diff options
| author | Fabien Potencier <fabien.potencier@gmail.com> | 2016-10-05 18:44:51 -0700 |
|---|---|---|
| committer | Fabien Potencier <fabien.potencier@gmail.com> | 2016-10-05 18:44:51 -0700 |
| commit | 754974643b1a8b2f8ec632d35a08b72d777f1058 (patch) | |
| tree | 724ad3213cc14789e08ac0b122d1c1d574e6f738 | |
| parent | 746c83539164fd1ef644976c8dfda210dfa68fb5 (diff) | |
| parent | cfc6f8ea250bb58798145b68bece93ce20f4a8f4 (diff) | |
| download | symfony-security-754974643b1a8b2f8ec632d35a08b72d777f1058.zip symfony-security-754974643b1a8b2f8ec632d35a08b72d777f1058.tar.gz symfony-security-754974643b1a8b2f8ec632d35a08b72d777f1058.tar.bz2 | |
Merge branch '2.8' into 3.1v3.1.6
* 2.8:
[DependencyInjection] Add missing PHPDoc type
Correct a typo in the ReflectionExtractor's description
[HttpFoundation] JSONP callback validation
[Console] Improved the explanation of the hasOption() method
Uniformize exception vars according to our CS
add missing use statement
bug #18042 [Security] $attributes can be anything, but RoleVoter assumes strings
| -rw-r--r-- | Core/Authorization/Voter/RoleVoter.php | 7 | ||||
| -rw-r--r-- | Core/Tests/Authorization/Voter/RoleVoterTest.php | 6 |
2 files changed, 12 insertions, 1 deletions
diff --git a/Core/Authorization/Voter/RoleVoter.php b/Core/Authorization/Voter/RoleVoter.php index b017c81..d5f3176 100644 --- a/Core/Authorization/Voter/RoleVoter.php +++ b/Core/Authorization/Voter/RoleVoter.php @@ -12,6 +12,7 @@ namespace Symfony\Component\Security\Core\Authorization\Voter; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; +use Symfony\Component\Security\Core\Role\RoleInterface; /** * RoleVoter votes if any attribute starts with a given prefix. @@ -41,7 +42,11 @@ class RoleVoter implements VoterInterface $roles = $this->extractRoles($token); foreach ($attributes as $attribute) { - if (0 !== strpos($attribute, $this->prefix)) { + if ($attribute instanceof RoleInterface) { + $attribute = $attribute->getRole(); + } + + if (!is_string($attribute) || 0 !== strpos($attribute, $this->prefix)) { continue; } diff --git a/Core/Tests/Authorization/Voter/RoleVoterTest.php b/Core/Tests/Authorization/Voter/RoleVoterTest.php index 9982bdf..45535ca 100644 --- a/Core/Tests/Authorization/Voter/RoleVoterTest.php +++ b/Core/Tests/Authorization/Voter/RoleVoterTest.php @@ -36,6 +36,12 @@ class RoleVoterTest extends \PHPUnit_Framework_TestCase array(array('ROLE_FOO'), array('ROLE_FOO'), VoterInterface::ACCESS_GRANTED), array(array('ROLE_FOO'), array('FOO', 'ROLE_FOO'), VoterInterface::ACCESS_GRANTED), array(array('ROLE_BAR', 'ROLE_FOO'), array('ROLE_FOO'), VoterInterface::ACCESS_GRANTED), + + // Test mixed Types + array(array(), array(array()), VoterInterface::ACCESS_ABSTAIN), + array(array(), array(new \stdClass()), VoterInterface::ACCESS_ABSTAIN), + array(array('ROLE_BAR'), array(new Role('ROLE_BAR')), VoterInterface::ACCESS_GRANTED), + array(array('ROLE_BAR'), array(new Role('ROLE_FOO')), VoterInterface::ACCESS_DENIED), ); } |