8000 [Security] unable to use custom expression language function in access control "allow_if" · Issue #24306 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

[Security] unable to use custom expression language function in access control "allow_if" #24306

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
dmaicher opened this issue Sep 24, 2017 · 1 comment
Closed

[Security] unable to use custom expression language function in access control "allow_if" #24306

dmaicher opened this issue Sep 24, 2017 · 1 comment

Comments

@dmaicher
Copy link
Contributor
dmaicher commented Sep 24, 2017
edited
Loading
Q A
Bug report? yes
Feature request? no
BC Break report? no
RFC? no
Symfony version 2.8+

If I register a custom expression language function via a class implementing ExpressionFunctionProviderInterface and tagging it with security.expression_language_provider then I cannot use this function within an allow_if expression in my access control config.

Specifically in my case I have the is_granted function registered with a custom provider. Using it with the authorization checker for example works fine:

$authorizationChecker->isGranted(new Expression("is_granted('something') and/or ..."));

However using it inside the access control config results in an error:

    access_control:
         - { path: ^/, allow_if: "is_granted('some_custom_attribute')" }

=>

(1/1) SyntaxErrorThe function "is_granted" does not exist around position 1 for expression `is_granted('some_custom_attribute')`.
--
in Parser.php (line 198)
at Parser->parsePrimaryExpression()in Parser.php (line 149)
at Parser->getPrimary()in Parser.php (line 110)
at Parser->parseExpression()in Parser.php (line 100)
at Parser->parse(object(TokenStream), array('object', 'request', 'roles', 'token', 'trust_resolver', 'user'))in ExpressionLanguage.php (line 108)
at ExpressionLanguage->parse('is_granted(\'some_custom_attribute\')', array('object', 'request', 'roles', 'token', 'trust_resolver', 'user'))in SecurityExtension.php (line 671)
at SecurityExtension->createExpression(object(ContainerBuilder), 'is_granted(\'some_custom_attribute\')')in SecurityExtension.php (line 224)

This happens because custom function providers are not loaded at all within the SecurityExtension:

https://github.com/symfony/symfony/blob/master/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php#L741
@dmaicher
Copy link
Contributor Author

duplicate of #23208

@dmaicher dmaicher mentioned this issue Sep 24, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@dmaicher
0