8000 [Security] make sure RoleVoter only vote for roles and don't produce … · symfony/symfony@3b88cb7 · GitHub
[go: up one dir, main page]
Skip to content

Commit 3b88cb7

Browse files
author
Gladhon
committed
[Security] make sure RoleVoter only vote for roles and don't produce fatal error on non-strings
1 parent 2b0df63 commit 3b88cb7

File tree

2 files changed

+10
-1
lines changed

2 files changed

+10
-1
lines changed

src/Symfony/Component/Security/Core/Authorization/Voter/RoleVoter.php

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -12,6 +12,7 @@
1212
namespace Symfony\Component\Security\Core\Authorization\Voter;
1313

1414
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
15+
use Symfony\Component\Security\Core\Role\RoleInterface;
1516

1617
/**
1718
* RoleVoter votes if any attribute starts with a given prefix.
@@ -41,7 +42,9 @@ public function vote(TokenInterface $token, $subject, array $attributes)
4142
$roles = $this->extractRoles($token);
4243

4344
foreach ($attributes as $attribute) {
44-
if (0 !== strpos($attribute, $this->prefix)) {
45+
if ($attribute instanceof RoleInterface) {
46+
$attribute = $attribute->getRole();
47+
} elseif (!is_string($attribute) || 0 !== strpos($attribute, $this->prefix)) {
4548
continue;
4649
}
4750

src/Symfony/Component/Security/Core/Tests/Authorization/Voter/RoleVoterTest.php

Lines changed: 6 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -36,6 +36,12 @@ public function getVoteTests()
3636
array(array('ROLE_FOO'), array('ROLE_FOO'), VoterInterface::ACCESS_GRANTED),
3737
array(array('ROLE_FOO'), array('FOO', 'ROLE_FOO'), VoterInterface::ACCESS_GRANTED),
3838
array(array('ROLE_BAR', 'ROLE_FOO'), array('ROLE_FOO'), VoterInterface::ACCESS_GRANTED),
39+
40+
array(array('ROLE_FOO'), array('some'), VoterInterface::ACCESS_ABSTAIN),
41+
array(array('ROLE_FOO'), array( new Role('ROLE_FOO')), VoterInterface::ACCESS_GRANTED),
42+
array(array('ROLE_FOO'), array( new \StdClass() ), VoterInterface::ACCESS_ABSTAIN),
43+
array(array('ROLE_FOO'), array( new \StdClass(),'some', 'ROLE_FOO' ), VoterInterface::ACCESS_GRANTED),
44+
array(array('ROLE_FOO'), array( new \StdClass(),'some', 'ROLE_NON_FOO' ), VoterInterface::ACCESS_DENIED),
3945
);
4046
}
4147

0 commit comments

Comments
 (0)
0