Closed
Description
Symfony version(s) affected
7.3.0
Description
We have some logic in our app that impersonating a user adds some additional roles to the token.
Those roles are now not available anymore since this change and voting on those roles is denying access.
cc @nicolas-grekas so I think your assumption was not quite correct that those roles are not used in case the user implements EquatableInterface 🤔
It now just falls back to just the user roles as the additionally added roles are ignored during serialization.
How to reproduce
Code looks something like
$additionalRoles = [...];
$token = new SwitchUserToken(
$impersonatedUser,
'...',
array_merge($impersonatedUser->getRoles(), $additionalRoles), // here we pass additional roles which are ignored now
$originalToken,
);Our $impersonatedUser object implements EquatableInterface.
Possible Solution
Revert #59558 🤔
Additional Context
No response