This PR was merged into the 5.2-dev branch.
Discussion
----------
[FrameworkBundle] Deprecate some public services to private
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | no
| Deprecations? | yes
| Tickets | -
| License | MIT
| Doc PR | -
Now that we can deprecate public services to private, here is a first pass on the FWB. I think all those services don't need to be public, ie we never need to access them directly in Symfony's code (except in some tests that I had to modify accordingly). I think most of theses services needed to be public before we hooked the AbstractController with a service subscriber. There are definitely more of them that can be deprecated (ie: created workflows and state machines are public but don't need to be ?) but let's start with the easy ones.
Commits
-------
87868baacb [FrameworkBundle] Deprecate some public services to private
This PR was merged into the 5.2-dev branch.
Discussion
----------
[Security] Use NullToken while checking authorization
| Q | A
| ------------- | ---
| Branch? | master
| Bug fix? | no
| New feature? | yes
| Deprecations? | no
| Tickets | Fix#37523
| License | MIT
| Doc PR | tbd
This allows voters to grant access to unauthenticated users. E.g. some objects can be viewed by anyone, in this case the voter has to be able to grant access to unauthenticated users.
This *does break* the interface PHPdoc of `TokenInterface`: `getUser()` returns `null` instead of `string|UserInterface`. This is only true when using the new system, so not a real BC break. I think the only thing we can do to "guide" users is to add some custom handling for type errors related to `null` and `UserInterface` methods ("Did you forgot to check for `null` in the Voter?"). Is this something I should add to this PR?
Commits
-------
e37091541c Use NullToken while checking authorization