allow arbitrary types in VoterInterface::vote()
This commit is contained in:
parent
bcfacac1e1
commit
9054bdf3ac
|
@ -615,6 +615,10 @@ UPGRADE FROM 2.x to 3.0
|
|||
|
||||
### Security
|
||||
|
||||
* The `vote()` method from the `VoterInterface` was changed to now accept arbitrary
|
||||
types and not only objects. You can rely on the new abstract `Voter` class introduced
|
||||
in 2.8 to ease integrating your own voters.
|
||||
|
||||
* The `Resources/` directory was moved to `Core/Resources/`
|
||||
|
||||
* The `key` settings of `anonymous`, `remember_me` and `http_digest` are
|
||||
|
|
|
@ -44,7 +44,7 @@ class AuthenticatedVoter implements VoterInterface
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function vote(TokenInterface $token, $object, array $attributes)
|
||||
public function vote(TokenInterface $token, $subject, array $attributes)
|
||||
{
|
||||
$result = VoterInterface::ACCESS_ABSTAIN;
|
||||
foreach ($attributes as $attribute) {
|
||||
|
|
|
@ -52,7 +52,7 @@ class ExpressionVoter implements VoterInterface
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function vote(TokenInterface $token, $object, array $attributes)
|
||||
public function vote(TokenInterface $token, $subject, array $attributes)
|
||||
{
|
||||
$result = VoterInterface::ACCESS_ABSTAIN;
|
||||
$variables = null;
|
||||
|
@ -62,7 +62,7 @@ class ExpressionVoter implements VoterInterface
|
|||
}
|
||||
|
||||
if (null === $variables) {
|
||||
$variables = $this->getVariables($token, $object);
|
||||
$variables = $this->getVariables($token, $subject);
|
||||
}
|
||||
|
||||
$result = VoterInterface::ACCESS_DENIED;
|
||||
|
@ -74,7 +74,7 @@ class ExpressionVoter implements VoterInterface
|
|||
return $result;
|
||||
}
|
||||
|
||||
private function getVariables(TokenInterface $token, $object)
|
||||
private function getVariables(TokenInterface $token, $subject)
|
||||
{
|
||||
if (null !== $this->roleHierarchy) {
|
||||
$roles = $this->roleHierarchy->getReachableRoles($token->getRoles());
|
||||
|
@ -85,7 +85,7 @@ class ExpressionVoter implements VoterInterface
|
|||
$variables = array(
|
||||
'token' => $token,
|
||||
'user' => $token->getUser(),
|
||||
'object' => $object,
|
||||
'object' => $subject,
|
||||
'roles' => array_map(function ($role) { return $role->getRole(); }, $roles),
|
||||
'trust_resolver' => $this->trustResolver,
|
||||
);
|
||||
|
@ -93,8 +93,8 @@ class ExpressionVoter implements VoterInterface
|
|||
// this is mainly to propose a better experience when the expression is used
|
||||
// in an access control rule, as the developer does not know that it's going
|
||||
// to be handled by this voter
|
||||
if ($object instanceof Request) {
|
||||
$variables['request'] = $object;
|
||||
if ($subject instanceof Request) {
|
||||
$variables['request'] = $subject;
|
||||
}
|
||||
|
||||
return $variables;
|
||||
|
|
|
@ -35,7 +35,7 @@ class RoleVoter implements VoterInterface
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function vote(TokenInterface $token, $object, array $attributes)
|
||||
public function vote(TokenInterface $token, $subject, array $attributes)
|
||||
{
|
||||
$result = VoterInterface::ACCESS_ABSTAIN;
|
||||
$roles = $this->extractRoles($token);
|
||||
|
|
|
@ -24,20 +24,20 @@ abstract class Voter implements VoterInterface
|
|||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function vote(TokenInterface $token, $object, array $attributes)
|
||||
public function vote(TokenInterface $token, $subject, array $attributes)
|
||||
{
|
||||
// abstain vote by default in case none of the attributes are supported
|
||||
$vote = self::ACCESS_ABSTAIN;
|
||||
|
||||
foreach ($attributes as $attribute) {
|
||||
if (!$this->supports($attribute, $object)) {
|
||||
if (!$this->supports($attribute, $subject)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
// as soon as at least one attribute is supported, default is to deny access
|
||||
$vote = self::ACCESS_DENIED;
|
||||
|
||||
if ($this->voteOnAttribute($attribute, $object, $token)) {
|
||||
if ($this->voteOnAttribute($attribute, $subject, $token)) {
|
||||
// grant access as soon as at least one attribute returns a positive response
|
||||
return self::ACCESS_GRANTED;
|
||||
}
|
||||
|
|
|
@ -31,10 +31,10 @@ interface VoterInterface
|
|||
* ACCESS_GRANTED, ACCESS_DENIED, or ACCESS_ABSTAIN.
|
||||
*
|
||||
* @param TokenInterface $token A TokenInterface instance
|
||||
* @param object|null $object The object to secure
|
||||
* @param mixed $subject The subject to secure
|
||||
* @param array $attributes An array of attributes associated with the method being invoked
|
||||
*
|
||||
* @return int either ACCESS_GRANTED, ACCESS_ABSTAIN, or ACCESS_DENIED
|
||||
*/
|
||||
public function vote(TokenInterface $token, $object, array $attributes);
|
||||
public function vote(TokenInterface $token, $subject, array $attributes);
|
||||
}
|
||||
|
|
Reference in New Issue