Thanks to visit codestin.com
Credit goes to github.com

Skip to content

[Security] Remove using multiple attributes with #[IsGranted] #47144

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Aug 2, 2022
Merged

[Security] Remove using multiple attributes with #[IsGranted] #47144

merged 1 commit into from
Aug 2, 2022

Conversation

HypeMC
Copy link
Contributor

@HypeMC HypeMC commented Aug 1, 2022

Q A
Branch? 6.2
Bug fix? yes
New feature? no
Deprecations? no
Tickets Fix #46978 (comment)
License MIT
Doc PR -

Passing multiple attributes to isGranted() has been removed in #33584, so the following doesn't work any more:

#[IsGranted(attributes: ['ROLE_ADMIN'])]
public function index(Post $post)
{
}

#[IsGranted(attributes: ['ROLE_USER', 'ROLE_ADMIN'])]
public function index(Post $post)
{
}

As mentioned in sensiolabs/SensioFrameworkExtraBundle#648 , expressions should be used instead, see #46978 . This PR removes the possibility of using multiple attributes with #[IsGranted].

Also, it's currently possible to use #[IsGranted()] with no attributes (null). Since this doesn't seem to work either, nor can I find a reason why it even should, this PR removes that option as well. If I'm wrong about this one, please let me know.

@HypeMC HypeMC requested review from wouterj and chalasr as code owners August 1, 2022 17:12
@carsonbot carsonbot added this to the 6.2 milestone Aug 1, 2022
@HypeMC HypeMC mentioned this pull request Aug 1, 2022
Merged
@nicolas-grekas
Copy link
Member

Thank you @HypeMC.

@nicolas-grekas nicolas-grekas merged commit 445f0f1 into symfony:6.2 Aug 2, 2022
@HypeMC HypeMC deleted the remove-isgranted-multiple-attributes branch August 2, 2022 07:57
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@nicolas-grekas nicolas-grekas nicolas-grekas approved these changes

@chalasr chalasr chalasr approved these changes

@wouterj wouterj Awaiting requested review from wouterj wouterj is a code owner

Assignees
No one assigned
Labels
Bug Security Status: Reviewed
Projects
None yet
Milestone
6.2
Development

Successfully merging this pull request may close these issues.
4 participants
@HypeMC @nicolas-grekas @chalasr @carsonbot