NotificationsYou must be signed in to change notification settings
Fork9.6k
Star30.4k

Commitfcc69a6

committed

[Security] Add ability for voters to explain their vote

1 parentd824d53 commitfcc69a6Copy full SHA for fcc69a6

File tree

27 files changed

+330

-120

lines changed

src/Symfony
- Bridge/Twig/Extension
  - SecurityExtension.php
- Bundle
  - FrameworkBundle/Controller
    - AbstractController.php
  - SecurityBundle
    - DataCollector
      - SecurityDataCollector.php
    - EventListener
      - VoteListener.php
    - Resources/views/Collector
      - security.html.twig
    - Security.php
- Component/Security
  - Core
  - Http
    - EventListener
      - IsGrantedAttributeListener.php
    - Firewall
      - AccessListener.php
      - SwitchUserListener.php

27 files changed

+330

-120

lines changed

`‎src/Symfony/Bridge/Twig/Extension/SecurityExtension.php`

Lines changed: 26 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,7 @@`
`12`	`12`	`namespaceSymfony\Bridge\Twig\Extension;`
`13`	`13`
`14`	`14`	`useSymfony\Component\Security\Acl\Voter\FieldVote;`
	`15`	`+useSymfony\Component\Security\Core\Authorization\AccessDecision;`
`15`	`16`	`useSymfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;`
`16`	`17`	`useSymfony\Component\Security\Core\Authorization\UserAuthorizationCheckerInterface;`
`17`	`18`	`useSymfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;`
`@@ -34,7 +35,7 @@ public function __construct(`
`34`	`35`	`) {`
`35`	`36`	`}`
`36`	`37`
`37`		`-publicfunctionisGranted(mixed$role,mixed$object =null, ?string$field =null):bool`
	`38`	`+publicfunctionisGranted(mixed$role,mixed$object =null, ?string$field =null, ?AccessDecision$accessDecision =null):bool`
`38`	`39`	`{`
`39`	`40`	`if (null ===$this->securityChecker) {`
`40`	`41`	`returnfalse;`
`@@ -47,15 +48,23 @@ public function isGranted(mixed $role, mixed $object = null, ?string $field = nu`
`47`	`48`
`48`	`49`	`$object =newFieldVote($object,$field);`
`49`	`50`	`}`
	`51`	`+if (!class_exists(AccessDecision::class)) {`
	`52`	`+try {`
	`53`	`+return$this->securityChecker->isGranted($role,$object);`
	`54`	`+ }catch (AuthenticationCredentialsNotFoundException) {`
	`55`	`+returnfalse;`
	`56`	`+ }`
	`57`	`+ }`
	`58`	`+$accessDecision ??=newAccessDecision();`
`50`	`59`
`51`	`60`	`try {`
`52`		`-return$this->securityChecker->isGranted($role,$object);`
	`61`	`+return$accessDecision->isGranted =$this->securityChecker->isGranted($role,$object,$accessDecision);`
`53`	`62`	`}catch (AuthenticationCredentialsNotFoundException) {`
`54`		`-returnfalse;`
	`63`	`+return$accessDecision->isGranted =false;`
`55`	`64`	`}`
`56`	`65`	`}`
`57`	`66`
`58`		`-publicfunctionisGrantedForUser(UserInterface$user,mixed$attribute,mixed$subject =null, ?string$field =null):bool`
	`67`	`+publicfunctionisGrantedForUser(UserInterface$user,mixed$attribute,mixed$subject =null, ?string$field =null, ?AccessDecision$accessDecision =null):bool`
`59`	`68`	`{`
`60`	`69`	`if (!$this->userSecurityChecker) {`
`61`	`70`	`thrownew \LogicException(\sprintf('An instance of "%s" must be provided to use "%s()".', UserAuthorizationCheckerInterface::class,__METHOD__));`
`@@ -68,8 +77,20 @@ public function isGrantedForUser(UserInterface $user, mixed $attribute, mixed $s`
`68`	`77`
`69`	`78`	`$subject =newFieldVote($subject,$field);`
`70`	`79`	`}`
	`80`	`+if (!class_exists(AccessDecision::class)) {`
	`81`	`+try {`
	`82`	`+return$this->userSecurityChecker->isGrantedForUser($user,$attribute,$subject);`
	`83`	`+ }catch (AuthenticationCredentialsNotFoundException) {`
	`84`	`+returnfalse;`
	`85`	`+ }`
	`86`	`+ }`
	`87`	`+$accessDecision ??=newAccessDecision();`
`71`	`88`
`72`		`-return$this->userSecurityChecker->isGrantedForUser($user,$attribute,$subject);`
	`89`	`+try {`
	`90`	`+return$accessDecision->isGranted =$this->userSecurityChecker->isGrantedForUser($user,$attribute,$subject,$accessDecision);`
	`91`	`+ }catch (AuthenticationCredentialsNotFoundException) {`
	`92`	`+return$accessDecision->isGranted =false;`
	`93`	`+ }`
`73`	`94`	`}`
`74`	`95`
`75`	`96`	`publicfunctiongetImpersonateExitUrl(?string$exitTo =null):string`

`‎src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php`

Lines changed: 33 additions & 5 deletions

Original file line number	Diff line number	Diff line change
`@@ -35,6 +35,7 @@`
`35`	`35`	`useSymfony\Component\Routing\Generator\UrlGeneratorInterface;`
`36`	`36`	`useSymfony\Component\Routing\RouterInterface;`
`37`	`37`	`useSymfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;`
	`38`	`+useSymfony\Component\Security\Core\Authorization\AccessDecision;`
`38`	`39`	`useSymfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;`
`39`	`40`	`useSymfony\Component\Security\Core\Exception\AccessDeniedException;`
`40`	`41`	`useSymfony\Component\Security\Core\User\UserInterface;`
`@@ -202,6 +203,21 @@ protected function isGranted(mixed $attribute, mixed $subject = null): bool`
`202`	`203`	`return$this->container->get('security.authorization_checker')->isGranted($attribute,$subject);`
`203`	`204`	`}`
`204`	`205`
	`206`	`+/**`
	`207`	`+ * Checks if the attribute is granted against the current authentication token and optionally supplied subject.`
	`208`	`+ */`
	`209`	`+protectedfunctiongetAccessDecision(mixed$attribute,mixed$subject =null):AccessDecision`
	`210`	`+ {`
	`211`	`+if (!$this->container->has('security.authorization_checker')) {`
	`212`	`+thrownew \LogicException('The SecurityBundle is not registered in your application. Try running "composer require symfony/security-bundle".');`
	`213`	`+ }`
	`214`	`+`
	`215`	`+$accessDecision =newAccessDecision();`
	`216`	`+$accessDecision->isGranted =$this->container->get('security.authorization_checker')->isGranted($attribute,$subject,$accessDecision);`
	`217`	`+`
	`218`	`+return$accessDecision;`
	`219`	`+ }`
	`220`	`+`
`205`	`221`	`/**`
`206`	`222`	`* Throws an exception unless the attribute is granted against the current authentication token and optionally`
`207`	`223`	`* supplied subject.`
`@@ -210,12 +226,24 @@ protected function isGranted(mixed $attribute, mixed $subject = null): bool`
`210`	`226`	`*/`
`211`	`227`	`protectedfunctiondenyAccessUnlessGranted(mixed$attribute,mixed$subject =null,string$message ='Access Denied.'):void`
`212`	`228`	`{`
`213`		`-if (!$this->isGranted($attribute,$subject)) {`
`214`		`-$exception =$this->createAccessDeniedException($message);`
`215`		`-$exception->setAttributes([$attribute]);`
`216`		`-$exception->setSubject($subject);`
	`229`	`+if (class_exists(AccessDecision::class)) {`
	`230`	`+$accessDecision =$this->getAccessDecision($attribute,$subject);`
	`231`	`+$isGranted =$accessDecision->isGranted;`
	`232`	`+ }else {`
	`233`	`+$accessDecision =null;`
	`234`	`+$isGranted =$this->isGranted($attribute,$subject);`
	`235`	`+ }`
	`236`	`+`
	`237`	`+if (!$isGranted) {`
	`238`	`+$e =$this->createAccessDeniedException(3 >\func_num_args() &&$accessDecision ?$accessDecision->getMessage() :$message);`
	`239`	`+$e->setAttributes([$attribute]);`
	`240`	`+$e->setSubject($subject);`
	`241`	`+`
	`242`	`+if ($accessDecision) {`
	`243`	`+$e->setAccessDecision($accessDecision);`
	`244`	`+ }`
`217`	`245`
`218`		`-throw$exception;`
	`246`	`+throw$e;`
`219`	`247`	`}`
`220`	`248`	`}`
`221`	`249`

`‎src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php`

Lines changed: 2 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -138,6 +138,7 @@ public function collect(Request $request, Response $response, ?\Throwable $excep`
`138`	`138`
`139`	`139`	`// collect voter details`
`140`	`140`	`$decisionLog =$this->accessDecisionManager->getDecisionLog();`
	`141`	`+`
`141`	`142`	`foreach ($decisionLogas$key =>$log) {`
`142`	`143`	`$decisionLog[$key]['voter_details'] = [];`
`143`	`144`	`foreach ($log['voterDetails']as$voterDetail) {`
`@@ -147,6 +148,7 @@ public function collect(Request $request, Response $response, ?\Throwable $excep`
`147`	`148`	`'class' =>$classData,`
`148`	`149`	`'attributes' =>$voterDetail['attributes'],// Only displayed for unanimous strategy`
`149`	`150`	`'vote' =>$voterDetail['vote'],`
	`151`	`+'reasons' =>$voterDetail['reasons'] ?? [],`
`150`	`152`	`];`
`151`	`153`	`}`
`152`	`154`	`unset($decisionLog[$key]['voterDetails']);`

`‎src/Symfony/Bundle/SecurityBundle/EventListener/VoteListener.php`

Lines changed: 1 addition & 1 deletion

Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ public function __construct(`
`31`	`31`
`32`	`32`	`publicfunctiononVoterVote(VoteEvent$event):void`
`33`	`33`	`{`
`34`		`-$this->traceableAccessDecisionManager->addVoterVote($event->getVoter(),$event->getAttributes(),$event->getVote());`
	`34`	`+$this->traceableAccessDecisionManager->addVoterVote($event->getVoter(),$event->getAttributes(),$event->getVote(),$event->getReasons());`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`publicstaticfunctiongetSubscribedEvents():array`

`‎src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig`

Lines changed: 6 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -571,14 +571,17 @@`
`571`	`571`	`{%endif %}`
`572`	`572`	`<tdclass="font-normal text-small">`
`573`	`573`	`{%ifvoter_detail['vote']==constant('Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::ACCESS_GRANTED') %}`
`574`		`-ACCESSGRANTED`
	`574`	`+ GRANTED`
`575`	`575`	`{%elseifvoter_detail['vote']==constant('Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::ACCESS_ABSTAIN') %}`
`576`		`-ACCESSABSTAIN`
	`576`	`+ ABSTAIN`
`577`	`577`	`{%elseifvoter_detail['vote']==constant('Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::ACCESS_DENIED') %}`
`578`		`-ACCESSDENIED`
	`578`	`+ DENIED`
`579`	`579`	`{%else %}`
`580`	`580`	`unknown ({{voter_detail['vote'] }})`
`581`	`581`	`{%endif %}`
	`582`	`+ {%ifvoter_detail['reasons']is notempty %}`
	`583`	`+ <br>{{voter_detail['reasons'] \| join('<br>') }}`
	`584`	`+ {%endif %}`
`582`	`585`	`</td>`
`583`	`586`	`</tr>`
`584`	`587`	`{%endfor %}`

`‎src/Symfony/Bundle/SecurityBundle/Security.php`

Lines changed: 7 additions & 6 deletions

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@`
`17`	`17`	`useSymfony\Component\HttpFoundation\Response;`
`18`	`18`	`useSymfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;`
`19`	`19`	`useSymfony\Component\Security\Core\Authentication\Token\TokenInterface;`
	`20`	`+useSymfony\Component\Security\Core\Authorization\AccessDecision;`
`20`	`21`	`useSymfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;`
`21`	`22`	`useSymfony\Component\Security\Core\Authorization\UserAuthorizationCheckerInterface;`
`22`	`23`	`useSymfony\Component\Security\Core\Exception\LogicException;`
`@@ -58,10 +59,10 @@ public function getUser(): ?UserInterface`
`58`	`59`	`/**`
`59`	`60`	`* Checks if the attributes are granted against the current authentication token and optionally supplied subject.`
`60`	`61`	`*/`
`61`		`-publicfunctionisGranted(mixed$attributes,mixed$subject =null):bool`
	`62`	`+publicfunctionisGranted(mixed$attributes,mixed$subject =null,AccessDecision$accessDecision =newAccessDecision()):bool`
`62`	`63`	`{`
`63`		`-return$this->container->get('security.authorization_checker')`
`64`		`- ->isGranted($attributes,$subject);`
	`64`	`+return$accessDecision->isGranted =$this->container->get('security.authorization_checker')`
	`65`	`+ ->isGranted($attributes,$subject,$accessDecision);`
`65`	`66`	`}`
`66`	`67`
`67`	`68`	`publicfunctiongetToken(): ?TokenInterface`
`@@ -154,10 +155,10 @@ public function logout(bool $validateCsrfToken = true): ?Response`
`154`	`155`	`*`
`155`	`156`	`* This should be used over isGranted() when checking permissions against a user that is not currently logged in or while in a CLI context.`
`156`	`157`	`*/`
`157`		`-publicfunctionisGrantedForUser(UserInterface$user,mixed$attribute,mixed$subject =null):bool`
	`158`	`+publicfunctionisGrantedForUser(UserInterface$user,mixed$attribute,mixed$subject =null,AccessDecision$accessDecision =newAccessDecision()):bool`
`158`	`159`	`{`
`159`		`-return$this->container->get('security.user_authorization_checker')`
`160`		`- ->isGrantedForUser($user,$attribute,$subject);`
	`160`	`+return$accessDecision->isGranted =$this->container->get('security.user_authorization_checker')`
	`161`	`+ ->isGrantedForUser($user,$attribute,$subject,$accessDecision);`
`161`	`162`	`}`
`162`	`163`
`163`	`164`	`privatefunctiongetAuthenticator(?string$authenticatorName,string$firewallName):AuthenticatorInterface`

`‎src/Symfony/Component/Security/Core/Authorization/AccessDecision.php`

Lines changed: 56 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,56 @@`
	`1`	`+<?php`
	`2`	`+`
	`3`	`+/*`
	`4`	`+ * This file is part of the Symfony package.`
	`5`	`+ *`
	`6`	`+ * (c) Fabien Potencier <fabien@symfony.com>`
	`7`	`+ *`
	`8`	`+ * For the full copyright and license information, please view the LICENSE`
	`9`	`+ * file that was distributed with this source code.`
	`10`	`+ */`
	`11`	`+`
	`12`	`+namespaceSymfony\Component\Security\Core\Authorization;`
	`13`	`+`
	`14`	`+useSymfony\Component\Security\Core\Authorization\Voter\Vote;`
	`15`	`+useSymfony\Component\Security\Core\Authorization\Voter\VoterInterface;`
	`16`	`+`
	`17`	`+/**`
	`18`	`+ * Contains the access verdict and all the related votes.`
	`19`	`+ *`
	`20`	`+ * @author Dany Maillard <danymaillard93b@gmail.com>`
	`21`	`+ * @author Roman JOLY <eltharin18@outlook.fr>`
	`22`	`+ * @author Nicolas Grekas <p@tchwork.com>`
	`23`	`+ */`
	`24`	`+finalclass AccessDecision`
	`25`	`+{`
	`26`	`+/**`
	`27`	`+ * @var class-string<AccessDecisionStrategyInterface>\|string\|null`
	`28`	`+ */`
	`29`	`+public ?string$strategy =null;`
	`30`	`+`
	`31`	`+publicbool$isGranted;`
	`32`	`+`
	`33`	`+/**`
	`34`	`+ * @var Vote[]`
	`35`	`+ */`
	`36`	`+public$votes = [];`
	`37`	`+`
	`38`	`+publicfunctiongetMessage():string`
	`39`	`+ {`
	`40`	`+$message =$this->isGranted ?'Access granted.' :'Access denied.';`
	`41`	`+$access =$this->isGranted ? VoterInterface::ACCESS_GRANTED : VoterInterface::ACCESS_DENIED;`
	`42`	`+`
	`43`	`+if ($this->votes) {`
	`44`	`+foreach ($this->votesas$vote) {`
	`45`	`+if ($vote->result !==$access) {`
	`46`	`+continue;`
	`47`	`+ }`
	`48`	`+foreach ($vote->reasonsas$reason) {`
	`49`	`+$message .=''.$reason;`
	`50`	`+ }`
	`51`	`+ }`
	`52`	`+ }`
	`53`	`+`
	`54`	`+return$message;`
	`55`	`+ }`
	`56`	`+}`

`‎src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php`

Lines changed: 23 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -15,6 +15,8 @@`
`15`	`15`	`useSymfony\Component\Security\Core\Authorization\Strategy\AccessDecisionStrategyInterface;`
`16`	`16`	`useSymfony\Component\Security\Core\Authorization\Strategy\AffirmativeStrategy;`
`17`	`17`	`useSymfony\Component\Security\Core\Authorization\Voter\CacheableVoterInterface;`
	`18`	`+useSymfony\Component\Security\Core\Authorization\Voter\TraceableVoter;`
	`19`	`+useSymfony\Component\Security\Core\Authorization\Voter\Vote;`
`18`	`20`	`useSymfony\Component\Security\Core\Authorization\Voter\VoterInterface;`
`19`	`21`	`useSymfony\Component\Security\Core\Exception\InvalidArgumentException;`
`20`	`22`
`@@ -49,35 +51,49 @@ public function __construct(`
`49`	`51`	`/**`
`50`	`52`	`* @param bool $allowMultipleAttributes Whether to allow passing multiple values to the $attributes array`
`51`	`53`	`*/`
`52`		`-publicfunctiondecide(TokenInterface$token,array$attributes,mixed$object =null,bool$allowMultipleAttributes =false):bool`
	`54`	`+publicfunctiondecide(TokenInterface$token,array$attributes,mixed$object =null,bool\|AccessDecision$accessDecision =newAccessDecision(),bool$allowMultipleAttributes =false):bool`
`53`	`55`	`{`
	`56`	`+if (\is_bool($accessDecision)) {`
	`57`	`+$allowMultipleAttributes =$accessDecision;`
	`58`	`+$accessDecision =newAccessDecision();`
	`59`	`+ }`
	`60`	`+`
`54`	`61`	`// Special case for AccessListener, do not remove the right side of the condition before 6.0`
`55`	`62`	`if (\count($attributes) >1 && !$allowMultipleAttributes) {`
`56`	`63`	`thrownewInvalidArgumentException(\sprintf('Passing more than one Security attribute to "%s()" is not supported.',__METHOD__));`
`57`	`64`	`}`
`58`	`65`
`59`		`-return$this->strategy->decide(`
`60`		`-$this->collectResults($token,$attributes,$object)`
	`66`	`+$accessDecision->strategy =$this->strategyinstanceof \Stringable ?$this->strategy :get_debug_type($this->strategy);`
	`67`	`+`
	`68`	`+return$accessDecision->isGranted =$this->strategy->decide(`
	`69`	`+$this->collectResults($token,$attributes,$object,$accessDecision)`
`61`	`70`	`);`
`62`	`71`	`}`
`63`	`72`
`64`	`73`	`/**`
`65`		`- * @return \Traversable<int, int>`
	`74`	`+ * @return \Traversable<VoterInterface::ACCESS_*>`
`66`	`75`	`*/`
`67`		`-privatefunctioncollectResults(TokenInterface$token,array$attributes,mixed$object):\Traversable`
	`76`	`+privatefunctioncollectResults(TokenInterface$token,array$attributes,mixed$object,AccessDecision$accessDecision):\Traversable`
`68`	`77`	`{`
`69`	`78`	`foreach ($this->getVoters($attributes,$object)as$voter) {`
`70`		`-$result =$voter->vote($token,$object,$attributes);`
	`79`	`+$vote =newVote();`
	`80`	`+$result =$voter->vote($token,$object,$attributes,$vote);`
	`81`	`+`
`71`	`82`	`if (!\is_int($result) \|\| !(self::VALID_VOTES[$result] ??false)) {`
`72`	`83`	`thrownew \LogicException(\sprintf('"%s::vote()" must return one of "%s" constants ("ACCESS_GRANTED", "ACCESS_DENIED" or "ACCESS_ABSTAIN"), "%s" returned.',get_debug_type($voter), VoterInterface::class,var_export($result,true)));`
`73`	`84`	`}`
`74`	`85`
	`86`	`+$voter =$voterinstanceof TraceableVoter ?$voter->getDecoratedVoter() :$voter;`
	`87`	`+$vote->voter =$voterinstanceof \Stringable ?$voter :get_debug_type($voter);`
	`88`	`+$vote->result =$result;`
	`89`	`+$accessDecision->votes[] =$vote;`
	`90`	`+`
`75`	`91`	`yield$result;`
`76`	`92`	`}`
`77`	`93`	`}`
`78`	`94`
`79`	`95`	`/**`
`80`		`- * @return iterable<mixed,VoterInterface>`
	`96`	`+ * @return iterable<VoterInterface>`
`81`	`97`	`*/`
`82`	`98`	`privatefunctiongetVoters(array$attributes,$object =null):iterable`
`83`	`99`	`{`

`‎src/Symfony/Component/Security/Core/Authorization/AccessDecisionManagerInterface.php`

Lines changed: 4 additions & 3 deletions

Original file line number	Diff line number	Diff line change
`@@ -23,8 +23,9 @@ interface AccessDecisionManagerInterface`
`23`	`23`	`/**`
`24`	`24`	`* Decides whether the access is possible or not.`
`25`	`25`	`*`
`26`		`- * @param array $attributes An array of attributes associated with the method being invoked`
`27`		`- * @param mixed $object The object to secure`
	`26`	`+ * @param array $attributes An array of attributes associated with the method being invoked`
	`27`	`+ * @param mixed $object The object to secure`
	`28`	`+ * @param AccessDecision $accessDecision Should be used to explain the decision`
`28`	`29`	`*/`
`29`		`-publicfunctiondecide(TokenInterface$token,array$attributes,mixed$object =null):bool;`
	`30`	`+publicfunctiondecide(TokenInterface$token,array$attributes,mixed$object =null/* , AccessDecision $accessDecision = new AccessDecision() */):bool;`
`30`	`31`	`}`

`‎src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php`

Lines changed: 2 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -30,14 +30,14 @@ public function __construct(`
`30`	`30`	`) {`
`31`	`31`	`}`
`32`	`32`
`33`		`-finalpublicfunctionisGranted(mixed$attribute,mixed$subject =null):bool`
	`33`	`+finalpublicfunctionisGranted(mixed$attribute,mixed$subject =null,AccessDecision$accessDecision =newAccessDecision()):bool`
`34`	`34`	`{`
`35`	`35`	`$token =$this->tokenStorage->getToken();`
`36`	`36`
`37`	`37`	`if (!$token \|\| !$token->getUser()) {`
`38`	`38`	`$token =newNullToken();`
`39`	`39`	`}`
`40`	`40`
`41`		`-return$this->accessDecisionManager->decide($token, [$attribute],$subject);`
	`41`	`+return$accessDecision->isGranted =$this->accessDecisionManager->decide($token, [$attribute],$subject,$accessDecision);`
`42`	`42`	`}`
`43`	`43`	`}`

`‎src/Symfony/Component/Security/Core/Authorization/AuthorizationCheckerInterface.php`

Lines changed: 3 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -21,7 +21,8 @@ interface AuthorizationCheckerInterface`
`21`	`21`	`/**`
`22`	`22`	`* Checks if the attribute is granted against the current authentication token and optionally supplied subject.`
`23`	`23`	`*`
`24`		`- * @param mixed $attribute A single attribute to vote on (can be of any type, string and instance of Expression are supported by the core)`
	`24`	`+ * @param mixed $attribute A single attribute to vote on (can be of any type, string and instance of Expression are supported by the core)`
	`25`	`+ * @param AccessDecision $accessDecision Should be used to explain the decision`
`25`	`26`	`*/`
`26`		`-publicfunctionisGranted(mixed$attribute,mixed$subject =null):bool;`
	`27`	`+publicfunctionisGranted(mixed$attribute,mixed$subject =null/* , AccessDecision $accessDecision = new AccessDecision() */):bool;`
`27`	`28`	`}`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commitfcc69a6

File tree

27 files changed

27 files changed

`‎src/Symfony/Bridge/Twig/Extension/SecurityExtension.php`

`‎src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php`

`‎src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php`

`‎src/Symfony/Bundle/SecurityBundle/EventListener/VoteListener.php`

`‎src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig`

`‎src/Symfony/Bundle/SecurityBundle/Security.php`

`‎src/Symfony/Component/Security/Core/Authorization/AccessDecision.php`

`‎src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php`

`‎src/Symfony/Component/Security/Core/Authorization/AccessDecisionManagerInterface.php`

`‎src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php`

`‎src/Symfony/Component/Security/Core/Authorization/AuthorizationCheckerInterface.php`

0 commit comments