Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 82db995

Browse filesBrowse files
fabpotfabpot
committed
feature #35858 [Security] Deprecated ROLE_PREVIOUS_ADMIN (wouterj)
This PR was merged into the 5.1-dev branch. Discussion ---------- [Security] Deprecated ROLE_PREVIOUS_ADMIN | Q | A | ------------- | --- | Branch? | master | Bug fix? | no | New feature? | no | Deprecations? | yes | Tickets | n/a | License | MIT | Doc PR | symfony/symfony-docs#11487 `ROLE_PREVIOUS_ADMIN` is added to the token roles if the session is an impersonation. Since #31189 we have the `IS_IMPERSONATOR` attribute which can be used for the same reason. I propose to deprecate the `ROLE_PREVIOUS_ADMIN`: * This is not what roles are for ([resulting in hacking this exception in `AbstractToken`](https://github.com/symfony/symfony/blob/5.0/src/Symfony/Component/Security/Core/Authentication/Token/AbstractToken.php#L275-L277)) * The role isn't very descriptive * I don't like having 2 ways of doing exactly the same thing * While every application with impersonation enabled probably needs to be updated, the update is as simple as replacing `ROLE_PREVIOUS_ADMIN` with `IS_IMPERSONATOR`: `find ./ -type f -exec sed -i 's/ROLE_PREVIOUS_ADMIN/IS_IMPERSONATOR/g' {} +` --- I'm a bit unsure on how to deprecate this role, but I think having it in `RoleVoter` is probably the safest (`isGranted()` and variants + `AccessDecisionManager#decide()` all use this voter to check if the token has this role). Commits ------- dce55f3 Deprecated ROLE_PREVIOUS_ADMIN
2 parents a4c0bfa + dce55f3 commit 82db995
Copy full SHA for 82db995

File tree

3 files changed

+17
-1
lines changed
Filter options

3 files changed

+17
-1
lines changed

‎src/Symfony/Component/Security/Core/Authorization/Voter/RoleVoter.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authorization/Voter/RoleVoter.php
+4Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -40,6 +40,10 @@ public function vote(TokenInterface $token, $subject, array $attributes)
4040
continue;
4141
}
4242

43+
if ('ROLE_PREVIOUS_ADMIN' === $attribute) {
44+
trigger_deprecation('symfony/security-core', '5.1', 'The ROLE_PREVIOUS_ADMIN role is deprecated and will be removed in version 6.0, use the IS_IMPERSONATOR attribute instead.');
45+
}
46+
4347
$result = VoterInterface::ACCESS_DENIED;
4448
foreach ($roles as $role) {
4549
if ($attribute === $role) {

‎src/Symfony/Component/Security/Core/Tests/Authorization/Voter/RoleVoterTest.php

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Tests/Authorization/Voter/RoleVoterTest.php
+11Lines changed: 11 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -44,6 +44,17 @@ public function getVoteTests()
4444
];
4545
}
4646

47+
/**
48+
* @group legacy
49+
* @expectedDeprecation Since symfony/security-core 5.1: The ROLE_PREVIOUS_ADMIN role is deprecated and will be removed in version 6.0, use the IS_IMPERSONATOR attribute instead.
50+
*/
51+
public function testDeprecatedRolePreviousAdmin()
52+
{
53+
$voter = new RoleVoter();
54+
55+
$voter->vote($this->getTokenWithRoleNames(['ROLE_USER', 'ROLE_PREVIOUS_ADMIN']), null, ['ROLE_PREVIOUS_ADMIN']);
56+
}
57+
4758
protected function getTokenWithRoleNames(array $roles)
4859
{
4960
$token = $this->getMockBuilder(AbstractToken::class)->getMock();

‎src/Symfony/Component/Security/Core/composer.json

Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/composer.json
+2-1Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,8 @@
1818
"require": {
1919
"php": "^7.2.5",
2020
"symfony/event-dispatcher-contracts": "^1.1|^2",
21-
"symfony/service-contracts": "^1.1.6|^2"
21+
"symfony/service-contracts": "^1.1.6|^2",
22+
"symfony/deprecation-contracts": "^2.1"
2223
},
2324
"require-dev": {
2425
"psr/container": "^1.0",

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.