[Security] Abstain vote for scalar values. #16558
Conversation
Avoids a PHP warning when a scalar value is passed to a voter.
|
IMO, this is not good: passing a scalar or an array is invalid. So it is fine if you get an error in such case |
|
Indeed, the method doc says that the 2nd argument If scalar are not supported by this method, the check should be done in the method signature (which is a big BC break) or inside the method. Relying on a function call inside the method to popup the error is not a good design. |
|
@GromNaN there are thousands of places in Symfony where we don't strictly validate the type of input to reject inputs which cannot be typehinted (this is the generic way when typehints cannot be used). |
|
This is not strictly related to this PR, But IMHO, the current limitation on object is not really valid. And so, I can create a new voter that will decide if the user is allowed to add the |
|
@lyrixx but changing this to accept any scalar or array is a BC break, as it means that any custom voter out there must now accept scalars and arrays and handle them properly |
Let's do that for symfony 4.0 so :/ |
|
I agree with @lyrixx. I used to implement some kind of voter to vote on a path to do something similar like that: But of course you can create a |
|
Should we create an issue about that? |
…r" (nicolas-grekas, lyrixx) This PR was merged into the 2.8 branch. Discussion ---------- [Security] Deprecate "AbstractVoter" in favor of "Voter" | Q | A | ------------- | --- | Bug fix? | yes | New feature? | yes | BC breaks? | no | Deprecations? | yes | Tests pass? | yes | Fixed tickets | #16556, #16558, #16554 | License | MIT | Doc PR | - Commits ------- fd8b87c [Security] Deprecate "AbstractVoter" in favor of "Voter" d3c6d93 [Security] Revert changes made between 2.7 and 2.8-beta
Avoids a PHP warning when a scalar value is passed to a voter extending the
AbstractVoter. The methodisGrantedreceives an object.