Updating AbstractVoter so that the method receives the TokenInterface #15870
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
186adc6 to
4967b8d
Compare
This fixes issues where people need this token.
4967b8d to
b101d24
Compare
| if ($this->isGranted($attribute, $object, $token->getUser())) { | ||
| // grant access as soon as at least one voter returns a positive response | ||
| return self::ACCESS_GRANTED; | ||
| } |
There was a problem hiding this comment.
This could actually become an elseif { ... }
|
I think this is a fair compromise for the feature. The name |
| * @param string $attribute | ||
| * @param object $object | ||
| * @param TokenInterface $token | ||
| * |
There was a problem hiding this comment.
Can you add a note that this method should be abstract in 3.0 so that we do not forget that when cleaning the master branch?
|
👍 |
|
Done! Status: Reviewed |
| @@ -9,8 +9,9 @@ | |||
| * file that was distributed with this source code. | |||
| */ | |||
|
|
|||
| namespace Symfony\Component\Security\Tests\Core\Authentication\Voter; | |||
| namespace Symfony\Component\Security\Core\Tests\Authorization\Voter; | |||
There was a problem hiding this comment.
I also realized the test was in the wrong spot - it wasn't moved when the other tests were moved. Fixed that.
There was a problem hiding this comment.
nevermind, fixing in a proper PR in 2.7
86d7908 to
3665c14
Compare
|
Thank you @weaverryan. |
fabpot
added a commit
that referenced
this pull request
Sep 24, 2015
… TokenInterface (weaverryan) This PR was squashed before being merged into the 2.8 branch (closes #15870). Discussion ---------- Updating AbstractVoter so that the method receives the TokenInterface | Q | A | ------------- | --- | Bug fix? | no | New feature? | yes | BC breaks? | no | Deprecations? | yes | Tests pass? | yes | Fixed tickets | #12360 | License | MIT | Doc PR | not yet This fixes #12360, and along with already-merged #14733, this would make it possible to make calls back to the `AccessDecisionManager` inside a voter (e.g. you might check to see if `IS_AUTHENTICATED_FULLY` from inside your voter). We originally passed the User instead of the token to be nice, but it's a limitation, and since we never sanitized the User (i.e. a string may be passed to `AbstractToken::isGranted()`), it's not helpful anyways. Thanks! Commits ------- 948ccec Updating AbstractVoter so that the method receives the TokenInterface
| @@ -65,6 +65,12 @@ public function vote(TokenInterface $token, $object, array $attributes) | |||
| // abstain vote by default in case none of the attributes are supported | |||
| $vote = self::ACCESS_ABSTAIN; | |||
|
|
|||
| $reflector = new \ReflectionMethod($this, 'voteOnAttribute'); | |||
| $isNewOverwritten = $reflector->getDeclaringClass()->getName() !== 'Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter'; | |||
There was a problem hiding this comment.
I would use __CLASS__ here rather than the class name in a string. It makes it clearer than it is the current class, and is less likely to break if we rename things
weaverryan
added a commit
to weaverryan/symfony
that referenced
this pull request
Sep 26, 2015
weaverryan
added a commit
to weaverryan/symfony
that referenced
this pull request
Sep 26, 2015
…uggestions by stof in symfony#15870
This was referenced Sep 26, 2015
Merged
weaverryan
added a commit
to weaverryan/symfony
that referenced
this pull request
Sep 26, 2015
…uggestions by stof in symfony#15870
weaverryan
added a commit
to weaverryan/symfony
that referenced
this pull request
Sep 26, 2015
…uggestions by stof in symfony#15870
weaverryan
added a commit
to weaverryan/symfony
that referenced
this pull request
Sep 26, 2015
…uggestions by stof in symfony#15870
fabpot
added a commit
that referenced
this pull request
Sep 27, 2015
This PR was merged into the 2.8 branch. Discussion ---------- Abstract voter tweaks | Q | A | ------------- | --- | Bug fix? | yes (a little) | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | n/a | License | MIT | Doc PR | n/a Based on suggestions from stof in #15870, this simplifies the BC and deprecation throwing code. This also adds a BadMethodCallException in case the user doesn't override `isGranted` *or* `voteOnAttribute`, because that's just plain wrong (as is calling `isGranted()` on the parent class directly, since that was formerly abstract). Commits ------- c03f5c2 Massively simplifying the BC and deprecated-throwing code thanks to suggestions by stof in #15870
fabpot
added a commit
that referenced
this pull request
Sep 27, 2015
* 2.8: (28 commits) Detect Mintty for color support on Windows Detect Mintty for color support on Windows [WebProfilerBundle] Fix search button click listener [Form][Type Date/Time] added choice_translation_domain option. Massively simplifying the BC and deprecated-throwing code thanks to suggestions by stof in #15870 Making all "debug" messages use the debug router Making GuardTokenInterface extend TokenInterface Updating behavior to not continue after an authenticator has set the response Add a group for tests of the finder against the FTP server Fix trigger_error calls Fix legacy security tests tweaking message related to configuration edge case that we want to be helpful with Minor tweaks - lowering the required security-http requirement and nulling out a test field Fix license headers Fix license headers Fix license headers Ensure the ClockMock is loaded before using it in the testsuite Allow serializer 3.0 in the PropertyInfo component Add the replace rules for the security-guard component Forbid serializing a Crawler ...
Merged
ostrolucky
pushed a commit
to ostrolucky/symfony
that referenced
this pull request
Mar 25, 2018
* 2.8: (28 commits) Detect Mintty for color support on Windows Detect Mintty for color support on Windows [WebProfilerBundle] Fix search button click listener [Form][Type Date/Time] added choice_translation_domain option. Massively simplifying the BC and deprecated-throwing code thanks to suggestions by stof in symfony#15870 Making all "debug" messages use the debug router Making GuardTokenInterface extend TokenInterface Updating behavior to not continue after an authenticator has set the response Add a group for tests of the finder against the FTP server Fix trigger_error calls Fix legacy security tests tweaking message related to configuration edge case that we want to be helpful with Minor tweaks - lowering the required security-http requirement and nulling out a test field Fix license headers Fix license headers Fix license headers Ensure the ClockMock is loaded before using it in the testsuite Allow serializer 3.0 in the PropertyInfo component Add the replace rules for the security-guard component Forbid serializing a Crawler ...
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This fixes #12360, and along with already-merged #14733, this would make it possible to make calls back to the
AccessDecisionManagerinside a voter (e.g. you might check to see ifIS_AUTHENTICATED_FULLYfrom inside your voter).We originally passed the User instead of the token to be nice, but it's a limitation, and since we never sanitized the User (i.e. a string may be passed to
AbstractToken::isGranted()), it's not helpful anyways.Thanks!