[Security] Deprecated supportsAttribute and supportsClass methods

4 files changed, 81 insertions, 4 deletions

diff --git a/Core/Authorization/AccessDecisionManager.php b/Core/Authorization/AccessDecisionManager.php
index e021cc7..ef942b8 100644
--- a/Core/Authorization/AccessDecisionManager.php
+++ b/Core/Authorization/AccessDecisionManager.php
@@ -77,6 +77,8 @@ class AccessDecisionManager implements AccessDecisionManagerInterface
      */
     public function supportsAttribute($attribute)
     {
+        @trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.');
+
         foreach ($this->voters as $voter) {
             if ($voter->supportsAttribute($attribute)) {
                 return true;
@@ -91,6 +93,8 @@ class AccessDecisionManager implements AccessDecisionManagerInterface
      */
     public function supportsClass($class)
     {
+        @trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.');
+
         foreach ($this->voters as $voter) {
             if ($voter->supportsClass($class)) {
                 return true;
diff --git a/Core/Authorization/AccessDecisionManagerInterface.php b/Core/Authorization/AccessDecisionManagerInterface.php
index 16209ba..d18b5e3 100644
--- a/Core/Authorization/AccessDecisionManagerInterface.php
+++ b/Core/Authorization/AccessDecisionManagerInterface.php
@@ -37,6 +37,8 @@ interface AccessDecisionManagerInterface
      * @param string $attribute An attribute
      *
      * @return bool true if this decision manager supports the attribute, false otherwise
+     *
+     * @deprecated since version 2.8, to be removed in 3.0.
      */
     public function supportsAttribute($attribute);
 
@@ -46,6 +48,8 @@ interface AccessDecisionManagerInterface
      * @param string $class A class name
      *
      * @return true if this decision manager can process the class
+     *
+     * @deprecated since version 2.8, to be removed in 3.0.
      */
     public function supportsClass($class);
 }
diff --git a/Core/Authorization/Voter/AbstractVoter.php b/Core/Authorization/Voter/AbstractVoter.php
index 6bbea36..2cafc5f 100644
--- a/Core/Authorization/Voter/AbstractVoter.php
+++ b/Core/Authorization/Voter/AbstractVoter.php
@@ -26,6 +26,8 @@ abstract class AbstractVoter implements VoterInterface
      */
     public function supportsAttribute($attribute)
     {
+        @trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.');
+
         return in_array($attribute, $this->getSupportedAttributes());
     }
 
@@ -34,6 +36,8 @@ abstract class AbstractVoter implements VoterInterface
      */
     public function supportsClass($class)
     {
+        @trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.');
+
         foreach ($this->getSupportedClasses() as $supportedClass) {
             if ($supportedClass === $class || is_subclass_of($class, $supportedClass)) {
                 return true;
@@ -58,12 +62,13 @@ abstract class AbstractVoter implements VoterInterface
      */
     public function vote(TokenInterface $token, $object, array $attributes)
     {
-        if (!$object || !$this->supportsClass(get_class($object))) {
+        if (!$object) {
             return self::ACCESS_ABSTAIN;
         }
 
         // abstain vote by default in case none of the attributes are supported
         $vote = self::ACCESS_ABSTAIN;
+        $class = get_class($object);
 
         $reflector = new \ReflectionMethod($this, 'voteOnAttribute');
         $isNewOverwritten = $reflector->getDeclaringClass()->getName() !== 'Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter';
@@ -72,7 +77,7 @@ abstract class AbstractVoter implements VoterInterface
         }
 
         foreach ($attributes as $attribute) {
-            if (!$this->supportsAttribute($attribute)) {
+            if (!$this->supports($attribute, $class)) {
                 continue;
             }
 
@@ -96,18 +101,78 @@ abstract class AbstractVoter implements VoterInterface
     }
 
     /**
+     * Determines if the attribute and class are supported by this voter.
+     *
+     * To determine if the passed class is instance of the supported class, the
+     * isClassInstanceOf() method can be used.
+     *
+     * This method will become abstract in 3.0.
+     *
+     * @param string $attribute An attribute
+     * @param string $class     The fully qualified class name of the passed object
+     *
+     * @return bool True if the attribute and class is supported, false otherwise
+     */
+    protected function supports($attribute, $class)
+    {
+        @trigger_error('The getSupportedClasses and getSupportedAttributes methods are deprecated since version 2.8 and will be removed in version 3.0. Overwrite supports instead.');
+
+        $classIsSupported = false;
+        foreach ($this->getSupportedClasses() as $supportedClass) {
+            if ($this->isClassInstanceOf($class, $supportedClass)) {
+                $classIsSupported = true;
+                break;
+            }
+        }
+
+        if (!$classIsSupported) {
+            return false;
+        }
+
+        if (!in_array($attribute, $this->getSupportedAttributes())) {
+            return false;
+        }
+
+        return true;
+    }
+
+    /**
+     * A helper method to test if the actual class is instanceof or equal
+     * to the expected class.
+     *
+     * @param string $actualClass   The actual class name
+     * @param string $expectedClass The expected class name
+     *
+     * @return bool
+     */
+    protected function isClassInstanceOf($actualClass, $expectedClass)
+    {
+        return $expectedClass === $actualClass || is_subclass_of($actualClass, $expectedClass);
+    }
+
+    /**
      * Return an array of supported classes. This will be called by supportsClass.
      *
      * @return array an array of supported classes, i.e. array('Acme\DemoBundle\Model\Product')
+     *
+     * @deprecated since version 2.8, to be removed in 3.0. Use supports() instead.
      */
-    abstract protected function getSupportedClasses();
+    protected function getSupportedClasses()
+    {
+        @trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.');
+    }
 
     /**
      * Return an array of supported attributes. This will be called by supportsAttribute.
      *
      * @return array an array of supported attributes, i.e. array('CREATE', 'READ')
+     *
+     * @deprecated since version 2.8, to be removed in 3.0. Use supports() instead.
      */
-    abstract protected function getSupportedAttributes();
+    protected function getSupportedAttributes()
+    {
+        @trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.');
+    }
 
     /**
      * Perform a single access check operation on a given attribute, object and (optionally) user
diff --git a/Core/Authorization/Voter/VoterInterface.php b/Core/Authorization/Voter/VoterInterface.php
index d00ff1c..7e243f9 100644
--- a/Core/Authorization/Voter/VoterInterface.php
+++ b/Core/Authorization/Voter/VoterInterface.php
@@ -30,6 +30,8 @@ interface VoterInterface
      * @param string $attribute An attribute
      *
      * @return bool true if this Voter supports the attribute, false otherwise
+     *
+     * @deprecated since version 2.8, to be removed in 3.0.
      */
     public function supportsAttribute($attribute);
 
@@ -39,6 +41,8 @@ interface VoterInterface
      * @param string $class A class name
      *
      * @return bool true if this Voter can process the class
+     *
+     * @deprecated since version 2.8, to be removed in 3.0.
      */
     public function supportsClass($class);