Skip to content

[Security] Add the ability for voter to return decision reason #43147

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 36 commits into from
Closed

[Security] Add the ability for voter to return decision reason #43147

wants to merge 36 commits into from

Conversation

yellow1912
Copy link

@yellow1912 yellow1912 commented Sep 23, 2021
edited
Loading

Sometimes we need to know why the voter makes a certain decision.
This changes allows us to return a vote object which contains a reason.

Q A
Branch? 5.4
Bug fix? no
New feature? yes
Deprecations? yes
Tickets Fix #27995, #26343, #35592
License MIT
Doc PR n/a

This is a PR continuing the work started by @maidmaid and @noniagriconomie in #35592

All the code is contributed by azjezz, I only merge the changes into 5.4 branch since he/she does not have time right now.
(Original PR: #40711)

The initial PR is meant to see if all tests passed (I expect tests to fail). More changes will come later since this PR contains BC.

@yellow1912
Add the ability for voter to return decision reason
81f7499 
Sometimes we need to know why the voter makes a certain decision.
This changes allows us to return a vote object which contains a reason.
@carsonbot carsonbot added this to the 5.4 milestone Sep 23, 2021
@carsonbot
Copy link

Hey!

I see that this is your first PR. That is great! Welcome!

Symfony has a contribution guide which I suggest you to read.

In short:

  • Always add tests
  • Keep backward compatibility (see https://symfony.com/bc).
  • Bug fixes must be submitted against the lowest maintained branch where they apply (see https://symfony.com/releases)
  • Features and deprecations must be submitted against the 5.4 branch.

Review the GitHub status checks of your pull request and try to solve the reported issues. If some tests are failing, try to see if they are failing because of this change.

When two Symfony core team members approve this change, it will be merged and you will become an official Symfony contributor!
If this PR is merged in a lower version branch, it will be merged up to all maintained branches within a few days.

I am going to sit back now and wait for the reviews.

Cheers!

Carsonbot

@yellow1912
Create mock with DecisionManager class
85a9b3d 
We cannot use the interface at the moment because the new method
is not available in the interface yet.

We also cannot put the new method inside the interface because it
can break current/old code.
stof
stof requested changes Sep 23, 2021
View reviewed changes
@noniagriconomie
Copy link
Contributor

@yellow1912 thank you taking over this!
As I mentionned on the other PR, my "work" here is only PR review :)

Feel free to ping me when you consider this PR finaly reviewable, I will be glad to do so 👍

@yellow1912
Copy link
Author

@noniagriconomie can you check and let me know if there is anything else I should fix? I see unittests still fail but not entirely sure why, I see only notices.

@carsonbot carsonbot changed the title Add the ability for voter to return decision reason [Security] Add the ability for voter to return decision reason Oct 7, 2021
@noniagriconomie
Copy link
Contributor

@yellow1912 unfortunatly, i may not be the best to answer if there is anything else I should fix here
maybe ping some core maintainers and/or code owners :)
but iirc the v5.4 is feature freezed

@yellow1912
Copy link
Author

@stof Please let me know if:

  1. There is anything else I should fix?
  2. Should I bump this to another branch if 5.4 is frozen? And which one should that be?

@chalasr
Copy link
Member

chalasr commented Oct 20, 2021

I'll take time to test this thoroughly during the last week of October. My main concern is about the BC layer, for 3rd party bundles especially, but I feel like we are quite close.

@javiereguiluz javiereguiluz mentioned this pull request Oct 27, 2021
Closed
@fabpot fabpot modified the milestones: 5.4, 6.1 Nov 3, 2021
@yellow1912
Copy link
Author

@chalasr Have you got the time to take a look at this? Once you checked everything I can update it to 6.x instead because it seems like 5.x is closed now.

@chalasr
Copy link
Member

chalasr commented Nov 11, 2021

@yellow1912 We will need to make this happen on 6.1, yes.

The core team' focus is currently about stabilizing core code/docs and syncing community projects for 5.4 and 6.0.

I will revisit this early in the 6.1 development stage. Thanks for your patience.

@derrabus
Copy link
Member

In the meantime, you can already rebase onto the 6.0 branch (6.1 is not open yet) which also means you can use all the juicy new PHP 8.0 features. 😎

@derrabus derrabus changed the base branch from 5.4 to 6.0 November 11, 2021 17:29
@noniagriconomie
Copy link
Contributor

@yellow1912 I've reminded myself this PR, did you had time/energy to rebase it for sf v6?

thank you :)

@derrabus derrabus changed the base branch from 6.0 to 6.1 January 18, 2022 12:36
@yellow1912
Copy link
Author

@yellow1912 I've reminded myself this PR, did you had time/energy to rebase it for sf v6?

thank you :)

I haven't got the time to do that, but I will try to finish it within the next 2 weeks, too many things on my disk at the moment.

@fabpot fabpot modified the milestones: 6.1, 6.2 May 20, 2022
alamirault added a commit to alamirault/symfony that referenced this pull request May 26, 2022
@alamirault
Begin merge 6.2 symfony#43147 symfony#35592
0d1e7e5
@alamirault alamirault mentioned this pull request May 29, 2022
Closed
3 tasks
@fabpot
Copy link
Member

fabpot commented Jul 22, 2022
edited
Loading

Closing in favor of #46493

@fabpot fabpot closed this Jul 22, 2022
@eltharin eltharin mentioned this pull request Aug 27, 2024
Closed
@eltharin eltharin mentioned this pull request Jan 21, 2025
Closed
@nicolas-grekas nicolas-grekas mentioned this pull request Feb 13, 2025
Merged
fabpot added a commit that referenced this pull request Feb 17, 2025
@fabpot
feature #59771 [Security] Add ability for voters to explain their vot…
2962567 
…e (nicolas-grekas)

This PR was merged into the 7.3 branch.

Discussion
----------

[Security] Add ability for voters to explain their vote

| Q             | A
| ------------- | ---
| Branch?       | 7.3
| Bug fix?      | no
| New feature?  | no
| Deprecations? | no
| Issues        | Fix #27995, #26343, #35592, #43147
| License       | MIT

This PR takes over #58107, which itself took over from #46493, etc.

It takes the only approach I could think of that would preserve BC.

The visible tip of what this achieves is:

![image](https://github.com/user-attachments/assets/67bd0678-868f-40ed-b2c6-3b1f10ffe101)

![image](https://github.com/user-attachments/assets/715814d8-e4de-47f0-aa0e-c412092389ff)

Internally, this provides a new access audit log infrastructure that relies on new `AccessDecision` and `Vote` objects.

Note that I didn't add (nor fix) tests for now. I'll borrow (and credit) from #58107 / #46493 as much as possible.

Commits
-------

c6eb9ae [Security] Add ability for voters to explain their vote
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stof stof stof requested changes

@chalasr chalasr chalasr left review comments

@noniagriconomie noniagriconomie noniagriconomie left review comments

@wouterj wouterj Awaiting requested review from wouterj wouterj is a code owner

Assignees
No one assigned
Labels
Deprecation Feature Security Status: Needs Work
Projects
None yet
Milestone
6.2
Development

Successfully merging this pull request may close these issues.

[Security][DX] Be able to know why exactly SecurityVoter returns false
7 participants
@yellow1912 @carsonbot @noniagriconomie @chalasr @derrabus @fabpot @stof