mades things more consistent for the end user
This commit is contained in:
Fabien Potencier
parent
d477f157ce
commit
984bd38568
@ -31,5 +31,5 @@ security:
|
|||||||
- { path: ^/secured-by-one-ip$, ip: 10.10.10.10, roles: IS_AUTHENTICATED_ANONYMOUSLY }
|
- { path: ^/secured-by-one-ip$, ip: 10.10.10.10, roles: IS_AUTHENTICATED_ANONYMOUSLY }
|
||||||
- { path: ^/secured-by-two-ips$, ips: [1.1.1.1, 2.2.2.2], roles: IS_AUTHENTICATED_ANONYMOUSLY }
|
- { path: ^/secured-by-two-ips$, ips: [1.1.1.1, 2.2.2.2], roles: IS_AUTHENTICATED_ANONYMOUSLY }
|
||||||
- { path: ^/highly_protected_resource$, roles: IS_ADMIN }
|
- { path: ^/highly_protected_resource$, roles: IS_ADMIN }
|
||||||
- { path: ^/protected-via-expression$, allow_if: "(is_anonymous() and object.headers.get('user-agent') =~ '/Firefox/i') or has_role('ROLE_USER')" }
|
- { path: ^/protected-via-expression$, allow_if: "(is_anonymous() and request.headers.get('user-agent') =~ '/Firefox/i') or has_role('ROLE_USER')" }
|
||||||
- { path: .*, roles: IS_AUTHENTICATED_FULLY }
|
- { path: .*, roles: IS_AUTHENTICATED_FULLY }
|
||||||
|
|||||||
@ -1008,7 +1008,7 @@ class ContainerBuilder extends Container implements TaggedContainerInterface
|
|||||||
} elseif ($value instanceof Definition) {
|
} elseif ($value instanceof Definition) {
|
||||||
$value = $this->createService($value, null);
|
$value = $this->createService($value, null);
|
||||||
} elseif ($value instanceof Expression) {
|
} elseif ($value instanceof Expression) {
|
||||||
$value = $this->getExpressionLanguage()->evaluate($value, array('this' => $this));
|
$value = $this->getExpressionLanguage()->evaluate($value, array('container' => $this));
|
||||||
}
|
}
|
||||||
|
|
||||||
return $value;
|
return $value;
|
||||||
|
|||||||
@ -1201,7 +1201,7 @@ EOF;
|
|||||||
|
|
||||||
return $this->getServiceCall((string) $value, $value);
|
return $this->getServiceCall((string) $value, $value);
|
||||||
} elseif ($value instanceof Expression) {
|
} elseif ($value instanceof Expression) {
|
||||||
return $this->getExpressionLanguage()->compile((string) $value, array('this'));
|
return $this->getExpressionLanguage()->compile((string) $value, array('container'));
|
||||||
} elseif ($value instanceof Parameter) {
|
} elseif ($value instanceof Parameter) {
|
||||||
return $this->dumpParameter($value);
|
return $this->dumpParameter($value);
|
||||||
} elseif (true === $interpolate && is_string($value)) {
|
} elseif (true === $interpolate && is_string($value)) {
|
||||||
|
|||||||
@ -16,6 +16,7 @@ use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverIn
|
|||||||
use Symfony\Component\Security\Core\Authorization\ExpressionLanguage;
|
use Symfony\Component\Security\Core\Authorization\ExpressionLanguage;
|
||||||
use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
|
use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
|
||||||
use Symfony\Component\ExpressionLanguage\Expression;
|
use Symfony\Component\ExpressionLanguage\Expression;
|
||||||
|
use Symfony\Component\HttpFoundation\Request;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* ExpressionVoter votes based on the evaluation of an expression.
|
* ExpressionVoter votes based on the evaluation of an expression.
|
||||||
@ -75,6 +76,13 @@ class ExpressionVoter implements VoterInterface
|
|||||||
'trust_resolver' => $this->trustResolver,
|
'trust_resolver' => $this->trustResolver,
|
||||||
);
|
);
|
||||||
|
|
||||||
|
// this is mainly to propose a better experience when the expression is used
|
||||||
|
// in an access control rule, as the developer does not know that it's going
|
||||||
|
// to be handled by this voter
|
||||||
|
if ($object instanceof Request) {
|
||||||
|
$variables['request'] = $object;
|
||||||
|
}
|
||||||
|
|
||||||
$result = VoterInterface::ACCESS_ABSTAIN;
|
$result = VoterInterface::ACCESS_ABSTAIN;
|
||||||
foreach ($attributes as $attribute) {
|
foreach ($attributes as $attribute) {
|
||||||
if (!$this->supportsAttribute($attribute)) {
|
if (!$this->supportsAttribute($attribute)) {
|
||||||
|
|||||||
Reference in New Issue
Block a user