symfony
diff --git a/‎UPGRADE-4.4.md
Lines changed: 18 additions & 0 deletions b/‎UPGRADE-4.4.md
Lines changed: 18 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/CHANGELOG.md
Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Component/Security/CHANGELOG.md
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php
Lines changed: 4 additions & 0 deletions b/‎src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php
Lines changed: 4 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php
Lines changed: 2 additions & 0 deletions b/‎src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php
Lines changed: 2 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Tests/Authorization/AccessDecisionManagerTest.php
Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Component/Security/Core/Tests/Authorization/AccessDecisionManagerTest.php
Lines changed: 1 addition & 1 deletion
@@ -197,6 +197,24 @@ Security
  * The `LdapUserProvider` class has been deprecated, use `Symfony\Component\Ldap\Security\LdapUserProvider` instead.
  * Implementations of `PasswordEncoderInterface` and `UserPasswordEncoderInterface` should add a new `needsRehash()` method
  * Deprecated returning a non-boolean value when implementing `Guard\AuthenticatorInterface::checkCredentials()`. Please explicitly return `false` to indicate invalid credentials.
+ * Deprecated passing more than one attribute to `AccessDecisionManager::decide()` and `AuthorizationChecker::isGranted()` (and indirectly the `is_granted()` Twig and ExpressionLanguage function)
+ 
+   **Before**
+   ```php
+   if ($this->authorizationChecker->isGranted(['ROLE_USER', 'ROLE_ADMIN'])) {
+       // ...
+   }
+   ```
+   
+   **After**
+   ```php
+   if ($this->authorizationChecker->isGranted(new Expression("has_role('ROLE_USER') or has_role('ROLE_ADMIN')"))) {}
+
+   // or:
+   if ($this->authorizationChecker->isGranted('ROLE_USER')
+      || $this->authorizationChecker->isGranted('ROLE_ADMIN')
+   ) {}
+   ```
 
 Stopwatch
 ---------
 
@@ -12,6 +12,7 @@ CHANGELOG
    for "guard" authenticators that deal with user passwords
  * Marked all dispatched event classes as `@final`
  * Deprecated returning a non-boolean value when implementing `Guard\AuthenticatorInterface::checkCredentials()`.
+ * Deprecated passing more than one attribute to `AccessDecisionManager::decide()` and `AuthorizationChecker::isGranted()`
 
 4.3.0
 -----
 
@@ -57,6 +57,10 @@ public function __construct(iterable $voters = [], string $strategy = self::STRA
      */
     public function decide(TokenInterface $token, array $attributes, $object = null)
     {
+        if (\count($attributes) > 1) {
+            @trigger_error('Passing more than one Security attribute to '.__METHOD__.' is deprecated since Symfony 4.4. Use multiple decide() calls or the expression language (e.g. "has_role(...) or has_role(...)") instead.', \E_USER_DEPRECATED);
+        }
+
         return $this->{$this->strategy}($token, $attributes, $object);
     }
 
 
@@ -55,6 +55,8 @@ final public function isGranted($attributes, $subject = null): bool
 
         if (!\is_array($attributes)) {
             $attributes = [$attributes];
+        } else {
+            @trigger_error('Passing an array of Security attributes to '.__METHOD__.' is deprecated since Symfony 4.4. Use multiple isGranted() calls or the expression language (e.g. "has_role(...) or has_role(...)") instead.', \E_USER_DEPRECATED);
         }
 
         return $this->accessDecisionManager->decide($token, $attributes, $subject);
 
@@ -37,7 +37,7 @@ public function testStrategies($strategy, $voters, $allowIfAllAbstainDecisions,
     /**
      * @dataProvider getStrategiesWith2RolesTests
      */
-    public function testStrategiesWith2Roles($token, $strategy, $voter, $expected)
+    public function testLegacyStrategiesWith2Roles($token, $strategy, $voter, $expected)
     {
         $manager = new AccessDecisionManager([$voter], $strategy);
Original file line number	Diff line number	Diff line change
`@@ -57,6 +57,10 @@ public function __construct(iterable $voters = [], string $strategy = self::STRA`
`57`	`57`	`*/`
`58`	`58`	`public function decide(TokenInterface $token, array $attributes, $object = null)`
`59`	`59`	`{`
	`60`	`+ if (\count($attributes) > 1) {`
	`61`	`+ @trigger_error('Passing more than one Security attribute to '.__METHOD__.' is deprecated since Symfony 4.4. Use multiple decide() calls or the expression language (e.g. "has_role(...) or has_role(...)") instead.', \E_USER_DEPRECATED);`
	`62`	`+ }`
	`63`	`+`
`60`	`64`	`return $this->{$this->strategy}($token, $attributes, $object);`
`61`	`65`	`}`
`62`	`66`
Original file line number	Diff line number	Diff line change
`@@ -55,6 +55,8 @@ final public function isGranted($attributes, $subject = null): bool`
`55`	`55`
`56`	`56`	`if (!\is_array($attributes)) {`
`57`	`57`	`$attributes = [$attributes];`
	`58`	`+ } else {`
	`59`	`+ @trigger_error('Passing an array of Security attributes to '.__METHOD__.' is deprecated since Symfony 4.4. Use multiple isGranted() calls or the expression language (e.g. "has_role(...) or has_role(...)") instead.', \E_USER_DEPRECATED);`
`58`	`60`	`}`
`59`	`61`
`60`	`62`	`return $this->accessDecisionManager->decide($token, $attributes, $subject);`
Original file line number	Diff line number	Diff line change
`@@ -37,7 +37,7 @@ public function testStrategies($strategy, $voters, $allowIfAllAbstainDecisions,`
`37`	`37`	`/**`
`38`	`38`	`* @dataProvider getStrategiesWith2RolesTests`
`39`	`39`	`*/`
`40`		`- public function testStrategiesWith2Roles($token, $strategy, $voter, $expected)`
	`40`	`+ public function testLegacyStrategiesWith2Roles($token, $strategy, $voter, $expected)`
`41`	`41`	`{`
`42`	`42`	`$manager = new AccessDecisionManager([$voter], $strategy);`
`43`	`43`