Adding multiple acces roles per path fail in security.yml #36359
Labels
Comments
|
Related commits: |
|
Never mind, can see this is addressed here: symfony/security-core@79f27fb#diff-cb28a188dab3a129e181ae9c31655fae |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Symfony version(s) affected: 5.0.7
Description
Using multiple roles per path yields the error message
when accessing a matching page.
In the Symfony\Component\Security\Http\Firewall\AccessListener class, the decide method of the decision manager is called with the fourth parameter (
$allowMultipleAttributes) set to true.But the
$allowMultipleAttributesparameter is not passed from Symfony\Component\Security\Core\Authorization\TraceableAccessDecisionManager::decide() method.This means that $allowMultipleAttributes isn't passed to Symfony\Component\Security\Core\Authorization\AccessDecisionManager which is the only access decision manager class that knows how to handle $allowMultipleAttributes.
How to reproduce
I'm not sure when TraceableAccessDecisionManager is called instead of AccessDecisionManager, but it may be as simple as adding multiple roles per path in the security.yml file.
Possible Solution
Update the AccessDecisionManagerInterface with the fourth parameter for the decide() method and add it to the TraceableAccessDecisionManager class and (fully) to the AccessDecisionManager class.
Additional context
The text was updated successfully, but these errors were encountered: