diff options
Diffstat (limited to 'Core/Authorization')
| -rw-r--r-- | Core/Authorization/AccessDecisionManager.php | 32 | ||||
| -rw-r--r-- | Core/Authorization/AccessDecisionManagerInterface.php | 22 | ||||
| -rw-r--r-- | Core/Authorization/Voter/AbstractVoter.php | 117 | ||||
| -rw-r--r-- | Core/Authorization/Voter/AuthenticatedVoter.php | 22 | ||||
| -rw-r--r-- | Core/Authorization/Voter/ExpressionVoter.php | 32 | ||||
| -rw-r--r-- | Core/Authorization/Voter/RoleVoter.php | 20 | ||||
| -rw-r--r-- | Core/Authorization/Voter/Voter.php | 22 | ||||
| -rw-r--r-- | Core/Authorization/Voter/VoterInterface.php | 26 |
8 files changed, 19 insertions, 274 deletions
diff --git a/Core/Authorization/AccessDecisionManager.php b/Core/Authorization/AccessDecisionManager.php index 7cefef1..e40d906 100644 --- a/Core/Authorization/AccessDecisionManager.php +++ b/Core/Authorization/AccessDecisionManager.php @@ -73,38 +73,6 @@ class AccessDecisionManager implements AccessDecisionManagerInterface } /** - * {@inheritdoc} - */ - public function supportsAttribute($attribute) - { - @trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.', E_USER_DEPRECATED); - - foreach ($this->voters as $voter) { - if ($voter->supportsAttribute($attribute)) { - return true; - } - } - - return false; - } - - /** - * {@inheritdoc} - */ - public function supportsClass($class) - { - @trigger_error('The '.__METHOD__.' is deprecated since version 2.8 and will be removed in version 3.0.', E_USER_DEPRECATED); - - foreach ($this->voters as $voter) { - if ($voter->supportsClass($class)) { - return true; - } - } - - return false; - } - - /** * Grants access if any voter returns an affirmative response. * * If all voters abstained from voting, the decision will be based on the diff --git a/Core/Authorization/AccessDecisionManagerInterface.php b/Core/Authorization/AccessDecisionManagerInterface.php index d18b5e3..723ef19 100644 --- a/Core/Authorization/AccessDecisionManagerInterface.php +++ b/Core/Authorization/AccessDecisionManagerInterface.php @@ -30,26 +30,4 @@ interface AccessDecisionManagerInterface * @return bool true if the access is granted, false otherwise */ public function decide(TokenInterface $token, array $attributes, $object = null); - - /** - * Checks if the access decision manager supports the given attribute. - * - * @param string $attribute An attribute - * - * @return bool true if this decision manager supports the attribute, false otherwise - * - * @deprecated since version 2.8, to be removed in 3.0. - */ - public function supportsAttribute($attribute); - - /** - * Checks if the access decision manager supports the given class. - * - * @param string $class A class name - * - * @return true if this decision manager can process the class - * - * @deprecated since version 2.8, to be removed in 3.0. - */ - public function supportsClass($class); } diff --git a/Core/Authorization/Voter/AbstractVoter.php b/Core/Authorization/Voter/AbstractVoter.php deleted file mode 100644 index 5dcf787..0000000 --- a/Core/Authorization/Voter/AbstractVoter.php +++ /dev/null @@ -1,117 +0,0 @@ -<?php - -/* - * This file is part of the Symfony package. - * - * (c) Fabien Potencier <fabien@symfony.com> - * - * For the full copyright and license information, please view the LICENSE - * file that was distributed with this source code. - */ - -namespace Symfony\Component\Security\Core\Authorization\Voter; - -@trigger_error('The '.__NAMESPACE__.'\AbstractVoter class is deprecated since version 2.8, to be removed in 3.0. Upgrade to Symfony\Component\Security\Core\Authorization\Voter\Voter instead.', E_USER_DEPRECATED); - -use Symfony\Component\Security\Core\User\UserInterface; -use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; - -/** - * Abstract Voter implementation that reduces boilerplate code required to create a custom Voter. - * - * @author Roman Marintšenko <inoryy@gmail.com> - * - * @deprecated since version 2.8, to be removed in 3.0. Upgrade to Symfony\Component\Security\Core\Authorization\Voter\Voter instead. - */ -abstract class AbstractVoter implements VoterInterface -{ - /** - * {@inheritdoc} - */ - public function supportsAttribute($attribute) - { - return in_array($attribute, $this->getSupportedAttributes()); - } - - /** - * {@inheritdoc} - */ - public function supportsClass($class) - { - foreach ($this->getSupportedClasses() as $supportedClass) { - if ($supportedClass === $class || is_subclass_of($class, $supportedClass)) { - return true; - } - } - - return false; - } - - /** - * Iteratively check all given attributes by calling isGranted. - * - * This method terminates as soon as it is able to return ACCESS_GRANTED - * If at least one attribute is supported, but access not granted, then ACCESS_DENIED is returned - * Otherwise it will return ACCESS_ABSTAIN - * - * @param TokenInterface $token A TokenInterface instance - * @param object $object The object to secure - * @param array $attributes An array of attributes associated with the method being invoked - * - * @return int either ACCESS_GRANTED, ACCESS_ABSTAIN, or ACCESS_DENIED - */ - public function vote(TokenInterface $token, $object, array $attributes) - { - if (!$object || !$this->supportsClass(get_class($object))) { - return self::ACCESS_ABSTAIN; - } - - // abstain vote by default in case none of the attributes are supported - $vote = self::ACCESS_ABSTAIN; - - foreach ($attributes as $attribute) { - if (!$this->supportsAttribute($attribute)) { - continue; - } - - // as soon as at least one attribute is supported, default is to deny access - $vote = self::ACCESS_DENIED; - - if ($this->isGranted($attribute, $object, $token->getUser())) { - // grant access as soon as at least one voter returns a positive response - return self::ACCESS_GRANTED; - } - } - - return $vote; - } - - /** - * Return an array of supported classes. This will be called by supportsClass. - * - * @return array an array of supported classes, i.e. array('Acme\DemoBundle\Model\Product') - */ - abstract protected function getSupportedClasses(); - - /** - * Return an array of supported attributes. This will be called by supportsAttribute. - * - * @return array an array of supported attributes, i.e. array('CREATE', 'READ') - */ - abstract protected function getSupportedAttributes(); - - /** - * Perform a single access check operation on a given attribute, object and (optionally) user - * It is safe to assume that $attribute and $object's class pass supportsAttribute/supportsClass - * $user can be one of the following: - * a UserInterface object (fully authenticated user) - * a string (anonymously authenticated user). - * - * @param string $attribute - * @param object $object - * @param UserInterface|string $user - * - * @return bool - */ - abstract protected function isGranted($attribute, $object, $user = null); -} diff --git a/Core/Authorization/Voter/AuthenticatedVoter.php b/Core/Authorization/Voter/AuthenticatedVoter.php index 5847e0d..dc1407b 100644 --- a/Core/Authorization/Voter/AuthenticatedVoter.php +++ b/Core/Authorization/Voter/AuthenticatedVoter.php @@ -44,27 +44,13 @@ class AuthenticatedVoter implements VoterInterface /** * {@inheritdoc} */ - public function supportsAttribute($attribute) - { - return null !== $attribute && (self::IS_AUTHENTICATED_FULLY === $attribute || self::IS_AUTHENTICATED_REMEMBERED === $attribute || self::IS_AUTHENTICATED_ANONYMOUSLY === $attribute); - } - - /** - * {@inheritdoc} - */ - public function supportsClass($class) - { - return true; - } - - /** - * {@inheritdoc} - */ - public function vote(TokenInterface $token, $object, array $attributes) + public function vote(TokenInterface $token, $subject, array $attributes) { $result = VoterInterface::ACCESS_ABSTAIN; foreach ($attributes as $attribute) { - if (!$this->supportsAttribute($attribute)) { + if (null === $attribute || (self::IS_AUTHENTICATED_FULLY !== $attribute + && self::IS_AUTHENTICATED_REMEMBERED !== $attribute + && self::IS_AUTHENTICATED_ANONYMOUSLY !== $attribute)) { continue; } diff --git a/Core/Authorization/Voter/ExpressionVoter.php b/Core/Authorization/Voter/ExpressionVoter.php index 96a7ece..5fd8b83 100644 --- a/Core/Authorization/Voter/ExpressionVoter.php +++ b/Core/Authorization/Voter/ExpressionVoter.php @@ -52,33 +52,17 @@ class ExpressionVoter implements VoterInterface /** * {@inheritdoc} */ - public function supportsAttribute($attribute) - { - return $attribute instanceof Expression; - } - - /** - * {@inheritdoc} - */ - public function supportsClass($class) - { - return true; - } - - /** - * {@inheritdoc} - */ - public function vote(TokenInterface $token, $object, array $attributes) + public function vote(TokenInterface $token, $subject, array $attributes) { $result = VoterInterface::ACCESS_ABSTAIN; $variables = null; foreach ($attributes as $attribute) { - if (!$this->supportsAttribute($attribute)) { + if (!$attribute instanceof Expression) { continue; } if (null === $variables) { - $variables = $this->getVariables($token, $object); + $variables = $this->getVariables($token, $subject); } $result = VoterInterface::ACCESS_DENIED; @@ -90,7 +74,7 @@ class ExpressionVoter implements VoterInterface return $result; } - private function getVariables(TokenInterface $token, $object) + private function getVariables(TokenInterface $token, $subject) { if (null !== $this->roleHierarchy) { $roles = $this->roleHierarchy->getReachableRoles($token->getRoles()); @@ -101,8 +85,8 @@ class ExpressionVoter implements VoterInterface $variables = array( 'token' => $token, 'user' => $token->getUser(), - 'object' => $object, - 'subject' => $object, + 'object' => $subject, + 'subject' => $subject, 'roles' => array_map(function ($role) { return $role->getRole(); }, $roles), 'trust_resolver' => $this->trustResolver, ); @@ -110,8 +94,8 @@ class ExpressionVoter implements VoterInterface // this is mainly to propose a better experience when the expression is used // in an access control rule, as the developer does not know that it's going // to be handled by this voter - if ($object instanceof Request) { - $variables['request'] = $object; + if ($subject instanceof Request) { + $variables['request'] = $subject; } return $variables; diff --git a/Core/Authorization/Voter/RoleVoter.php b/Core/Authorization/Voter/RoleVoter.php index 722675d..b017c81 100644 --- a/Core/Authorization/Voter/RoleVoter.php +++ b/Core/Authorization/Voter/RoleVoter.php @@ -35,29 +35,13 @@ class RoleVoter implements VoterInterface /** * {@inheritdoc} */ - public function supportsAttribute($attribute) - { - return 0 === strpos($attribute, $this->prefix); - } - - /** - * {@inheritdoc} - */ - public function supportsClass($class) - { - return true; - } - - /** - * {@inheritdoc} - */ - public function vote(TokenInterface $token, $object, array $attributes) + public function vote(TokenInterface $token, $subject, array $attributes) { $result = VoterInterface::ACCESS_ABSTAIN; $roles = $this->extractRoles($token); foreach ($attributes as $attribute) { - if (!$this->supportsAttribute($attribute)) { + if (0 !== strpos($attribute, $this->prefix)) { continue; } diff --git a/Core/Authorization/Voter/Voter.php b/Core/Authorization/Voter/Voter.php index 8d36fd8..ba4d6af 100644 --- a/Core/Authorization/Voter/Voter.php +++ b/Core/Authorization/Voter/Voter.php @@ -24,36 +24,20 @@ abstract class Voter implements VoterInterface /** * {@inheritdoc} */ - public function supportsAttribute($attribute) - { - throw new \BadMethodCallException('supportsAttribute method is deprecated since version 2.8, to be removed in 3.0'); - } - - /** - * {@inheritdoc} - */ - public function supportsClass($class) - { - throw new \BadMethodCallException('supportsClass method is deprecated since version 2.8, to be removed in 3.0'); - } - - /** - * {@inheritdoc} - */ - public function vote(TokenInterface $token, $object, array $attributes) + public function vote(TokenInterface $token, $subject, array $attributes) { // abstain vote by default in case none of the attributes are supported $vote = self::ACCESS_ABSTAIN; foreach ($attributes as $attribute) { - if (!$this->supports($attribute, $object)) { + if (!$this->supports($attribute, $subject)) { continue; } // as soon as at least one attribute is supported, default is to deny access $vote = self::ACCESS_DENIED; - if ($this->voteOnAttribute($attribute, $object, $token)) { + if ($this->voteOnAttribute($attribute, $subject, $token)) { // grant access as soon as at least one attribute returns a positive response return self::ACCESS_GRANTED; } diff --git a/Core/Authorization/Voter/VoterInterface.php b/Core/Authorization/Voter/VoterInterface.php index 91ddc1f..4bb7367 100644 --- a/Core/Authorization/Voter/VoterInterface.php +++ b/Core/Authorization/Voter/VoterInterface.php @@ -25,38 +25,16 @@ interface VoterInterface const ACCESS_DENIED = -1; /** - * Checks if the voter supports the given attribute. - * - * @param mixed $attribute An attribute (usually the attribute name string) - * - * @return bool true if this Voter supports the attribute, false otherwise - * - * @deprecated since version 2.8, to be removed in 3.0. - */ - public function supportsAttribute($attribute); - - /** - * Checks if the voter supports the given class. - * - * @param string $class A class name - * - * @return bool true if this Voter can process the class - * - * @deprecated since version 2.8, to be removed in 3.0. - */ - public function supportsClass($class); - - /** * Returns the vote for the given parameters. * * This method must return one of the following constants: * ACCESS_GRANTED, ACCESS_DENIED, or ACCESS_ABSTAIN. * * @param TokenInterface $token A TokenInterface instance - * @param object|null $object The object to secure + * @param mixed $subject The subject to secure * @param array $attributes An array of attributes associated with the method being invoked * * @return int either ACCESS_GRANTED, ACCESS_ABSTAIN, or ACCESS_DENIED */ - public function vote(TokenInterface $token, $object, array $attributes); + public function vote(TokenInterface $token, $subject, array $attributes); } |