From 984bd38568bea92e30443f26f75492a19e8f18ee Mon Sep 17 00:00:00 2001 From: Fabien Potencier Date: Wed, 4 Sep 2013 17:17:08 +0200 Subject: [PATCH] mades things more consistent for the end user --- .../Tests/Functional/app/StandardFormLogin/config.yml | 2 +- .../Component/DependencyInjection/ContainerBuilder.php | 2 +- .../Component/DependencyInjection/Dumper/PhpDumper.php | 2 +- .../Security/Core/Authorization/Voter/ExpressionVoter.php | 8 ++++++++ 4 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/config.yml index 7129a4c08a..7357335dbe 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/config.yml +++ b/src/Symfony/Bundle/SecurityBundle/Tests/Functional/app/StandardFormLogin/config.yml @@ -31,5 +31,5 @@ security: - { path: ^/secured-by-one-ip$, ip: 10.10.10.10, roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/secured-by-two-ips$, ips: [1.1.1.1, 2.2.2.2], roles: IS_AUTHENTICATED_ANONYMOUSLY } - { path: ^/highly_protected_resource$, roles: IS_ADMIN } - - { path: ^/protected-via-expression$, allow_if: "(is_anonymous() and object.headers.get('user-agent') =~ '/Firefox/i') or has_role('ROLE_USER')" } + - { path: ^/protected-via-expression$, allow_if: "(is_anonymous() and request.headers.get('user-agent') =~ '/Firefox/i') or has_role('ROLE_USER')" } - { path: .*, roles: IS_AUTHENTICATED_FULLY } diff --git a/src/Symfony/Component/DependencyInjection/ContainerBuilder.php b/src/Symfony/Component/DependencyInjection/ContainerBuilder.php index 8085975e2f..199eec8d2d 100644 --- a/src/Symfony/Component/DependencyInjection/ContainerBuilder.php +++ b/src/Symfony/Component/DependencyInjection/ContainerBuilder.php @@ -1008,7 +1008,7 @@ class ContainerBuilder extends Container implements TaggedContainerInterface } elseif ($value instanceof Definition) { $value = $this->createService($value, null); } elseif ($value instanceof Expression) { - $value = $this->getExpressionLanguage()->evaluate($value, array('this' => $this)); + $value = $this->getExpressionLanguage()->evaluate($value, array('container' => $this)); } return $value; diff --git a/src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php b/src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php index e55507f751..684ab78079 100644 --- a/src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php +++ b/src/Symfony/Component/DependencyInjection/Dumper/PhpDumper.php @@ -1201,7 +1201,7 @@ EOF; return $this->getServiceCall((string) $value, $value); } elseif ($value instanceof Expression) { - return $this->getExpressionLanguage()->compile((string) $value, array('this')); + return $this->getExpressionLanguage()->compile((string) $value, array('container')); } elseif ($value instanceof Parameter) { return $this->dumpParameter($value); } elseif (true === $interpolate && is_string($value)) { diff --git a/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php b/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php index bbe2e6bd81..50c8d5cfd8 100644 --- a/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php +++ b/src/Symfony/Component/Security/Core/Authorization/Voter/ExpressionVoter.php @@ -16,6 +16,7 @@ use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverIn use Symfony\Component\Security\Core\Authorization\ExpressionLanguage; use Symfony\Component\Security\Core\Role\RoleHierarchyInterface; use Symfony\Component\ExpressionLanguage\Expression; +use Symfony\Component\HttpFoundation\Request; /** * ExpressionVoter votes based on the evaluation of an expression. @@ -75,6 +76,13 @@ class ExpressionVoter implements VoterInterface 'trust_resolver' => $this->trustResolver, ); + // this is mainly to propose a better experience when the expression is used + // in an access control rule, as the developer does not know that it's going + // to be handled by this voter + if ($object instanceof Request) { + $variables['request'] = $object; + } + $result = VoterInterface::ACCESS_ABSTAIN; foreach ($attributes as $attribute) { if (!$this->supportsAttribute($attribute)) {