[Security] voters now are going to be obligated to return int values #39248
Conversation
|
We cannot introduce deprecations in 5.2 anymore. This PR should target 5.3. |
There was a problem hiding this comment.
- The deprecation should be triggered in prod as well, so
TraceableVoteris imho not the right place for this logic. I think we should move it toAccessDecisionManagerinstead. in_array()does not perform a type-safe comparison by default! I don't think the current logic would catch the case drafted in the corresponding issue.- I would avoid
in_array()altogether because it's inefficient.
|
@derrabus I was thinking of usage of The fix is in PR should target 5.3....actually it is on branch |
yes, as that's the first PR adding a deprecation for 5.3... |
Understood. But this would still create different behavior on dev and prod. Right now, a voter can return This is why I think @wouterj, can you join the discussion please? 😃 |
|
Hi! Thanks for your 2 PRs, one of them is already merged. Congrats on your first contributions! (and even though this one has some comments, it's really in a good state for a first contribution!) I agree with @derrabus and I think the confusion here is on the goal of these changes. In my mind, it's not about escalating errors in dev when an incorrect value is returned (in which case it's the In fact, your idea "showing somewhere that an incorrect value is returned by |
|
You guys are here maintainers. so it is up to You. I must admit that You both are super patient. However, adding that deprecation in But fine. I will make the changes you desire in 5 minutes. |
|
Wait, that's an important detail! Now that the |
src/Symfony/Component/Security/Core/Authorization/Voter/TraceableVoter.php
Outdated
Show resolved
Hide resolved
|
@wouterj yes you right. I just was not sure when changes from 4.4 will be merged up. I do not know the SF workflow yet. |
| @trigger_error( | ||
| sprintf('Return value of "%s::vote()" should always be of the type int since Symfony 5.0, %s returned.', \get_class($voter), \gettype($result)), | ||
| \E_USER_DEPRECATED | ||
| ); |
There was a problem hiding this comment.
| @trigger_error( | |
| sprintf('Return value of "%s::vote()" should always be of the type int since Symfony 5.0, %s returned.', \get_class($voter), \gettype($result)), | |
| \E_USER_DEPRECATED | |
| ); | |
| trigger_deprecation('symfony/security-core', '5.3', 'Returning a value of type "%s" in "%s::vote()" is deprecated, return an int instead.', get_debug_type($result), get_debug_type($voter)); |
There was a problem hiding this comment.
now I am lost. 5.3 is supposed to be for PHP 8.0 only??
There was a problem hiding this comment.
We have a Polyfill for get_debug_type(). You can safely use that method on PHP 7 as well.
There was a problem hiding this comment.
ah perfect. I allowed myself to write to you on slack. For faster communication
There was a problem hiding this comment.
|
When triggering the deprecation, we might want to check if we have a |
|
I'm going to merge your change up now, @adeptofvoltron. |
|
There you go. No more return type on 5.x. 😃 |
| @@ -119,6 +122,9 @@ private function decideConsensus(TokenInterface $token, array $attributes, $obje | |||
| $deny = 0; | |||
| foreach ($this->voters as $voter) { | |||
| $result = $voter->vote($token, $object, $attributes); | |||
| if (false === \is_int($result)) { | |||
There was a problem hiding this comment.
what's about adding a elseif ($result !== VoterInterface::ACCESS_ABSTAIN) below?
It will assert the return value is a valid constant!
The deprecation message would be `return either VoterInterface::ACCESS_GRANTED, VoterInterface::ACCESS_DENIED or VoterInterface::ACCESS_ABSTAIN).
In Symfony 6.0 we will be able to type hint and replace the deprecation by an exception.
|
for a week or two, I will have to focus on another project...so I will finish that PR after that. |
This PR was merged into the 5.3-dev branch. Discussion ---------- [Security] Assert voter returns valid decision | Q | A | ------------- | --- | Branch? | 5.x | Bug fix? | no | New feature? | no | Deprecations? | yes | Tickets | Fix #39205 | License | MIT | Doc PR | Replace #39248 Commits ------- ffdfb4f Assert voter returns valid decision
Everything described with details in the related ticket