Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.7k
[FrameworkBundle] Fix denyAccessUnlessGranted for mixed attributes#49493
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
carsonbot commentedFeb 22, 2023
Hey! I see that this is your first PR. That is great! Welcome! Symfony has acontribution guide which I suggest you to read. In short:
Review the GitHub status checks of your pull request and try to solve the reported issues. If some tests are failing, try to see if they are failing because of this change. When two Symfony core team members approve this change, it will be merged and you will become an official Symfony contributor! I am going to sit back now and wait for the reviews. Cheers! Carsonbot |
delbertooo commentedFeb 22, 2023
Can someone re-run the checks or something? I don't think this issue is caused by my code: |
src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php OutdatedShow resolvedHide resolved
Uh oh!
There was an error while loading.Please reload this page.
Fix AbstractController::denyAccessUnlessGranted() for attributes that aren't string or array. Always wrap the given single attribute into an array to not break the parameter type of AccessDeniedException#setAttributes() (which supports strings only for convenience).
nicolas-grekas left a comment
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
(I fixed my review comments)
nicolas-grekas commentedFeb 23, 2023
Thank you@delbertooo. |
Uh oh!
There was an error while loading.Please reload this page.
Checking authorization against anything that isn't
array|stringwill cause PHP errors now. The methodAbstractController::denyAccessUnlessGranted()sets the givensingle attribute into the exception in case of denied access. TheAuthorizationCheckerInterfacedefines that the attribute can be anything, even objects. The parameter type hintarray|stringofAccessDeniedException::setAttributes()want's an array of attributes (or a string for convenience).Example
The fix
As the given attribute is asingle attribute: always wrap it into an array when creating the exception, because the exception expects an array of attributes.