10000 Add check for SecurityBundle in createAccessDeniedException by fgm · Pull Request #25604 · symfony/symfony · GitHub
[go: up one dir, main page]
Skip to content

Add check for SecurityBundle in createAccessDeniedException #25604

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
wants to merge 3 commits into from
Closed

Add check for SecurityBundle in createAccessDeniedException #25604

Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
9007882
Issue #25595: AccessDeniedException is not available without the Secu…
fgm Dec 26, 2017
bf53da1
Invite devs to use Flex.
fgm Dec 26, 2017
6406e57
Only require security-core, not security.
fgm Dec 27, 2017
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions src/Symfony/Bundle/FrameworkBundle/Controller/ControllerTrait.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -289,10 +289,16 @@ protected function createNotFoundException(string $message = 'Not Found', \Excep
*
* throw $this->createAccessDeniedException('Unable to access this page!');
*
* @throws \LogicException If SecurityBundle is not available
*
* @final since version 3.4
*/
protected function createAccessDeniedException(string $message = 'Access Denied.', \Exception $previous = null): AccessDeniedException
{
if (!class_exists(AccessDeniedException::class)) {
throw new \LogicException('You can not use the "createAccessDeniedException" method if the SecurityBundle is not registered in your application. Try running "composer require security".');
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Only the security-core component is required in fact, should it be more precise?

Copy link
Contributor Author
@fgm fgm Dec 27, 2017
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I wondered about that too. On the one hand, previously, "security-core" and "security-csrf" were required, not the complete "security". But on the other hand two current situations where a requirement is suggested suggest the complete "security" (but one suggests "security-csrf"): https://github.com/symfony/framework-bundle/search?utf8=%E2%9C%93&q=composer+require+security&type=

Overall, since we're suggesting things, this is to make it easy on the kind of users who need the handholding, and including the whole package is likely to make it easier overall, hence that choice.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we're moving to as-specific-as-possible, so we should update the places where symfony/security is referenced

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

other errors are about missing services so suggesting security is correct (alias for security-bundle, not symfony/security). We only need to change for security-core on this one

}

return new AccessDeniedException($message, $previous);
}

Expand Down
0