Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
[Security] deprecate the RoleInterface#20801
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
xabbuh commentedDec 6, 2016
| Q | A |
|---|---|
| Branch? | master |
| Bug fix? | no |
| New feature? | no |
| BC breaks? | no |
| Deprecations? | yes |
| Tests pass? | yes |
| Fixed tickets | |
| License | MIT |
| Doc PR |
| * @paramRoleInterface[]|string[] $roles An array of roles | ||
| * @param UserInterface $user The user! | ||
| * @param string $providerKey The provider (firewall) key | ||
| * @paramRole[]|string[] $roles An array of roles |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
same as before(Role|string)[] ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Of course, good catch@yceruto!
48507c6 to807b60dCompareogizanagi commentedDec 6, 2016
What about triggering a deprecation at least from the |
xabbuh commentedDec 6, 2016
@ogizanagi But such a role would have triggered the deprecation already because of the |
ogizanagi commentedDec 6, 2016
Right. I forgot about this behavior. |
| * | ||
| * @author Fabien Potencier <fabien@symfony.com> | ||
| * | ||
| * @deprecated The RoleInterface is deprecated since version 3.3 and will be removed in 4.0. Use the Symfony\Component\Security\Core\Role\Role class instead. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Extend the ... instead ofUse the ...?
807b60d to0393724Comparefabpot commentedDec 8, 2016
Thank you@xabbuh. |
This PR was merged into the 3.3-dev branch.Discussion----------[Security] deprecate the RoleInterface| Q | A| ------------- | ---| Branch? | master| Bug fix? | no| New feature? | no| BC breaks? | no| Deprecations? | yes| Tests pass? | yes| Fixed tickets || License | MIT| Doc PR |Commits-------0393724 [Security] deprecate the RoleInterface
stof commentedDec 8, 2016
@fabpot we talked about deprecating the usage of objects as roles entirely in the past, relying on strings only. Should we move forward on this topic ? |
fabpot commentedDec 8, 2016
@stof Indeed, that would be a fantastic move for 4.0. |
fsmeier commentedApr 17, 2018
Where was this discussed? Can you pls link this, so others and me can understand why this is thebetter way? |
…es (xabbuh)This PR was merged into the 4.3-dev branch.Discussion----------[Security] deprecate the Role and SwitchUserRole classes| Q | A| ------------- | ---| Branch? | master| Bug fix? | no| New feature? | no| BC breaks? | no| Deprecations? | yes| Tests pass? | yes| Fixed tickets |#20824| License | MIT| Doc PR |symfony/symfony-docs#11047In#20801, we deprecated the `RoleInterface`. The next logical step would be to also deprecate the `Role` class. However, we currently have the `SwitchUserRole` class (a sub-class of `Role`) that acts as an indicator to check whether or not the authenticated user switched to another user.This PR proposes an alternative solution to the usage of the special `SwitchUserRole` class by storing the original token inside the `UsernamePasswordToken`. This PR is not complete, but rather acts as a proof of concept of how we could get rid of the `Role` and the `SwitchUserRole` classes.Please share your opinions whether you think this is a valid approach and I will be happy to finalise the PR.Commits-------d7aaa61 deprecate the Role and SwitchUserRole classes