Description
Q | A |
---|---|
Bug report? | no |
Feature request? | no |
BC Break report? | no |
RFC? | yes |
Symfony version | all |
Hello.
In different places place of Symfony, we can configure things with an expression. Some exemples:
- In the security component (and related): https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Security/Core/Authorization/ExpressionLanguageProvider.php and https://github.com/sensiolabs/SensioFrameworkExtraBundle/blob/master/EventListener/SecurityListener.php
- To Block a transition in the Workflow: https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Workflow/EventListener/ExpressionLanguage.php
- And some other parts of the framworks
Yesterday I was working on #23499 and #23906 And I think we have an issue with the current implementation of the expression in the workflow component (and also with other component).
With theses 2 PR if someone wants to use only is_valid
and if the security is not enable of if the user is not connected he will get an exception: https://github.com/symfony/symfony/pull/23906/files#diff-7e071774bef81a2a6e1b4e5d81d8ace8R59 ; That's not cool.
I guess we can fix this by moving this check right here
But still, I'm not really happy with that.
The EL has two modes: a runtime and a compiled mode. But now I fail to see how someone could use the compiled mode with the current implementation (in the workflow, but also with the @Security
annotation).
So, we do have checks for the runtime mode but not for the compiled mode (just above). So here it can lead to a fatal error.
So if it's not possible at all to use the compiled in theses uses case, why don't we use propose injection in classes like https://github.com/symfony/symfony/blob/master/src/Symfony/Component/Workflow/EventListener/ExpressionLanguage.php or https://github.com/sensiolabs/SensioFrameworkExtraBundle/blob/master/Security/ExpressionLanguage.php insteand of relying of the presence or not of a special var? Obviously That would made the compiled mode unable to work.
Note: I did not check for the integration between the EL and the Router or the DIC. But I guess thing are optimized there (or it could be)
Note2: In Blackfire there are place where you can configure some expression and when I implemented this feature I did not used the pattern used in Symfony. I disabled the compiled mode and I used propre inject in the ExpressionLanguage class (or FunctionProvider, it's the same things). It was really simpler and flexible.
I would like to use propre injection in the workflow component, and if it's applicable also in other component.
What do you think ?