Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit0fbef77

Browse files
committed
document the deprecation of the role classes
1 parent5aa9ee5 commit0fbef77

File tree

2 files changed

+23
-41
lines changed

2 files changed

+23
-41
lines changed

‎components/security/authorization.rst‎

Lines changed: 4 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -19,7 +19,7 @@ by an instance of :class:`Symfony\\Component\\Security\\Core\\Authorization\\Acc
1919
An authorization decision will always be based on a few things:
2020

2121
* The current token
22-
For instance, the token's:method:`Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface::getRoles`
22+
For instance, the token's:method:`Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface::getRoleNames`
2323
method may be used to retrieve the roles of the current user (e.g.
2424
``ROLE_SUPER_ADMIN``), or a decision may be based on the class of the token.
2525
* A set of attributes
@@ -127,7 +127,7 @@ RoleVoter
127127
The:class:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\RoleVoter`
128128
supports attributes starting with ``ROLE_`` and grants access to the user
129129
when the required ``ROLE_*`` attributes can all be found in the array of
130-
roles returned by the token's:method:`Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface::getRoles`
130+
roles returned by the token's:method:`Symfony\\Component\\Security\\Core\\Authentication\\Token\\TokenInterface::getRoleNames`
131131
method::
132132

133133
use Symfony\Component\Security\Core\Authorization\Voter\RoleVoter;
@@ -167,24 +167,8 @@ role::
167167
Roles
168168
-----
169169

170-
Roles are objects that give expression to a certain right the user has. The only
171-
requirement is that they must define a ``getRole()`` method that returns a
172-
string representation of the role itself. To do so, you can optionally extend
173-
from the default:class:`Symfony\\Component\\Security\\Core\\Role\\Role` class,
174-
which returns its first constructor argument in this method::
175-
176-
use Symfony\Component\Security\Core\Role\Role;
177-
178-
$role = new Role('ROLE_ADMIN');
179-
180-
// shows 'ROLE_ADMIN'
181-
var_dump($role->getRole());
182-
183-
..note::
184-
185-
Most authentication tokens extend from:class:`Symfony\\Component\\Security\\Core\\Authentication\\Token\\AbstractToken`,
186-
which means that the roles given to its constructor will be
187-
automatically converted from strings to these simple ``Role`` objects.
170+
Roles are strings that give expression to a certain right the user has. The only
171+
requirement is that they must start with the ``ROLE_`` prefix.
188172

189173
Using the Decision Manager
190174
--------------------------

‎security/impersonating_user.rst‎

Lines changed: 19 additions & 21 deletions
Original file line numberDiff line numberDiff line change
@@ -98,11 +98,17 @@ to show a link to exit impersonation:
9898
Finding the Original User
9999
-------------------------
100100

101+
versionadded:: 4.3
102+
103+
The ``SwitchUserToken`` class was introduced in Symfony 4.3.
104+
101105
In some cases, you may need to get the object that represents the impersonator
102-
user rather than the impersonated user. Use the following snippet to iterate
103-
over the user's roles until you find one that is a ``SwitchUserRole`` object::
106+
user rather than the impersonated user. When a user is impersonated the token
107+
stored in the token storage will be a ``SwitchUserToken`` instance. Use the
108+
following snippet to obtain the original token which gives you access to
109+
the impersonator user::
104110

105-
use Symfony\Component\Security\Core\Role\SwitchUserRole;
111+
use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken
106112
use Symfony\Component\Security\Core\Security;
107113
// ...
108114

@@ -119,14 +125,13 @@ over the user's roles until you find one that is a ``SwitchUserRole`` object::
119125
{
120126
// ...
121127

122-
if ($this->security->isGranted('ROLE_PREVIOUS_ADMIN')) {
123-
foreach ($this->security->getToken()->getRoles() as $role) {
124-
if ($role instanceof SwitchUserRole) {
125-
$impersonatorUser = $role->getSource()->getUser();
126-
break;
127-
}
128-
}
128+
$token = $this->security->getToken();
129+
130+
if ($token instanceof SwitchUserToken) {
131+
$impersonatorUser = $token->getOriginalToken()->getUser();
129132
}
133+
134+
// ...
130135
}
131136
}
132137

@@ -221,24 +226,17 @@ Create the voter class::
221226
}
222227

223228
if (in_array('ROLE_CUSTOMER', $subject->getRoles())
224-
&&$this->hasSwitchToCustomerRole($token)) {
229+
&&in_array('ROLE_SWITCH_TO_CUSTOMER', $token->getRoleNames(), true)) {
225230
return true;
226231
}
227232

228233
return false;
229234
}
235+
}
230236

231-
private function hasSwitchToCustomerRole(TokenInterface $token)
232-
{
233-
foreach ($token->getRoles() as $role) {
234-
if ($role->getRole() === 'ROLE_SWITCH_TO_CUSTOMER') {
235-
return true;
236-
}
237-
}
237+
..versionadded::4.3
238238

239-
return false;
240-
}
241-
}
239+
The ``getRoleNames()`` method was introduced in Symfony 4.3.
242240

243241
To enable the new voter in the app, register it as a service and
244242
:doc:`tag it</service_container/tags>` with the ``security.voter``

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp