[SecurityBundle] Empty line starting with dash under "access_control" causes all rules to be skipped
This commit is contained in:
parent
4e4cdf548c
commit
ee26ce5987
@ -191,6 +191,12 @@ class SecurityExtension extends Extension implements PrependExtensionInterface
|
|||||||
$attributes[] = $this->createExpression($container, $access['allow_if']);
|
$attributes[] = $this->createExpression($container, $access['allow_if']);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$emptyAccess = 0 === \count(array_filter($access));
|
||||||
|
|
||||||
|
if ($emptyAccess) {
|
||||||
|
throw new InvalidConfigurationException('One or more access control items are empty. Did you accidentally add lines only containing a "-" under "security.access_control"?');
|
||||||
|
}
|
||||||
|
|
||||||
$container->getDefinition('security.access_map')
|
$container->getDefinition('security.access_map')
|
||||||
->addMethodCall('add', [$matcher, $attributes, $access['requires_channel']]);
|
->addMethodCall('add', [$matcher, $attributes, $access['requires_channel']]);
|
||||||
}
|
}
|
||||||
|
@ -415,6 +415,56 @@ class SecurityExtensionTest extends TestCase
|
|||||||
$this->assertEquals(new Reference('security.user.provider.concrete.second'), $container->getDefinition('security.authentication.switchuser_listener.foobar')->getArgument(1));
|
$this->assertEquals(new Reference('security.user.provider.concrete.second'), $container->getDefinition('security.authentication.switchuser_listener.foobar')->getArgument(1));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function testInvalidAccessControlWithEmptyRow()
|
||||||
|
{
|
||||||
|
$container = $this->getRawContainer();
|
||||||
|
|
||||||
|
$container->loadFromExtension('security', [
|
||||||
|
'providers' => [
|
||||||
|
'default' => ['id' => 'foo'],
|
||||||
|
],
|
||||||
|
'firewalls' => [
|
||||||
|
'some_firewall' => [
|
||||||
|
'pattern' => '/.*',
|
||||||
|
'http_basic' => [],
|
||||||
|
],
|
||||||
|
],
|
||||||
|
'access_control' => [
|
||||||
|
[],
|
||||||
|
['path' => '/admin', 'roles' => 'ROLE_ADMIN'],
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
|
||||||
|
$this->expectException(InvalidConfigurationException::class);
|
||||||
|
$this->expectExceptionMessage('One or more access control items are empty. Did you accidentally add lines only containing a "-" under "security.access_control"?');
|
||||||
|
$container->compile();
|
||||||
|
}
|
||||||
|
|
||||||
|
public function testValidAccessControlWithEmptyRow()
|
||||||
|
{
|
||||||
|
$container = $this->getRawContainer();
|
||||||
|
|
||||||
|
$container->loadFromExtension('security', [
|
||||||
|
'providers' => [
|
||||||
|
'default' => ['id' => 'foo'],
|
||||||
|
],
|
||||||
|
'firewalls' => [
|
||||||
|
'some_firewall' => [
|
||||||
|
'pattern' => '/.*',
|
||||||
|
'http_basic' => [],
|
||||||
|
],
|
||||||
|
],
|
||||||
|
'access_control' => [
|
||||||
|
['path' => '^/login'],
|
||||||
|
['path' => '^/', 'roles' => 'ROLE_USER'],
|
||||||
|
],
|
||||||
|
]);
|
||||||
|
|
||||||
|
$container->compile();
|
||||||
|
|
||||||
|
$this->assertTrue(true, 'extension throws an InvalidConfigurationException if there is one more more empty access control items');
|
||||||
|
}
|
||||||
|
|
||||||
protected function getRawContainer()
|
protected function getRawContainer()
|
||||||
{
|
{
|
||||||
$container = new ContainerBuilder();
|
$container = new ContainerBuilder();
|
||||||
|
Reference in New Issue
Block a user