Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.6k
Updating AbstractVoter so that the method receives the TokenInterface#15870
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Closed
Uh oh!
There was an error while loading.Please reload this page.
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.Learn more about bidirectional Unicode characters
186adc6 to4967b8dCompareThis fixes issues where people need this token.
4967b8d tob101d24Compare| if ($this->isGranted($attribute, $object, $token->getUser())) { | ||
| // grant access as soon as at least one voter returns a positive response | ||
| return self::ACCESS_GRANTED; | ||
| } |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
This could actually become anelseif { ... }
I think this is a fair compromise for the feature. The name |
| * @param string $attribute | ||
| * @param object $object | ||
| * @param TokenInterface $token | ||
| * |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Can you add a note that this method should be abstract in 3.0 so that we do not forget that when cleaning the master branch?
👍 |
Done! Status: Reviewed |
| @@ -9,8 +9,9 @@ | |||
| * file that was distributed with this source code. | |||
| */ | |||
| namespace Symfony\Component\Security\Tests\Core\Authentication\Voter; | |||
| namespace Symfony\Component\Security\Core\Tests\Authorization\Voter; | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I also realized the test was in the wrong spot - it wasn't moved when the other tests were moved. Fixed that.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
nevermind, fixing in a proper PR in 2.7
86d7908 to3665c14CompareThank you@weaverryan. |
fabpot added a commit that referenced this pull requestSep 24, 2015
… TokenInterface (weaverryan)This PR was squashed before being merged into the 2.8 branch (closes#15870).Discussion----------Updating AbstractVoter so that the method receives the TokenInterface| Q | A| ------------- | ---| Bug fix? | no| New feature? | yes| BC breaks? | no| Deprecations? | yes| Tests pass? | yes| Fixed tickets |#12360| License | MIT| Doc PR | not yetThisfixes#12360, and along with already-merged#14733, this would make it possible to make calls back to the `AccessDecisionManager` inside a voter (e.g. you might check to see if `IS_AUTHENTICATED_FULLY` from inside your voter).We originally passed the User instead of the token to be nice, but it's a limitation, and since we never sanitized the User (i.e. a string may be passed to `AbstractToken::isGranted()`), it's not helpful anyways.Thanks!Commits-------948ccec Updating AbstractVoter so that the method receives the TokenInterface
| @@ -65,6 +65,12 @@ public function vote(TokenInterface $token, $object, array $attributes) | |||
| // abstain vote by default in case none of the attributes are supported | |||
| $vote = self::ACCESS_ABSTAIN; | |||
| $reflector = new \ReflectionMethod($this, 'voteOnAttribute'); | |||
| $isNewOverwritten = $reflector->getDeclaringClass()->getName() !== 'Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter'; | |||
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I would use__CLASS__ here rather than the class name in a string. It makes it clearer than it is the current class, and is less likely to break if we rename things
weaverryan added a commit to weaverryan/symfony that referenced this pull requestSep 26, 2015
weaverryan added a commit to weaverryan/symfony that referenced this pull requestSep 26, 2015
This was referencedSep 26, 2015
Merged
weaverryan added a commit to weaverryan/symfony that referenced this pull requestSep 26, 2015
weaverryan added a commit to weaverryan/symfony that referenced this pull requestSep 26, 2015
weaverryan added a commit to weaverryan/symfony that referenced this pull requestSep 26, 2015
fabpot added a commit that referenced this pull requestSep 27, 2015
This PR was merged into the 2.8 branch.Discussion----------Abstract voter tweaks| Q | A| ------------- | ---| Bug fix? | yes (a little)| New feature? | no| BC breaks? | no| Deprecations? | no| Tests pass? | yes| Fixed tickets | n/a| License | MIT| Doc PR | n/aBased on suggestions from stof in#15870, this simplifies the BC and deprecation throwing code. This also adds a BadMethodCallException in case the user doesn't override `isGranted` *or* `voteOnAttribute`, because that's just plain wrong (as is calling `isGranted()` on the parent class directly, since that was formerly abstract).Commits-------c03f5c2 Massively simplifying the BC and deprecated-throwing code thanks to suggestions by stof in#15870
fabpot added a commit that referenced this pull requestSep 27, 2015
* 2.8: (28 commits) Detect Mintty for color support on Windows Detect Mintty for color support on Windows [WebProfilerBundle] Fix search button click listener [Form][Type Date/Time] added choice_translation_domain option. Massively simplifying the BC and deprecated-throwing code thanks to suggestions by stof in#15870 Making all "debug" messages use the debug router Making GuardTokenInterface extend TokenInterface Updating behavior to not continue after an authenticator has set the response Add a group for tests of the finder against the FTP server Fix trigger_error calls Fix legacy security tests tweaking message related to configuration edge case that we want to be helpful with Minor tweaks - lowering the required security-http requirement and nulling out a test field Fix license headers Fix license headers Fix license headers Ensure the ClockMock is loaded before using it in the testsuite Allow serializer 3.0 in the PropertyInfo component Add the replace rules for the security-guard component Forbid serializing a Crawler ...
Merged
ostrolucky pushed a commit to ostrolucky/symfony that referenced this pull requestMar 25, 2018
* 2.8: (28 commits) Detect Mintty for color support on Windows Detect Mintty for color support on Windows [WebProfilerBundle] Fix search button click listener [Form][Type Date/Time] added choice_translation_domain option. Massively simplifying the BC and deprecated-throwing code thanks to suggestions by stof insymfony#15870 Making all "debug" messages use the debug router Making GuardTokenInterface extend TokenInterface Updating behavior to not continue after an authenticator has set the response Add a group for tests of the finder against the FTP server Fix trigger_error calls Fix legacy security tests tweaking message related to configuration edge case that we want to be helpful with Minor tweaks - lowering the required security-http requirement and nulling out a test field Fix license headers Fix license headers Fix license headers Ensure the ClockMock is loaded before using it in the testsuite Allow serializer 3.0 in the PropertyInfo component Add the replace rules for the security-guard component Forbid serializing a Crawler ...
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Thisfixes#12360, and along with already-merged#14733, this would make it possible to make calls back to the
AccessDecisionManagerinside a voter (e.g. you might check to see ifIS_AUTHENTICATED_FULLYfrom inside your voter).We originally passed the User instead of the token to be nice, but it's a limitation, and since we never sanitized the User (i.e. a string may be passed to
AbstractToken::isGranted()), it's not helpful anyways.Thanks!