From cd115b65fba50c961c89ccb03b868e38631e1fef Mon Sep 17 00:00:00 2001 From: WouterJ Date: Wed, 4 Nov 2015 14:58:00 +0100 Subject: [PATCH 1/2] Remove RoleHierarchyVoter when no hierarchy was defined --- .../DependencyInjection/SecurityExtension.php | 2 +- .../SecurityExtensionTest.php | 27 +++++++++++++++++++ 2 files changed, 28 insertions(+), 1 deletion(-) diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php index 972b4f8f90c91..2088dadfff322 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php @@ -157,7 +157,7 @@ private function configureDbalAclProvider(array $config, ContainerBuilder $conta */ private function createRoleHierarchy($config, ContainerBuilder $container) { - if (!isset($config['role_hierarchy'])) { + if (!isset($config['role_hierarchy']) || 0 === count($config['role_hierarchy'])) { $container->removeDefinition('security.access.role_hierarchy_voter'); return; diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php index 52db39200129c..a3c8962495bd1 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php @@ -94,6 +94,33 @@ public function testFirewallWithInvalidUserProvider() $container->compile(); } + public function testDisableRoleHierarchyVoter() + { + $container = $this->getRawContainer(); + + $container->loadFromExtension('security', array( + 'providers' => array( + 'default' => array('id' => 'foo'), + ), + + 'role_hierarchy' => null, + + 'firewalls' => array( + 'some_firewall' => array( + 'pattern' => '/.*', + 'http_basic' => null, + ), + ), + )); + + $container->compile(); + + $admDefinition = $container->getDefinition('security.access.decision_manager'); + $registeredVoters = array_map('strval', $admDefinition->getArgument(0)); + + $this->assertNotContains('security.access.role_hierarchy_voter', $registeredVoters); + } + protected function getRawContainer() { $container = new ContainerBuilder(); From 0d479ae313606aca39112b4db715641044714880 Mon Sep 17 00:00:00 2001 From: WouterJ Date: Wed, 4 Nov 2015 15:06:01 +0100 Subject: [PATCH 2/2] Test RoleHierarchyVoter behaviour with empty role hierarchy --- .../Voter/RoleHierarchyVoterTest.php | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/src/Symfony/Component/Security/Tests/Core/Authorization/Voter/RoleHierarchyVoterTest.php b/src/Symfony/Component/Security/Tests/Core/Authorization/Voter/RoleHierarchyVoterTest.php index a50fa791e053e..619a2cdc8e5fa 100644 --- a/src/Symfony/Component/Security/Tests/Core/Authorization/Voter/RoleHierarchyVoterTest.php +++ b/src/Symfony/Component/Security/Tests/Core/Authorization/Voter/RoleHierarchyVoterTest.php @@ -33,4 +33,19 @@ public function getVoteTests() array(array('ROLE_FOO'), array('ROLE_FOOBAR'), VoterInterface::ACCESS_GRANTED), )); } + + /** + * @dataProvider getVoteWithEmptyHierarchyTests + */ + public function testVoteWithEmptyHierarchy($roles, $attributes, $expected) + { + $voter = new RoleHierarchyVoter(new RoleHierarchy(array())); + + $this->assertSame($expected, $voter->vote($this->getToken($roles), null, $attributes)); + } + + public function getVoteWithEmptyHierarchyTests() + { + return parent::getVoteTests(); + } }