[Security] Revert changes made between 2.7 and 2.8-beta
This commit is contained in:
parent
e0f5ffc304
commit
d3c6d93dff
@ -442,38 +442,8 @@ FrameworkBundle
|
|||||||
Security
|
Security
|
||||||
--------
|
--------
|
||||||
|
|
||||||
* The AbstractToken::isGranted() method was deprecated. Instead,
|
* The `VoterInterface::supportsClass` and `supportsAttribute` methods were
|
||||||
override the voteOnAttribute() method. This method has one small
|
deprecated and will be removed from the interface in 3.0.
|
||||||
difference: it's passed the TokenInterface instead of the user:
|
|
||||||
|
|
||||||
Before:
|
|
||||||
|
|
||||||
```php
|
|
||||||
class MyCustomVoter extends AbstractVoter
|
|
||||||
{
|
|
||||||
// ...
|
|
||||||
|
|
||||||
protected function isGranted($attribute, $object, $user = null)
|
|
||||||
{
|
|
||||||
// ...
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
After:
|
|
||||||
|
|
||||||
```php
|
|
||||||
class MyCustomVoter extends AbstractVoter
|
|
||||||
{
|
|
||||||
// ...
|
|
||||||
|
|
||||||
protected function voteOnAttribute($attribute, $object, TokenInterface $token)
|
|
||||||
{
|
|
||||||
$user = $token->getUser();
|
|
||||||
// ...
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
Config
|
Config
|
||||||
------
|
------
|
||||||
|
@ -11,6 +11,8 @@
|
|||||||
|
|
||||||
namespace Symfony\Component\Security\Core\Authorization\Voter;
|
namespace Symfony\Component\Security\Core\Authorization\Voter;
|
||||||
|
|
||||||
|
@trigger_error('The '.__NAMESPACE__.'\AbstractVoter class is deprecated since version 2.8, to be removed in 3.0. Upgrade to Symfony\Component\Security\Core\Authorization\Voter\Voter instead.', E_USER_DEPRECATED);
|
||||||
|
|
||||||
use Symfony\Component\Security\Core\User\UserInterface;
|
use Symfony\Component\Security\Core\User\UserInterface;
|
||||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||||
|
|
||||||
@ -18,6 +20,8 @@ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
|||||||
* Abstract Voter implementation that reduces boilerplate code required to create a custom Voter.
|
* Abstract Voter implementation that reduces boilerplate code required to create a custom Voter.
|
||||||
*
|
*
|
||||||
* @author Roman Marintšenko <inoryy@gmail.com>
|
* @author Roman Marintšenko <inoryy@gmail.com>
|
||||||
|
*
|
||||||
|
* @deprecated since version 2.8, to be removed in 3.0. Upgrade to Symfony\Component\Security\Core\Authorization\Voter\Voter instead.
|
||||||
*/
|
*/
|
||||||
abstract class AbstractVoter implements VoterInterface
|
abstract class AbstractVoter implements VoterInterface
|
||||||
{
|
{
|
||||||
@ -26,8 +30,6 @@ abstract class AbstractVoter implements VoterInterface
|
|||||||
*/
|
*/
|
||||||
public function supportsAttribute($attribute)
|
public function supportsAttribute($attribute)
|
||||||
{
|
{
|
||||||
@trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.', E_USER_DEPRECATED);
|
|
||||||
|
|
||||||
return in_array($attribute, $this->getSupportedAttributes());
|
return in_array($attribute, $this->getSupportedAttributes());
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -36,8 +38,6 @@ abstract class AbstractVoter implements VoterInterface
|
|||||||
*/
|
*/
|
||||||
public function supportsClass($class)
|
public function supportsClass($class)
|
||||||
{
|
{
|
||||||
@trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.', E_USER_DEPRECATED);
|
|
||||||
|
|
||||||
foreach ($this->getSupportedClasses() as $supportedClass) {
|
foreach ($this->getSupportedClasses() as $supportedClass) {
|
||||||
if ($supportedClass === $class || is_subclass_of($class, $supportedClass)) {
|
if ($supportedClass === $class || is_subclass_of($class, $supportedClass)) {
|
||||||
return true;
|
return true;
|
||||||
@ -62,7 +62,7 @@ abstract class AbstractVoter implements VoterInterface
|
|||||||
*/
|
*/
|
||||||
public function vote(TokenInterface $token, $object, array $attributes)
|
public function vote(TokenInterface $token, $object, array $attributes)
|
||||||
{
|
{
|
||||||
if (!$object) {
|
if (!$object || !$this->supportsClass(get_class($object))) {
|
||||||
return self::ACCESS_ABSTAIN;
|
return self::ACCESS_ABSTAIN;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -70,14 +70,14 @@ abstract class AbstractVoter implements VoterInterface
|
|||||||
$vote = self::ACCESS_ABSTAIN;
|
$vote = self::ACCESS_ABSTAIN;
|
||||||
|
|
||||||
foreach ($attributes as $attribute) {
|
foreach ($attributes as $attribute) {
|
||||||
if (!$this->supports($attribute, $object)) {
|
if (!$this->supportsAttribute($attribute)) {
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
// as soon as at least one attribute is supported, default is to deny access
|
// as soon as at least one attribute is supported, default is to deny access
|
||||||
$vote = self::ACCESS_DENIED;
|
$vote = self::ACCESS_DENIED;
|
||||||
|
|
||||||
if ($this->voteOnAttribute($attribute, $object, $token)) {
|
if ($this->isGranted($attribute, $object, $token->getUser())) {
|
||||||
// grant access as soon as at least one voter returns a positive response
|
// grant access as soon as at least one voter returns a positive response
|
||||||
return self::ACCESS_GRANTED;
|
return self::ACCESS_GRANTED;
|
||||||
}
|
}
|
||||||
@ -86,62 +86,19 @@ abstract class AbstractVoter implements VoterInterface
|
|||||||
return $vote;
|
return $vote;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* Determines if the attribute and object are supported by this voter.
|
|
||||||
*
|
|
||||||
* This method will become abstract in 3.0.
|
|
||||||
*
|
|
||||||
* @param string $attribute An attribute
|
|
||||||
* @param string $object The object to secure
|
|
||||||
*
|
|
||||||
* @return bool True if the attribute and object is supported, false otherwise
|
|
||||||
*/
|
|
||||||
protected function supports($attribute, $object)
|
|
||||||
{
|
|
||||||
@trigger_error('The getSupportedClasses and getSupportedAttributes methods are deprecated since version 2.8 and will be removed in version 3.0. Overwrite supports instead.', E_USER_DEPRECATED);
|
|
||||||
|
|
||||||
$classIsSupported = false;
|
|
||||||
foreach ($this->getSupportedClasses() as $supportedClass) {
|
|
||||||
if ($object instanceof $supportedClass) {
|
|
||||||
$classIsSupported = true;
|
|
||||||
break;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!$classIsSupported) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!in_array($attribute, $this->getSupportedAttributes())) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return an array of supported classes. This will be called by supportsClass.
|
* Return an array of supported classes. This will be called by supportsClass.
|
||||||
*
|
*
|
||||||
* @return array an array of supported classes, i.e. array('Acme\DemoBundle\Model\Product')
|
* @return array an array of supported classes, i.e. array('Acme\DemoBundle\Model\Product')
|
||||||
*
|
|
||||||
* @deprecated since version 2.8, to be removed in 3.0. Use supports() instead.
|
|
||||||
*/
|
*/
|
||||||
protected function getSupportedClasses()
|
abstract protected function getSupportedClasses();
|
||||||
{
|
|
||||||
@trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.', E_USER_DEPRECATED);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Return an array of supported attributes. This will be called by supportsAttribute.
|
* Return an array of supported attributes. This will be called by supportsAttribute.
|
||||||
*
|
*
|
||||||
* @return array an array of supported attributes, i.e. array('CREATE', 'READ')
|
* @return array an array of supported attributes, i.e. array('CREATE', 'READ')
|
||||||
*
|
|
||||||
* @deprecated since version 2.8, to be removed in 3.0. Use supports() instead.
|
|
||||||
*/
|
*/
|
||||||
protected function getSupportedAttributes()
|
abstract protected function getSupportedAttributes();
|
||||||
{
|
|
||||||
@trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.', E_USER_DEPRECATED);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Perform a single access check operation on a given attribute, object and (optionally) user
|
* Perform a single access check operation on a given attribute, object and (optionally) user
|
||||||
@ -154,33 +111,7 @@ abstract class AbstractVoter implements VoterInterface
|
|||||||
* @param object $object
|
* @param object $object
|
||||||
* @param UserInterface|string $user
|
* @param UserInterface|string $user
|
||||||
*
|
*
|
||||||
* @deprecated This method will be removed in 3.0 - override voteOnAttribute instead.
|
|
||||||
*
|
|
||||||
* @return bool
|
* @return bool
|
||||||
*/
|
*/
|
||||||
protected function isGranted($attribute, $object, $user = null)
|
abstract protected function isGranted($attribute, $object, $user = null);
|
||||||
{
|
|
||||||
// forces isGranted() or voteOnAttribute() to be overridden
|
|
||||||
throw new \BadMethodCallException(sprintf('You must override the voteOnAttribute() method in "%s".', get_class($this)));
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Perform a single access check operation on a given attribute, object and token.
|
|
||||||
* It is safe to assume that $attribute and $object's class pass supports method call.
|
|
||||||
*
|
|
||||||
* This method will become abstract in 3.0.
|
|
||||||
*
|
|
||||||
* @param string $attribute
|
|
||||||
* @param object $object
|
|
||||||
* @param TokenInterface $token
|
|
||||||
*
|
|
||||||
* @return bool
|
|
||||||
*/
|
|
||||||
protected function voteOnAttribute($attribute, $object, TokenInterface $token)
|
|
||||||
{
|
|
||||||
// the user should override this method, and not rely on the deprecated isGranted()
|
|
||||||
@trigger_error(sprintf("The AbstractVoter::isGranted() method is deprecated since 2.8 and won't be called anymore in 3.0. Override voteOnAttribute() in %s instead.", get_class($this)), E_USER_DEPRECATED);
|
|
||||||
|
|
||||||
return $this->isGranted($attribute, $object, $token->getUser());
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -11,10 +11,11 @@
|
|||||||
|
|
||||||
namespace Symfony\Component\Security\Core\Tests\Authorization\Voter;
|
namespace Symfony\Component\Security\Core\Tests\Authorization\Voter;
|
||||||
|
|
||||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
|
||||||
use Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter;
|
|
||||||
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
|
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @group legacy
|
||||||
|
*/
|
||||||
class AbstractVoterTest extends \PHPUnit_Framework_TestCase
|
class AbstractVoterTest extends \PHPUnit_Framework_TestCase
|
||||||
{
|
{
|
||||||
protected $token;
|
protected $token;
|
||||||
@ -50,75 +51,8 @@ class AbstractVoterTest extends \PHPUnit_Framework_TestCase
|
|||||||
*/
|
*/
|
||||||
public function testVote(array $attributes, $expectedVote, $object, $message)
|
public function testVote(array $attributes, $expectedVote, $object, $message)
|
||||||
{
|
{
|
||||||
$voter = new AbstractVoterTest_Voter();
|
$voter = new Fixtures\MyVoter();
|
||||||
|
|
||||||
$this->assertEquals($expectedVote, $voter->vote($this->token, $object, $attributes), $message);
|
$this->assertEquals($expectedVote, $voter->vote($this->token, $object, $attributes), $message);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
|
||||||
* @dataProvider getTests
|
|
||||||
* @group legacy
|
|
||||||
*/
|
|
||||||
public function testVoteLegacy(array $attributes, $expectedVote, $object, $message)
|
|
||||||
{
|
|
||||||
$voter = new AbstractVoterTest_LegacyVoter();
|
|
||||||
|
|
||||||
$this->assertEquals($expectedVote, $voter->vote($this->token, $object, $attributes), $message);
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @group legacy
|
|
||||||
* @expectedException \BadMethodCallException
|
|
||||||
*/
|
|
||||||
public function testNoOverriddenMethodsThrowsException()
|
|
||||||
{
|
|
||||||
$voter = new AbstractVoterTest_NothingImplementedVoter();
|
|
||||||
$voter->vote($this->token, new \stdClass(), array('EDIT'));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
class AbstractVoterTest_Voter extends AbstractVoter
|
|
||||||
{
|
|
||||||
protected function voteOnAttribute($attribute, $object, TokenInterface $token)
|
|
||||||
{
|
|
||||||
return 'EDIT' === $attribute;
|
|
||||||
}
|
|
||||||
|
|
||||||
protected function supports($attribute, $object)
|
|
||||||
{
|
|
||||||
return $object instanceof \stdClass && in_array($attribute, array('EDIT', 'CREATE'));
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
class AbstractVoterTest_LegacyVoter extends AbstractVoter
|
|
||||||
{
|
|
||||||
protected function getSupportedClasses()
|
|
||||||
{
|
|
||||||
return array('stdClass');
|
|
||||||
}
|
|
||||||
|
|
||||||
protected function getSupportedAttributes()
|
|
||||||
{
|
|
||||||
return array('EDIT', 'CREATE');
|
|
||||||
}
|
|
||||||
|
|
||||||
protected function isGranted($attribute, $object, $user = null)
|
|
||||||
{
|
|
||||||
return 'EDIT' === $attribute;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
class AbstractVoterTest_NothingImplementedVoter extends AbstractVoter
|
|
||||||
{
|
|
||||||
protected function getSupportedClasses()
|
|
||||||
{
|
|
||||||
return array('stdClass');
|
|
||||||
}
|
|
||||||
|
|
||||||
protected function getSupportedAttributes()
|
|
||||||
{
|
|
||||||
return array('EDIT', 'CREATE');
|
|
||||||
}
|
|
||||||
|
|
||||||
// this is a bad voter that hasn't overridden isGranted or voteOnAttribute
|
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1,27 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
namespace Symfony\Component\Security\Core\Tests\Authorization\Voter\Fixtures;
|
||||||
|
|
||||||
|
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||||
|
use Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @group legacy
|
||||||
|
*/
|
||||||
|
class MyVoter extends AbstractVoter
|
||||||
|
{
|
||||||
|
protected function getSupportedClasses()
|
||||||
|
{
|
||||||
|
return array('stdClass');
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function getSupportedAttributes()
|
||||||
|
{
|
||||||
|
return array('EDIT', 'CREATE');
|
||||||
|
}
|
||||||
|
|
||||||
|
protected function isGranted($attribute, $object, $user = null)
|
||||||
|
{
|
||||||
|
return 'EDIT' === $attribute;
|
||||||
|
}
|
||||||
|
}
|
Reference in New Issue
Block a user