[Symfony 7.3] Replace AuthorizationChecker with AccessDecisionManager…#913
Conversation
meddrh
force-pushed
the
symfony73/authorization-checker-to-access-decision-manager
branch
from
e64d0b2 to
3c3f369
Compare
meddrh
force-pushed
the
symfony73/authorization-checker-to-access-decision-manager
branch
from
3c3f369 to
5ffc574
Compare
meddrh
force-pushed
the
symfony73/authorization-checker-to-access-decision-manager
branch
from
5ffc574 to
53f0017
Compare
meddrh
force-pushed
the
symfony73/authorization-checker-to-access-decision-manager
branch
from
53f0017 to
d73085b
Compare
meddrh
force-pushed
the
symfony73/authorization-checker-to-access-decision-manager
branch
2 times, most recently
from
cdb9687 to
0e419fc
Compare
meddrh
force-pushed
the
symfony73/authorization-checker-to-access-decision-manager
branch
from
0e419fc to
7f5d38c
Compare
|
Thank you 👍 |
|
I'm using AuthorisationCheckerInterface in a voter and AuthorizationCheckerToAccessDecisionManagerInVoterRector is completely stripping out the injection of this service. We then have code failing as $this->authorizationChecker is no longer available. @TomasVotruba, looks like the actual upgrade is working to replace the variable and use the new signature with $token as the first parameter? |
|
Here is the breaking code. Original: final class FooVoter extends Voter
{
public const string EDIT = 'edit';
public function __construct(
private readonly AuthorizationCheckerInterface $authorizationChecker,
) {
}
protected function supports(string $attribute, mixed $subject): bool
{
if (!$subject instanceof Foo) {
return false;
}
return \in_array($attribute, [self::EDIT], true);
}
/**
* @param Foo $subject
*/
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token, ?Vote $vote = null): bool
{
$currentUser = $token->getUser();
// the user must be logged in; if not, deny permission
if (!$currentUser instanceof User) {
return false;
}
return match ($attribute) {
self::EDIT => $this->isEditable($currentUser, $subject),
default => false,
};
}
private function isEditable(User $currentUser, Foo $subject): bool
{
if ($this->authorizationChecker->isGranted('ROLE_SUPER_ADMIN')) {
// Super admin always has access
return true;
}
return $subject->getOwner() === $currentUser;
}
}And the change: 
Additionally, I thought it be because I didn't have a Token on my private method for isEditable but adding that didn't resolve it either. I don't think this is a safe rule to be implemented in Rector? |
|
@samsonasik - is is ruining my Voters without disabling it. I feel like this shouldn't be default. I have a cascading hierarchy of voters and I need to inject the AuthorizationCheckerInterface so i can cascade the validation up the tree |
|
@trsteel88 I think you can skip the rule https://getrector.com/documentation/ignoring-rules-or-paths |
|
@samsonasik Yeh I have but not sure why this is a default rule? Injecting the AuthorisationCheckerInterface into a Voter is a valid use-case |
|
@trsteel88 could you create failing test case where the transform should be skipped? thank you. |
5 participants
Adds a Symfony 7.3 Rector rule that replaces
AuthorizationCheckerInterfacewith
AccessDecisionManagerInterfacein voters.The rule updates injected services, renames properties, and converts
isGranted()calls todecide().Tests and fixtures are included.