linaori
diff --git a/‎src/Symfony/Component/Security/CHANGELOG.md
Lines changed: 17 additions & 0 deletions b/‎src/Symfony/Component/Security/CHANGELOG.md
Lines changed: 17 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php
Lines changed: 2 additions & 1 deletion b/‎src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php
Lines changed: 2 additions & 1 deletion
diff --git a/‎src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php
Lines changed: 4 additions & 5 deletions b/‎src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php
Lines changed: 4 additions & 5 deletions
@@ -4,6 +4,23 @@ CHANGELOG
 5.0.0
 -----
 
+ * Dropped support for passing more than one attribute to `AccessDecisionManager::decide()` and `AuthorizationChecker::isGranted()` (and indirectly the `is_granted()` Twig and ExpressionLanguage function):
+
+   **Before**
+   ```php
+   if ($this->authorizationChecker->isGranted(['ROLE_USER', 'ROLE_ADMIN'])) {
+       // ...
+   }
+   ```
+
+   **After**
+   ```php
+   if ($this->authorizationChecker->isGranted(new Expression("has_role('ROLE_USER') or has_role('ROLE_ADMIN')"))) {}
+   // or:
+   if ($this->authorizationChecker->isGranted('ROLE_USER')
+      || $this->authorizationChecker->isGranted('ROLE_ADMIN')
+   ) {}
+   ```
  * Implementations of `Guard\AuthenticatorInterface::checkCredentials()` must return
    a boolean value now. Please explicitly return `false` to indicate invalid credentials.
  * The `LdapUserProvider` class has been removed, use `Symfony\Component\Ldap\Security\LdapUserProvider` instead.
 
@@ -13,6 +13,7 @@
 
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
+use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 
 /**
  * AccessDecisionManager is the base class for all access decision managers
@@ -58,7 +59,7 @@ public function __construct(iterable $voters = [], string $strategy = self::STRA
     public function decide(TokenInterface $token, array $attributes, $object = null)
     {
         if (\count($attributes) > 1) {
-            @trigger_error('Passing more than one Security attribute to '.__METHOD__.' is deprecated since Symfony 4.4. Use multiple decide() calls or the expression language (e.g. "has_role(...) or has_role(...)") instead.', \E_USER_DEPRECATED);
+            throw new InvalidArgumentException(sprintf('Passing more than one Security attribute to %s() is not supported.', __METHOD__));
         }
 
         return $this->{$this->strategy}($token, $attributes, $object);
 
@@ -14,6 +14,7 @@
 use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
+use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 
 /**
  * AuthorizationChecker is the main authorization point of the Security component.
@@ -53,12 +54,10 @@ final public function isGranted($attributes, $subject = null): bool
             $this->tokenStorage->setToken($token = $this->authenticationManager->authenticate($token));
         }
 
-        if (!\is_array($attributes)) {
-            $attributes = [$attributes];
-        } else {
-            @trigger_error('Passing an array of Security attributes to '.__METHOD__.' is deprecated since Symfony 4.4. Use multiple isGranted() calls or the expression language (e.g. "has_role(...) or has_role(...)") instead.', \E_USER_DEPRECATED);
+        if (\is_array($attributes)) {
+            throw new InvalidArgumentException(sprintf('Passing an array of Security attributes to %s() is not supported.', __METHOD__));
         }
 
-        return $this->accessDecisionManager->decide($token, $attributes, $subject);
+        return $this->accessDecisionManager->decide($token, (array) $attributes, $subject);
     }
 }
Original file line number	Diff line number	Diff line change
`@@ -13,6 +13,7 @@`
`13`	`13`
`14`	`14`	`use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;`
`15`	`15`	`use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;`
	`16`	`+use Symfony\Component\Security\Core\Exception\InvalidArgumentException;`
`16`	`17`
`17`	`18`	`/**`
`18`	`19`	`* AccessDecisionManager is the base class for all access decision managers`
`@@ -58,7 +59,7 @@ public function __construct(iterable $voters = [], string $strategy = self::STRA`
`58`	`59`	`public function decide(TokenInterface $token, array $attributes, $object = null)`
`59`	`60`	`{`
`60`	`61`	`if (\count($attributes) > 1) {`
`61`		`- @trigger_error('Passing more than one Security attribute to '.__METHOD__.' is deprecated since Symfony 4.4. Use multiple decide() calls or the expression language (e.g. "has_role(...) or has_role(...)") instead.', \E_USER_DEPRECATED);`
	`62`	`+ throw new InvalidArgumentException(sprintf('Passing more than one Security attribute to %s() is not supported.', __METHOD__));`
`62`	`63`	`}`
`63`	`64`
`64`	`65`	`return $this->{$this->strategy}($token, $attributes, $object);`
Original file line number	Diff line number	Diff line change
`@@ -14,6 +14,7 @@`
`14`	`14`	`use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;`
`15`	`15`	`use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;`
`16`	`16`	`use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;`
	`17`	`+use Symfony\Component\Security\Core\Exception\InvalidArgumentException;`
`17`	`18`
`18`	`19`	`/**`
`19`	`20`	`* AuthorizationChecker is the main authorization point of the Security component.`
`@@ -53,12 +54,10 @@ final public function isGranted($attributes, $subject = null): bool`
`53`	`54`	`$this->tokenStorage->setToken($token = $this->authenticationManager->authenticate($token));`
`54`	`55`	`}`
`55`	`56`
`56`		`- if (!\is_array($attributes)) {`
`57`		`- $attributes = [$attributes];`
`58`		`- } else {`
`59`		`- @trigger_error('Passing an array of Security attributes to '.__METHOD__.' is deprecated since Symfony 4.4. Use multiple isGranted() calls or the expression language (e.g. "has_role(...) or has_role(...)") instead.', \E_USER_DEPRECATED);`
	`57`	`+ if (\is_array($attributes)) {`
	`58`	`+ throw new InvalidArgumentException(sprintf('Passing an array of Security attributes to %s() is not supported.', __METHOD__));`
`60`	`59`	`}`
`61`	`60`
`62`		`- return $this->accessDecisionManager->decide($token, $attributes, $subject);`
	`61`	`+ return $this->accessDecisionManager->decide($token, (array) $attributes, $subject);`
`63`	`62`	`}`
`64`	`63`	`}`