[SecurityBundle] Fix disabling of RoleHierarchyVoter when passing empty hierarchy

2015-11-04 14:58:00 +01:00 · 2015-11-04 14:58:00 +01:00 · 96afff6a05
commit 96afff6a05
parent 5486c689cf
3 changed files with 43 additions and 1 deletions
--- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
+++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@ -168,7 +168,7 @@ class SecurityExtension extends Extension
     */
    private function createRoleHierarchy($config, ContainerBuilder $container)
    {
-        if (!isset($config['role_hierarchy'])) {
+        if (!isset($config['role_hierarchy']) || 0 === count($config['role_hierarchy'])) {
            $container->removeDefinition('security.access.role_hierarchy_voter');

            return;
--- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
+++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
@ -94,6 +94,33 @@ class SecurityExtensionTest extends \PHPUnit_Framework_TestCase
        $container->compile();
    }

+    public function testDisableRoleHierarchyVoter()
+    {
+        $container = $this->getRawContainer();
+
+        $container->loadFromExtension('security', array(
+            'providers' => array(
+                'default' => array('id' => 'foo'),
+            ),
+
+            'role_hierarchy' => null,
+
+            'firewalls' => array(
+                'some_firewall' => array(
+                    'pattern' => '/.*',
+                    'http_basic' => null,
+                ),
+            ),
+        ));
+
+        $container->compile();
+
+        $admDefinition = $container->getDefinition('security.access.decision_manager');
+        $registeredVoters = array_map('strval', $admDefinition->getArgument(0));
+
+        $this->assertNotContains('security.access.role_hierarchy_voter', $registeredVoters);
+    }
+
    protected function getRawContainer()
    {
        $container = new ContainerBuilder();
--- a/src/Symfony/Component/Security/Core/Tests/Authorization/Voter/RoleHierarchyVoterTest.php
+++ b/src/Symfony/Component/Security/Core/Tests/Authorization/Voter/RoleHierarchyVoterTest.php
@ -33,4 +33,19 @@ class RoleHierarchyVoterTest extends RoleVoterTest
            array(array('ROLE_FOO'), array('ROLE_FOOBAR'), VoterInterface::ACCESS_GRANTED),
        ));
    }
+
+    /**
+     * @dataProvider getVoteWithEmptyHierarchyTests
+     */
+    public function testVoteWithEmptyHierarchy($roles, $attributes, $expected)
+    {
+        $voter = new RoleHierarchyVoter(new RoleHierarchy(array()));
+
+        $this->assertSame($expected, $voter->vote($this->getToken($roles), null, $attributes));
+    }
+
+    public function getVoteWithEmptyHierarchyTests()
+    {
+        return parent::getVoteTests();
+    }
 }