[Security/Http] Make UserValueResolver accept any subtype of UserInterface #30401
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
Already thought about this, but was unsure. ping @linaori |
chalasr
requested changes
Feb 28, 2019
| @@ -40,7 +40,8 @@ public function __construct(TokenStorageInterface $tokenStorage) | |||
| public function supports(Request $request, ArgumentMetadata $argument) | |||
| { | |||
| // only security user implementations are supported | |||
| if (UserInterface::class !== $argument->getType()) { | |||
| $type = $argument->getType(); | |||
| if (UserInterface::class !== $type && !is_subclass_of($type, UserInterface::class)) { | |||
There was a problem hiding this comment.
deprecated classes don't get new features, should be reverted
| @@ -35,7 +35,8 @@ public function __construct(TokenStorageInterface $tokenStorage) | |||
| public function supports(Request $request, ArgumentMetadata $argument) | |||
| { | |||
| // only security user implementations are supported | |||
| if (UserInterface::class !== $argument->getType()) { | |||
| $type = $argument->getType(); | |||
| if (UserInterface::class !== $type && !is_subclass_of($type, UserInterface::class)) { | |||
There was a problem hiding this comment.
I wonder if l48 should be changed to return $user instanceof $type to prevent a type error?
linaori
reviewed
Feb 28, 2019
| @@ -35,7 +35,8 @@ public function __construct(TokenStorageInterface $tokenStorage) | |||
| public function supports(Request $request, ArgumentMetadata $argument) | |||
| { | |||
| // only security user implementations are supported | |||
| if (UserInterface::class !== $argument->getType()) { | |||
| $type = $argument->getType(); | |||
| if (UserInterface::class !== $type && !is_subclass_of($type, UserInterface::class)) { | |||
There was a problem hiding this comment.
Please test this with a parameter converter to see if this will work as expected when the UserInterface is an entity and parameter converters are enabled.
|
This was proposed multiple times ago (#18510 , #26971) and was rejected due to reasons described in this comment #18510 (comment) |
|
Now that we have #30914 I think we can close here. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
With a controller we can inject the
UserInterfaceobject like this:However, this has a drawback: it hides the domain user for actions that need the right type-hint, else, it means we're "blind", which means that we must add
if ($user instanceof MyUserObject) { /* ... */}to execute our logic.The goal of this PR is to allow this:
This is just a basic suggestion that is quite straightforward (so if it's not suitable, feel free to tell me, if you know the component better than me 👍 )!
If it's not possible, I also thought about creating a
SecurityTokenValueResolver, also probably straightforward 👍 (will probably work on a separate PR for this)