From 2b6ce01a98a350b1f9dd1d3c9effda1fd1d26f08 Mon Sep 17 00:00:00 2001
From: Christian Flothmann <christian.flothmann@sensiolabs.de>
Date: Wed, 25 Sep 2019 10:10:24 +0200
Subject: [PATCH] remove deprecated code paths

---
 src/Symfony/Component/Security/CHANGELOG.md     | 17 +++++++++++++++++
 .../Authorization/AccessDecisionManager.php     |  3 ++-
 .../Core/Authorization/AuthorizationChecker.php |  9 ++++-----
 3 files changed, 23 insertions(+), 6 deletions(-)

diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md
index 7bc12b289e4b..cfbca18f6275 100644
--- a/src/Symfony/Component/Security/CHANGELOG.md
+++ b/src/Symfony/Component/Security/CHANGELOG.md
@@ -4,6 +4,23 @@ CHANGELOG
 5.0.0
 -----
 
+ * Dropped support for passing more than one attribute to `AccessDecisionManager::decide()` and `AuthorizationChecker::isGranted()` (and indirectly the `is_granted()` Twig and ExpressionLanguage function):
+
+   **Before**
+   ```php
+   if ($this->authorizationChecker->isGranted(['ROLE_USER', 'ROLE_ADMIN'])) {
+       // ...
+   }
+   ```
+
+   **After**
+   ```php
+   if ($this->authorizationChecker->isGranted(new Expression("has_role('ROLE_USER') or has_role('ROLE_ADMIN')"))) {}
+   // or:
+   if ($this->authorizationChecker->isGranted('ROLE_USER')
+      || $this->authorizationChecker->isGranted('ROLE_ADMIN')
+   ) {}
+   ```
  * Implementations of `Guard\AuthenticatorInterface::checkCredentials()` must return
    a boolean value now. Please explicitly return `false` to indicate invalid credentials.
  * The `LdapUserProvider` class has been removed, use `Symfony\Component\Ldap\Security\LdapUserProvider` instead.
diff --git a/src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php b/src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php
index cb113220e6b0..f4c567432caf 100644
--- a/src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php
+++ b/src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php
@@ -13,6 +13,7 @@
 
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
+use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 
 /**
  * AccessDecisionManager is the base class for all access decision managers
@@ -58,7 +59,7 @@ public function __construct(iterable $voters = [], string $strategy = self::STRA
     public function decide(TokenInterface $token, array $attributes, $object = null)
     {
         if (\count($attributes) > 1) {
-            @trigger_error('Passing more than one Security attribute to '.__METHOD__.' is deprecated since Symfony 4.4. Use multiple decide() calls or the expression language (e.g. "has_role(...) or has_role(...)") instead.', \E_USER_DEPRECATED);
+            throw new InvalidArgumentException(sprintf('Passing more than one Security attribute to %s() is not supported.', __METHOD__));
         }
 
         return $this->{$this->strategy}($token, $attributes, $object);
diff --git a/src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php b/src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php
index 41a2077694b7..871bcce61164 100644
--- a/src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php
+++ b/src/Symfony/Component/Security/Core/Authorization/AuthorizationChecker.php
@@ -14,6 +14,7 @@
 use Symfony\Component\Security\Core\Authentication\AuthenticationManagerInterface;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
+use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 
 /**
  * AuthorizationChecker is the main authorization point of the Security component.
@@ -53,12 +54,10 @@ final public function isGranted($attributes, $subject = null): bool
             $this->tokenStorage->setToken($token = $this->authenticationManager->authenticate($token));
         }
 
-        if (!\is_array($attributes)) {
-            $attributes = [$attributes];
-        } else {
-            @trigger_error('Passing an array of Security attributes to '.__METHOD__.' is deprecated since Symfony 4.4. Use multiple isGranted() calls or the expression language (e.g. "has_role(...) or has_role(...)") instead.', \E_USER_DEPRECATED);
+        if (\is_array($attributes)) {
+            throw new InvalidArgumentException(sprintf('Passing an array of Security attributes to %s() is not supported.', __METHOD__));
         }
 
-        return $this->accessDecisionManager->decide($token, $attributes, $subject);
+        return $this->accessDecisionManager->decide($token, (array) $attributes, $subject);
     }
 }