str ing, array<string, array<int<0, max>|string, mixed>|bool|string>>. 🪪 return.type ------ --------------------------------------------------------------------------------------------------------------------------------------------- ``` Commits ------- 8147ee2 fix routing config type information
nicolas-grekas
pushed a commit
that referenced
this pull request
Jan 30, 2026
This PR was merged into the 7.4 branch. Discussion ---------- [Console] Fix profile invokable command | Q | A | ------------- | --- | Branch? | 7.4 | Bug fix? | yes | New feature? | no <!-- if yes, also update src/**/CHANGELOG.md --> | Deprecations? | no <!-- if yes, also update UPGRADE-*.md and src/**/CHANGELOG.md --> | Issues | Fix #... <!-- prefix each issue number with "Fix #"; no need to create an issue if none exists, explain below --> | License | MIT Hello, I noticed that, when I try to profile an invokable command on 7.4, it raise the following exception : ``` [critical] Uncaught Error: ReflectionFunction::__construct(): Argument #1 ($function) must be of type Closure|string, App\Command\MyAwesomeCommand given TypeError {symfony#199 #message: "ReflectionFunction::__construct(): Argument #1 ($function) must be of type Closure|string, App\Command\MyAwesomeCommand given" #code: 0 #file: "./vendor/symfony/console/Command/TraceableCommand.php" #line: 172 trace: { ./vendor/symfony/console/Command/TraceableCommand.php:172 { …} ./vendor/symfony/console/Command/TraceableCommand.php:71 { …} ./vendor/symfony/framework-bundle/Console/Application.php:115 { …} ./vendor/symfony/console/Application.php:356 { …} ./vendor/symfony/framework-bundle/Console/Application.php:77 { …} ./vendor/symfony/console/Application.php:195 { …} ./vendor/symfony/runtime/Runner/Symfony/ConsoleApplicationRunner.php:49 { …} ./vendor/autoload_runtime.php:32 { …} ./bin/console:15 { ``` The invokableCommand class changed, the code attribute doesn't longer contains the closure to code. Let's use the $invokableCommand->invokable instead that contains the reflectionFunction needed. Commits ------- 4643bf1 [Console] Fix profile invokable command
nicolas-grekas
added a commit
that referenced
this pull request
Jan 30, 2026
…eLoader (fnogatz) This PR was submitted for the 8.1 branch but it was squashed and merged into the 6.4 branch instead. Discussion ---------- [Translation] Fix handling of empty lines in CsvFileLoader | Q | A | ------------- | --- | Branch? | 6.4 | Bug fix? | yes | New feature? | no | Deprecations? | no | Issues | (none) | License | MIT In its current version, the `CsvFileLoader` of [symfony/translation](https://github.com/symfony/translation) does not support empty lines within the CSV file due to a missing `SplFileObject::DROP_NEW_LINE` flag (cf. [PHP documentation](https://www.php.net/manual/en/class.splfileobject.php#splfileobject.constants)). Without this change, this would result in a warning like this: ``` CsvFileLoader.php:44 str_starts_with(): Passing null to parameter #1 ($haystack) of type string is deprecated ``` This PR changes the test file `resources.csv` to contain an empty line, and adds the missing flag in `CsvFileLoader::loadResource()`. I'm not sure whether this should be handled as a bugfix or new feature. Adding the flag doesn't break backward compatibility. Commits ------- 61a1414 [Translation] Fix handling of empty lines in CsvFileLoader
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The aim of this method is to provide a handy way of getting the roles that encompass (or are parent of) an array of roles.
It is similar to the
RoleHierarchyInterface::getReachableRoleNames(array $roles)but instead of retrieving the roles and children roles it retrieves the roles and parent roles.A typical use case would be when we get a user role from a database and need to get all the roles that also have access to whatever this role can access.
Also what do you guys think of renaming the existing
getReachableRoleNames(that retrieves the "children roles" of an array of roles) as well asgetEncompassingRoleNames(that retrieves the "parent roles" of an array of roles) togetParentRolesandgetChildrenRolesin order to better reflect their intention ?For the sake of this PR I tried to use a naming that is consistent with the existing
getReachableRoleNamesmethod.