8000 add option to define the access decision manager · symfony/symfony@c28ca0a · GitHub
[go: up one dir, main page]
Skip to content

Commit c28ca0a

Browse files
xabbuhxabbuh
committed
add option to define the access decision manager
1 parent 1b6b08c commit c28ca0a

12 files changed

+196
-7
lines changed

src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php

Lines changed: 25 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -59,6 +59,26 @@ public function getConfigTreeBuilder()
5959
$rootNode = $tb->root('security');
6060

6161
$rootNode
62+
->beforeNormalization()
63+
->ifTrue(function ($v) {
64+
if (!isset($v['access_decision_manager'])) {
65+
return true;
66+
}
67+
68+
if (!isset($v['access_decision_manager']['strategy']) && !isset($v['access_decision_manager']['service'])) {
69+
return true;
70+
};
71+
72+
return false;
73+
})
74+
->then(function ($v) {
75+
$v['access_decision_manager'] = array(
76+
'strategy' => AccessDecisionManager::STRATEGY_AFFIRMATIVE,
77+
);
78+
79+
return $v;
80+
})
81+
->end()
6282
->children()
6383
->scalarNode('access_denied_url')->defaultNull()->example('/foo/error403')->end()
6484
->enumNode('session_fixation_strategy')
@@ -73,11 +93,15 @@ public function getConfigTreeBuilder()
7393
->children()
7494
->enumNode('strategy')
7595
->values(array(AccessDecisionManager::STRATEGY_AFFIRMATIVE, AccessDecisionManager::STRATEGY_CONSENSUS, AccessDecisionManager::STRATEGY_UNANIMOUS))
76-
->defaultValue(AccessDecisionManager::STRATEGY_AFFIRMATIVE)
7796
->end()
97+
->scalarNode('service')->end()
7898
->booleanNode('allow_if_all_abstain')->defaultFalse()->end()
7999
->booleanNode('allow_if_equal_granted_denied')->defaultTrue()->end()
80100
->end()
101+
->validate()
102+
->ifTrue(function ($v) { return isset($v['strategy']) && isset($v['service']); })
103+
->thenInvalid('"strategy" and "service" cannot be used together.')
104+
->end()
81105
->end()
82106
->end()
83107
;

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

Lines changed: 11 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -79,12 +79,17 @@ public function load(array $configs, ContainerBuilder $container)
7979
$container->setParameter('security.access.denied_url', $config['access_denied_url']);
8080
$container->setParameter('security.authentication.manager.erase_credentials', $config['erase_credentials']);
8181
$container->setParameter('security.authentication.session_strategy.strategy', $config['session_fixation_strategy']);
82-
$container
83-
->getDefinition('security.access.decision_manager')
84-
->addArgument($config['access_decision_manager']['strategy'])
85-
->addArgument($config['access_decision_manager']['allow_if_all_abstain'])
86-
->addArgument($config['access_decision_manager']['allow_if_equal_granted_denied'])
87-
;
82+
83+
if (isset($config['access_decision_manager']['service'])) {
84+
$container->setAlias('security.access.decision_manager', $config['access_decision_manager']['service']);
85+
} else {
86+
$container
87+
->getDefinition('security.access.decision_manager')
88+
->addArgument($config['access_decision_manager']['strategy'])
89+
->addArgument($config['access_decision_manager']['allow_if_all_abstain'])
90+
->addArgument($config['access_decision_manager']['allow_if_equal_granted_denied']);
91+
}
92+
8893
$container->setParameter('security.access.always_authenticate_before_granting', $config['always_authenticate_before_granting']);
8994
$container->setParameter('security.authentication.hide_user_not_found', $config['hide_user_not_found']);
9095

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php

Lines changed: 24 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
use Symfony\Bundle\SecurityBundle\SecurityBundle;
1616
use Symfony\Bundle\SecurityBundle\DependencyInjection\SecurityExtension;
1717
use Symfony\Component\DependencyInjection\ContainerBuilder;
18+
use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
1819

1920
abstract class CompleteConfigurationTest extends \PHPUnit_Framework_TestCase
2021
{
@@ -325,6 +326,29 @@ public function testUserCheckerConfigWithNoCheckers()
325326
$this->assertEquals('security.user_checker', $this->getContainer('container1')->getAlias('security.user_checker.secure'));
326327
}
327328

329+
public function testDefaultAccessDecisionManagerStrategyIsAffirmative()
330+
{
331+
$container = $this->getContainer('access_decision_manager_default_strategy');
332+
333+
$this->assertSame(AccessDecisionManager::STRATEGY_AFFIRMATIVE, $container->getDefinition('security.access.decision_manager')->getArgument(1), 'Default vote strategy is affirmative');
334+
}
335+
336+
public function testCustomAccessDecisionManagerService()
337+
{
338+
$container = $this->getContainer('access_decision_manager_service');
339+
340+
$this->assertSame('app.access_decision_manager', (string) $container->getAlias('security.access.decision_manager'), 'The custom access decision manager service is aliased');
341+
}
342+
343+
/**
344+
* @expectedException \Symfony\Component\Config\Definition\Exception\InvalidConfigurationException
345+
* @expectedExceptionMessage "strategy" and "service" cannot be used together.
346+
*/
347+
public function testAccessDecisionManagerServiceAndStrategyCannotBeUsedAtTheSameTime()
348+
{
349+
$container = $this->getContainer('access_decision_manager_service_and_strategy');
350+
}
351+
328352
protected function getContainer($file)
329353
{
330354
if (isset(self::$containerCache[$file])) {

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_default_strategy.php

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
<?php
2+
3+
$container->loadFromExtension('security', array(
4+
'providers' => array(
5+
'default' => array(
6+
'memory' => array(
7+
'users' => array(
8+
'foo' => array('password' => 'foo', 'roles' => 'ROLE_USER'),
9+
),
10+
),
11+
),
12+
),
13+
'firewalls' => array(
14+
'simple' => array('pattern' => '/login', 'security' => false),
15+
),
16+
));

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_service.php

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,19 @@
1+
<?php
2+
3+
$container->loadFromExtension('security', array(
4+
'access_decision_manager' => array(
5+
'service' => 'app.access_decision_manager',
6+
),
7+
'providers' => array(
8+
'default' => array(
9+
'memory' => array(
10+
'users' => array(
11+
'foo' => array('password' => 'foo', 'roles' => 'ROLE_USER'),
12+
),
13+
),
14+
),
15+
),
16+
'firewalls' => array(
17+
'simple' => array('pattern' => '/login', 'security' => false),
18+
),
19+
));

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_service_and_strategy.php

Lines changed: 20 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,20 @@
1+
<?php
2+
3+
$container->loadFromExtension('security', array(
4+
'access_decision_manager' => array(
5+
'service' => 'app.access_decision_manager',
6+
'strategy' => 'affirmative',
7+
),
8+
'providers' => array(
9+
'default' => array(
10+
'memory' => array(
11+
'users' => array(
12+
'foo' => array('password' => 'foo', 'roles' => 'ROLE_USER'),
13+
),
14+
),
15+
),
16+
),
17+
'firewalls' => array(
18+
'simple' => array('pattern' => '/login', 'security' => false),
19+
),
20+
));

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_default_strategy.xml

Lines changed: 16 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,16 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<srv:container xmlns="http://symfony.com/schema/dic/security"
3+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4+
xmlns:srv="http://symfony.com/schema/dic/services"
5+
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
6+
7+
<config>
8+
<provider name="default">
9+
<memory>
10+
<user name="foo" password="foo" roles="ROLE_USER" />
11+
</memory>
12+
</provider>
13+
14+
<firewall name="simple" pattern="/login" security="false" />
15+
</config>
16+
</srv:container>

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_service.xml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<srv:container xmlns="http://symfony.com/schema/dic/security"
3+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4+
xmlns:srv="http://symfony.com/schema/dic/services"
5+
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
6+
7+
<config>
8+
<access-decision-manager service="app.access_decision_manager" />
9+
10+
<provider name="default">
11+
<memory>
12+
<user name="foo" password="foo" roles="ROLE_USER" />
13+
</memory>
14+
</provider>
15+
16+
<firewall name="simple" pattern="/login" security="false" />
17+
</config>
18+
</srv:container>

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_service_and_strategy.xml

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,18 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<srv:container xmlns="http://symfony.com/schema/dic/security"
3+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
4+
xmlns:srv="http://symfony.com/schema/dic/services"
5+
xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
6+
7+
<config>
8+
<access-decision-manager service="app.access_decision_manager" strategy="affirmative" />
9+
10+
<provider name="default">
11+
<memory>
12+
<user name="foo" password="foo" roles="ROLE_USER" />
13+
</memory>
14+
</provider>
15+
16+
<firewall name="simple" pattern="/login" security="false" />
17+
</config>
18+
</srv:container>

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_default_strategy.yml

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
security:
2+
providers:
3+
default:
4+
memory:
5+
users:
6+
foo: { password: foo, roles: ROLE_USER }
7+
firewalls:
8+
simple: { pattern: /login, security: false }

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_service.yml

Lines changed: 10 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,10 @@
1+
security:
2+
access_decision_manager:
3+
service: app.access_decision_manager
4+
providers:
5+
default:
6+
memory:
7+
users:
8+
foo: { password: foo, roles: ROLE_USER }
9+
firewalls:
10+
simple: { pattern: /login, security: false }

src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_service_and_strategy.yml

Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,11 @@
1+
security:
2+
access_decision_manager:
3+
service: app.access_decision_manager
4+
strategy: affirmative
5+
providers:
6+
default:
7+
memory:
8+
users:
9+
foo: { password: foo, roles: ROLE_USER }
10+
firewalls:
11+
simple: { pattern: /login, security: false }

0 commit comments

Comments
 (0)
0