forked from https://github.com/symfony/symfony
6178c63148
This PR was merged into the 5.1-dev branch. Discussion ---------- [Security] Add IS_IMPERSONATOR, IS_ANONYMOUS and IS_REMEMBERED | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | yes | Tests pass? | yes | Fixed tickets | https://github.com/symfony/symfony/issues/29848 | License | MIT | Doc PR | symfony/symfony-docs#11487 This continues work of @HeahDude and finally finishes one of the code PRs I've been working on during the ⭐️ EUFOSSA Hackathon. Changes --- The PRs modifies some of the attributes used by the `AuthenticatedVoter`: * New `IS_IMPERSONATOR`, `IS_ANONYMOUS` and `IS_REMEMBERED` attributes are introduced to indicate the user either impersonated, anonymous or rembered. * <s>`IS_AUTHENTICATED_ANONYMOUSLY` actually meant "is authenticated, either anonymous or fully". As this is confusing, it is replaced by `IS_AUTHENTICATED`.</s> * <s>All `is_*()` functions in expressions are deprecated in favor of `is_granted('IS_*')`. It's not worth duplicating the `AuthenticatedVoter` logic in two places now we have shorter `IS_*` attributes</s> **Before** ```php if ($authorizationChecker->isGranted('ROLE_PREVIOUS_ADMIN')) { // ... } ``` <s> ```yaml security: # ... access_control: - { path: ^/protected, roles: 'IS_AUTHENTICATED_ANONYMOUSLY' } ``` </s> **After** ```php if ($authorizationChecker->isGranted('IS_IMPERSONATOR')) { // ... } ``` <s> ```yaml security: # ... access_control: - { path: ^/protected, roles: 'IS_AUTHENTICATED' } ``` </s> <s>Discussion --- The only thing I'm wondering is how we combine this with the `is_authenticated()` expression function: |
||
|---|---|---|
| .github | ||
| src/Symfony | ||
| .appveyor.yml | ||
| .editorconfig | ||
| .gitignore | ||
| .php_cs.dist | ||
| .travis.yml | ||
| CHANGELOG-4.0.md | ||
| CHANGELOG-4.1.md | ||
| CHANGELOG-4.2.md | ||
| CHANGELOG-4.3.md | ||
| CHANGELOG-4.4.md | ||
| CHANGELOG-5.0.md | ||
| CODE_OF_CONDUCT.md | ||
| composer.json | ||
| CONTRIBUTING.md | ||
| CONTRIBUTORS.md | ||
| LICENSE | ||
| link | ||
| phpunit | ||
| phpunit.xml.dist | ||
| README.md | ||
| UPGRADE-4.0.md | ||
| UPGRADE-4.1.md | ||
| UPGRADE-4.2.md | ||
| UPGRADE-4.3.md | ||
| UPGRADE-4.4.md | ||
| UPGRADE-5.0.md | ||
| UPGRADE-5.1.md | ||
| UPGRADE-6.0.md | ||
Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony is used by thousands of web applications (including BlaBlaCar.com and Spotify.com) and most of the popular PHP projects (including Drupal and Magento).
Installation
- Install Symfony with Composer (see requirements details).
- Symfony follows the semantic versioning strictly, publishes "Long Term Support" (LTS) versions and has a release process that is predictable and business-friendly.
Documentation
- Read the Getting Started guide if you are new to Symfony.
- Try the Symfony Demo application to learn Symfony in practice.
- Master Symfony with the Guides and Tutorials, the Components docs and the Best Practices reference.
Community
- Join the Symfony Community and meet other members at the Symfony events.
- Get Symfony support on Stack Overflow, Slack, IRC, etc.
- Follow us on GitHub, Twitter and Facebook.
- Read our Code of Conduct and meet the CARE Team
Contributing
Symfony is an Open Source, community-driven project with thousands of contributors. Join them contributing code or contributing documentation.
Security Issues
If you discover a security vulnerability within Symfony, please follow our disclosure procedure.
About Us
Symfony development is sponsored by SensioLabs, led by the Symfony Core Team and supported by Symfony contributors.