[Security] allow arbitrary types in VoterInterface::vote() #16754
Conversation
xabbuh
commented
Nov 30, 2015
| Q | A |
|---|---|
| Bug fix? | no |
| New feature? | yes |
| BC breaks? | yes |
| Deprecations? | no |
| Tests pass? | yes |
| Fixed tickets | #16600 |
| License | MIT |
| Doc PR | TODO |
| @@ -85,7 +85,7 @@ private function getVariables(TokenInterface $token, $object) | |||
| $variables = array( | |||
| 'token' => $token, | |||
| 'user' => $token->getUser(), | |||
| 'object' => $object, | |||
| 'object' => $subject, | |||
There was a problem hiding this comment.
The object variable should probably be renamed to subject too. But that should be done in 2.8 and we should throw a deprecation when accessing object. Would that actually be possible?
There was a problem hiding this comment.
Adding subject along side object in 2.8 is a good idea. Throwing a deprecation notice is possible, but not trivial.
There was a problem hiding this comment.
Okay, renamed object to subject here and introduced a new subject variable in #16755.
| @@ -31,10 +31,10 @@ | |||
| * ACCESS_GRANTED, ACCESS_DENIED, or ACCESS_ABSTAIN. | |||
| * | |||
| * @param TokenInterface $token A TokenInterface instance | |||
| * @param object|null $object The object to secure | |||
| * @param mixed $subject The subject to secure | |||
There was a problem hiding this comment.
this is a BC break for existing voters, as they must now be written in a way accepting any kind of value here, not just object|null. So if we do it, we must document it as a BC break.
There was a problem hiding this comment.
Yes, that BC break is intended so that the interface actually allows to be used like the new Voter class introduced in 2.8.
There was a problem hiding this comment.
and by the way, it's added to the upgrade file
|
Thank you @xabbuh. |
…te() (xabbuh) This PR was merged into the 3.0-dev branch. Discussion ---------- [Security] allow arbitrary types in VoterInterface::vote() | Q | A | ------------- | --- | Bug fix? | no | New feature? | yes | BC breaks? | yes | Deprecations? | no | Tests pass? | yes | Fixed tickets | #16600 | License | MIT | Doc PR | TODO Commits ------- 9054bdf allow arbitrary types in VoterInterface::vote()