diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php index 972b4f8f90c91..2088dadfff322 100644 --- a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php +++ b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php @@ -157,7 +157,7 @@ private function configureDbalAclProvider(array $config, ContainerBuilder $conta */ private function createRoleHierarchy($config, ContainerBuilder $container) { - if (!isset($config['role_hierarchy'])) { + if (!isset($config['role_hierarchy']) || 0 === count($config['role_hierarchy'])) { $container->removeDefinition('security.access.role_hierarchy_voter'); return; diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php index 52db39200129c..a3c8962495bd1 100644 --- a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php +++ b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php @@ -94,6 +94,33 @@ public function testFirewallWithInvalidUserProvider() $container->compile(); } + public function testDisableRoleHierarchyVoter() + { + $container = $this->getRawContainer(); + + $container->loadFromExtension('security', array( + 'providers' => array( + 'default' => array('id' => 'foo'), + ), + + 'role_hierarchy' => null, + + 'firewalls' => array( + 'some_firewall' => array( + 'pattern' => '/.*', + 'http_basic' => null, + ), + ), + )); + + $container->compile(); + + $admDefinition = $container->getDefinition('security.access.decision_manager'); + $registeredVoters = array_map('strval', $admDefinition->getArgument(0)); + + $this->assertNotContains('security.access.role_hierarchy_voter', $registeredVoters); + } + protected function getRawContainer() { $container = new ContainerBuilder(); diff --git a/src/Symfony/Component/Security/Tests/Core/Authorization/Voter/RoleHierarchyVoterTest.php b/src/Symfony/Component/Security/Tests/Core/Authorization/Voter/RoleHierarchyVoterTest.php index a50fa791e053e..619a2cdc8e5fa 100644 --- a/src/Symfony/Component/Security/Tests/Core/Authorization/Voter/RoleHierarchyVoterTest.php +++ b/src/Symfony/Component/Security/Tests/Core/Authorization/Voter/RoleHierarchyVoterTest.php @@ -33,4 +33,19 @@ public function getVoteTests() array(array('ROLE_FOO'), array('ROLE_FOOBAR'), VoterInterface::ACCESS_GRANTED), )); } + + /** + * @dataProvider getVoteWithEmptyHierarchyTests + */ + public function testVoteWithEmptyHierarchy($roles, $attributes, $expected) + { + $voter = new RoleHierarchyVoter(new RoleHierarchy(array())); + + $this->assertSame($expected, $voter->vote($this->getToken($roles), null, $attributes)); + } + + public function getVoteWithEmptyHierarchyTests() + { + return parent::getVoteTests(); + } }