Skip to content

Commit 704fc28

Browse files
acrobatacrobat
committed
Avoid hard BC break with anonymous role
1 parent 0fb9eb4 commit 704fc28

File tree

2 files changed

+30
-24
lines changed

2 files changed

+30
-24
lines changed

Domain/SecurityIdentityRetrievalStrategy.php

Lines changed: 11 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -62,17 +62,16 @@ public function getSecurityIdentities(?TokenInterface $token)
6262
}
6363
}
6464

65-
$anonymousRole = \defined('\Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter::PUBLIC_ACCESS') ? AuthenticatedVoter::PUBLIC_ACCESS : AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY;
6665
// add built-in special roles
6766
if ($this->authenticationTrustResolver->isFullFledged($token)) {
6867
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_FULLY);
6968
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED);
70-
$sids[] = new RoleSecurityIdentity($anonymousRole);
69+
$this->addAnonymousRoles($sids);
7170
} elseif ($this->authenticationTrustResolver->isRememberMe($token)) {
7271
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::IS_AUTHENTICATED_REMEMBERED);
73-
$sids[] = new RoleSecurityIdentity($anonymousRole);
72+
$this->addAnonymousRoles($sids);
7473
} elseif ($this->isNotAuthenticated($token)) {
75-
$sids[] = new RoleSecurityIdentity($anonymousRole);
74+
$this->addAnonymousRoles($sids);
7675
}
7776

7877
return $sids;
@@ -86,4 +85,12 @@ private function isNotAuthenticated(?TokenInterface $token): bool
8685

8786
return $this->authenticationTrustResolver->isAnonymous($token);
8887
}
88+
89+
private function addAnonymousRoles(array &$sids)
90+
{
91+
$sids[] = new RoleSecurityIdentity('IS_AUTHENTICATED_ANONYMOUSLY');
92+
if (\defined('\Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter::PUBLIC_ACCESS')) {
93+
$sids[] = new RoleSecurityIdentity(AuthenticatedVoter::PUBLIC_ACCESS);
94+
}
95+
}
8996
}

Tests/Domain/SecurityIdentityRetrievalStrategyTest.php

Lines changed: 19 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -130,52 +130,51 @@ public function testDeprecatedGetSecurityIdentities($user, array $roles, string
130130

131131
public function getSecurityIdentityRetrievalTests(): array
132132
{
133-
$anonymousRole = \defined('\Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter::PUBLIC_ACCESS') ? AuthenticatedVoter::PUBLIC_ACCESS : AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY;
133+
$anonymousRoles = [new RoleSecurityIdentity('IS_AUTHENTICATED_ANONYMOUSLY')];
134+
if (\defined('\Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter::PUBLIC_ACCESS')) {
135+
$anonymousRoles[] = new RoleSecurityIdentity(AuthenticatedVoter::PUBLIC_ACCESS);
136+
}
134137

135138
return [
136-
[new Account('johannes'), ['ROLE_USER', 'ROLE_SUPERADMIN'], 'fullFledged', [
139+
[new Account('johannes'), ['ROLE_USER', 'ROLE_SUPERADMIN'], 'fullFledged', array_merge([
137140
new UserSecurityIdentity('johannes', Account::class),
138141
new RoleSecurityIdentity('ROLE_USER'),
139142
new RoleSecurityIdentity('ROLE_SUPERADMIN'),
140143
new RoleSecurityIdentity('IS_AUTHENTICATED_FULLY'),
141144
new RoleSecurityIdentity('IS_AUTHENTICATED_REMEMBERED'),
142-
new RoleSecurityIdentity($anonymousRole),
143-
]],
144-
[new CustomUserImpl('johannes'), ['ROLE_FOO'], 'fullFledged', [
145+
], $anonymousRoles)],
146+
[new CustomUserImpl('johannes'), ['ROLE_FOO'], 'fullFledged', array_merge([
145147
new UserSecurityIdentity('johannes', CustomUserImpl::class),
146148
new RoleSecurityIdentity('ROLE_FOO'),
147149
new RoleSecurityIdentity('IS_AUTHENTICATED_FULLY'),
148150
new RoleSecurityIdentity('IS_AUTHENTICATED_REMEMBERED'),
149-
new RoleSecurityIdentity($anonymousRole),
150-
]],
151-
[new Account('foo'), ['ROLE_FOO'], 'rememberMe', [
151+
], $anonymousRoles)],
152+
[new Account('foo'), ['ROLE_FOO'], 'rememberMe', array_merge([
152153
new UserSecurityIdentity('foo', Account::class),
153154
new RoleSecurityIdentity('ROLE_FOO'),
154155
new RoleSecurityIdentity('IS_AUTHENTICATED_REMEMBERED'),
155-
new RoleSecurityIdentity($anonymousRole),
156-
]],
157-
['guest', [], 'anonymous', [
158-
new RoleSecurityIdentity($anonymousRole),
159-
]],
156+
], $anonymousRoles)],
157+
['guest', [], 'anonymous', $anonymousRoles],
160158
];
161159
}
162160

163161
public function getDeprecatedSecurityIdentityRetrievalTests()
164162
{
165-
$anonymousRole = \defined('\Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter::PUBLIC_ACCESS') ? AuthenticatedVoter::PUBLIC_ACCESS : AuthenticatedVoter::IS_AUTHENTICATED_ANONYMOUSLY;
163+
$anonymousRoles = [new RoleSecurityIdentity('IS_AUTHENTICATED_ANONYMOUSLY')];
164+
if (\defined('\Symfony\Component\Security\Core\Authorization\Voter\AuthenticatedVoter::PUBLIC_ACCESS')) {
165+
$anonymousRoles[] = new RoleSecurityIdentity(AuthenticatedVoter::PUBLIC_ACCESS);
166+
}
166167

167168
return [
168-
['johannes', ['ROLE_FOO'], 'fullFledged', [
169+
['johannes', ['ROLE_FOO'], 'fullFledged', array_merge([
169170
new UserSecurityIdentity('johannes', 'MyCustomTokenImpl'),
170171
new RoleSecurityIdentity('ROLE_FOO'),
171172
new RoleSecurityIdentity('IS_AUTHENTICATED_FULLY'),
172173
new RoleSecurityIdentity('IS_AUTHENTICATED_REMEMBERED'),
173-
new RoleSecurityIdentity($anonymousRole),
174-
]],
175-
['guest', ['ROLE_FOO'], 'anonymous', [
174+
], $anonymousRoles)],
175+
['guest', ['ROLE_FOO'], 'anonymous', array_merge([
176176
new RoleSecurityIdentity('ROLE_FOO'),
177-
new RoleSecurityIdentity($anonymousRole),
178-
]],
177+
], $anonymousRoles)],
179178
];
180179
}
181180

0 commit comments

Comments
 (0)