[Security] unable to use custom expression language function in access control "allow_if" #24306
Description
| Q | A |
|---|---|
| Bug report? | yes |
| Feature request? | no |
| BC Break report? | no |
| RFC? | no |
| Symfony version | 2.8+ |
If I register a custom expression language function via a class implementing ExpressionFunctionProviderInterface and tagging it with security.expression_language_provider then I cannot use this function within an allow_if expression in my access control config.
Specifically in my case I have the is_granted function registered with a custom provider. Using it with the authorization checker for example works fine:
$authorizationChecker->isGranted(new Expression("is_granted('something') and/or ..."));However using it inside the access control config results in an error:
access_control:
- { path: ^/, allow_if: "is_granted('some_custom_attribute')" }=>
(1/1) SyntaxErrorThe function "is_granted" does not exist around position 1 for expression `is_granted('some_custom_attribute')`.
--
in Parser.php (line 198)
at Parser->parsePrimaryExpression()in Parser.php (line 149)
at Parser->getPrimary()in Parser.php (line 110)
at Parser->parseExpression()in Parser.php (line 100)
at Parser->parse(object(TokenStream), array('object', 'request', 'roles', 'token', 'trust_resolver', 'user'))in ExpressionLanguage.php (line 108)
at ExpressionLanguage->parse('is_granted(\'some_custom_attribute\')', array('object', 'request', 'roles', 'token', 'trust_resolver', 'user'))in SecurityExtension.php (line 671)
at SecurityExtension->createExpression(object(ContainerBuilder), 'is_granted(\'some_custom_attribute\')')in SecurityExtension.php (line 224)
This happens because custom function providers are not loaded at all within the SecurityExtension: