feature #16754 [Security] allow arbitrary types in VoterInterface::vote() (xabbuh)

This PR was merged into the 3.0-dev branch.

Discussion
----------

[Security] allow arbitrary types in VoterInterface::vote()

| Q             | A
| ------------- | ---
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | yes
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | #16600
| License       | MIT
| Doc PR        | TODO

Commits
-------

9054bdf allow arbitrary types in VoterInterface::vote()

UPGRADE-3.0.md

@@ -615,6 +615,10 @@ UPGRADE FROM 2.x to 3.0
 
 ### Security
 
+ * The `vote()` method from the `VoterInterface` was changed to now accept arbitrary
+   types and not only objects. You can rely on the new abstract `Voter` class introduced
+   in 2.8 to ease integrating your own voters.
+
  * The `Resources/` directory was moved to `Core/Resources/`
 
  * The `key` settings of `anonymous`, `remember_me` and `http_digest` are

src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php

@@ -44,7 +44,7 @@ class AuthenticatedVoter implements VoterInterface
     /**
      * {@inheritdoc}
      */
-    public function vote(TokenInterface $token, $object, array $attributes)
+    public function vote(TokenInterface $token, $subject, array $attributes)
     {
         $result = VoterInterface::ACCESS_ABSTAIN;
         foreach ($attributes as $attribute) {

src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php

@@ -52,7 +52,7 @@ class ExpressionVoter implements VoterInterface
     /**
      * {@inheritdoc}
      */
-    public function vote(TokenInterface $token, $object, array $attributes)
+    public function vote(TokenInterface $token, $subject, array $attributes)
     {
         $result = VoterInterface::ACCESS_ABSTAIN;
         $variables = null;
@@ -62,7 +62,7 @@ class ExpressionVoter implements VoterInterface
             }
 
             if (null === $variables) {
-                $variables = $this->getVariables($token, $object);
+                $variables = $this->getVariables($token, $subject);
             }
 
             $result = VoterInterface::ACCESS_DENIED;
@@ -74,7 +74,7 @@ class ExpressionVoter implements VoterInterface
         return $result;
     }
 
-    private function getVariables(TokenInterface $token, $object)
+    private function getVariables(TokenInterface $token, $subject)
     {
         if (null !== $this->roleHierarchy) {
             $roles = $this->roleHierarchy->getReachableRoles($token->getRoles());
@@ -85,7 +85,7 @@ class ExpressionVoter implements VoterInterface
         $variables = array(
             'token' => $token,
             'user' => $token->getUser(),
-            'object' => $object,
+            'object' => $subject,
             'roles' => array_map(function ($role) { return $role->getRole(); }, $roles),
             'trust_resolver' => $this->trustResolver,
         );
@@ -93,8 +93,8 @@ class ExpressionVoter implements VoterInterface
         // this is mainly to propose a better experience when the expression is used
         // in an access control rule, as the developer does not know that it's going
         // to be handled by this voter
-        if ($object instanceof Request) {
-            $variables['request'] = $object;
+        if ($subject instanceof Request) {
+            $variables['request'] = $subject;
         }
 
         return $variables;

src/Symfony/Component/Security/Core/Authorization/Voter/RoleVoter.php

@@ -35,7 +35,7 @@ class RoleVoter implements VoterInterface
     /**
      * {@inheritdoc}
      */
-    public function vote(TokenInterface $token, $object, array $attributes)
+    public function vote(TokenInterface $token, $subject, array $attributes)
     {
         $result = VoterInterface::ACCESS_ABSTAIN;
         $roles = $this->extractRoles($token);

src/Symfony/Component/Security/Core/Authorization/Voter/Voter.php

@@ -24,20 +24,20 @@ abstract class Voter implements VoterInterface
     /**
      * {@inheritdoc}
      */
-    public function vote(TokenInterface $token, $object, array $attributes)
+    public function vote(TokenInterface $token, $subject, array $attributes)
     {
         // abstain vote by default in case none of the attributes are supported
         $vote = self::ACCESS_ABSTAIN;
 
         foreach ($attributes as $attribute) {
-            if (!$this->supports($attribute, $object)) {
+            if (!$this->supports($attribute, $subject)) {
                 continue;
             }
 
             // as soon as at least one attribute is supported, default is to deny access
             $vote = self::ACCESS_DENIED;
 
-            if ($this->voteOnAttribute($attribute, $object, $token)) {
+            if ($this->voteOnAttribute($attribute, $subject, $token)) {
                 // grant access as soon as at least one attribute returns a positive response
                 return self::ACCESS_GRANTED;
             }

src/Symfony/Component/Security/Core/Authorization/Voter/VoterInterface.php

@@ -31,10 +31,10 @@ interface VoterInterface
      * ACCESS_GRANTED, ACCESS_DENIED, or ACCESS_ABSTAIN.
      *
      * @param TokenInterface $token      A TokenInterface instance
-     * @param object|null    $object     The object to secure
+     * @param mixed          $subject    The subject to secure
      * @param array          $attributes An array of attributes associated with the method being invoked
      *
      * @return int either ACCESS_GRANTED, ACCESS_ABSTAIN, or ACCESS_DENIED
      */
-    public function vote(TokenInterface $token, $object, array $attributes);
+    public function vote(TokenInterface $token, $subject, array $attributes);
 }