Fixes

HypeMC · HypeMC · commit 7d0320e6d5c1 · 2022-07-21T13:41:44.000+02:00
diff --git a/src/Symfony/Component/Security/Core/Exception/AccessDeniedException.php b/src/Symfony/Component/Security/Core/Exception/AccessDeniedException.php
@@ -11,6 +11,8 @@
 
 namespace Symfony\Component\Security\Core\Exception;
 
+use Symfony\Component\ExpressionLanguage\Expression;
+
 /**
  * AccessDeniedException is thrown when the account has not the required role.
  *
@@ -31,9 +33,9 @@ public function getAttributes(): array
         return $this->attributes;
     }
 
-    public function setAttributes(array|string $attributes)
+    public function setAttributes(array|string|Expression $attributes)
     {
-        $this->attributes = (array) $attributes;
+        $this->attributes = $attributes instanceof Expression ? [$attributes] : (array) $attributes;
     }
 
     public function getSubject(): mixed
diff --git a/src/Symfony/Component/Security/Http/EventListener/IsGrantedAttributeListener.php b/src/Symfony/Component/Security/Http/EventListener/IsGrantedAttributeListener.php
@@ -50,8 +50,10 @@ public function onKernelControllerArguments(ControllerArgumentsEvent $event)
 
             if ($subjectRef) {
                 if ($subjectRef instanceof Expression) {
-                    $this->expressionLanguage ??= new ExpressionLanguage();
-
+                    $this->expressionLanguage ??= class_exists(Expression::class)
+                        ? new ExpressionLanguage()
+                        : throw new \LogicException('Unable to use expressions as the Symfony ExpressionLanguage component is not installed. Try running "composer require symfony/expression-language".')
+                    ;
                     $subject = $this->expressionLanguage->evaluate($subjectRef, [
                         'args' => $arguments,
                     ]);
@@ -77,7 +79,7 @@ public function onKernelControllerArguments(ControllerArgumentsEvent $event)
                 }
 
                 $accessDeniedException = new AccessDeniedException($message);
-                $accessDeniedException->setAttributes($attribute->attributes instanceof Expression ? (string) $attribute->attributes : $attribute->attributes);
+                $accessDeniedException->setAttributes($attribute->attributes);
                 $accessDeniedException->setSubject($subject);
 
                 throw $accessDeniedException;
diff --git a/src/Symfony/Component/Security/Http/Tests/EventListener/IsGrantedAttributeListenerTest.php b/src/Symfony/Component/Security/Http/Tests/EventListener/IsGrantedAttributeListenerTest.php
@@ -243,7 +243,7 @@ public function testAccessDeniedMessages(array $attributes, ?string $subject, st
             $this->fail();
         } catch (AccessDeniedException $e) {
             $this->assertSame($expectedMessage, $e->getMessage());
-            $this->assertSame($attributes, $e->getAttributes());
+            $this->assertEquals($attributes, $e->getAttributes());
             if (null !== $subject) {
                 $this->assertSame('bar', $e->getSubject());
             } else {
@@ -257,8 +257,8 @@ public function getAccessDeniedMessageTests()
         yield [['ROLE_ADMIN'], null, 'admin', 'Access Denied by #[IsGranted("ROLE_ADMIN")] on controller'];
         yield [['ROLE_ADMIN', 'ROLE_USER'], null, 'adminOrUser', 'Access Denied by #[IsGranted(["ROLE_ADMIN", "ROLE_USER"])] on controller'];
         yield [['ROLE_ADMIN', 'ROLE_USER'], 'product', 'adminOrUserWithSubject', 'Access Denied by #[IsGranted(["ROLE_ADMIN", "ROLE_USER"], "product")] on controller'];
-        yield [['"ROLE_ADMIN" in role_names or is_granted("POST_VIEW", subject)'], 'post', 'withExpressionInAttribute', 'Access Denied by #[IsGranted(""ROLE_ADMIN" in role_names or is_granted("POST_VIEW", subject)", "post")] on controller'];
-        yield [['user === subject'], 'post', 'withExpressionInSubject', 'Access Denied by #[IsGranted("user === subject", "args["post"].getAuthor()")] on controller'];
+        yield [[new Expression('"ROLE_ADMIN" in role_names or is_granted("POST_VIEW", subject)')], 'post', 'withExpressionInAttribute', 'Access Denied by #[IsGranted(""ROLE_ADMIN" in role_names or is_granted("POST_VIEW", subject)", "post")] on controller'];
+        yield [[new Expression('user === subject')], 'post', 'withExpressionInSubject', 'Access Denied by #[IsGranted("user === subject", "args["post"].getAuthor()")] on controller'];
     }
 
     public function testNotFoundHttpException()

Original file line number	Diff line number	Diff line change
`@@ -11,6 +11,8 @@`
`11`	`11`
`12`	`12`	`namespace Symfony\Component\Security\Core\Exception;`
`13`	`13`
	`14`	`+use Symfony\Component\ExpressionLanguage\Expression;`
	`15`	`+`
`14`	`16`	`/**`
`15`	`17`	`* AccessDeniedException is thrown when the account has not the required role.`
`16`	`18`	`*`
`@@ -31,9 +33,9 @@ public function getAttributes(): array`
`31`	`33`	`return $this->attributes;`
`32`	`34`	`}`
`33`	`35`
`34`		`- public function setAttributes(array\|string $attributes)`
	`36`	`+ public function setAttributes(array\|string\|Expression $attributes)`
`35`	`37`	`{`
`36`		`- $this->attributes = (array) $attributes;`
	`38`	`+ $this->attributes = $attributes instanceof Expression ? [$attributes] : (array) $attributes;`
`37`	`39`	`}`
`38`	`40`
`39`	`41`	`public function getSubject(): mixed`