From 9054bdf3ac075f615663e9d9e8702a8c34ea1be0 Mon Sep 17 00:00:00 2001
From: Christian Flothmann <christian.flothmann@xabbuh.de>
Date: Mon, 30 Nov 2015 11:00:36 +0100
Subject: [PATCH] allow arbitrary types in VoterInterface::vote()

---
 UPGRADE-3.0.md                                       |  4 ++++
 .../Core/Authorization/Voter/AuthenticatedVoter.php  |  2 +-
 .../Core/Authorization/Voter/ExpressionVoter.php     | 12 ++++++------
 .../Security/Core/Authorization/Voter/RoleVoter.php  |  2 +-
 .../Security/Core/Authorization/Voter/Voter.php      |  6 +++---
 .../Core/Authorization/Voter/VoterInterface.php      |  4 ++--
 6 files changed, 17 insertions(+), 13 deletions(-)

diff --git a/UPGRADE-3.0.md b/UPGRADE-3.0.md
index c471e64dd9..f8661813a9 100644
--- a/UPGRADE-3.0.md
+++ b/UPGRADE-3.0.md
@@ -615,6 +615,10 @@ UPGRADE FROM 2.x to 3.0
 
 ### Security
 
+ * The `vote()` method from the `VoterInterface` was changed to now accept arbitrary
+   types and not only objects. You can rely on the new abstract `Voter` class introduced
+   in 2.8 to ease integrating your own voters.
+
  * The `Resources/` directory was moved to `Core/Resources/`
 
  * The `key` settings of `anonymous`, `remember_me` and `http_digest` are
diff --git a/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php b/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php
index 762e9bc50d..dc1407b943 100644
--- a/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php
+++ b/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php
@@ -44,7 +44,7 @@ class AuthenticatedVoter implements VoterInterface
     /**
      * {@inheritdoc}
      */
-    public function vote(TokenInterface $token, $object, array $attributes)
+    public function vote(TokenInterface $token, $subject, array $attributes)
     {
         $result = VoterInterface::ACCESS_ABSTAIN;
         foreach ($attributes as $attribute) {
diff --git a/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php b/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php
index 084285624b..c85ad9c50d 100644
--- a/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php
+++ b/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php
@@ -52,7 +52,7 @@ class ExpressionVoter implements VoterInterface
     /**
      * {@inheritdoc}
      */
-    public function vote(TokenInterface $token, $object, array $attributes)
+    public function vote(TokenInterface $token, $subject, array $attributes)
     {
         $result = VoterInterface::ACCESS_ABSTAIN;
         $variables = null;
@@ -62,7 +62,7 @@ class ExpressionVoter implements VoterInterface
             }
 
             if (null === $variables) {
-                $variables = $this->getVariables($token, $object);
+                $variables = $this->getVariables($token, $subject);
             }
 
             $result = VoterInterface::ACCESS_DENIED;
@@ -74,7 +74,7 @@ class ExpressionVoter implements VoterInterface
         return $result;
     }
 
-    private function getVariables(TokenInterface $token, $object)
+    private function getVariables(TokenInterface $token, $subject)
     {
         if (null !== $this->roleHierarchy) {
             $roles = $this->roleHierarchy->getReachableRoles($token->getRoles());
@@ -85,7 +85,7 @@ class ExpressionVoter implements VoterInterface
         $variables = array(
             'token' => $token,
             'user' => $token->getUser(),
-            'object' => $object,
+            'object' => $subject,
             'roles' => array_map(function ($role) { return $role->getRole(); }, $roles),
             'trust_resolver' => $this->trustResolver,
         );
@@ -93,8 +93,8 @@ class ExpressionVoter implements VoterInterface
         // this is mainly to propose a better experience when the expression is used
         // in an access control rule, as the developer does not know that it's going
         // to be handled by this voter
-        if ($object instanceof Request) {
-            $variables['request'] = $object;
+        if ($subject instanceof Request) {
+            $variables['request'] = $subject;
         }
 
         return $variables;
diff --git a/src/Symfony/Component/Security/Core/Authorization/Voter/RoleVoter.php b/src/Symfony/Component/Security/Core/Authorization/Voter/RoleVoter.php
index 74e2363ed2..b017c81334 100644
--- a/src/Symfony/Component/Security/Core/Authorization/Voter/RoleVoter.php
+++ b/src/Symfony/Component/Security/Core/Authorization/Voter/RoleVoter.php
@@ -35,7 +35,7 @@ class RoleVoter implements VoterInterface
     /**
      * {@inheritdoc}
      */
-    public function vote(TokenInterface $token, $object, array $attributes)
+    public function vote(TokenInterface $token, $subject, array $attributes)
     {
         $result = VoterInterface::ACCESS_ABSTAIN;
         $roles = $this->extractRoles($token);
diff --git a/src/Symfony/Component/Security/Core/Authorization/Voter/Voter.php b/src/Symfony/Component/Security/Core/Authorization/Voter/Voter.php
index 267403418c..ba4d6af5a8 100644
--- a/src/Symfony/Component/Security/Core/Authorization/Voter/Voter.php
+++ b/src/Symfony/Component/Security/Core/Authorization/Voter/Voter.php
@@ -24,20 +24,20 @@ abstract class Voter implements VoterInterface
     /**
      * {@inheritdoc}
      */
-    public function vote(TokenInterface $token, $object, array $attributes)
+    public function vote(TokenInterface $token, $subject, array $attributes)
     {
         // abstain vote by default in case none of the attributes are supported
         $vote = self::ACCESS_ABSTAIN;
 
         foreach ($attributes as $attribute) {
-            if (!$this->supports($attribute, $object)) {
+            if (!$this->supports($attribute, $subject)) {
                 continue;
             }
 
             // as soon as at least one attribute is supported, default is to deny access
             $vote = self::ACCESS_DENIED;
 
-            if ($this->voteOnAttribute($attribute, $object, $token)) {
+            if ($this->voteOnAttribute($attribute, $subject, $token)) {
                 // grant access as soon as at least one attribute returns a positive response
                 return self::ACCESS_GRANTED;
             }
diff --git a/src/Symfony/Component/Security/Core/Authorization/Voter/VoterInterface.php b/src/Symfony/Component/Security/Core/Authorization/Voter/VoterInterface.php
index 1697eaf74a..4bb73672c0 100644
--- a/src/Symfony/Component/Security/Core/Authorization/Voter/VoterInterface.php
+++ b/src/Symfony/Component/Security/Core/Authorization/Voter/VoterInterface.php
@@ -31,10 +31,10 @@ interface VoterInterface
      * ACCESS_GRANTED, ACCESS_DENIED, or ACCESS_ABSTAIN.
      *
      * @param TokenInterface $token      A TokenInterface instance
-     * @param object|null    $object     The object to secure
+     * @param mixed          $subject    The subject to secure
      * @param array          $attributes An array of attributes associated with the method being invoked
      *
      * @return int either ACCESS_GRANTED, ACCESS_ABSTAIN, or ACCESS_DENIED
      */
-    public function vote(TokenInterface $token, $object, array $attributes);
+    public function vote(TokenInterface $token, $subject, array $attributes);
 }