[Security] adds a priority attribute to security voters
This commit is contained in:
parent
b9f4eab5c2
commit
0643dc44fd
@ -31,10 +31,15 @@ class AddSecurityVotersPass implements CompilerPassInterface
|
||||
return;
|
||||
}
|
||||
|
||||
$voters = array_map(function($id) {
|
||||
return new Reference($id);
|
||||
}, array_keys($container->findTaggedServiceIds('security.voter')));
|
||||
$voters = new \SplPriorityQueue();
|
||||
foreach ($container->findTaggedServiceIds('security.voter') as $id => $attributes) {
|
||||
$priority = isset($attributes[0]['priority']) ? $attributes[0]['priority'] : 0;
|
||||
$voters->insert(new Reference($id), $priority);
|
||||
}
|
||||
|
||||
$container->getDefinition('security.access.decision_manager')->setArgument(0, $voters);
|
||||
$voters = iterator_to_array($voters);
|
||||
ksort($voters);
|
||||
|
||||
$container->getDefinition('security.access.decision_manager')->setArgument(0, array_values($voters));
|
||||
}
|
||||
}
|
@ -121,20 +121,17 @@ class SecurityExtension extends Extension
|
||||
protected function createRoleHierarchy($config, ContainerBuilder $container)
|
||||
{
|
||||
if (!isset($config['role_hierarchy'])) {
|
||||
$container->remove('security.access.role_hierarchy_voter');
|
||||
|
||||
return;
|
||||
}
|
||||
|
||||
$container->setParameter('security.role_hierarchy.roles', $config['role_hierarchy']);
|
||||
$container->remove('security.access.simple_role_voter');
|
||||
$container->getDefinition('security.access.role_hierarchy_voter')->addTag('security.voter');
|
||||
}
|
||||
|
||||
protected function createAuthorization($config, ContainerBuilder $container)
|
||||
{
|
||||
if (!isset($config['access_control'])) {
|
||||
return;
|
||||
}
|
||||
|
||||
foreach ($config['access_control'] as $access) {
|
||||
$matcher = $this->createRequestMatcher(
|
||||
$container,
|
||||
|
@ -87,16 +87,17 @@
|
||||
|
||||
<!-- Security Voters -->
|
||||
<service id="security.access.simple_role_voter" class="%security.access.simple_role_voter.class%" public="false">
|
||||
<tag name="security.voter" />
|
||||
<tag name="security.voter" priority="245" />
|
||||
</service>
|
||||
|
||||
<service id="security.access.authenticated_voter" class="%security.access.authenticated_voter.class%" public="false">
|
||||
<argument type="service" id="security.authentication.trust_resolver" />
|
||||
<tag name="security.voter" />
|
||||
<tag name="security.voter" priority="250" />
|
||||
</service>
|
||||
|
||||
<service id="security.access.role_hierarchy_voter" class="%security.access.role_hierarchy_voter.class%" public="false">
|
||||
<argument type="service" id="security.role_hierarchy" />
|
||||
<tag name="security.voter" priority="245" />
|
||||
</service>
|
||||
|
||||
|
||||
|
@ -73,7 +73,7 @@
|
||||
<argument type="service" id="security.acl.permission.map" />
|
||||
<argument type="service" id="logger" on-invalid="null" />
|
||||
<argument>%security.acl.voter.allow_if_object_identity_unavailable%</argument>
|
||||
<tag name="security.voter" />
|
||||
<tag name="security.voter" priority="255" />
|
||||
</service>
|
||||
</services>
|
||||
</container>
|
||||
|
Reference in New Issue
Block a user