[Security] Deprecate "AbstractVoter" in favor of "Voter"
This commit is contained in:
parent
d3c6d93dff
commit
fd8b87c498
|
@ -442,6 +442,10 @@ FrameworkBundle
|
|||
Security
|
||||
--------
|
||||
|
||||
* The `AbstractVoter` class was deprecated. Instead, extend the `Voter` class and
|
||||
move your voting logic in the `supports($attribute, $subject)` and
|
||||
`voteOnAttribute($attribute, $object, TokenInterface $token)` methods.
|
||||
|
||||
* The `VoterInterface::supportsClass` and `supportsAttribute` methods were
|
||||
deprecated and will be removed from the interface in 3.0.
|
||||
|
||||
|
|
|
@ -0,0 +1,85 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Component\Security\Core\Authorization\Voter;
|
||||
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
|
||||
/**
|
||||
* Voter is an abstract default implementation of a voter.
|
||||
*
|
||||
* @author Roman Marintšenko <inoryy@gmail.com>
|
||||
* @author Grégoire Pineau <lyrixx@lyrixx.info>
|
||||
*/
|
||||
abstract class Voter implements VoterInterface
|
||||
{
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function supportsAttribute($attribute)
|
||||
{
|
||||
throw new \BadMethodCallException('supportsAttribute method is deprecated since version 2.8, to be removed in 3.0');
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function supportsClass($class)
|
||||
{
|
||||
throw new \BadMethodCallException('supportsClass method is deprecated since version 2.8, to be removed in 3.0');
|
||||
}
|
||||
|
||||
/**
|
||||
* {@inheritdoc}
|
||||
*/
|
||||
public function vote(TokenInterface $token, $object, array $attributes)
|
||||
{
|
||||
// abstain vote by default in case none of the attributes are supported
|
||||
$vote = self::ACCESS_ABSTAIN;
|
||||
|
||||
foreach ($attributes as $attribute) {
|
||||
if (!$this->supports($attribute, $object)) {
|
||||
continue;
|
||||
}
|
||||
|
||||
// as soon as at least one attribute is supported, default is to deny access
|
||||
$vote = self::ACCESS_DENIED;
|
||||
|
||||
if ($this->voteOnAttribute($attribute, $object, $token)) {
|
||||
// grant access as soon as at least one attribute returns a positive response
|
||||
return self::ACCESS_GRANTED;
|
||||
}
|
||||
}
|
||||
|
||||
return $vote;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determines if the attribute and subject are supported by this voter.
|
||||
*
|
||||
* @param string $attribute An attribute
|
||||
* @param mixed $subject The subject to secure, e.g. an object the user wants to access or any other PHP type
|
||||
*
|
||||
* @return bool True if the attribute and subject are supported, false otherwise
|
||||
*/
|
||||
abstract protected function supports($attribute, $subject);
|
||||
|
||||
/**
|
||||
* Perform a single access check operation on a given attribute, subject and token.
|
||||
*
|
||||
* @param string $attribute
|
||||
* @param mixed $subject
|
||||
* @param TokenInterface $token
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
abstract protected function voteOnAttribute($attribute, $subject, TokenInterface $token);
|
||||
}
|
|
@ -0,0 +1,70 @@
|
|||
<?php
|
||||
|
||||
/*
|
||||
* This file is part of the Symfony package.
|
||||
*
|
||||
* (c) Fabien Potencier <fabien@symfony.com>
|
||||
*
|
||||
* For the full copyright and license information, please view the LICENSE
|
||||
* file that was distributed with this source code.
|
||||
*/
|
||||
|
||||
namespace Symfony\Component\Security\Core\Tests\Authorization\Voter;
|
||||
|
||||
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
|
||||
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
|
||||
|
||||
class VoterTest extends \PHPUnit_Framework_TestCase
|
||||
{
|
||||
protected $token;
|
||||
|
||||
protected function setUp()
|
||||
{
|
||||
$this->token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface');
|
||||
}
|
||||
|
||||
public function getTests()
|
||||
{
|
||||
return array(
|
||||
array(array('EDIT'), VoterInterface::ACCESS_GRANTED, new \stdClass(), 'ACCESS_GRANTED if attribute and class are supported and attribute grants access'),
|
||||
array(array('CREATE'), VoterInterface::ACCESS_DENIED, new \stdClass(), 'ACCESS_DENIED if attribute and class are supported and attribute does not grant access'),
|
||||
|
||||
array(array('DELETE', 'EDIT'), VoterInterface::ACCESS_GRANTED, new \stdClass(), 'ACCESS_GRANTED if one attribute is supported and grants access'),
|
||||
array(array('DELETE', 'CREATE'), VoterInterface::ACCESS_DENIED, new \stdClass(), 'ACCESS_DENIED if one attribute is supported and denies access'),
|
||||
|
||||
array(array('CREATE', 'EDIT'), VoterInterface::ACCESS_GRANTED, new \stdClass(), 'ACCESS_GRANTED if one attribute grants access'),
|
||||
|
||||
array(array('DELETE'), VoterInterface::ACCESS_ABSTAIN, new \stdClass(), 'ACCESS_ABSTAIN if no attribute is supported'),
|
||||
|
||||
array(array('EDIT'), VoterInterface::ACCESS_ABSTAIN, $this, 'ACCESS_ABSTAIN if class is not supported'),
|
||||
|
||||
array(array('EDIT'), VoterInterface::ACCESS_ABSTAIN, null, 'ACCESS_ABSTAIN if object is null'),
|
||||
|
||||
array(array(), VoterInterface::ACCESS_ABSTAIN, new \stdClass(), 'ACCESS_ABSTAIN if no attributes were provided'),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider getTests
|
||||
*/
|
||||
public function testVote(array $attributes, $expectedVote, $object, $message)
|
||||
{
|
||||
$voter = new VoterTest_Voter();
|
||||
|
||||
$this->assertEquals($expectedVote, $voter->vote($this->token, $object, $attributes), $message);
|
||||
}
|
||||
}
|
||||
|
||||
class VoterTest_Voter extends Voter
|
||||
{
|
||||
protected function voteOnAttribute($attribute, $object, TokenInterface $token)
|
||||
{
|
||||
return 'EDIT' === $attribute;
|
||||
}
|
||||
|
||||
protected function supports($attribute, $object)
|
||||
{
|
||||
return $object instanceof \stdClass && in_array($attribute, array('EDIT', 'CREATE'));
|
||||
}
|
||||
}
|
Reference in New Issue