NotificationsYou must be signed in to change notification settings
Fork9.6k
Star30.4k

Commitca672e7

committed

add capability to answer VoteObject

psalm errors

1 parent8dc32f7 commitca672e7Copy full SHA for ca672e7

File tree

46 files changed

+1021

-85

lines changed

src/Symfony
- Bridge/Twig/Extension
  - SecurityExtension.php
- Bundle
  - FrameworkBundle
    - Controller
      - AbstractController.php
    - Tests/Controller
      - AbstractControllerTest.php
  - SecurityBundle
    - DataCollector
      - SecurityDataCollector.php
    - EventListener
      - VoteListener.php
    - Resources/views/Collector
      - security.html.twig
    - Security.php
    - Tests
      - DataCollector
        SecurityDataCollectorTest.php
      - EventListener
        VoteListenerTest.php
- Component/Security
  - Core
  - Http
    - EventListener
      - IsGrantedAttributeListener.php
    - Firewall
      - AccessListener.php
      - SwitchUserListener.php
    - Tests
      - EventListener
        IsGrantedAttributeListenerTest.php
      - Firewall
        AccessListenerTest.php
        SwitchUserListenerTest.php

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

46 files changed

+1021

-85

lines changed

`‎src/Symfony/Bridge/Twig/Extension/SecurityExtension.php`

Lines changed: 1 addition & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,7 @@ public function isGranted(mixed $role, mixed $object = null, ?string $field = nu`
`45`	`45`	`}`
`46`	`46`
`47`	`47`	`try {`
	`48`	`+/* @var bool */`
`48`	`49`	`return$this->securityChecker->isGranted($role,$object);`
`49`	`50`	`}catch (AuthenticationCredentialsNotFoundException) {`
`50`	`51`	`returnfalse;`

`‎src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php`

Lines changed: 21 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,7 @@`
`35`	`35`	`useSymfony\Component\Routing\Generator\UrlGeneratorInterface;`
`36`	`36`	`useSymfony\Component\Routing\RouterInterface;`
`37`	`37`	`useSymfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;`
	`38`	`+useSymfony\Component\Security\Core\Authorization\AccessDecision;`
`38`	`39`	`useSymfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;`
`39`	`40`	`useSymfony\Component\Security\Core\Exception\AccessDeniedException;`
`40`	`41`	`useSymfony\Component\Security\Core\User\UserInterface;`
`@@ -202,6 +203,22 @@ protected function isGranted(mixed $attribute, mixed $subject = null): bool`
`202`	`203`	`return$this->container->get('security.authorization_checker')->isGranted($attribute,$subject);`
`203`	`204`	`}`
`204`	`205`
	`206`	`+/**`
	`207`	`+ * Checks if the attribute is granted against the current authentication token and optionally supplied subject.`
	`208`	`+ *`
	`209`	`+ * @throws \LogicException`
	`210`	`+ */`
	`211`	`+protectedfunctiongetAccessDecision(mixed$attribute,mixed$subject =null):AccessDecision`
	`212`	`+ {`
	`213`	`+if (!$this->container->has('security.authorization_checker')) {`
	`214`	`+thrownew \LogicException('The SecurityBundle is not registered in your application. Try running "composer require symfony/security-bundle".');`
	`215`	`+ }`
	`216`	`+`
	`217`	`+$decision =$this->container->get('security.authorization_checker')->isGranted($attribute,$subject, AccessDecision::RETURN_AS_OBJECT);`
	`218`	`+`
	`219`	`+return$decisioninstanceof AccessDecision ?$decision :newAccessDecision($decision);`
	`220`	`+ }`
	`221`	`+`
`205`	`222`	`/**`
`206`	`223`	`* Throws an exception unless the attribute is granted against the current authentication token and optionally`
`207`	`224`	`* supplied subject.`
`@@ -210,10 +227,13 @@ protected function isGranted(mixed $attribute, mixed $subject = null): bool`
`210`	`227`	`*/`
`211`	`228`	`protectedfunctiondenyAccessUnlessGranted(mixed$attribute,mixed$subject =null,string$message ='Access Denied.'):void`
`212`	`229`	`{`
`213`		`-if (!$this->isGranted($attribute,$subject)) {`
	`230`	`+$decision =$this->getAccessDecision($attribute,$subject);`
	`231`	`+`
	`232`	`+if ($decision->isDenied()) {`
`214`	`233`	`$exception =$this->createAccessDeniedException($message);`
`215`	`234`	`$exception->setAttributes([$attribute]);`
`216`	`235`	`$exception->setSubject($subject);`
	`236`	`+$exception->setAccessDecision($decision);`
`217`	`237`
`218`	`238`	`throw$exception;`
`219`	`239`	`}`

`‎src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php`

Lines changed: 35 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -40,7 +40,9 @@`
`40`	`40`	`useSymfony\Component\Routing\RouterInterface;`
`41`	`41`	`useSymfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;`
`42`	`42`	`useSymfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;`
	`43`	`+useSymfony\Component\Security\Core\Authorization\AccessDecision;`
`43`	`44`	`useSymfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;`
	`45`	`+useSymfony\Component\Security\Core\Authorization\Voter\Vote;`
`44`	`46`	`useSymfony\Component\Security\Core\Exception\AccessDeniedException;`
`45`	`47`	`useSymfony\Component\Security\Core\User\InMemoryUser;`
`46`	`48`	`useSymfony\Component\Security\Csrf\CsrfTokenManagerInterface;`
`@@ -362,7 +364,14 @@ public function testdenyAccessUnlessGranted()`
`362`	`364`
`363`	`365`	`$this->expectException(AccessDeniedException::class);`
`364`	`366`
`365`		`-$controller->denyAccessUnlessGranted('foo');`
	`367`	`+try {`
	`368`	`+$controller->denyAccessUnlessGranted('foo');`
	`369`	`+ }catch (AccessDeniedException$exception) {`
	`370`	`+$this->assertFalse($exception->getAccessDecision()->getAccess());`
	`371`	`+$this->assertEmpty($exception->getAccessDecision()->getVotes());`
	`372`	`+$this->assertEmpty($exception->getAccessDecision()->getMessage());`
	`373`	`+throw$exception;`
	`374`	`+ }`
`366`	`375`	`}`
`367`	`376`
`368`	`377`	`/**`
`@@ -644,4 +653,29 @@ public function testSendEarlyHints()`
`644`	`653`
`645`	`654`	`$this->assertSame('</style.css>; rel="preload"; as="stylesheet",</script.js>; rel="preload"; as="script"',$response->headers->get('Link'));`
`646`	`655`	`}`
	`656`	`+`
	`657`	`+publicfunctiontestdenyAccessUnlessGrantedWithAccessDecisionObject()`
	`658`	`+ {`
	`659`	`+$authorizationChecker =$this->createMock(AuthorizationCheckerInterface::class);`
	`660`	`+$authorizationChecker->expects($this->once())`
	`661`	`+ ->method('isGranted')`
	`662`	`+ ->willReturn(newAccessDecision(false, [newVote(-1)],'access denied'));`
	`663`	`+`
	`664`	`+$container =newContainer();`
	`665`	`+$container->set('security.authorization_checker',$authorizationChecker);`
	`666`	`+`
	`667`	`+$controller =$this->createController();`
	`668`	`+$controller->setContainer($container);`
	`669`	`+`
	`670`	`+$this->expectException(AccessDeniedException::class);`
	`671`	`+`
	`672`	`+try {`
	`673`	`+$controller->denyAccessUnlessGranted('foo');`
	`674`	`+ }catch (AccessDeniedException$exception) {`
	`675`	`+$this->assertFalse($exception->getAccessDecision()->getAccess());`
	`676`	`+$this->assertCount(1,$exception->getAccessDecision()->getVotes());`
	`677`	`+$this->assertSame('access denied',$exception->getAccessDecision()->getMessage());`
	`678`	`+throw$exception;`
	`679`	`+ }`
	`680`	`+ }`
`647`	`681`	`}`

`‎src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php`

Lines changed: 9 additions & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -20,9 +20,12 @@`
`20`	`20`	`useSymfony\Component\HttpKernel\DataCollector\LateDataCollectorInterface;`
`21`	`21`	`useSymfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;`
`22`	`22`	`useSymfony\Component\Security\Core\Authentication\Token\SwitchUserToken;`
	`23`	`+useSymfony\Component\Security\Core\Authorization\AccessDecision;`
`23`	`24`	`useSymfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;`
`24`	`25`	`useSymfony\Component\Security\Core\Authorization\TraceableAccessDecisionManager;`
`25`	`26`	`useSymfony\Component\Security\Core\Authorization\Voter\TraceableVoter;`
	`27`	`+useSymfony\Component\Security\Core\Authorization\Voter\Vote;`
	`28`	`+useSymfony\Component\Security\Core\Authorization\Voter\VoteInterface;`
`26`	`29`	`useSymfony\Component\Security\Core\Role\RoleHierarchyInterface;`
`27`	`30`	`useSymfony\Component\Security\Http\Firewall\SwitchUserListener;`
`28`	`31`	`useSymfony\Component\Security\Http\FirewallMapInterface;`
`@@ -138,6 +141,7 @@ public function collect(Request $request, Response $response, ?\Throwable $excep`
`138`	`141`
`139`	`142`	`// collect voter details`
`140`	`143`	`$decisionLog =$this->accessDecisionManager->getDecisionLog();`
	`144`	`+`
`141`	`145`	`foreach ($decisionLogas$key =>$log) {`
`142`	`146`	`$decisionLog[$key]['voter_details'] = [];`
`143`	`147`	`foreach ($log['voterDetails']as$voterDetail) {`
`@@ -146,10 +150,14 @@ public function collect(Request $request, Response $response, ?\Throwable $excep`
`146`	`150`	`$decisionLog[$key]['voter_details'][] = [`
`147`	`151`	`'class' =>$classData,`
`148`	`152`	`'attributes' =>$voterDetail['attributes'],// Only displayed for unanimous strategy`
`149`		`-'vote' =>$voterDetail['vote'],`
	`153`	`+'vote' =>$voterDetail['vote']instanceof VoteInterface ?$voterDetail['vote'] :newVote($voterDetail['vote']),`
`150`	`154`	`];`
`151`	`155`	`}`
`152`	`156`	`unset($decisionLog[$key]['voterDetails']);`
	`157`	`+`
	`158`	`+if (!$decisionLog[$key]['result']instanceof AccessDecision) {`
	`159`	`+$decisionLog[$key]['result'] =newAccessDecision($decisionLog[$key]['result']);`
	`160`	`+ }`
`153`	`161`	`}`
`154`	`162`
`155`	`163`	`$this->data['access_decision_log'] =$decisionLog;`

`‎src/Symfony/Bundle/SecurityBundle/EventListener/VoteListener.php`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ public function __construct(`
`31`	`31`
`32`	`32`	`publicfunctiononVoterVote(VoteEvent$event):void`
`33`	`33`	`{`
`34`		`-$this->traceableAccessDecisionManager->addVoterVote($event->getVoter(),$event->getAttributes(),$event->getVote());`
	`34`	`+$this->traceableAccessDecisionManager->addVoterVote($event->getVoter(),$event->getAttributes(),$event->getVote(true));`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`publicstaticfunctiongetSubscribedEvents():array`

`‎src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig`

Lines changed: 12 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -518,14 +518,16 @@`
`518`	`518`	`<colstyle="width: 30px">`
`519`	`519`	`<colstyle="width: 120px">`
`520`	`520`	`<colstyle="width: 25%">`
`521`		`- <colstyle="width: 60%">`
	`521`	`+ <colstyle="width: 40%">`
	`522`	`+ <colstyle="width: 20%">`
`522`	`523`
`523`	`524`	`<thead>`
`524`	`525`	`<tr>`
`525`	`526`	`<th>#</th>`
`526`	`527`	`<th>Result</th>`
`527`	`528`	`<th>Attributes</th>`
`528`	`529`	`<th>Object</th>`
	`530`	`+ <th>Message</th>`
`529`	`531`	`</tr>`
`530`	`532`	`</thead>`
`531`	`533`
`@@ -534,7 +536,7 @@`
`534`	`536`	`<trclass="voter_result">`
`535`	`537`	`<tdclass="font-normal text-small text-muted nowrap">{{loop.index }}</td>`
`536`	`538`	`<tdclass="font-normal">`
`537`		`- {{decision.result`
	`539`	`+ {{decision.result.access`
`538`	`540`	`?'<span class="label status-success same-width">GRANTED</span>'`
`539`	`541`	`:'<span class="label status-error same-width">DENIED</span>'`
`540`	`542`	`}}`
`@@ -554,6 +556,7 @@`
`554`	`556`	`{%endif %}`
`555`	`557`	`</td>`
`556`	`558`	`<td>{{ profiler_dump(decision.seek('object')) }}</td>`
	`559`	`+ <td>{{decision.result.message }}</td>`
`557`	`560`	`</tr>`
`558`	`561`	`<trclass="voter_details">`
`559`	`562`	`<td></td>`
`@@ -570,14 +573,17 @@`
`570`	`573`	`<tdclass="font-normal text-small">attribute {{voter_detail['attributes'][0] }}</td>`
`571`	`574`	`{%endif %}`
`572`	`575`	`<tdclass="font-normal text-small">`
`573`		`- {%ifvoter_detail['vote']==constant('Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::ACCESS_GRANTED') %}`
	`576`	`+ {%ifvoter_detail['vote'].access==constant('Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::ACCESS_GRANTED') %}`
`574`	`577`	`ACCESS GRANTED`
`575`		`- {%elseifvoter_detail['vote']==constant('Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::ACCESS_ABSTAIN') %}`
	`578`	`+ {%elseifvoter_detail['vote'].access==constant('Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::ACCESS_ABSTAIN') %}`
`576`	`579`	`ACCESS ABSTAIN`
`577`		`- {%elseifvoter_detail['vote']==constant('Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::ACCESS_DENIED') %}`
	`580`	`+ {%elseifvoter_detail['vote'].access==constant('Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::ACCESS_DENIED') %}`
`578`	`581`	`ACCESS DENIED`
`579`	`582`	`{%else %}`
`580`		`- unknown ({{voter_detail['vote'] }})`
	`583`	`+ unknown ({{voter_detail['vote'].access }})`
	`584`	`+ {%endif %}`
	`585`	`+ {%ifvoter_detail['vote'].messagesis notempty %}`
	`586`	`+ : {{voter_detail['vote'].messages \| join(',') }}`
`581`	`587`	`{%endif %}`
`582`	`588`	`</td>`
`583`	`589`	`</tr>`

`‎src/Symfony/Bundle/SecurityBundle/Security.php`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -58,10 +58,10 @@ public function getUser(): ?UserInterface`
`58`	`58`	`/**`
`59`	`59`	`* Checks if the attributes are granted against the current authentication token and optionally supplied subject.`
`60`	`60`	`*/`
`61`		`-publicfunctionisGranted(mixed$attributes,mixed$subject =null):bool`
	`61`	`+publicfunctionisGranted(mixed$attributes,mixed$subject =null,$asObject =false):bool`
`62`	`62`	`{`
`63`	`63`	`return$this->container->get('security.authorization_checker')`
`64`		`- ->isGranted($attributes,$subject);`
	`64`	`+ ->isGranted($attributes,$subject,$asObject);`
`65`	`65`	`}`
`66`	`66`
`67`	`67`	`publicfunctiongetToken(): ?TokenInterface`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commitca672e7

File tree

46 files changed

Some content is hidden

46 files changed

`‎src/Symfony/Bridge/Twig/Extension/SecurityExtension.php`

`‎src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php`

`‎src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php`

`‎src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php`

`‎src/Symfony/Bundle/SecurityBundle/EventListener/VoteListener.php`

`‎src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig`

`‎src/Symfony/Bundle/SecurityBundle/Security.php`

0 commit comments