[Security] adds a priority attribute to security voters
This commit is contained in:
parent
b9f4eab5c2
commit
0643dc44fd
@ -31,10 +31,15 @@ class AddSecurityVotersPass implements CompilerPassInterface
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
$voters = array_map(function($id) {
|
$voters = new \SplPriorityQueue();
|
||||||
return new Reference($id);
|
foreach ($container->findTaggedServiceIds('security.voter') as $id => $attributes) {
|
||||||
}, array_keys($container->findTaggedServiceIds('security.voter')));
|
$priority = isset($attributes[0]['priority']) ? $attributes[0]['priority'] : 0;
|
||||||
|
$voters->insert(new Reference($id), $priority);
|
||||||
|
}
|
||||||
|
|
||||||
$container->getDefinition('security.access.decision_manager')->setArgument(0, $voters);
|
$voters = iterator_to_array($voters);
|
||||||
|
ksort($voters);
|
||||||
|
|
||||||
|
$container->getDefinition('security.access.decision_manager')->setArgument(0, array_values($voters));
|
||||||
}
|
}
|
||||||
}
|
}
|
@ -121,20 +121,17 @@ class SecurityExtension extends Extension
|
|||||||
protected function createRoleHierarchy($config, ContainerBuilder $container)
|
protected function createRoleHierarchy($config, ContainerBuilder $container)
|
||||||
{
|
{
|
||||||
if (!isset($config['role_hierarchy'])) {
|
if (!isset($config['role_hierarchy'])) {
|
||||||
|
$container->remove('security.access.role_hierarchy_voter');
|
||||||
|
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
$container->setParameter('security.role_hierarchy.roles', $config['role_hierarchy']);
|
$container->setParameter('security.role_hierarchy.roles', $config['role_hierarchy']);
|
||||||
$container->remove('security.access.simple_role_voter');
|
$container->remove('security.access.simple_role_voter');
|
||||||
$container->getDefinition('security.access.role_hierarchy_voter')->addTag('security.voter');
|
|
||||||
}
|
}
|
||||||
|
|
||||||
protected function createAuthorization($config, ContainerBuilder $container)
|
protected function createAuthorization($config, ContainerBuilder $container)
|
||||||
{
|
{
|
||||||
if (!isset($config['access_control'])) {
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
foreach ($config['access_control'] as $access) {
|
foreach ($config['access_control'] as $access) {
|
||||||
$matcher = $this->createRequestMatcher(
|
$matcher = $this->createRequestMatcher(
|
||||||
$container,
|
$container,
|
||||||
|
@ -87,16 +87,17 @@
|
|||||||
|
|
||||||
<!-- Security Voters -->
|
<!-- Security Voters -->
|
||||||
<service id="security.access.simple_role_voter" class="%security.access.simple_role_voter.class%" public="false">
|
<service id="security.access.simple_role_voter" class="%security.access.simple_role_voter.class%" public="false">
|
||||||
<tag name="security.voter" />
|
<tag name="security.voter" priority="245" />
|
||||||
</service>
|
</service>
|
||||||
|
|
||||||
<service id="security.access.authenticated_voter" class="%security.access.authenticated_voter.class%" public="false">
|
<service id="security.access.authenticated_voter" class="%security.access.authenticated_voter.class%" public="false">
|
||||||
<argument type="service" id="security.authentication.trust_resolver" />
|
<argument type="service" id="security.authentication.trust_resolver" />
|
||||||
<tag name="security.voter" />
|
<tag name="security.voter" priority="250" />
|
||||||
</service>
|
</service>
|
||||||
|
|
||||||
<service id="security.access.role_hierarchy_voter" class="%security.access.role_hierarchy_voter.class%" public="false">
|
<service id="security.access.role_hierarchy_voter" class="%security.access.role_hierarchy_voter.class%" public="false">
|
||||||
<argument type="service" id="security.role_hierarchy" />
|
<argument type="service" id="security.role_hierarchy" />
|
||||||
|
<tag name="security.voter" priority="245" />
|
||||||
</service>
|
</service>
|
||||||
|
|
||||||
|
|
||||||
|
@ -73,7 +73,7 @@
|
|||||||
<argument type="service" id="security.acl.permission.map" />
|
<argument type="service" id="security.acl.permission.map" />
|
||||||
<argument type="service" id="logger" on-invalid="null" />
|
<argument type="service" id="logger" on-invalid="null" />
|
||||||
<argument>%security.acl.voter.allow_if_object_identity_unavailable%</argument>
|
<argument>%security.acl.voter.allow_if_object_identity_unavailable%</argument>
|
||||||
<tag name="security.voter" />
|
<tag name="security.voter" priority="255" />
|
||||||
</service>
|
</service>
|
||||||
</services>
|
</services>
|
||||||
</container>
|
</container>
|
||||||
|
Reference in New Issue
Block a user