Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

[Security] Allow using expressions with the #[IsGranted] attribute#46978

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Merged
nicolas-grekas merged 1 commit intosymfony:6.2fromHypeMC:improve-isgranted
Aug 2, 2022

Conversation

@HypeMC
Copy link
Member

@HypeMCHypeMC commentedJul 18, 2022
edited
Loading

QA
Branch?6.2
Bug fix?no
New feature?yes
Deprecations?no
TicketsFix#46912
LicenseMIT
Doc PR-

Allows using the expression language with the#[IsGranted] attribute:

#[IsGranted(    attribute:newExpression('"ROLE_ADMIN" in role_names or is_granted("POST_VIEW", subject)'),    subject:'post',)]publicfunctionindex(Post$post){}#[IsGranted(    attribute:newExpression('user === subject'),    subject:newExpression('args["post"].getAuthor()'),)]publicfunctionindex(Post$post){}#[IsGranted(    attribute:newExpression('user === subject["author"] and subject["post"].isPublished()'),    subject: ['author' =>newExpression('args["post"].getAuthor()'),'post' =>'post',    ],)]publicfunctionindex(Post$post){}

@HypeMCHypeMCforce-pushed theimprove-isgranted branch 2 times, most recently frombdd0c16 to3957a98CompareJuly 21, 2022 11:52
Copy link
Member

@nicolas-grekasnicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others.Learn more.

$accessDeniedException->setAttributes($attribute->attributes);

Don't we want to provide the resolved values instead? That would solve the issue with accepting Expression into AccessDeniedException and might improve debugging?

@HypeMCHypeMCforce-pushed theimprove-isgranted branch 2 times, most recently from7c38656 to3d81940CompareJuly 31, 2022 14:16
@HypeMC
Copy link
MemberAuthor

$accessDeniedException->setAttributes($attribute->attributes);

Don't we want to provide the resolved values instead? That would solve the issue with accepting Expression into AccessDeniedException and might improve debugging?

@nicolas-grekas The problem is that the attributes expression is evaluated by theExpressionVoter and I don't see a way to get that info with the current implementation:

$result = VoterInterface::ACCESS_DENIED;
if ($this->expressionLanguage->evaluate($attribute,$variables)) {
return VoterInterface::ACCESS_GRANTED;
}
}
return$result;

Also, if I'm not mistaking, the result of the expression is alwaysfalse (or falsy) if access is denied by the voter, so I'm not sure if that would really help with debugging.

@HypeMC
Copy link
MemberAuthor

@nicolas-grekas Was this closed by accident or did I miss something ?

@lyrixx
Copy link
Member

Indeed, this is a mistake because of the other PR description

nicolas-grekas and HypeMC reacted with thumbs up emoji

@lyrixxlyrixx reopened thisAug 2, 2022
@nicolas-grekas
Copy link
Member

Thank you@HypeMC.

@nicolas-grekasnicolas-grekas merged commite7fbf28 intosymfony:6.2Aug 2, 2022
@HypeMCHypeMC deleted the improve-isgranted branchAugust 2, 2022 13:07
@fabpotfabpot mentioned this pull requestOct 24, 2022
fabpot added a commit to symfony/symfony-docs that referenced this pull requestMar 24, 2023
… (HypeMC)This PR was merged into the 6.2 branch.Discussion----------[Security] Use expression for `#[IsGranted()]` subjectsymfony/symfony#46978symfony/symfony#48080symfony/symfony#48102Commits-------9d4045f [Security] Use expression for #[IsGranted()] subject
weaverryan pushed a commit to symfony/symfony-docs that referenced this pull requestMar 28, 2023
… (HypeMC)This PR was merged into the 6.2 branch.Discussion----------[Security] Use expression for `#[IsGranted()]` subjectsymfony/symfony#46978symfony/symfony#48080symfony/symfony#48102Commits-------9d4045f [Security] Use expression for #[IsGranted()] subject
Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

@OskarStarkOskarStarkOskarStark left review comments

@derrabusderrabusderrabus left review comments

@stofstofstof requested changes

@nicolas-grekasnicolas-grekasnicolas-grekas approved these changes

@lyrixxlyrixxlyrixx approved these changes

@wouterjwouterjAwaiting requested review from wouterjwouterj is a code owner

@chalasrchalasrAwaiting requested review from chalasrchalasr is a code owner

Assignees

No one assigned

Projects

None yet

Milestone

6.2

Development

Successfully merging this pull request may close these issues.

Improve#[IsGranted]

7 participants

@HypeMC@lyrixx@nicolas-grekas@stof@OskarStark@derrabus@carsonbot
[8]ページ先頭
©2009-2025 Movatter.jp