The InMemoryRoleProvider and the ObjectRepositoryRoleProvider do not implement the getRoles($roleNames) in the same way.
InMemoryRoleProvider::getRoles($roleNames) will return an array of roles matching the $roleNames array. If a roleName in $roleNames` is not present in the in memory config, it will create a role for that roleName with no permissions.
ObjectRepositoryRoleProvider::getRoles($roleNames) will return an array of roles matching the $roleNames array only there is a match. If a roleName in $roleNames is not present in the object repository, it will throw a RoleNotFoundException exception.
Moreover, the RoleProviderInterface interface does not state that getRoles() can throw an exception.
The Role Service, when requesting roles from the provider does not check for exceptions. This means that, in an application using ObjectRepositoryRoleProvider, if an identity has a role that does not exists in the role provider, the application will throw an exception and crash if not handled. The exception makes sense since roles assignable to identity should exist and should be enforced when creating users, roles and permissions.
On the other hand, InMemoryRoleProvider is too permissive as it will add roles in the role provider for roles that do not exist in its initial configuration. InMemoryRoleProvider was meant to be a simple solution and it is not strict in validating that a given role exist or not.
I am of the opinion, that an exception should be thrown when requesting the role provider to provide a role that does not exist.
This would be a breaking change for applications using the InMemoryRoleProvider when an unexpected exception would occur that would cause the app to crash.
The
InMemoryRoleProviderand theObjectRepositoryRoleProviderdo not implement thegetRoles($roleNames)in the same way.InMemoryRoleProvider::getRoles($roleNames)will return an array of roles matching the$roleNamesarray. If a roleName in $roleNames` is not present in the in memory config, it will create a role for that roleName with no permissions.ObjectRepositoryRoleProvider::getRoles($roleNames)will return an array of roles matching the$roleNamesarray only there is a match. If a roleName in$roleNamesis not present in the object repository, it will throw aRoleNotFoundExceptionexception.Moreover, the
RoleProviderInterfaceinterface does not state thatgetRoles()can throw an exception.The Role Service, when requesting roles from the provider does not check for exceptions. This means that, in an application using
ObjectRepositoryRoleProvider, if an identity has a role that does not exists in the role provider, the application will throw an exception and crash if not handled. The exception makes sense since roles assignable to identity should exist and should be enforced when creating users, roles and permissions.On the other hand,
InMemoryRoleProvideris too permissive as it will add roles in the role provider for roles that do not exist in its initial configuration.InMemoryRoleProviderwas meant to be a simple solution and it is not strict in validating that a given role exist or not.I am of the opinion, that an exception should be thrown when requesting the role provider to provide a role that does not exist.
This would be a breaking change for applications using the
InMemoryRoleProviderwhen an unexpected exception would occur that would cause the app to crash.