Same identity from different namespaces

nette / security

🔑 Provides authentication, authorization and a role-based access control management via ACL (Access Control List)

https://doc.nette.org/access-control

Other

357 stars 40 forks source link

Same identity from different namespaces #46

Closed PavelWeirich closed 3 years ago

PavelWeirich commented 4 years ago

In version 3.03 (https://github.com/nette/security/releases/tag/v3.0.3) the identity and authenticated state are cached. But it makes problem if you want to switch between namespaces.

For example in FrontModule\BasePresenter.php: public function startup() { parent::startup();

$this->getUser()->getStorage()->setNamespace('admin');
$id = $this->getUser()->getId();

$this->getUser()->getStorage()->setNamespace('front');
$id = $this->getUser()->getId();

}

It always return ID from "admin" namespace.

dg commented 4 years ago

What about to add method User::refresh() to clear cache?

PavelWeirich commented 4 years ago

Yes it can be. But User::refresh() should run automatically when setNamespace() is called.

PavelWeirich commented 4 years ago

Or refactor private $identity = false; to private $identity = [];

The same refactor for: private $authenticated = [];

Sample of method getIdentity():

final public function getIdentity(): ?IIdentity
{
    if (!array_key_exists($this->storage->getNamespace(), $this->identity)) {
        $this->identity[$this->storage->getNamespace()] = $this->storage->getIdentity();
    }
    return $this->identity[$this->storage->getNamespace()];
}