…MEMBERED (HeahDude)This PR was merged into the 5.1-dev branch.Discussion----------[Security] Add IS_IMPERSONATOR, IS_ANONYMOUS and IS_REMEMBERED| Q             | A| ------------- | ---| Branch?       | master| Bug fix?      | no| New feature?  | yes| BC breaks?    | no| Deprecations? | yes| Tests pass?   | yes| Fixed tickets |#29848| License       | MIT| Doc PR        |symfony/symfony-docs#11487This continues work of@HeahDude and finally finishes one of the code PRs I've been working on during the ⭐️ EUFOSSA Hackathon.Changes---The PRs modifies some of the attributes used by the `AuthenticatedVoter`:* New `IS_IMPERSONATOR`, `IS_ANONYMOUS` and `IS_REMEMBERED` attributes are introduced to indicate the user either impersonated, anonymous or rembered.* <s>`IS_AUTHENTICATED_ANONYMOUSLY` actually meant "is authenticated, either anonymous or fully". As this is confusing, it is replaced by `IS_AUTHENTICATED`.</s>* <s>All `is_*()` functions in expressions are deprecated in favor of `is_granted('IS_*')`. It's not worth duplicating the `AuthenticatedVoter` logic in two places now we have shorter `IS_*` attributes</s>**Before**```phpif ($authorizationChecker->isGranted('ROLE_PREVIOUS_ADMIN')) {    // ...}```<s>```yamlsecurity:  # ...  access_control:    - { path: ^/protected, roles: 'IS_AUTHENTICATED_ANONYMOUSLY' }```</s>**After**```phpif ($authorizationChecker->isGranted('IS_IMPERSONATOR')) {    // ...}```<s>```yamlsecurity:  # ...  access_control:    - { path: ^/protected, roles: 'IS_AUTHENTICATED' }```</s><s>Discussion---The only thing I'm wondering is how we combine this with the `is_authenticated()` expression function:https://github.com/symfony/symfony/blob/98929dc2927c59ba3e36b5547f2eae6316aa4740/src/Symfony/Component/Security/Core/Authorization/ExpressionLanguageProvider.php#L33-L37As you can see, the `IS_AUTHENTICATED` attribute and `is_authenticated()` expression function do not have the same meaning. Should we somehow deprecate the current behavior of `is_authenticated()` or should we find another name for `IS_AUTHENTICATED` (that would be a shame imo).</s>Commits-------6c522a7 Added IS_ANONYMOUS, IS_REMEMBERED, IS_IMPERSONATOR

…MEMBERED (HeahDude)This PR was merged into the 5.1-dev branch.Discussion----------[Security] Add IS_IMPERSONATOR, IS_ANONYMOUS and IS_REMEMBERED| Q             | A| ------------- | ---| Branch?       | master| Bug fix?      | no| New feature?  | yes| BC breaks?    | no| Deprecations? | yes| Tests pass?   | yes| Fixed tickets |symfony/symfony#29848| License       | MIT| Doc PR        |symfony/symfony-docs#11487This continues work of@HeahDude and finally finishes one of the code PRs I've been working on during the ⭐️ EUFOSSA Hackathon.Changes---The PRs modifies some of the attributes used by the `AuthenticatedVoter`:* New `IS_IMPERSONATOR`, `IS_ANONYMOUS` and `IS_REMEMBERED` attributes are introduced to indicate the user either impersonated, anonymous or rembered.* <s>`IS_AUTHENTICATED_ANONYMOUSLY` actually meant "is authenticated, either anonymous or fully". As this is confusing, it is replaced by `IS_AUTHENTICATED`.</s>* <s>All `is_*()` functions in expressions are deprecated in favor of `is_granted('IS_*')`. It's not worth duplicating the `AuthenticatedVoter` logic in two places now we have shorter `IS_*` attributes</s>**Before**```phpif ($authorizationChecker->isGranted('ROLE_PREVIOUS_ADMIN')) {    // ...}```<s>```yamlsecurity:  # ...  access_control:    - { path: ^/protected, roles: 'IS_AUTHENTICATED_ANONYMOUSLY' }```</s>**After**```phpif ($authorizationChecker->isGranted('IS_IMPERSONATOR')) {    // ...}```<s>```yamlsecurity:  # ...  access_control:    - { path: ^/protected, roles: 'IS_AUTHENTICATED' }```</s><s>Discussion---The only thing I'm wondering is how we combine this with the `is_authenticated()` expression function:https://github.com/symfony/symfony/blob/98929dc2927c59ba3e36b5547f2eae6316aa4740/src/Symfony/Component/Security/Core/Authorization/ExpressionLanguageProvider.php#L33-L37As you can see, the `IS_AUTHENTICATED` attribute and `is_authenticated()` expression function do not have the same meaning. Should we somehow deprecate the current behavior of `is_authenticated()` or should we find another name for `IS_AUTHENTICATED` (that would be a shame imo).</s>Commits-------6c522a7d98 Added IS_ANONYMOUS, IS_REMEMBERED, IS_IMPERSONATOR

This PR was merged into the 5.1-dev branch.Discussion----------[Security] Deprecated ROLE_PREVIOUS_ADMIN| Q             | A| ------------- | ---| Branch?       | master| Bug fix?      | no| New feature?  | no| Deprecations? | yes| Tickets       | n/a| License       | MIT| Doc PR        |symfony/symfony-docs#11487`ROLE_PREVIOUS_ADMIN` is added to the token roles if the session is an impersonation. Since#31189 we have the `IS_IMPERSONATOR` attribute which can be used for the same reason. I propose to deprecate the `ROLE_PREVIOUS_ADMIN`:* This is not what roles are for ([resulting in hacking this exception in `AbstractToken`](https://github.com/symfony/symfony/blob/5.0/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php#L275-L277))* The role isn't very descriptive* I don't like having 2 ways of doing exactly the same thing* While every application with impersonation enabled probably needs to be updated, the update is as simple as replacing `ROLE_PREVIOUS_ADMIN` with `IS_IMPERSONATOR`: `find ./ -type f -exec sed -i 's/ROLE_PREVIOUS_ADMIN/IS_IMPERSONATOR/g' {} +`---I'm a bit unsure on how to deprecate this role, but I think having it in `RoleVoter` is probably the safest (`isGranted()` and variants + `AccessDecisionManager#decide()` all use this voter to check if the token has this role).Commits-------dce55f3 Deprecated ROLE_PREVIOUS_ADMIN

This PR was merged into the 5.1-dev branch.Discussion----------[Security] Deprecated ROLE_PREVIOUS_ADMIN| Q             | A| ------------- | ---| Branch?       | master| Bug fix?      | no| New feature?  | no| Deprecations? | yes| Tickets       | n/a| License       | MIT| Doc PR        |symfony/symfony-docs#11487`ROLE_PREVIOUS_ADMIN` is added to the token roles if the session is an impersonation. Sincesymfony/symfony#31189 we have the `IS_IMPERSONATOR` attribute which can be used for the same reason. I propose to deprecate the `ROLE_PREVIOUS_ADMIN`:* This is not what roles are for ([resulting in hacking this exception in `AbstractToken`](https://github.com/symfony/symfony/blob/5.0/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php#L275-L277))* The role isn't very descriptive* I don't like having 2 ways of doing exactly the same thing* While every application with impersonation enabled probably needs to be updated, the update is as simple as replacing `ROLE_PREVIOUS_ADMIN` with `IS_IMPERSONATOR`: `find ./ -type f -exec sed -i 's/ROLE_PREVIOUS_ADMIN/IS_IMPERSONATOR/g' {} +`---I'm a bit unsure on how to deprecate this role, but I think having it in `RoleVoter` is probably the safest (`isGranted()` and variants + `AccessDecisionManager#decide()` all use this voter to check if the token has this role).Commits-------dce55f352a Deprecated ROLE_PREVIOUS_ADMIN