diff --git a/src/Kunstmaan/AdminBundle/Helper/Security/Acl/AclHelper.php b/src/Kunstmaan/AdminBundle/Helper/Security/Acl/AclHelper.php index c310fb6b7d..81d5e74484 100644 --- a/src/Kunstmaan/AdminBundle/Helper/Security/Acl/AclHelper.php +++ b/src/Kunstmaan/AdminBundle/Helper/Security/Acl/AclHelper.php @@ -14,7 +14,6 @@ use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Role\RoleHierarchyInterface; -use Symfony\Component\Security\Core\Role\RoleInterface; /** * AclHelper is a helper class to help setting the permissions when querying using ORM @@ -148,17 +147,28 @@ private function getPermittedAclIdsSQLForUser(Query $query) $user = null; if (!is_null($token)) { $user = $token->getUser(); - $userRoles = $this->roleHierarchy->getReachableRoles($token->getRoles()); + if (method_exists($this->roleHierarchy, 'getReachableRoleNames')) { + $userRoles = $this->roleHierarchy->getReachableRoleNames($token->getRoleNames()); + } else { + // Symfony 3.4 compatibility + $userRoles = $this->roleHierarchy->getReachableRoles($token->getRoles()); + } } // Security context does not provide anonymous role automatically. $uR = array('"IS_AUTHENTICATED_ANONYMOUSLY"'); - /* @var $role RoleInterface */ foreach ($userRoles as $role) { // The reason we ignore this is because by default FOSUserBundle adds ROLE_USER for every user - if ($role->getRole() !== 'ROLE_USER') { - $uR[] = '"' . $role->getRole() . '"'; + if (is_string($role)) { + if ($role !== 'ROLE_USER') { + $uR[] = '"' . $role . '"'; + } + } else { + // Symfony 3.4 compatibility + if ($role->getRole() !== 'ROLE_USER') { + $uR[] = '"' . $role->getRole() . '"'; + } } } $uR = array_unique($uR); diff --git a/src/Kunstmaan/AdminBundle/Helper/Security/Acl/AclNativeHelper.php b/src/Kunstmaan/AdminBundle/Helper/Security/Acl/AclNativeHelper.php index 1a90704582..2dcc888625 100644 --- a/src/Kunstmaan/AdminBundle/Helper/Security/Acl/AclNativeHelper.php +++ b/src/Kunstmaan/AdminBundle/Helper/Security/Acl/AclNativeHelper.php @@ -9,7 +9,6 @@ use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Role\RoleHierarchyInterface; -use Symfony\Component\Security\Core\Role\RoleInterface; /** * AclHelper is a helper class to help setting the permissions when querying using native queries @@ -80,17 +79,28 @@ public function apply(QueryBuilder $queryBuilder, PermissionDefinition $permissi $userRoles = array(); if (!is_null($token)) { $user = $token->getUser(); - $userRoles = $this->roleHierarchy->getReachableRoles($token->getRoles()); + if (method_exists($this->roleHierarchy, 'getReachableRoleNames')) { + $userRoles = $this->roleHierarchy->getReachableRoleNames($token->getRoleNames()); + } else { + // Symfony 3.4 compatibility + $userRoles = $this->roleHierarchy->getReachableRoles($token->getRoles()); + } } // Security context does not provide anonymous role automatically. $uR = array('"IS_AUTHENTICATED_ANONYMOUSLY"'); - /* @var $role RoleInterface */ foreach ($userRoles as $role) { // The reason we ignore this is because by default FOSUserBundle adds ROLE_USER for every user - if ($role->getRole() !== 'ROLE_USER') { - $uR[] = '"' . $role->getRole() . '"'; + if (is_string($role)) { + if ($role !== 'ROLE_USER') { + $uR[] = '"' . $role . '"'; + } + } else { + // Symfony 3.4 compatibility + if ($role->getRole() !== 'ROLE_USER') { + $uR[] = '"' . $role->getRole() . '"'; + } } } $uR = array_unique($uR); diff --git a/src/Kunstmaan/AdminBundle/Tests/unit/Helper/Security/Acl/AclHelperTest.php b/src/Kunstmaan/AdminBundle/Tests/unit/Helper/Security/Acl/AclHelperTest.php index 85c27b103c..403316b3c5 100644 --- a/src/Kunstmaan/AdminBundle/Tests/unit/Helper/Security/Acl/AclHelperTest.php +++ b/src/Kunstmaan/AdminBundle/Tests/unit/Helper/Security/Acl/AclHelperTest.php @@ -17,6 +17,7 @@ use Kunstmaan\AdminBundle\Helper\Security\Acl\Permission\MaskBuilder; use Kunstmaan\AdminBundle\Helper\Security\Acl\Permission\PermissionDefinition; use PHPUnit\Framework\TestCase; +use Symfony\Component\HttpKernel\Kernel; use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Role\Role; @@ -134,8 +135,7 @@ protected function setUp() $this->tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface') ->getMock(); - $this->token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface') - ->getMock(); + $this->token = $this->createMock('Symfony\Component\Security\Core\Authentication\Token\AbstractToken'); $this->tokenStorage->expects($this->any()) ->method('getToken') @@ -180,15 +180,14 @@ public function testApply() ->method('getUser') ->will($this->returnValue($user)); - $roles = array(new Role('ROLE_KING')); - $allRoles = array($roles[0], new Role('ROLE_SUBJECT')); + [$rolesMethodName, $roles, $reachableRolesMethodName, $allRoles,] = $this->getRoleMockData(); $this->token->expects($this->once()) - ->method('getRoles') + ->method($rolesMethodName) ->will($this->returnValue($roles)); $this->rh->expects($this->once()) - ->method('getReachableRoles') + ->method($reachableRolesMethodName) ->with($roles) ->will($this->returnValue($allRoles)); @@ -230,16 +229,16 @@ public function testApplyAnonymous() ->method('getRootAliases') ->will($this->returnValue(array('n'))); - $roles = array(); + [$rolesMethodName, $roles, $reachableRolesMethodName, $allRoles,] = $this->getRoleMockData(true); $this->token->expects($this->once()) - ->method('getRoles') + ->method($rolesMethodName) ->will($this->returnValue($roles)); $this->rh->expects($this->once()) - ->method('getReachableRoles') + ->method($reachableRolesMethodName) ->with($roles) - ->will($this->returnValue($roles)); + ->will($this->returnValue($allRoles)); $this->token->expects($this->any()) ->method('getUser') @@ -261,15 +260,14 @@ public function testApplyAnonymous() public function testGetAllowedEntityIds() { - $roles = array(new Role('ROLE_KING')); - $allRoles = array($roles[0], new Role('ROLE_SUBJECT')); + [$rolesMethodName, $roles, $reachableRolesMethodName, $allRoles,] = $this->getRoleMockData(); $this->token->expects($this->once()) - ->method('getRoles') + ->method($rolesMethodName) ->will($this->returnValue($roles)); $this->rh->expects($this->once()) - ->method('getReachableRoles') + ->method($reachableRolesMethodName) ->with($roles) ->will($this->returnValue($allRoles)); @@ -327,4 +325,26 @@ public function testGetTokenStorage() { $this->assertSame($this->tokenStorage, $this->object->getTokenStorage()); } + + private function getRoleMockData($anonymous = false) + { + if (Kernel::VERSION_ID >= 40300) { + $rolesMethodName = 'getRoleNames'; + $reachableRolesMethodName = 'getReachableRoleNames'; + $roles = ['ROLE_KING']; + $allRoles = [$roles[0], 'ROLE_SUBJECT']; + } else { + $rolesMethodName = 'getRoles'; + $reachableRolesMethodName = 'getReachableRoles'; + $roles = $anonymous ? [] : [new Role('ROLE_KING')]; + $allRoles = $anonymous ? [] : [$roles[0], new Role('ROLE_SUBJECT')]; + } + + return [ + $rolesMethodName, + $roles, + $reachableRolesMethodName, + $allRoles, + ]; + } } diff --git a/src/Kunstmaan/AdminBundle/Tests/unit/Helper/Security/Acl/AclNativeHelperTest.php b/src/Kunstmaan/AdminBundle/Tests/unit/Helper/Security/Acl/AclNativeHelperTest.php index 88cc3bd544..87bc7e020e 100644 --- a/src/Kunstmaan/AdminBundle/Tests/unit/Helper/Security/Acl/AclNativeHelperTest.php +++ b/src/Kunstmaan/AdminBundle/Tests/unit/Helper/Security/Acl/AclNativeHelperTest.php @@ -11,6 +11,7 @@ use Kunstmaan\AdminBundle\Helper\Security\Acl\AclNativeHelper; use Kunstmaan\AdminBundle\Helper\Security\Acl\Permission\PermissionDefinition; use PHPUnit\Framework\TestCase; +use Symfony\Component\HttpKernel\Kernel; use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface; use Symfony\Component\Security\Core\Authentication\Token\TokenInterface; use Symfony\Component\Security\Core\Role\Role; @@ -95,7 +96,7 @@ protected function setUp() $this->tokenStorage = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface') ->getMock(); - $this->token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface') + $this->token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\AbstractToken') ->getMock(); $this->tokenStorage->expects($this->any()) @@ -122,15 +123,14 @@ public function testApply() ) ); - $roles = array(new Role('ROLE_KING')); - $allRoles = array($roles[0], new Role('ROLE_SUBJECT')); + [$rolesMethodName, $roles, $reachableRolesMethodName, $allRoles,] = $this->getRoleMockData(); $this->token->expects($this->once()) - ->method('getRoles') + ->method($rolesMethodName) ->will($this->returnValue($roles)); $this->rh->expects($this->once()) - ->method('getReachableRoles') + ->method($reachableRolesMethodName) ->with($roles) ->will($this->returnValue($allRoles)); @@ -170,16 +170,16 @@ public function testApplyAnonymous() ) ); - $roles = array(); + [$rolesMethodName, $roles, $reachableRolesMethodName, $allRoles,] = $this->getRoleMockData(true); $this->token->expects($this->once()) - ->method('getRoles') + ->method($rolesMethodName) ->will($this->returnValue($roles)); $this->rh->expects($this->once()) - ->method('getReachableRoles') + ->method($reachableRolesMethodName) ->with($roles) - ->will($this->returnValue($roles)); + ->will($this->returnValue($allRoles)); $this->token->expects($this->any()) ->method('getUser') @@ -198,4 +198,26 @@ public function testGetTokenStorage() { $this->assertSame($this->tokenStorage, $this->object->getTokenStorage()); } + + private function getRoleMockData($anonymous = false) + { + if (Kernel::VERSION_ID >= 40300) { + $rolesMethodName = 'getRoleNames'; + $reachableRolesMethodName = 'getReachableRoleNames'; + $roles = ['ROLE_KING']; + $allRoles = [$roles[0], 'ROLE_SUBJECT']; + } else { + $rolesMethodName = 'getRoles'; + $reachableRolesMethodName = 'getReachableRoles'; + $roles = $anonymous ? [] : [new Role('ROLE_KING')]; + $allRoles = $anonymous ? [] : [$roles[0], new Role('ROLE_SUBJECT')]; + } + + return [ + $rolesMethodName, + $roles, + $reachableRolesMethodName, + $allRoles, + ]; + } }