Hi,
The Symfony\Component\Security\Core\Authorization\AccessDecisionManager
class has 3 functions for the different types of decision making in the
security voting "chain": affirmative, consensus and unanimous.
The decideUnamimous() function has a different approach how it's
implemented.
Example (overhead code removed for readability, difference marked with
bold):
private function decideUnanimous(TokenInterface $token, array
$attributes, $object = null)
{
* foreach ($attributes as $attribute) {*
foreach ($this->voters as $voter) {
$result = $voter->vote($token, $object, *array($attribute)*
);
vs.
private function decideConsensus(TokenInterface $token, array
$attributes, $object = null)
{
foreach ($this->voters as $voter) {
$result = $voter->vote($token, $object, *$attributes*);
I'm banging my head to the wall because I can't figure out why the 2
methods should work different. If you are using decideUnanimous you can
call it like this:
$securityContext->isGranted(array('VIEW', 'CREATE'), $myObject);
and for the other functions you need to call isGranted twice.
In my application I need to pass extra parameters to the voter and I wanted
to use the attributes array for the extra volatile information, but the
application broke when I switched to unanimous decision making.
Is it on purpose that the attributes array is handled differently
throughout the 3 deciders?
I want to avoid the push a serialized array in the voter and unserialize it
in there ;-)
Regards,
John
--
--
If you want to report a vulnerability issue on Symfony, please read the
procedure on http://symfony.com/security
You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to [email protected]
To unsubscribe from this group, send email to
[email protected]
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en
