bug #35944 [Security/Core] Fix wrong roles comparison (thlbaut)
This PR was merged into the 4.4 branch.
Discussion
----------
[Security/Core] Fix wrong roles comparison
| Q | A
| ------------- | ---
| Branch? | 4.4
| Bug fix? | yes
| New feature? | no
| Deprecations? | no
| Tickets | Fix #35941
| License | MIT
Fix wrong roles comparison.
Commits
-------
7d2ad4b265
Fix wrong roles comparison
This commit is contained in:
commit
2e46c63bce
@ -317,13 +317,10 @@ abstract class AbstractToken implements TokenInterface
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$currentUserRoles = array_map('strval', (array) $this->user->getRoles());
|
||||||
$userRoles = array_map('strval', (array) $user->getRoles());
|
$userRoles = array_map('strval', (array) $user->getRoles());
|
||||||
|
|
||||||
if ($this instanceof SwitchUserToken) {
|
if (\count($userRoles) !== \count($currentUserRoles) || \count($userRoles) !== \count(array_intersect($userRoles, $currentUserRoles))) {
|
||||||
$userRoles[] = 'ROLE_PREVIOUS_ADMIN';
|
|
||||||
}
|
|
||||||
|
|
||||||
if (\count($userRoles) !== \count($this->getRoleNames()) || \count($userRoles) !== \count(array_intersect($userRoles, $this->getRoleNames()))) {
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -238,7 +238,7 @@ class AbstractTokenTest extends TestCase
|
|||||||
*/
|
*/
|
||||||
public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($user)
|
public function testSetUserDoesNotSetAuthenticatedToFalseWhenUserDoesNotChange($user)
|
||||||
{
|
{
|
||||||
$token = new ConcreteToken();
|
$token = new ConcreteToken(['ROLE_FOO']);
|
||||||
$token->setAuthenticated(true);
|
$token->setAuthenticated(true);
|
||||||
$this->assertTrue($token->isAuthenticated());
|
$this->assertTrue($token->isAuthenticated());
|
||||||
|
|
||||||
|
Reference in New Issue
Block a user