allow arbitrary types in VoterInterface::vote()

2015-11-30 11:00:36 +01:00 · 2015-11-30 11:00:36 +01:00 · 9054bdf3ac
commit 9054bdf3ac
parent bcfacac1e1
6 changed files with 17 additions and 13 deletions
--- a/UPGRADE-3.0.md
+++ b/UPGRADE-3.0.md
@ -615,6 +615,10 @@ UPGRADE FROM 2.x to 3.0
 ### Security
 * The `vote()` method from the `VoterInterface` was changed to now accept arbitrary
   types and not only objects. You can rely on the new abstract `Voter` class introduced
   in 2.8 to ease integrating your own voters.
 * The `Resources/` directory was moved to `Core/Resources/`
 * The `key` settings of `anonymous`, `remember_me` and `http_digest` are
--- a/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php
+++ b/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php
@ -44,7 +44,7 @@ class AuthenticatedVoter implements VoterInterface
    /**
     * {@inheritdoc}
     */
-    public function vote(TokenInterface $token, $object, array $attributes)
+    public function vote(TokenInterface $token, $subject, array $attributes)
    {
        $result = VoterInterface::ACCESS_ABSTAIN;
        foreach ($attributes as $attribute) {
--- a/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php
+++ b/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php
@ -52,7 +52,7 @@ class ExpressionVoter implements VoterInterface
    /**
     * {@inheritdoc}
     */
-    public function vote(TokenInterface $token, $object, array $attributes)
+    public function vote(TokenInterface $token, $subject, array $attributes)
    {
        $result = VoterInterface::ACCESS_ABSTAIN;
        $variables = null;
@ -62,7 +62,7 @@ class ExpressionVoter implements VoterInterface
            }
            if (null === $variables) {
-                $variables = $this->getVariables($token, $object);
+                $variables = $this->getVariables($token, $subject);
            }
            $result = VoterInterface::ACCESS_DENIED;
@ -74,7 +74,7 @@ class ExpressionVoter implements VoterInterface
        return $result;
    }
-    private function getVariables(TokenInterface $token, $object)
+    private function getVariables(TokenInterface $token, $subject)
    {
        if (null !== $this->roleHierarchy) {
            $roles = $this->roleHierarchy->getReachableRoles($token->getRoles());
@ -85,7 +85,7 @@ class ExpressionVoter implements VoterInterface
        $variables = array(
            'token' => $token,
            'user' => $token->getUser(),
-            'object' => $object,
+            'object' => $subject,
            'roles' => array_map(function ($role) { return $role->getRole(); }, $roles),
            'trust_resolver' => $this->trustResolver,
        );
@ -93,8 +93,8 @@ class ExpressionVoter implements VoterInterface
        // this is mainly to propose a better experience when the expression is used
        // in an access control rule, as the developer does not know that it's going
        // to be handled by this voter
-        if ($object instanceof Request) {
+        if ($subject instanceof Request) {
-            $variables['request'] = $object;
+            $variables['request'] = $subject;
        }
        return $variables;
--- a/src/Symfony/Component/Security/Core/Authorization/Voter/RoleVoter.php
+++ b/src/Symfony/Component/Security/Core/Authorization/Voter/RoleVoter.php
@ -35,7 +35,7 @@ class RoleVoter implements VoterInterface
    /**
     * {@inheritdoc}
     */
-    public function vote(TokenInterface $token, $object, array $attributes)
+    public function vote(TokenInterface $token, $subject, array $attributes)
    {
        $result = VoterInterface::ACCESS_ABSTAIN;
        $roles = $this->extractRoles($token);
--- a/src/Symfony/Component/Security/Core/Authorization/Voter/Voter.php
+++ b/src/Symfony/Component/Security/Core/Authorization/Voter/Voter.php
@ -24,20 +24,20 @@ abstract class Voter implements VoterInterface
    /**
     * {@inheritdoc}
     */
-    public function vote(TokenInterface $token, $object, array $attributes)
+    public function vote(TokenInterface $token, $subject, array $attributes)
    {
        // abstain vote by default in case none of the attributes are supported
        $vote = self::ACCESS_ABSTAIN;
        foreach ($attributes as $attribute) {
-            if (!$this->supports($attribute, $object)) {
+            if (!$this->supports($attribute, $subject)) {
                continue;
            }
            // as soon as at least one attribute is supported, default is to deny access
            $vote = self::ACCESS_DENIED;
-            if ($this->voteOnAttribute($attribute, $object, $token)) {
+            if ($this->voteOnAttribute($attribute, $subject, $token)) {
                // grant access as soon as at least one attribute returns a positive response
                return self::ACCESS_GRANTED;
            }
--- a/src/Symfony/Component/Security/Core/Authorization/Voter/VoterInterface.php
+++ b/src/Symfony/Component/Security/Core/Authorization/Voter/VoterInterface.php
@ -31,10 +31,10 @@ interface VoterInterface
     * ACCESS_GRANTED, ACCESS_DENIED, or ACCESS_ABSTAIN.
     *
     * @param TokenInterface $token      A TokenInterface instance
-     * @param object|null    $object     The object to secure
+     * @param mixed          $subject    The subject to secure
     * @param array          $attributes An array of attributes associated with the method being invoked
     *
     * @return int either ACCESS_GRANTED, ACCESS_ABSTAIN, or ACCESS_DENIED
     */
-    public function vote(TokenInterface $token, $object, array $attributes);
+    public function vote(TokenInterface $token, $subject, array $attributes);
 }