From 3402e9a8adea4e024b3c574e1256a8ccf45d4989 Mon Sep 17 00:00:00 2001 From: Christian Daguerre Date: Fri, 11 Dec 2020 12:43:01 +0100 Subject: [PATCH] allow absence of token for sf authentication manager --- src/Security/ResourceAccessChecker.php | 19 +++++++++++-------- tests/Security/ResourceAccessCheckerTest.php | 14 +------------- 2 files changed, 12 insertions(+), 21 deletions(-) diff --git a/src/Security/ResourceAccessChecker.php b/src/Security/ResourceAccessChecker.php index 0f124c5375c..67d8fad1299 100644 --- a/src/Security/ResourceAccessChecker.php +++ b/src/Security/ResourceAccessChecker.php @@ -48,14 +48,20 @@ public function isGranted(string $resourceClass, string $expression, array $extr if (null === $this->tokenStorage || null === $this->authenticationTrustResolver) { throw new \LogicException('The "symfony/security" library must be installed to use the "security" attribute.'); } - if (null === $token = $this->tokenStorage->getToken()) { - throw new \LogicException('The current token must be set to use the "security" attribute (is the URL behind a firewall?).'); - } if (null === $this->expressionLanguage) { - throw new \LogicException('The "symfony/expression-language" library must be installed to use the "security".'); + throw new \LogicException('The "symfony/expression-language" library must be installed to use the "security" attribute.'); + } + + $variables = array_merge($extraVariables, [ + 'trust_resolver' => $this->authenticationTrustResolver, + 'auth_checker' => $this->authorizationChecker, // needed for the is_granted expression function + ]); + + if ($token = $this->tokenStorage->getToken()) { + $variables = array_merge($variables, $this->getVariables($token)); } - return (bool) $this->expressionLanguage->evaluate($expression, array_merge($extraVariables, $this->getVariables($token))); + return (bool) $this->expressionLanguage->evaluate($expression, $variables); } /** @@ -69,9 +75,6 @@ private function getVariables(TokenInterface $token): array 'token' => $token, 'user' => $token->getUser(), 'roles' => $this->getEffectiveRoles($token), - 'trust_resolver' => $this->authenticationTrustResolver, - // needed for the is_granted expression function - 'auth_checker' => $this->authorizationChecker, ]; } diff --git a/tests/Security/ResourceAccessCheckerTest.php b/tests/Security/ResourceAccessCheckerTest.php index d219603fde9..b22314290cc 100644 --- a/tests/Security/ResourceAccessCheckerTest.php +++ b/tests/Security/ResourceAccessCheckerTest.php @@ -76,7 +76,7 @@ public function testSecurityComponentNotAvailable() public function testExpressionLanguageNotInstalled() { $this->expectException(\LogicException::class); - $this->expectExceptionMessage('The "symfony/expression-language" library must be installed to use the "security".'); + $this->expectExceptionMessage('The "symfony/expression-language" library must be installed to use the "security" attribute.'); $authenticationTrustResolverProphecy = $this->prophesize(AuthenticationTrustResolverInterface::class); $tokenStorageProphecy = $this->prophesize(TokenStorageInterface::class); @@ -85,16 +85,4 @@ public function testExpressionLanguageNotInstalled() $checker = new ResourceAccessChecker(null, $authenticationTrustResolverProphecy->reveal(), null, $tokenStorageProphecy->reveal()); $checker->isGranted(Dummy::class, 'is_granted("ROLE_ADMIN")'); } - - public function testNotBehindAFirewall() - { - $this->expectException(\LogicException::class); - $this->expectExceptionMessage('The current token must be set to use the "security" attribute (is the URL behind a firewall?).'); - - $authenticationTrustResolverProphecy = $this->prophesize(AuthenticationTrustResolverInterface::class); - $tokenStorageProphecy = $this->prophesize(TokenStorageInterface::class); - - $checker = new ResourceAccessChecker(null, $authenticationTrustResolverProphecy->reveal(), null, $tokenStorageProphecy->reveal()); - $checker->isGranted(Dummy::class, 'is_granted("ROLE_ADMIN")'); - } }