allow absence of token for sf authentication manager

src/Security/ResourceAccessChecker.php

@@ -48,14 +48,20 @@ public function isGranted(string $resourceClass, string $expression, array $extr
         if (null === $this->tokenStorage || null === $this->authenticationTrustResolver) {
             throw new \LogicException('The "symfony/security" library must be installed to use the "security" attribute.');
         }
-        if (null === $token = $this->tokenStorage->getToken()) {
-            throw new \LogicException('The current token must be set to use the "security" attribute (is the URL behind a firewall?).');
-        }
         if (null === $this->expressionLanguage) {
-            throw new \LogicException('The "symfony/expression-language" library must be installed to use the "security".');
+            throw new \LogicException('The "symfony/expression-language" library must be installed to use the "security" attribute.');
+        }
+
+        $variables = array_merge($extraVariables, [
+            'trust_resolver' => $this->authenticationTrustResolver,
+            'auth_checker' => $this->authorizationChecker, // needed for the is_granted expression function
+        ]);
+
+        if ($token = $this->tokenStorage->getToken()) {
+            $variables = array_merge($variables, $this->getVariables($token));
         }
 
-        return (bool) $this->expressionLanguage->evaluate($expression, array_merge($extraVariables, $this->getVariables($token)));
+        return (bool) $this->expressionLanguage->evaluate($expression, $variables);
     }
 
     /**
@@ -69,9 +75,6 @@ private function getVariables(TokenInterface $token): array
             'token' => $token,
             'user' => $token->getUser(),
             'roles' => $this->getEffectiveRoles($token),
-            'trust_resolver' => $this->authenticationTrustResolver,
-            // needed for the is_granted expression function
-            'auth_checker' => $this->authorizationChecker,
         ];
     }
 

tests/Security/ResourceAccessCheckerTest.php

@@ -76,7 +76,7 @@ public function testSecurityComponentNotAvailable()
     public function testExpressionLanguageNotInstalled()
     {
         $this->expectException(\LogicException::class);
-        $this->expectExceptionMessage('The "symfony/expression-language" library must be installed to use the "security".');
+        $this->expectExceptionMessage('The "symfony/expression-language" library must be installed to use the "security" attribute.');
 
         $authenticationTrustResolverProphecy = $this->prophesize(AuthenticationTrustResolverInterface::class);
         $tokenStorageProphecy = $this->prophesize(TokenStorageInterface::class);
@@ -85,16 +85,4 @@ public function testExpressionLanguageNotInstalled()
         $checker = new ResourceAccessChecker(null, $authenticationTrustResolverProphecy->reveal(), null, $tokenStorageProphecy->reveal());
         $checker->isGranted(Dummy::class, 'is_granted("ROLE_ADMIN")');
     }
-
-    public function testNotBehindAFirewall()
-    {
-        $this->expectException(\LogicException::class);
-        $this->expectExceptionMessage('The current token must be set to use the "security" attribute (is the URL behind a firewall?).');
-
-        $authenticationTrustResolverProphecy = $this->prophesize(AuthenticationTrustResolverInterface::class);
-        $tokenStorageProphecy = $this->prophesize(TokenStorageInterface::class);
-
-        $checker = new ResourceAccessChecker(null, $authenticationTrustResolverProphecy->reveal(), null, $tokenStorageProphecy->reveal());
-        $checker->isGranted(Dummy::class, 'is_granted("ROLE_ADMIN")');
-    }
 }