symfony

forked from https://github.com/symfony/symfony

This repository has been archived on 2023-08-20. You can view files and clone it, but cannot push or open issues or pull requests.

Go to file

Fabien Potencier 82db995908 feature #35858 [Security] Deprecated ROLE_PREVIOUS_ADMIN (wouterj) This PR was merged into the 5.1-dev branch. Discussion ---------- [Security] Deprecated ROLE_PREVIOUS_ADMIN \| Q \| A \| ------------- \| --- \| Branch? \| master \| Bug fix? \| no \| New feature? \| no \| Deprecations? \| yes \| Tickets \| n/a \| License \| MIT \| Doc PR \| https://github.com/symfony/symfony-docs/pull/11487 `ROLE_PREVIOUS_ADMIN` is added to the token roles if the session is an impersonation. Since https://github.com/symfony/symfony/pull/31189 we have the `IS_IMPERSONATOR` attribute which can be used for the same reason. I propose to deprecate the `ROLE_PREVIOUS_ADMIN`: * This is not what roles are for ([resulting in hacking this exception in `AbstractToken`](https://github.com/symfony/symfony/blob/5.0/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php#L275-L277)) * The role isn't very descriptive * I don't like having 2 ways of doing exactly the same thing * While every application with impersonation enabled probably needs to be updated, the update is as simple as replacing `ROLE_PREVIOUS_ADMIN` with `IS_IMPERSONATOR`: `find ./ -type f -exec sed -i 's/ROLE_PREVIOUS_ADMIN/IS_IMPERSONATOR/g' {} +` --- I'm a bit unsure on how to deprecate this role, but I think having it in `RoleVoter` is probably the safest (`isGranted()` and variants + `AccessDecisionManager#decide()` all use this voter to check if the token has this role). Commits ------- `dce55f352a` Deprecated ROLE_PREVIOUS_ADMIN		2020-02-25 13:48:58 +01:00
.github	Add the bug label automatically when using the bug issue template	2020-02-18 10:35:58 +01:00
src/Symfony	feature #35858 [Security] Deprecated ROLE_PREVIOUS_ADMIN (wouterj)	2020-02-25 13:48:58 +01:00
.appveyor.yml	Merge branch '4.4' into 5.0	2019-12-16 14:35:13 +01:00
.editorconfig	Update .editorconfig	2018-09-06 16:22:56 +02:00
.gitignore	Run the phpunit-bridge from a PR	2019-08-02 17:46:19 +02:00
.php_cs.dist	Merge branch '4.4'	2019-11-05 18:15:52 +01:00
.travis.yml	feature #32454 [Messenger] Add SQS transport (jderusse)	2020-02-10 13:30:37 +01:00
CHANGELOG-4.0.md	Merge branch '3.4' into 4.1	2018-08-01 18:22:14 +02:00
CHANGELOG-4.1.md	updated CHANGELOG for 4.1.10	2019-01-06 17:16:07 +01:00
CHANGELOG-4.2.md	updated CHANGELOG for 4.2.10	2019-06-26 16:19:37 +02:00
CHANGELOG-4.3.md	updated CHANGELOG for 4.3.10	2020-01-21 14:13:32 +01:00
CHANGELOG-4.4.md	updated CHANGELOG for 4.4.4	2020-01-31 13:44:59 +01:00
CHANGELOG-5.0.md	Merge branch '5.0'	2020-02-01 11:02:10 +01:00
CODE_OF_CONDUCT.md	Added the Code of Conduct file	2018-10-10 03:13:30 -07:00
CONTRIBUTING.md	Mention the community review guide	2016-12-18 22:02:35 +01:00
CONTRIBUTORS.md	update CONTRIBUTORS for 3.4.37	2020-01-21 13:29:48 +01:00
LICENSE	Update year in license files	2020-01-01 12:03:25 +01:00
README.md	Improve Symfony description	2019-11-24 19:17:45 +01:00
UPGRADE-4.0.md	Merge branch '3.4' into 4.3	2019-11-16 10:07:40 +01:00
UPGRADE-4.1.md	Merge branch '4.0' into 4.1	2018-05-31 12:17:53 +02:00
UPGRADE-4.2.md	Merge branch '3.4' into 4.3	2020-01-08 18:19:22 +01:00
UPGRADE-4.3.md	Merge branch '4.3' into 4.4	2019-11-19 13:20:06 +01:00
UPGRADE-4.4.md	add note about HTTP status code change	2019-12-23 10:53:34 -05:00
UPGRADE-5.0.md	minor #35297 Improve upgrading instructions for deprecated router options (flack)	2020-01-11 08:31:01 +01:00
UPGRADE-5.1.md	[HttpFoundation] Fixed Mimes dependency missing error	2020-02-20 20:55:19 +01:00
UPGRADE-6.0.md	[Routing] add priority option to annotated routes	2020-02-05 19:01:26 +01:00
composer.json	Leverage trigger_deprecation() from symfony/deprecation-contracts	2020-02-08 15:04:50 +01:00
link	Merge branch '3.4' into 4.3	2019-12-06 14:11:20 +01:00
phpunit	Bump phpunit-bridge cache	2020-01-31 10:55:33 +01:00
phpunit.xml.dist	[Cache] Add couchbase cache adapter	2020-02-04 11:32:31 +01:00

README.md

Symfony is a PHP framework for web and console applications and a set of reusable PHP components. Symfony is used by thousands of web applications (including BlaBlaCar.com and Spotify.com) and most of the popular PHP projects (including Drupal and Magento).

Installation

Install Symfony with Composer (see requirements details).
Symfony follows the semantic versioning strictly, publishes "Long Term Support" (LTS) versions and has a release process that is predictable and business-friendly.

Documentation

Read the Getting Started guide if you are new to Symfony.
Try the Symfony Demo application to learn Symfony in practice.
Master Symfony with the Guides and Tutorials, the Components docs and the Best Practices reference.

Community

Join the Symfony Community and meet other members at the Symfony events.
Get Symfony support on Stack Overflow, Slack, IRC, etc.
Follow us on GitHub, Twitter and Facebook.
Read our Code of Conduct and meet the CARE Team

Contributing

Symfony is an Open Source, community-driven project with thousands of contributors. Join them contributing code or contributing documentation.

Security Issues

If you discover a security vulnerability within Symfony, please follow our disclosure procedure.

About Us

Symfony development is sponsored by SensioLabs, led by the Symfony Core Team and supported by Symfony contributors.