diff options
| -rw-r--r-- | CHANGELOG.md | 5 | ||||
| -rw-r--r-- | Core/Authorization/AccessDecisionManager.php | 4 | ||||
| -rw-r--r-- | Core/Authorization/AccessDecisionManagerInterface.php | 4 | ||||
| -rw-r--r-- | Core/Authorization/Voter/AbstractVoter.php | 73 | ||||
| -rw-r--r-- | Core/Authorization/Voter/VoterInterface.php | 4 | ||||
| -rw-r--r-- | Core/Tests/Authorization/AccessDecisionManagerTest.php | 6 | ||||
| -rw-r--r-- | Core/Tests/Authorization/Voter/AbstractVoterTest.php | 72 | ||||
| -rw-r--r-- | Core/Tests/Authorization/Voter/LegacyAbstractVoterTest.php | 33 | ||||
| -rw-r--r-- | Tests/Core/Authentication/Voter/AbstractVoterTest.php | 122 |
9 files changed, 197 insertions, 126 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md index 0728da9..5e89a92 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,11 @@ CHANGELOG `Symfony\Component\Security\Http\Authentication\SimpleFormAuthenticatorInterface` instead * deprecated `Symfony\Component\Security\Core\Util\ClassUtils`, use `Symfony\Component\Security\Acl\Util\ClassUtils` instead + * deprecated `supportsAttribute()` and `supportsClass()` methods of + `Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface` and + `Symfony\Component\Security\Core\Authorization\Voter\VoterInterface`. + * deprecated `getSupportedAttributes()` and `getSupportedClasses()` methods of + `Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter`, use `supports()` instead. 2.7.0 ----- diff --git a/Core/Authorization/AccessDecisionManager.php b/Core/Authorization/AccessDecisionManager.php index e021cc7..ef942b8 100644 --- a/Core/Authorization/AccessDecisionManager.php +++ b/Core/Authorization/AccessDecisionManager.php @@ -77,6 +77,8 @@ class AccessDecisionManager implements AccessDecisionManagerInterface */ public function supportsAttribute($attribute) { + @trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.'); + foreach ($this->voters as $voter) { if ($voter->supportsAttribute($attribute)) { return true; @@ -91,6 +93,8 @@ class AccessDecisionManager implements AccessDecisionManagerInterface */ public function supportsClass($class) { + @trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.'); + foreach ($this->voters as $voter) { if ($voter->supportsClass($class)) { return true; diff --git a/Core/Authorization/AccessDecisionManagerInterface.php b/Core/Authorization/AccessDecisionManagerInterface.php index 16209ba..d18b5e3 100644 --- a/Core/Authorization/AccessDecisionManagerInterface.php +++ b/Core/Authorization/AccessDecisionManagerInterface.php @@ -37,6 +37,8 @@ interface AccessDecisionManagerInterface * @param string $attribute An attribute * * @return bool true if this decision manager supports the attribute, false otherwise + * + * @deprecated since version 2.8, to be removed in 3.0. */ public function supportsAttribute($attribute); @@ -46,6 +48,8 @@ interface AccessDecisionManagerInterface * @param string $class A class name * * @return true if this decision manager can process the class + * + * @deprecated since version 2.8, to be removed in 3.0. */ public function supportsClass($class); } diff --git a/Core/Authorization/Voter/AbstractVoter.php b/Core/Authorization/Voter/AbstractVoter.php index 6bbea36..2cafc5f 100644 --- a/Core/Authorization/Voter/AbstractVoter.php +++ b/Core/Authorization/Voter/AbstractVoter.php @@ -26,6 +26,8 @@ abstract class AbstractVoter implements VoterInterface */ public function supportsAttribute($attribute) { + @trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.'); + return in_array($attribute, $this->getSupportedAttributes()); } @@ -34,6 +36,8 @@ abstract class AbstractVoter implements VoterInterface */ public function supportsClass($class) { + @trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.'); + foreach ($this->getSupportedClasses() as $supportedClass) { if ($supportedClass === $class || is_subclass_of($class, $supportedClass)) { return true; @@ -58,12 +62,13 @@ abstract class AbstractVoter implements VoterInterface */ public function vote(TokenInterface $token, $object, array $attributes) { - if (!$object || !$this->supportsClass(get_class($object))) { + if (!$object) { return self::ACCESS_ABSTAIN; } // abstain vote by default in case none of the attributes are supported $vote = self::ACCESS_ABSTAIN; + $class = get_class($object); $reflector = new \ReflectionMethod($this, 'voteOnAttribute'); $isNewOverwritten = $reflector->getDeclaringClass()->getName() !== 'Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter'; @@ -72,7 +77,7 @@ abstract class AbstractVoter implements VoterInterface } foreach ($attributes as $attribute) { - if (!$this->supportsAttribute($attribute)) { + if (!$this->supports($attribute, $class)) { continue; } @@ -96,18 +101,78 @@ abstract class AbstractVoter implements VoterInterface } /** + * Determines if the attribute and class are supported by this voter. + * + * To determine if the passed class is instance of the supported class, the + * isClassInstanceOf() method can be used. + * + * This method will become abstract in 3.0. + * + * @param string $attribute An attribute + * @param string $class The fully qualified class name of the passed object + * + * @return bool True if the attribute and class is supported, false otherwise + */ + protected function supports($attribute, $class) + { + @trigger_error('The getSupportedClasses and getSupportedAttributes methods are deprecated since version 2.8 and will be removed in version 3.0. Overwrite supports instead.'); + + $classIsSupported = false; + foreach ($this->getSupportedClasses() as $supportedClass) { + if ($this->isClassInstanceOf($class, $supportedClass)) { + $classIsSupported = true; + break; + } + } + + if (!$classIsSupported) { + return false; + } + + if (!in_array($attribute, $this->getSupportedAttributes())) { + return false; + } + + return true; + } + + /** + * A helper method to test if the actual class is instanceof or equal + * to the expected class. + * + * @param string $actualClass The actual class name + * @param string $expectedClass The expected class name + * + * @return bool + */ + protected function isClassInstanceOf($actualClass, $expectedClass) + { + return $expectedClass === $actualClass || is_subclass_of($actualClass, $expectedClass); + } + + /** * Return an array of supported classes. This will be called by supportsClass. * * @return array an array of supported classes, i.e. array('Acme\DemoBundle\Model\Product') + * + * @deprecated since version 2.8, to be removed in 3.0. Use supports() instead. */ - abstract protected function getSupportedClasses(); + protected function getSupportedClasses() + { + @trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.'); + } /** * Return an array of supported attributes. This will be called by supportsAttribute. * * @return array an array of supported attributes, i.e. array('CREATE', 'READ') + * + * @deprecated since version 2.8, to be removed in 3.0. Use supports() instead. */ - abstract protected function getSupportedAttributes(); + protected function getSupportedAttributes() + { + @trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.'); + } /** * Perform a single access check operation on a given attribute, object and (optionally) user diff --git a/Core/Authorization/Voter/VoterInterface.php b/Core/Authorization/Voter/VoterInterface.php index d00ff1c..7e243f9 100644 --- a/Core/Authorization/Voter/VoterInterface.php +++ b/Core/Authorization/Voter/VoterInterface.php @@ -30,6 +30,8 @@ interface VoterInterface * @param string $attribute An attribute * * @return bool true if this Voter supports the attribute, false otherwise + * + * @deprecated since version 2.8, to be removed in 3.0. */ public function supportsAttribute($attribute); @@ -39,6 +41,8 @@ interface VoterInterface * @param string $class A class name * * @return bool true if this Voter can process the class + * + * @deprecated since version 2.8, to be removed in 3.0. */ public function supportsClass($class); diff --git a/Core/Tests/Authorization/AccessDecisionManagerTest.php b/Core/Tests/Authorization/AccessDecisionManagerTest.php index bd876c7..08bbc58 100644 --- a/Core/Tests/Authorization/AccessDecisionManagerTest.php +++ b/Core/Tests/Authorization/AccessDecisionManagerTest.php @@ -16,6 +16,9 @@ use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface; class AccessDecisionManagerTest extends \PHPUnit_Framework_TestCase { + /** + * @group legacy + */ public function testSupportsClass() { $manager = new AccessDecisionManager(array( @@ -31,6 +34,9 @@ class AccessDecisionManagerTest extends \PHPUnit_Framework_TestCase $this->assertFalse($manager->supportsClass('FooClass')); } + /** + * @group legacy + */ public function testSupportsAttribute() { $manager = new AccessDecisionManager(array( diff --git a/Core/Tests/Authorization/Voter/AbstractVoterTest.php b/Core/Tests/Authorization/Voter/AbstractVoterTest.php new file mode 100644 index 0000000..23ac6db --- /dev/null +++ b/Core/Tests/Authorization/Voter/AbstractVoterTest.php @@ -0,0 +1,72 @@ +<?php + +namespace Symfony\Component\Security\Core\Tests\Authorization\Voter; + +use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; +use Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter; +use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface; + +class AbstractVoterTest_Voter extends AbstractVoter +{ + protected function voteOnAttribute($attribute, $object, TokenInterface $token) + { + return 'EDIT' === $attribute; + } + + protected function supports($attribute, $class) + { + return $this->isClassInstanceOf($class, 'AbstractVoterTest_Object') + && in_array($attribute, array('EDIT', 'CREATE')); + } +} + +class AbstractVoterTest extends \PHPUnit_Framework_TestCase +{ + protected $voter; + protected $object; + protected $token; + + protected function setUp() + { + $this->voter = new AbstractVoterTest_Voter(); + $this->object = $this->getMock('AbstractVoterTest_Object'); + $this->token = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'); + } + + public function testAttributeAndClassSupported() + { + $this->assertEquals(VoterInterface::ACCESS_GRANTED, $this->voter->vote($this->token, $this->object, array('EDIT')), 'ACCESS_GRANTED if attribute grants access'); + $this->assertEquals(VoterInterface::ACCESS_DENIED, $this->voter->vote($this->token, $this->object, array('CREATE')), 'ACESS_DENIED if attribute denies access'); + } + + public function testOneAttributeSupported() + { + $this->assertEquals(VoterInterface::ACCESS_GRANTED, $this->voter->vote($this->token, $this->object, array('DELETE', 'EDIT')), 'ACCESS_GRANTED if supported attribute grants access'); + $this->assertEquals(VoterInterface::ACCESS_DENIED, $this->voter->vote($this->token, $this->object, array('DELETE', 'CREATE')), 'ACCESS_DENIED if supported attribute denies access'); + } + + public function testOneAttributeGrantsAccess() + { + $this->assertEquals(VoterInterface::ACCESS_GRANTED, $this->voter->vote($this->token, $this->object, array('CREATE', 'EDIT')), 'ACCESS_GRANTED'); + } + + public function testNoAttributeSupported() + { + $this->assertEquals(VoterInterface::ACCESS_ABSTAIN, $this->voter->vote($this->token, $this->object, array('DELETE')), 'ACCESS_ABSTAIN'); + } + + public function testClassNotSupported() + { + $this->assertEquals(VoterInterface::ACCESS_ABSTAIN, $this->voter->vote($this->token, $this->getMock('AbstractVoterTest_Object1'), array('EDIT')), 'ACCESS_ABSTAIN'); + } + + public function testNullObject() + { + $this->assertEquals(VoterInterface::ACCESS_ABSTAIN, $this->voter->vote($this->token, null, array('EDIT')), 'ACCESS_ABSTAIN'); + } + + public function testNoAttributes() + { + $this->assertEquals(VoterInterface::ACCESS_ABSTAIN, $this->voter->vote($this->token, $this->object, array()), 'ACCESS_ABSTAIN'); + } +} diff --git a/Core/Tests/Authorization/Voter/LegacyAbstractVoterTest.php b/Core/Tests/Authorization/Voter/LegacyAbstractVoterTest.php new file mode 100644 index 0000000..3a0cf1e --- /dev/null +++ b/Core/Tests/Authorization/Voter/LegacyAbstractVoterTest.php @@ -0,0 +1,33 @@ +<?php + +namespace Symfony\Component\Security\Core\Tests\Authorization\Voter; + +use Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter; + +class LegacyAbstractVoterTest_Voter extends AbstractVoter +{ + protected function getSupportedClasses() + { + return array('AbstractVoterTest_Object'); + } + + protected function getSupportedAttributes() + { + return array('EDIT', 'CREATE'); + } + + protected function isGranted($attribute, $object, $user = null) + { + return 'EDIT' === $attribute; + } +} + +class LegacyAbstractVoterTest extends AbstractVoterTest +{ + protected function setUp() + { + parent::setUp(); + + $this->voter = new LegacyAbstractVoterTest_Voter(); + } +} diff --git a/Tests/Core/Authentication/Voter/AbstractVoterTest.php b/Tests/Core/Authentication/Voter/AbstractVoterTest.php deleted file mode 100644 index ecf82fb..0000000 --- a/Tests/Core/Authentication/Voter/AbstractVoterTest.php +++ /dev/null @@ -1,122 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Tests\Core\Authentication\Voter; - -use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; -use Symfony\Component\Security\Core\Authorization\Voter\AbstractVoter; - -/** - * @author Roman Marintšenko <inoryy@gmail.com> - */ -class AbstractVoterTest extends \PHPUnit_Framework_TestCase -{ - /** - * @var AbstractVoter - */ - private $voter; - - private $token; - - protected function setUp() - { - $this->voter = new VoterFixture(); - - $tokenMock = $this->getMock('Symfony\Component\Security\Core\Authentication\Token\TokenInterface'); - $tokenMock - ->expects($this->any()) - ->method('getUser') - ->will($this->returnValue('user')); - - $this->token = $tokenMock; - } - - /** - * @dataProvider getData - */ - public function testVote($expectedVote, $object, $attributes, $message) - { - $this->assertEquals($expectedVote, $this->voter->vote($this->token, $object, $attributes), $message); - } - - /** - * @dataProvider getData - * @group legacy - */ - public function testVoteUsingDeprecatedIsGranted($expectedVote, $object, $attributes, $message) - { - $voter = new DeprecatedVoterFixture(); - - $this->assertEquals($expectedVote, $voter->vote($this->token, $object, $attributes), $message); - } - - public function getData() - { - return array( - array(AbstractVoter::ACCESS_ABSTAIN, null, array(), 'ACCESS_ABSTAIN for null objects'), - array(AbstractVoter::ACCESS_ABSTAIN, new UnsupportedObjectFixture(), array(), 'ACCESS_ABSTAIN for objects with unsupported class'), - array(AbstractVoter::ACCESS_ABSTAIN, new ObjectFixture(), array(), 'ACCESS_ABSTAIN for no attributes'), - array(AbstractVoter::ACCESS_ABSTAIN, new ObjectFixture(), array('foobar'), 'ACCESS_ABSTAIN for unsupported attributes'), - array(AbstractVoter::ACCESS_GRANTED, new ObjectFixture(), array('foo'), 'ACCESS_GRANTED if attribute grants access'), - array(AbstractVoter::ACCESS_GRANTED, new ObjectFixture(), array('bar', 'foo'), 'ACCESS_GRANTED if *at least one* attribute grants access'), - array(AbstractVoter::ACCESS_GRANTED, new ObjectFixture(), array('foobar', 'foo'), 'ACCESS_GRANTED if *at least one* attribute grants access'), - array(AbstractVoter::ACCESS_DENIED, new ObjectFixture(), array('bar', 'baz'), 'ACCESS_DENIED for if no attribute grants access'), - ); - } -} - -class VoterFixture extends AbstractVoter -{ - protected function getSupportedClasses() - { - return array( - 'Symfony\Component\Security\Tests\Core\Authentication\Voter\ObjectFixture', - ); - } - - protected function getSupportedAttributes() - { - return array('foo', 'bar', 'baz'); - } - - protected function voteOnAttribute($attribute, $object, TokenInterface $token) - { - return $attribute === 'foo'; - } -} - -class DeprecatedVoterFixture extends AbstractVoter -{ - protected function getSupportedClasses() - { - return array( - 'Symfony\Component\Security\Tests\Core\Authentication\Voter\ObjectFixture', - ); - } - - protected function getSupportedAttributes() - { - return array('foo', 'bar', 'baz'); - } - - protected function isGranted($attribute, $object, $user = null) - { - return $attribute === 'foo'; - } -} - -class ObjectFixture -{ -} - -class UnsupportedObjectFixture -{ -} |