remove the has_role() security expression function
This commit is contained in:
Christian Flothmann
parent
3fec46861a
commit
c99dfdf119
@ -6,6 +6,7 @@ CHANGELOG
|
||||
|
||||
* Removed `Argon2iPasswordEncoder`, use `SodiumPasswordEncoder` instead
|
||||
* Removed `BcryptPasswordEncoder`, use `NativePasswordEncoder` instead
|
||||
* Removed the `has_role()` function from security expressions, use `is_granted()` instead.
|
||||
|
||||
4.3.0
|
||||
-----
|
||||
|
||||
@ -53,16 +53,6 @@ class ExpressionLanguageProvider implements ExpressionFunctionProviderInterface
|
||||
}, function (array $variables) {
|
||||
return $variables['trust_resolver']->isRememberMe($variables['token']);
|
||||
}),
|
||||
|
||||
new ExpressionFunction('has_role', function ($role) {
|
||||
@trigger_error('Using the "has_role()" function in security expressions is deprecated since Symfony 4.2, use "is_granted()" instead.', E_USER_DEPRECATED);
|
||||
|
||||
return sprintf('in_array(%s, $roles)', $role);
|
||||
}, function (array $variables, $role) {
|
||||
@trigger_error('Using the "has_role()" function in security expressions is deprecated since Symfony 4.2, use "is_granted()" instead.', E_USER_DEPRECATED);
|
||||
|
||||
return \in_array($role, $variables['roles']);
|
||||
}),
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
@ -33,25 +33,8 @@ class ExpressionVoter implements VoterInterface
|
||||
private $authChecker;
|
||||
private $roleHierarchy;
|
||||
|
||||
/**
|
||||
* @param AuthorizationCheckerInterface $authChecker
|
||||
*/
|
||||
public function __construct(ExpressionLanguage $expressionLanguage, AuthenticationTrustResolverInterface $trustResolver, $authChecker = null, RoleHierarchyInterface $roleHierarchy = null)
|
||||
public function __construct(ExpressionLanguage $expressionLanguage, AuthenticationTrustResolverInterface $trustResolver, AuthorizationCheckerInterface $authChecker, RoleHierarchyInterface $roleHierarchy = null)
|
||||
{
|
||||
if ($authChecker instanceof RoleHierarchyInterface) {
|
||||
@trigger_error(sprintf('Passing a RoleHierarchyInterface to "%s()" is deprecated since Symfony 4.2. Pass an AuthorizationCheckerInterface instead.', __METHOD__), E_USER_DEPRECATED);
|
||||
$roleHierarchy = $authChecker;
|
||||
$authChecker = null;
|
||||
|
||||
if (!method_exists($roleHierarchy, 'getReachableRoleNames')) {
|
||||
@trigger_error(sprintf('Not implementing the getReachableRoleNames() method in %s which implements %s is deprecated since Symfony 4.3.', \get_class($this->roleHierarchy), RoleHierarchyInterface::class), E_USER_DEPRECATED);
|
||||
}
|
||||
} elseif (null === $authChecker) {
|
||||
@trigger_error(sprintf('Argument 3 passed to "%s()" should be an instance of AuthorizationCheckerInterface, not passing it is deprecated since Symfony 4.2.', __METHOD__), E_USER_DEPRECATED);
|
||||
} elseif (!$authChecker instanceof AuthorizationCheckerInterface) {
|
||||
throw new \TypeError(sprintf('Argument 3 passed to %s() must be an instance of %s or null, %s given.', __METHOD__, AuthorizationCheckerInterface::class, \is_object($authChecker) ? \get_class($authChecker) : \gettype($authChecker)));
|
||||
}
|
||||
|
||||
$this->expressionLanguage = $expressionLanguage;
|
||||
$this->trustResolver = $trustResolver;
|
||||
$this->authChecker = $authChecker;
|
||||
|
||||
@ -83,30 +83,4 @@ class ExpressionLanguageTest extends TestCase
|
||||
[$usernamePasswordToken, "is_granted('ROLE_USER')", true],
|
||||
];
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provideLegacyHasRole
|
||||
* @group legacy
|
||||
*/
|
||||
public function testLegacyHasRole($expression, $result, $roles = [])
|
||||
{
|
||||
$expressionLanguage = new ExpressionLanguage();
|
||||
$context = ['roles' => $roles];
|
||||
|
||||
$this->assertEquals($result, $expressionLanguage->evaluate($expression, $context));
|
||||
}
|
||||
|
||||
public function provideLegacyHasRole()
|
||||
{
|
||||
$roles = ['ROLE_USER', 'ROLE_ADMIN'];
|
||||
|
||||
return [
|
||||
["has_role('ROLE_FOO')", false],
|
||||
["has_role('ROLE_USER')", false],
|
||||
["has_role('ROLE_ADMIN')", false],
|
||||
["has_role('ROLE_FOO')", false, $roles],
|
||||
["has_role('ROLE_USER')", true, $roles],
|
||||
["has_role('ROLE_ADMIN')", true, $roles],
|
||||
];
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user