diogo
/
symfony
Archived
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Security] Deprecated supportsAttribute and supportsClass methods

This commit is contained in:
WouterJ 2015-06-30 14:43:35 +02:00 committed by Fabien Potencier
parent 995cf4ea7d
commit 6588708144
10 changed files with 234 additions and 126 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

37
UPGRADE-3.0.md
View File

@ -680,6 +680,43 @@ UPGRADE FROM 2.x to 3.0
));
```
* The `AbstractVoter::getSupportedAttributes()` and `AbstractVoter::getSupportedClasses()`
methods have been removed in favor of `AbstractVoter::supports()`.
Before:
```php
class MyVoter extends AbstractVoter
{
protected function getSupportedAttributes()
{
return array('CREATE', 'EDIT');
}
protected function getSupportedClasses()
{
return array('AppBundle\Entity\Post');
}
// ...
}
```
After:
```php
class MyVoter extends AbstractVoter
{
protected function supports($attribute, $class)
{
return $this->isClassInstanceOf($class, 'AppBundle\Entity\Post')
&& in_array($attribute, array('CREATE', 'EDIT'));
}
// ...
}
```
### Translator
* The `Translator::setFallbackLocale()` method has been removed in favor of

5
src/Symfony/Component/Security/CHANGELOG.md
View File

@ -12,6 +12,11 @@ CHANGELOG
`Symfony\Component\Security\Http\Authentication\SimpleFormAuthenticatorInterface` instead
* deprecated `Symfony\Component\Security\Core\Util\ClassUtils`, use
`Symfony\Component\Security\Acl\Util\ClassUtils` instead
* deprecated `supportsAttribute()` and `supportsClass()` methods of
`Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface` and
`Symfony\Component\Security\Core\Authorization\Voter\VoterInterface`.
* deprecated `getSupportedAttributes()` and `getSupportedClasses()` methods of
`Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter`, use `supports()` instead.
2.7.0
-----

4
src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php
View File

@ -77,6 +77,8 @@ class AccessDecisionManager implements AccessDecisionManagerInterface
*/
public function supportsAttribute($attribute)
{
@trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.');
foreach ($this->voters as $voter) {
if ($voter->supportsAttribute($attribute)) {
return true;
@ -91,6 +93,8 @@ class AccessDecisionManager implements AccessDecisionManagerInterface
*/
public function supportsClass($class)
{
@trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.');
foreach ($this->voters as $voter) {
if ($voter->supportsClass($class)) {
return true;

4
src/Symfony/Component/Security/Core/Authorization/AccessDecisionManagerInterface.php
View File

@ -37,6 +37,8 @@ interface AccessDecisionManagerInterface
* @param string $attribute An attribute
*
* @return bool true if this decision manager supports the attribute, false otherwise
*
* @deprecated since version 2.8, to be removed in 3.0.
*/
public function supportsAttribute($attribute);
@ -46,6 +48,8 @@ interface AccessDecisionManagerInterface
* @param string $class A class name
*
* @return true if this decision manager can process the class
*
* @deprecated since version 2.8, to be removed in 3.0.
*/
public function supportsClass($class);
}

73
src/Symfony/Component/Security/Core/Authorization/Voter/AbstractVoter.php
View File

@ -26,6 +26,8 @@ abstract class AbstractVoter implements VoterInterface
*/
public function supportsAttribute($attribute)
{
@trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.');
return in_array($attribute, $this->getSupportedAttributes());
}
@ -34,6 +36,8 @@ abstract class AbstractVoter implements VoterInterface
*/
public function supportsClass($class)
{
@trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.');
foreach ($this->getSupportedClasses() as $supportedClass) {
if ($supportedClass === $class || is_subclass_of($class, $supportedClass)) {
return true;
@ -58,12 +62,13 @@ abstract class AbstractVoter implements VoterInterface
*/
public function vote(TokenInterface $token, $object, array $attributes)
{
if (!$object || !$this->supportsClass(get_class($object))) {
if (!$object) {
return self::ACCESS_ABSTAIN;
}
// abstain vote by default in case none of the attributes are supported
$vote = self::ACCESS_ABSTAIN;
$class = get_class($object);
$reflector = new \ReflectionMethod($this, 'voteOnAttribute');
$isNewOverwritten = $reflector->getDeclaringClass()->getName() !== 'Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter';
@ -72,7 +77,7 @@ abstract class AbstractVoter implements VoterInterface
}
foreach ($attributes as $attribute) {
if (!$this->supportsAttribute($attribute)) {
if (!$this->supports($attribute, $class)) {
continue;
}
@ -95,19 +100,79 @@ abstract class AbstractVoter implements VoterInterface
return $vote;
}
/**
* Determines if the attribute and class are supported by this voter.
*
* To determine if the passed class is instance of the supported class, the
* isClassInstanceOf() method can be used.
*
* This method will become abstract in 3.0.
*
* @param string $attribute An attribute
* @param string $class The fully qualified class name of the passed object
*
* @return bool True if the attribute and class is supported, false otherwise
*/
protected function supports($attribute, $class)
{
@trigger_error('The getSupportedClasses and getSupportedAttributes methods are deprecated since version 2.8 and will be removed in version 3.0. Overwrite supports instead.');
$classIsSupported = false;
foreach ($this->getSupportedClasses() as $supportedClass) {
if ($this->isClassInstanceOf($class, $supportedClass)) {
$classIsSupported = true;
break;
}
}
if (!$classIsSupported) {
return false;
}
if (!in_array($attribute, $this->getSupportedAttributes())) {
return false;
}
return true;
}
/**
* A helper method to test if the actual class is instanceof or equal
* to the expected class.
*
* @param string $actualClass The actual class name
* @param string $expectedClass The expected class name
*
* @return bool
*/
protected function isClassInstanceOf($actualClass, $expectedClass)
{
return $expectedClass === $actualClass || is_subclass_of($actualClass, $expectedClass);
}
/**
* Return an array of supported classes. This will be called by supportsClass.
*
* @return array an array of supported classes, i.e. array('Acme\DemoBundle\Model\Product')
*
* @deprecated since version 2.8, to be removed in 3.0. Use supports() instead.
*/
abstract protected function getSupportedClasses();
protected function getSupportedClasses()
{
@trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.');
}
/**
* Return an array of supported attributes. This will be called by supportsAttribute.
*
* @return array an array of supported attributes, i.e. array('CREATE', 'READ')
*
* @deprecated since version 2.8, to be removed in 3.0. Use supports() instead.
*/
abstract protected function getSupportedAttributes();
protected function getSupportedAttributes()
{
@trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.');
}
/**
* Perform a single access check operation on a given attribute, object and (optionally) user

4
src/Symfony/Component/Security/Core/Authorization/Voter/VoterInterface.php
View File

@ -30,6 +30,8 @@ interface VoterInterface
* @param string $attribute An attribute
*
* @return bool true if this Voter supports the attribute, false otherwise
*
* @deprecated since version 2.8, to be removed in 3.0.
*/
public function supportsAttribute($attribute);
@ -39,6 +41,8 @@ interface VoterInterface
* @param string $class A class name
*
* @return bool true if this Voter can process the class
*
* @deprecated since version 2.8, to be removed in 3.0.
*/
public function supportsClass($class);

6
src/Symfony/Component/Security/Core/Tests/Authorization/AccessDecisionManagerTest.php
View File

@ -16,6 +16,9 @@ use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
class AccessDecisionManagerTest extends \PHPUnit_Framework_TestCase
{
/**
* @group legacy
*/
public function testSupportsClass()
{
$manager = new AccessDecisionManager(array(
@ -31,6 +34,9 @@ class AccessDecisionManagerTest extends \PHPUnit_Framework_TestCase
$this->assertFalse($manager->supportsClass('FooClass'));
}
/**
* @group legacy
*/
public function testSupportsAttribute()
{
$manager = new AccessDecisionManager(array(

72
src/Symfony/Component/Security/Core/Tests/Authorization/Voter/AbstractVoterTest.php Normal file
View File

@ -0,0 +1,72 @@
<?php
namespace Symfony\Component\Security\Core\Tests\Authorization\Voter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter;
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
class AbstractVoterTest_Voter extends AbstractVoter
{
protected function voteOnAttribute($attribute, $object, TokenInterface $token)
{
return 'EDIT' === $attribute;
}
protected function supports($attribute, $class)
{
return $this->isClassInstanceOf($class, 'AbstractVoterTest_Object')
&& in_array($attribute, array('EDIT', 'CREATE'));
}
}
class AbstractVoterTest extends \PHPUnit_Framework_TestCase
{
protected $voter;
protected $object;
protected $token;
protected function setUp()
{
$this->voter = new AbstractVoterTest_Voter();
$this->object = $this->getMock('AbstractVoterTest_Object');
$this->token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
}
public function testAttributeAndClassSupported()
{
$this->assertEquals(VoterInterface::ACCESS_GRANTED, $this->voter->vote($this->token, $this->object, array('EDIT')), 'ACCESS_GRANTED if attribute grants access');
$this->assertEquals(VoterInterface::ACCESS_DENIED, $this->voter->vote($this->token, $this->object, array('CREATE')), 'ACESS_DENIED if attribute denies access');
}
public function testOneAttributeSupported()
{
$this->assertEquals(VoterInterface::ACCESS_GRANTED, $this->voter->vote($this->token, $this->object, array('DELETE', 'EDIT')), 'ACCESS_GRANTED if supported attribute grants access');
$this->assertEquals(VoterInterface::ACCESS_DENIED, $this->voter->vote($this->token, $this->object, array('DELETE', 'CREATE')), 'ACCESS_DENIED if supported attribute denies access');
}
public function testOneAttributeGrantsAccess()
{
$this->assertEquals(VoterInterface::ACCESS_GRANTED, $this->voter->vote($this->token, $this->object, array('CREATE', 'EDIT')), 'ACCESS_GRANTED');
}
public function testNoAttributeSupported()
{
$this->assertEquals(VoterInterface::ACCESS_ABSTAIN, $this->voter->vote($this->token, $this->object, array('DELETE')), 'ACCESS_ABSTAIN');
}
public function testClassNotSupported()
{
$this->assertEquals(VoterInterface::ACCESS_ABSTAIN, $this->voter->vote($this->token, $this->getMock('AbstractVoterTest_Object1'), array('EDIT')), 'ACCESS_ABSTAIN');
}
public function testNullObject()
{
$this->assertEquals(VoterInterface::ACCESS_ABSTAIN, $this->voter->vote($this->token, null, array('EDIT')), 'ACCESS_ABSTAIN');
}
public function testNoAttributes()
{
$this->assertEquals(VoterInterface::ACCESS_ABSTAIN, $this->voter->vote($this->token, $this->object, array()), 'ACCESS_ABSTAIN');
}
}

33
src/Symfony/Component/Security/Core/Tests/Authorization/Voter/LegacyAbstractVoterTest.php Normal file
View File

@ -0,0 +1,33 @@
<?php
namespace Symfony\Component\Security\Core\Tests\Authorization\Voter;
use Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter;
class LegacyAbstractVoterTest_Voter extends AbstractVoter
{
protected function getSupportedClasses()
{
return array('AbstractVoterTest_Object');
}
protected function getSupportedAttributes()
{
return array('EDIT', 'CREATE');
}
protected function isGranted($attribute, $object, $user = null)
{
return 'EDIT' === $attribute;
}
}
class LegacyAbstractVoterTest extends AbstractVoterTest
{
protected function setUp()
{
parent::setUp();
$this->voter = new LegacyAbstractVoterTest_Voter();
}
}

122
src/Symfony/Component/Security/Tests/Core/Authentication/Voter/AbstractVoterTest.php
View File

@ -1,122 +0,0 @@
<?php
/*
* This file is part of the Symfony package.
*
* (c) Fabien Potencier <fabien@symfony.com>
*
* For the full copyright and license information, please view the LICENSE
* file that was distributed with this source code.
*/
namespace Symfony\Component\Security\Tests\Core\Authentication\Voter;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter;
/**
* @author Roman Marintšenko <inoryy@gmail.com>
*/
class AbstractVoterTest extends \PHPUnit_Framework_TestCase
{
/**
* @var AbstractVoter
*/
private $voter;
private $token;
protected function setUp()
{
$this->voter = new VoterFixture();
$tokenMock = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
$tokenMock
->expects($this->any())
->method('getUser')
->will($this->returnValue('user'));
$this->token = $tokenMock;
}
/**
* @dataProvider getData
*/
public function testVote($expectedVote, $object, $attributes, $message)
{
$this->assertEquals($expectedVote, $this->voter->vote($this->token, $object, $attributes), $message);
}
/**
* @dataProvider getData
* @group legacy
*/
public function testVoteUsingDeprecatedIsGranted($expectedVote, $object, $attributes, $message)
{
$voter = new DeprecatedVoterFixture();
$this->assertEquals($expectedVote, $voter->vote($this->token, $object, $attributes), $message);
}
public function getData()
{
return array(
array(AbstractVoter::ACCESS_ABSTAIN, null, array(), 'ACCESS_ABSTAIN for null objects'),
array(AbstractVoter::ACCESS_ABSTAIN, new UnsupportedObjectFixture(), array(), 'ACCESS_ABSTAIN for objects with unsupported class'),
array(AbstractVoter::ACCESS_ABSTAIN, new ObjectFixture(), array(), 'ACCESS_ABSTAIN for no attributes'),
array(AbstractVoter::ACCESS_ABSTAIN, new ObjectFixture(), array('foobar'), 'ACCESS_ABSTAIN for unsupported attributes'),
array(AbstractVoter::ACCESS_GRANTED, new ObjectFixture(), array('foo'), 'ACCESS_GRANTED if attribute grants access'),
array(AbstractVoter::ACCESS_GRANTED, new ObjectFixture(), array('bar', 'foo'), 'ACCESS_GRANTED if *at least one* attribute grants access'),
array(AbstractVoter::ACCESS_GRANTED, new ObjectFixture(), array('foobar', 'foo'), 'ACCESS_GRANTED if *at least one* attribute grants access'),
array(AbstractVoter::ACCESS_DENIED, new ObjectFixture(), array('bar', 'baz'), 'ACCESS_DENIED for if no attribute grants access'),
);
}
}
class VoterFixture extends AbstractVoter
{
protected function getSupportedClasses()
{
return array(
'Symfony\Component\Security\Tests\Core\Authentication\Voter\ObjectFixture',
);
}
protected function getSupportedAttributes()
{
return array('foo', 'bar', 'baz');
}
protected function voteOnAttribute($attribute, $object, TokenInterface $token)
{
return $attribute === 'foo';
}
}
class DeprecatedVoterFixture extends AbstractVoter
{
protected function getSupportedClasses()
{
return array(
'Symfony\Component\Security\Tests\Core\Authentication\Voter\ObjectFixture',
);
}
protected function getSupportedAttributes()
{
return array('foo', 'bar', 'baz');
}
protected function isGranted($attribute, $object, $user = null)
{
return $attribute === 'foo';
}
}
class ObjectFixture
{
}
class UnsupportedObjectFixture
{
}