[Security] remove support for defining voters that don't implement VoterInterface. #23324
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Contributor
hhamon
commented
Jun 28, 2017
| Q | A |
|---|---|
| Branch? | master |
| Bug fix? | no |
| New feature? | no |
| BC breaks? | yes |
| Deprecations? | no |
| Tests pass? | yes |
| Fixed tickets | ~ |
| License | MIT |
| Doc PR | ~ |
84f6f5c to
4b91fb5
Compare
linaori
approved these changes
Jun 29, 2017
xabbuh
reviewed
Jun 29, 2017
UPGRADE-4.0.md
Outdated
| @@ -455,6 +455,8 @@ Security | |||
| * The `AccessDecisionManager::setVoters()` method has been removed. Pass the | |||
| voters to the constructor instead. | |||
|
|
|||
| * Defining voters that don't implement the `VoterInterface` interface has been removed. | |||
xabbuh
reviewed
Jun 29, 2017
| if (!method_exists($class, 'vote')) { | ||
| // in case the vote method is completely missing, to prevent exceptions when voting | ||
| throw new LogicException(sprintf('%s should implement the %s interface when used as voter.', $class, VoterInterface::class)); | ||
| throw new LogicException(sprintf('%s must implement the %s interface when used as voter.', $class, VoterInterface::class)); |
There was a problem hiding this comment.
I would remove the "interface" here (it's already part of the interface name)
xabbuh
reviewed
Jun 29, 2017
| @@ -8,7 +8,8 @@ CHANGELOG | |||
| You should implement this method yourself in your concrete authenticator. | |||
| * removed the `AccessDecisionManager::setVoters()` method | |||
| * removed the `RoleInterface` | |||
| * added a sixth `string $context` argument to`LogoutUrlGenerator::registerListener()` | |||
| * removed support for voters that don't implement the `VoterInterface` interface | |||
xabbuh
reviewed
Jun 29, 2017
| * | ||
| * @deprecated as of 3.4 and will be removed in 4.0. Call the voter directly as the instance will always be a VoterInterface | ||
| */ | ||
| private function vote($voter, TokenInterface $token, $subject, $attributes) |
There was a problem hiding this comment.
we could now update the docblock of the constructor so that the type hint for the $voters argument is now VoterInterface[] instead of iterable|VoterInterface[]
There was a problem hiding this comment.
Hum I'm not sure! It seems that SecurityBundle passes an iterator argument to the access decision manager so that voters can be lazy loaded.
There was a problem hiding this comment.
// AddSecurityVotersPass.php
$adm = $container->getDefinition('security.access.decision_manager');
$adm->replaceArgument(0, new IteratorArgument($voters));There was a problem hiding this comment.
We can only change the dockblock but not the signature as passing iterators must still be allowed.
There was a problem hiding this comment.
VoterInterface[] means array of VoterInterface instances. So we cannot remove iterable from the phpdoc, otherwise we effectively remove the support of iterators from our supported usage (and so from our BC promise). This is quite problematic when our own usage relies on it.
There was a problem hiding this comment.
Hum, I thought VoterInterface[] means something I can iterate over.
4b91fb5 to
7c400d9
Compare
|
Changes applied. |
7c400d9 to
1bb6f73
Compare
stof
requested changes
Jun 29, 2017
| @@ -8,7 +8,8 @@ CHANGELOG | |||
| You should implement this method yourself in your concrete authenticator. | |||
| * removed the `AccessDecisionManager::setVoters()` method | |||
| * removed the `RoleInterface` | |||
| * added a sixth `string $context` argument to`LogoutUrlGenerator::registerListener()` | |||
| * removed support for voters that don't implement the `VoterInterface` | |||
| * added a sixth `string $context` argument to`LogoutUrlGenerator::registerListener()` | |||
There was a problem hiding this comment.
please don't add a trailing whitespace in this line
| @@ -33,7 +32,7 @@ class AccessDecisionManager implements AccessDecisionManagerInterface | |||
| private $allowIfEqualGrantedDeniedDecisions; | |||
|
|
|||
| /** | |||
| * @param iterable|VoterInterface[] $voters An iterator of VoterInterface instances | |||
| * @param iterable|VoterInterface[] $voters An array (or an iterator) of VoterInterface instances | |||
1bb6f73 to
3db09a6
Compare
|
@stof fixed |
…e VoterInterface interface.
3db09a6 to
f527790
Compare
stof
approved these changes
Jun 29, 2017
|
Thank you @hhamon. |
fabpot
added a commit
that referenced
this pull request
Jun 29, 2017
…'t implement VoterInterface. (hhamon) This PR was merged into the 4.0-dev branch. Discussion ---------- [Security] remove support for defining voters that don't implement VoterInterface. | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | no | BC breaks? | yes | Deprecations? | no | Tests pass? | yes | Fixed tickets | ~ | License | MIT | Doc PR | ~ Commits ------- f527790 [Security] remove support for defining voters that don't implement the VoterInterface interface.
Merged
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.