From fb88bfc79aaed2bfbd67105ba6b5978317da4ac4 Mon Sep 17 00:00:00 2001
From: Ivan Nikolaev <destillat.mailbox@gmail.com>
Date: Thu, 19 Jul 2018 20:09:12 +0300
Subject: [PATCH] [FrameworkBundle] fixed guard event names for transitions

---
 .../Resources/config/schema/symfony-1.0.xsd   |  1 +
 .../php/workflow_with_guard_expression.php    | 51 +++++++++++
 .../xml/workflow_with_guard_expression.xml    | 48 +++++++++++
 .../yml/workflow_with_guard_expression.yml    | 35 ++++++++
 .../FrameworkExtensionTest.php                | 84 +++++++++++++++++--
 .../EventListener/GuardExpression.php         | 37 ++++++++
 .../Workflow/EventListener/GuardListener.php  | 25 +++++-
 .../Tests/EventListener/GuardListenerTest.php | 46 +++++++++-
 8 files changed, 314 insertions(+), 13 deletions(-)
 create mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/workflow_with_guard_expression.php
 create mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/workflow_with_guard_expression.xml
 create mode 100644 src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/workflow_with_guard_expression.yml
 create mode 100644 src/Symfony/Component/Workflow/EventListener/GuardExpression.php

diff --git a/src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd b/src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd
index 1feb77bba8..adbf4e5c57 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd
+++ b/src/Symfony/Bundle/FrameworkBundle/Resources/config/schema/symfony-1.0.xsd
@@ -300,6 +300,7 @@
         <xsd:sequence>
             <xsd:element name="from" type="xsd:string" minOccurs="1" maxOccurs="unbounded" />
             <xsd:element name="to" type="xsd:string" minOccurs="1" maxOccurs="unbounded" />
+            <xsd:element name="guard" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
         </xsd:sequence>
         <xsd:attribute name="name" type="xsd:string" use="required" />
     </xsd:complexType>
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/workflow_with_guard_expression.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/workflow_with_guard_expression.php
new file mode 100644
index 0000000000..89c86339af
--- /dev/null
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/php/workflow_with_guard_expression.php
@@ -0,0 +1,51 @@
+<?php
+
+use Symfony\Bundle\FrameworkBundle\Tests\DependencyInjection\FrameworkExtensionTest;
+
+$container->loadFromExtension('framework', array(
+    'workflows' => array(
+        'article' => array(
+            'type' => 'workflow',
+            'marking_store' => array(
+                'type' => 'multiple_state',
+            ),
+            'supports' => array(
+                FrameworkExtensionTest::class,
+            ),
+            'initial_place' => 'draft',
+            'places' => array(
+                'draft',
+                'wait_for_journalist',
+                'approved_by_journalist',
+                'wait_for_spellchecker',
+                'approved_by_spellchecker',
+                'published',
+            ),
+            'transitions' => array(
+                'request_review' => array(
+                    'from' => 'draft',
+                    'to' => array('wait_for_journalist', 'wait_for_spellchecker'),
+                ),
+                'journalist_approval' => array(
+                    'from' => 'wait_for_journalist',
+                    'to' => 'approved_by_journalist',
+                ),
+                'spellchecker_approval' => array(
+                    'from' => 'wait_for_spellchecker',
+                    'to' => 'approved_by_spellchecker',
+                ),
+                'publish' => array(
+                    'from' => array('approved_by_journalist', 'approved_by_spellchecker'),
+                    'to' => 'published',
+                    'guard' => '!!true',
+                ),
+                'publish_editor_in_chief' => array(
+                    'name' => 'publish',
+                    'from' => 'draft',
+                    'to' => 'published',
+                    'guard' => '!!false',
+                ),
+            ),
+        ),
+    ),
+));
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/workflow_with_guard_expression.xml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/workflow_with_guard_expression.xml
new file mode 100644
index 0000000000..cf129e45c3
--- /dev/null
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/xml/workflow_with_guard_expression.xml
@@ -0,0 +1,48 @@
+<?xml version="1.0" ?>
+
+<container xmlns="http://symfony.com/schema/dic/services"
+           xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+           xmlns:framework="http://symfony.com/schema/dic/symfony"
+           xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd
+                        http://symfony.com/schema/dic/symfony http://symfony.com/schema/dic/symfony/symfony-1.0.xsd">
+
+    <framework:config>
+        <framework:workflow name="article" type="workflow" initial-place="draft">
+            <framework:marking-store type="multiple_state">
+                <framework:argument>a</framework:argument>
+                <framework:argument>a</framework:argument>
+            </framework:marking-store>
+            <framework:support>Symfony\Bundle\FrameworkBundle\Tests\DependencyInjection\FrameworkExtensionTest</framework:support>
+            <framework:place name="draft" />
+            <framework:place name="wait_for_journalist" />
+            <framework:place name="approved_by_journalist" />
+            <framework:place name="wait_for_spellchecker" />
+            <framework:place name="approved_by_spellchecker" />
+            <framework:place name="published" />
+            <framework:transition name="request_review">
+                <framework:from>draft</framework:from>
+                <framework:to>wait_for_journalist</framework:to>
+                <framework:to>wait_for_spellchecker</framework:to>
+            </framework:transition>
+            <framework:transition name="journalist_approval">
+                <framework:from>wait_for_journalist</framework:from>
+                <framework:to>approved_by_journalist</framework:to>
+            </framework:transition>
+            <framework:transition name="spellchecker_approval">
+                <framework:from>wait_for_spellchecker</framework:from>
+                <framework:to>approved_by_spellchecker</framework:to>
+            </framework:transition>
+            <framework:transition name="publish">
+                <framework:from>approved_by_journalist</framework:from>
+                <framework:from>approved_by_spellchecker</framework:from>
+                <framework:to>published</framework:to>
+                <framework:guard>!!true</framework:guard>
+            </framework:transition>
+            <framework:transition name="publish">
+                <framework:from>draft</framework:from>
+                <framework:to>published</framework:to>
+                <framework:guard>!!false</framework:guard>
+            </framework:transition>
+        </framework:workflow>
+    </framework:config>
+</container>
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/workflow_with_guard_expression.yml b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/workflow_with_guard_expression.yml
new file mode 100644
index 0000000000..458cb4ae1e
--- /dev/null
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/Fixtures/yml/workflow_with_guard_expression.yml
@@ -0,0 +1,35 @@
+framework:
+    workflows:
+        article:
+            type: workflow
+            marking_store:
+                type: multiple_state
+            supports:
+            - Symfony\Bundle\FrameworkBundle\Tests\DependencyInjection\FrameworkExtensionTest
+            initial_place: draft
+            places:
+            - draft
+            - wait_for_journalist
+            - approved_by_journalist
+            - wait_for_spellchecker
+            - approved_by_spellchecker
+            - published
+            transitions:
+                request_review:
+                    from: [draft]
+                    to: [wait_for_journalist, wait_for_spellchecker]
+                journalist_approval:
+                    from: [wait_for_journalist]
+                    to: [approved_by_journalist]
+                spellchecker_approval:
+                    from: [wait_for_spellchecker]
+                    to: [approved_by_spellchecker]
+                publish:
+                    from: [approved_by_journalist, approved_by_spellchecker]
+                    to: [published]
+                    guard: "!!true"
+                publish_editor_in_chief:
+                    name: publish
+                    from: [draft]
+                    to: [published]
+                    guard: "!!false"
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
index 38420ac1e7..ae6dc7a75a 100644
--- a/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
+++ b/src/Symfony/Bundle/FrameworkBundle/Tests/DependencyInjection/FrameworkExtensionTest.php
@@ -302,14 +302,84 @@ abstract class FrameworkExtensionTest extends TestCase
 
         $this->assertCount(5, $transitions);
 
-        $this->assertSame('request_review', $transitions[0]->getArgument(0));
-        $this->assertSame('journalist_approval', $transitions[1]->getArgument(0));
-        $this->assertSame('spellchecker_approval', $transitions[2]->getArgument(0));
-        $this->assertSame('publish', $transitions[3]->getArgument(0));
-        $this->assertSame('publish', $transitions[4]->getArgument(0));
+        $this->assertSame('workflow.article.transition.0', (string) $transitions[0]);
+        $this->assertSame(array(
+            'request_review',
+            array(
+                'draft',
+            ),
+            array(
+                'wait_for_journalist', 'wait_for_spellchecker',
+            ),
+        ), $container->getDefinition($transitions[0])->getArguments());
 
-        $this->assertSame(array('approved_by_journalist', 'approved_by_spellchecker'), $transitions[3]->getArgument(1));
-        $this->assertSame(array('draft'), $transitions[4]->getArgument(1));
+        $this->assertSame('workflow.article.transition.1', (string) $transitions[1]);
+        $this->assertSame(array(
+            'journalist_approval',
+            array(
+                'wait_for_journalist',
+            ),
+            array(
+                'approved_by_journalist',
+            ),
+        ), $container->getDefinition($transitions[1])->getArguments());
+
+        $this->assertSame('workflow.article.transition.2', (string) $transitions[2]);
+        $this->assertSame(array(
+            'spellchecker_approval',
+            array(
+                'wait_for_spellchecker',
+            ),
+            array(
+                'approved_by_spellchecker',
+            ),
+        ), $container->getDefinition($transitions[2])->getArguments());
+
+        $this->assertSame('workflow.article.transition.3', (string) $transitions[3]);
+        $this->assertSame(array(
+            'publish',
+            array(
+                'approved_by_journalist',
+                'approved_by_spellchecker',
+            ),
+            array(
+                'published',
+            ),
+        ), $container->getDefinition($transitions[3])->getArguments());
+
+        $this->assertSame('workflow.article.transition.4', (string) $transitions[4]);
+        $this->assertSame(array(
+            'publish',
+            array(
+                'draft',
+            ),
+            array(
+                'published',
+            ),
+        ), $container->getDefinition($transitions[4])->getArguments());
+    }
+
+    public function testGuardExpressions()
+    {
+        $container = $this->createContainerFromFile('workflow_with_guard_expression');
+
+        $this->assertTrue($container->hasDefinition('workflow.article.listener.guard'), 'Workflow guard listener is registered as a service');
+        $this->assertTrue($container->hasParameter('workflow.has_guard_listeners'), 'Workflow guard listeners parameter exists');
+        $this->assertTrue(true === $container->getParameter('workflow.has_guard_listeners'), 'Workflow guard listeners parameter is enabled');
+        $guardDefinition = $container->getDefinition('workflow.article.listener.guard');
+        $this->assertSame(array(
+            array(
+                'event' => 'workflow.article.guard.publish',
+                'method' => 'onTransition',
+            ),
+        ), $guardDefinition->getTag('kernel.event_listener'));
+        $guardsConfiguration = $guardDefinition->getArgument(0);
+        $this->assertTrue(1 === \count($guardsConfiguration), 'Workflow guard configuration contains one element per transition name');
+        $transitionGuardExpressions = $guardsConfiguration['workflow.article.guard.publish'];
+        $this->assertSame('workflow.article.transition.3', (string) $transitionGuardExpressions[0]->getArgument(0));
+        $this->assertSame('!!true', $transitionGuardExpressions[0]->getArgument(1));
+        $this->assertSame('workflow.article.transition.4', (string) $transitionGuardExpressions[1]->getArgument(0));
+        $this->assertSame('!!false', $transitionGuardExpressions[1]->getArgument(1));
     }
 
     public function testWorkflowServicesCanBeEnabled()
diff --git a/src/Symfony/Component/Workflow/EventListener/GuardExpression.php b/src/Symfony/Component/Workflow/EventListener/GuardExpression.php
new file mode 100644
index 0000000000..cf3b8c7e18
--- /dev/null
+++ b/src/Symfony/Component/Workflow/EventListener/GuardExpression.php
@@ -0,0 +1,37 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Workflow\EventListener;
+
+use Symfony\Component\Workflow\Transition;
+
+class GuardExpression
+{
+    private $transition;
+
+    private $expression;
+
+    public function getTransition(): Transition
+    {
+        return $this->transition;
+    }
+
+    public function getExpression(): string
+    {
+        return $this->expression;
+    }
+
+    public function __construct(Transition $transition, string $expression)
+    {
+        $this->transition = $transition;
+        $this->expression = $expression;
+    }
+}
diff --git a/src/Symfony/Component/Workflow/EventListener/GuardListener.php b/src/Symfony/Component/Workflow/EventListener/GuardListener.php
index 893f304e47..4f1c229e51 100644
--- a/src/Symfony/Component/Workflow/EventListener/GuardListener.php
+++ b/src/Symfony/Component/Workflow/EventListener/GuardListener.php
@@ -18,6 +18,7 @@ use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
 use Symfony\Component\Validator\Validator\ValidatorInterface;
 use Symfony\Component\Workflow\Event\GuardEvent;
 use Symfony\Component\Workflow\Exception\InvalidTokenConfigurationException;
+use Symfony\Component\Workflow\TransitionBlocker;
 
 /**
  * @author Grégoire Pineau <lyrixx@lyrixx.info>
@@ -32,7 +33,7 @@ class GuardListener
     private $roleHierarchy;
     private $validator;
 
-    public function __construct($configuration, ExpressionLanguage $expressionLanguage, TokenStorageInterface $tokenStorage, AuthorizationCheckerInterface $authenticationChecker, AuthenticationTrustResolverInterface $trustResolver, RoleHierarchyInterface $roleHierarchy = null, ValidatorInterface $validator = null)
+    public function __construct(array $configuration, ExpressionLanguage $expressionLanguage, TokenStorageInterface $tokenStorage, AuthorizationCheckerInterface $authenticationChecker, AuthenticationTrustResolverInterface $trustResolver, RoleHierarchyInterface $roleHierarchy = null, ValidatorInterface $validator = null)
     {
         $this->configuration = $configuration;
         $this->expressionLanguage = $expressionLanguage;
@@ -49,13 +50,29 @@ class GuardListener
             return;
         }
 
-        if (!$this->expressionLanguage->evaluate($this->configuration[$eventName], $this->getVariables($event))) {
-            $event->setBlocked(true);
+        $eventConfiguration = (array) $this->configuration[$eventName];
+        foreach ($eventConfiguration as $guard) {
+            if ($guard instanceof GuardExpression) {
+                if ($guard->getTransition() !== $event->getTransition()) {
+                    continue;
+                }
+                $this->validateGuardExpression($event, $guard->getExpression());
+            } else {
+                $this->validateGuardExpression($event, $guard);
+            }
+        }
+    }
+
+    private function validateGuardExpression(GuardEvent $event, string $expression)
+    {
+        if (!$this->expressionLanguage->evaluate($expression, $this->getVariables($event))) {
+            $blocker = TransitionBlocker::createBlockedByExpressionGuardListener($expression);
+            $event->addTransitionBlocker($blocker);
         }
     }
 
     // code should be sync with Symfony\Component\Security\Core\Authorization\Voter\ExpressionVoter
-    private function getVariables(GuardEvent $event)
+    private function getVariables(GuardEvent $event): array
     {
         $token = $this->tokenStorage->getToken();
 
diff --git a/src/Symfony/Component/Workflow/Tests/EventListener/GuardListenerTest.php b/src/Symfony/Component/Workflow/Tests/EventListener/GuardListenerTest.php
index e224835a07..f4c646ade3 100644
--- a/src/Symfony/Component/Workflow/Tests/EventListener/GuardListenerTest.php
+++ b/src/Symfony/Component/Workflow/Tests/EventListener/GuardListenerTest.php
@@ -11,6 +11,7 @@ use Symfony\Component\Security\Core\Role\Role;
 use Symfony\Component\Validator\Validator\ValidatorInterface;
 use Symfony\Component\Workflow\Event\GuardEvent;
 use Symfony\Component\Workflow\EventListener\ExpressionLanguage;
+use Symfony\Component\Workflow\EventListener\GuardExpression;
 use Symfony\Component\Workflow\EventListener\GuardListener;
 use Symfony\Component\Workflow\Marking;
 use Symfony\Component\Workflow\Transition;
@@ -20,12 +21,17 @@ class GuardListenerTest extends TestCase
     private $authenticationChecker;
     private $validator;
     private $listener;
+    private $transition;
 
     protected function setUp()
     {
         $configuration = array(
             'test_is_granted' => 'is_granted("something")',
             'test_is_valid' => 'is_valid(subject)',
+            'test_expression' => array(
+                new GuardExpression($this->getTransition(true), '!is_valid(subject)'),
+                new GuardExpression($this->getTransition(true), 'is_valid(subject)'),
+            ),
         );
         $expressionLanguage = new ExpressionLanguage();
         $token = $this->getMockBuilder(TokenInterface::class)->getMock();
@@ -96,11 +102,38 @@ class GuardListenerTest extends TestCase
         $this->assertFalse($event->isBlocked());
     }
 
-    private function createEvent()
+    public function testWithGuardExpressionWithNotSupportedTransition()
+    {
+        $event = $this->createEvent(true);
+        $this->configureValidator(false, false);
+        $this->listener->onTransition($event, 'test_expression');
+
+        $this->assertFalse($event->isBlocked());
+    }
+
+    public function testWithGuardExpressionWithSupportedTransition()
+    {
+        $event = $this->createEvent();
+        $this->configureValidator(true, true);
+        $this->listener->onTransition($event, 'test_expression');
+
+        $this->assertFalse($event->isBlocked());
+    }
+
+    public function testGuardExpressionBlocks()
+    {
+        $event = $this->createEvent();
+        $this->configureValidator(true, false);
+        $this->listener->onTransition($event, 'test_expression');
+
+        $this->assertTrue($event->isBlocked());
+    }
+
+    private function createEvent($newTransition = false)
     {
         $subject = new \stdClass();
         $subject->marking = new Marking();
-        $transition = new Transition('name', 'from', 'to');
+        $transition = $this->getTransition($newTransition);
 
         return new GuardEvent($subject, $subject->marking, $transition);
     }
@@ -140,4 +173,13 @@ class GuardListenerTest extends TestCase
             ->willReturn($valid ? array() : array('a violation'))
         ;
     }
+
+    private function getTransition($new = false)
+    {
+        if ($new || !$this->transition) {
+            $this->transition = new Transition('name', 'from', 'to');
+        }
+
+        return $this->transition;
+    }
 }