remove the has_role() security expression function
This commit is contained in:
parent
3fec46861a
commit
c99dfdf119
@ -6,6 +6,7 @@ CHANGELOG
|
|||||||
|
|
||||||
* Removed `Argon2iPasswordEncoder`, use `SodiumPasswordEncoder` instead
|
* Removed `Argon2iPasswordEncoder`, use `SodiumPasswordEncoder` instead
|
||||||
* Removed `BcryptPasswordEncoder`, use `NativePasswordEncoder` instead
|
* Removed `BcryptPasswordEncoder`, use `NativePasswordEncoder` instead
|
||||||
|
* Removed the `has_role()` function from security expressions, use `is_granted()` instead.
|
||||||
|
|
||||||
4.3.0
|
4.3.0
|
||||||
-----
|
-----
|
||||||
|
@ -53,16 +53,6 @@ class ExpressionLanguageProvider implements ExpressionFunctionProviderInterface
|
|||||||
}, function (array $variables) {
|
}, function (array $variables) {
|
||||||
return $variables['trust_resolver']->isRememberMe($variables['token']);
|
return $variables['trust_resolver']->isRememberMe($variables['token']);
|
||||||
}),
|
}),
|
||||||
|
|
||||||
new ExpressionFunction('has_role', function ($role) {
|
|
||||||
@trigger_error('Using the "has_role()" function in security expressions is deprecated since Symfony 4.2, use "is_granted()" instead.', E_USER_DEPRECATED);
|
|
||||||
|
|
||||||
return sprintf('in_array(%s, $roles)', $role);
|
|
||||||
}, function (array $variables, $role) {
|
|
||||||
@trigger_error('Using the "has_role()" function in security expressions is deprecated since Symfony 4.2, use "is_granted()" instead.', E_USER_DEPRECATED);
|
|
||||||
|
|
||||||
return \in_array($role, $variables['roles']);
|
|
||||||
}),
|
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -33,25 +33,8 @@ class ExpressionVoter implements VoterInterface
|
|||||||
private $authChecker;
|
private $authChecker;
|
||||||
private $roleHierarchy;
|
private $roleHierarchy;
|
||||||
|
|
||||||
/**
|
public function __construct(ExpressionLanguage $expressionLanguage, AuthenticationTrustResolverInterface $trustResolver, AuthorizationCheckerInterface $authChecker, RoleHierarchyInterface $roleHierarchy = null)
|
||||||
* @param AuthorizationCheckerInterface $authChecker
|
|
||||||
*/
|
|
||||||
public function __construct(ExpressionLanguage $expressionLanguage, AuthenticationTrustResolverInterface $trustResolver, $authChecker = null, RoleHierarchyInterface $roleHierarchy = null)
|
|
||||||
{
|
{
|
||||||
if ($authChecker instanceof RoleHierarchyInterface) {
|
|
||||||
@trigger_error(sprintf('Passing a RoleHierarchyInterface to "%s()" is deprecated since Symfony 4.2. Pass an AuthorizationCheckerInterface instead.', __METHOD__), E_USER_DEPRECATED);
|
|
||||||
$roleHierarchy = $authChecker;
|
|
||||||
$authChecker = null;
|
|
||||||
|
|
||||||
if (!method_exists($roleHierarchy, 'getReachableRoleNames')) {
|
|
||||||
@trigger_error(sprintf('Not implementing the getReachableRoleNames() method in %s which implements %s is deprecated since Symfony 4.3.', \get_class($this->roleHierarchy), RoleHierarchyInterface::class), E_USER_DEPRECATED);
|
|
||||||
}
|
|
||||||
} elseif (null === $authChecker) {
|
|
||||||
@trigger_error(sprintf('Argument 3 passed to "%s()" should be an instance of AuthorizationCheckerInterface, not passing it is deprecated since Symfony 4.2.', __METHOD__), E_USER_DEPRECATED);
|
|
||||||
} elseif (!$authChecker instanceof AuthorizationCheckerInterface) {
|
|
||||||
throw new \TypeError(sprintf('Argument 3 passed to %s() must be an instance of %s or null, %s given.', __METHOD__, AuthorizationCheckerInterface::class, \is_object($authChecker) ? \get_class($authChecker) : \gettype($authChecker)));
|
|
||||||
}
|
|
||||||
|
|
||||||
$this->expressionLanguage = $expressionLanguage;
|
$this->expressionLanguage = $expressionLanguage;
|
||||||
$this->trustResolver = $trustResolver;
|
$this->trustResolver = $trustResolver;
|
||||||
$this->authChecker = $authChecker;
|
$this->authChecker = $authChecker;
|
||||||
|
@ -83,30 +83,4 @@ class ExpressionLanguageTest extends TestCase
|
|||||||
[$usernamePasswordToken, "is_granted('ROLE_USER')", true],
|
[$usernamePasswordToken, "is_granted('ROLE_USER')", true],
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @dataProvider provideLegacyHasRole
|
|
||||||
* @group legacy
|
|
||||||
*/
|
|
||||||
public function testLegacyHasRole($expression, $result, $roles = [])
|
|
||||||
{
|
|
||||||
$expressionLanguage = new ExpressionLanguage();
|
|
||||||
$context = ['roles' => $roles];
|
|
||||||
|
|
||||||
$this->assertEquals($result, $expressionLanguage->evaluate($expression, $context));
|
|
||||||
}
|
|
||||||
|
|
||||||
public function provideLegacyHasRole()
|
|
||||||
{
|
|
||||||
$roles = ['ROLE_USER', 'ROLE_ADMIN'];
|
|
||||||
|
|
||||||
return [
|
|
||||||
["has_role('ROLE_FOO')", false],
|
|
||||||
["has_role('ROLE_USER')", false],
|
|
||||||
["has_role('ROLE_ADMIN')", false],
|
|
||||||
["has_role('ROLE_FOO')", false, $roles],
|
|
||||||
["has_role('ROLE_USER')", true, $roles],
|
|
||||||
["has_role('ROLE_ADMIN')", true, $roles],
|
|
||||||
];
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user