New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Added access voters for models in front end #1639
base: 5.x
Are you sure you want to change the base?
Conversation
bf161a0
to
8500688
Compare
not sure if the Psalm issues are related? @bytehead |
It seems this is broken on master as well. |
Additional question: should the voter(s) abstain if the scope is not |
I don't think it's correct for voters to check on request attributes. What should be voted on and what not is defined by the attributes, not any scope. |
@contao/developers any updates on this? |
It‘s marked as up for discussion. |
use Contao\ContentModel; | ||
use Contao\FrontendUser; | ||
|
||
class ContentModelAccessVoter extends AbstractFrontendAccessVoter |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should these voters be renamed or moved into a subnamespace?
So that we don’t get a conflict if we later want to add a backend voter for the content model.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
well the back end does not use models. And the voter votes on the model, regardless of the scope. But you mean it should be a ContentModelFrontendAccessVoter
?
Is the Should we use the authorization checker in the front end controller and in the isVisibleElement method to replace the existing code?
I don’t think so. |
Well yeah, you should register your voter if you want to override the permission. Not sure about BC though.
Maybe that would be a good idea. Then our voter should implement the hook as well but deprecate it? |
I just looked into this, and two questions popped up:
|
Visibility and published state are two different things. A CE can be invisible in a published article, but even visible CEs will never be shown if an article has not been published. |
I think this is RTM now, Unfortunately, we can't completely replace |
services: | ||
_defaults: | ||
autoconfigure: true | ||
autowire: true |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since when do we use autowiring?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
🍿
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I have removed autowiring: true
from the config files in bdaba16. However, as I said before, I think this is stupid, because we still use autowiring by definition of using ServiceSubscriberInterface
to lazy-load the services… 🤷
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why did you add autowire: false
? Just drop the setting entirely.
91a5df3
to
066eb77
Compare
Description ----------- This PR implements several long-discussed improvements we want to have in the Contao routing. ### Features: - [x] Configure URL-prefix (`.html`) per root page instead of the app config - [x] Configure the _prepend locale_ setting per root page instead of the app config - [x] Implement support for custom language prefix (closes contao#862) - [x] Only redirect to the language version of a page if it exists (see contao#1456) - [x] Generate routes for entities (e.g. pass `PageModel` to `$router->generate()` (see contao#831) - [x] Allow for custom page types as controllers (see contao#1160, contao#390) - [x] Allow a page type to have a static URL suffix (e.g. `.xml` instead of `.html` for the XML sitemap). #### Side Features - [ ] ~Do not generate frontend URLs for pages with parameters~ - [ ] ~add alternative to the `Input` class that also tracks unused parameters~ (not sure about this, as the Input is no longer used with routing parameters) - [x] _really_ only create template article for new pages that can have them - [x] do not create article if the new page's layout does not have articles ### Tasks - [ ] write documentation about _legacy routing mode_. - [ ] include support for extended languages (see https://github.com/contao/core-bundle/issues/1579) - [x] the url prefix should be unique for pages with the same dns setting. contao#1516 (comment) ### Follow-Up PRs - [x] Use router to generate SERP widget URL aschempp#3 - [ ] Replace current page types aschempp#4 - [ ] Support news aschempp#5 - [ ] Support calendar events aschempp#6 - [ ] Support other content (faq, etc.) ### Notes about backwards compatibility As discussed at the developer meeting in February 2020, we cannot keep full BC between the new features and the existing routing. The `contao.prepend_locale` and `contao.url_suffix` container configuration as well as the `getPageIdFromUrl` or `getRootPageFromUrl` hooks are conflicting with the new features. We agreed that Contao should fall into a _legacy routing_ mode, where the new features are not available in the root page in that case. **BC Todos:** - [x] Disable root page configuration in legacy routing mode - [x] ~Find a way to keep supporting `contao.routing.url_generator` service~ _only in legacy mode_ ### Related PRs / Dependencies: - [x] contao#1447 - [x] contao#1448 - [x] contao#1458 - [x] contao#1501 - [x] contao#1503 - [x] contao#1506 - [x] contao#1518 - [x] contao#1533 - [x] contao#1182 - [x] ~~contao#1639 - [x] contao#1640 - [x] contao#1650 - [x] contao#1652 - [x] contao#1864 - [x] contao#1869 - [x] contao#1896 Commits ------- 21a9efe Use page language instead of _locale parameter for $_GET['language'] c2ba2d1 Add languagePrefix and urlSuffix fields to tl_page d3abce3 Deprecate the bundle config but override the page config if set 78dfc42 Fix alias rendering in PageTree b8616b0 Rewrite the language filter to use the page properties ec3969d Add legacy routing check to ContaoFramework class 4f26e73 Added separate class to generate URL candidates 29bd111 Add languagePrefix and urlSuffix to PageModel with BC layer 510da35 Update RouteProvider to use candidates based on root page 02eca55 Add redirect routes if page is requested without languagePrefix 62f3656 Update routing functional tests c1f2f93 Added migration for tl_page fields 39d987b Set config values from current request 5b03a6c Correctly generate root and fallback routes with languagePrefix db9768f Check for ID/alias duplicate with new page parameters 83fc289 Use pageModel from request or trigger exception in deprecated methods without legacy mode 01b9c97 Update Route404Provider to use languagePrefix from PageModel 0d3f58b Fixed service arguments for LegacyRoutingListener bc02925 Added duplicates validation for alias, languagePrefix and urlSuffix 95c7042 Correctly migrate the legacy routing configuration 192fff1 CS and test fixes aa09e96 Switch page type and alias field position 11638ac Add route name and object to the attributes 139b19c Add custom route object for PageModel 223182e Content resolvers convert content to a route object 168c218 Let the page model tell if useAutoItem is enabled 8158ad2 Use service tagging to add router enhancers bda2a16 CS 44a5a43 Let the router generate page URLs b7bd00b Use the DynamicRouter from CMF Routing Bundle a8dcc22 Rename the ContentResolverInterface to ContentUrlResolverInterface 692742d Introducing page providers 190a38b Make PageRoute more flexible 5375860 Always render regular page for unknown types 4a27948 Added autoconfiguration for contao.page_provider 1b3bf76 Added RootPageProvider which provides the default url suffixes 0e559fc Generate page type options from providers c03f503 Added ContentCompositionListener to correctly show or hide article features 8b27f64 Added BC layer for UrlGenerator and other legacy routing 2c0115f Enable legacy routing by container configuration and throw exception if hooks require it a9f09bc Add legacy routing information to the data collector 156ef52 Trigger deprecation warnings if the Symfony routing is not used 928de08 Always show list of legacy routing hooks in profiler 079370f Rename languagePrefix to urlPrefix a015340 Include the previous exception on re-throw ca7ea33 Fix spelling in method name f384d55 Use ::class in exception message 1fc7bfd ContentUrlResolvers must always return a route f9cfbe8 Decorate the Candidates to implement legacy behavior dea83be Add an additional router for the legacy routes in legacy mode 41ab6c6 Adjust routing to string route name see symfony-cmf/Routing#250 1d7968c Fix remaining objects passed to Router::generate() 10b1b3e Add some deprecation notices and annotations 815e1c0 Fixed argument order in exception message 8fdbdf9 Use anonymous services for legacy routing ba67633 Merge remote-tracking branch 'upstream/master' into feature/routing # Conflicts: # core-bundle/src/Framework/ContaoFramework.php # core-bundle/src/Resources/config/services.yml # core-bundle/src/Resources/contao/dca/tl_article.php # core-bundle/src/Resources/contao/dca/tl_page.php # core-bundle/src/Resources/contao/library/Contao/Template.php # core-bundle/src/Resources/contao/themes/flexible/main.min.css # core-bundle/tests/Routing/Enhancer/InputEnhancerTest.php # core-bundle/tests/Routing/Route404ProviderTest.php 50ba4cd Fix incorrect service name fc680b7 Fix unit tests for ContaoCoreExtension 534ccdd Fix some tests e0118c4 The contao.routing.url_generator is only available in legacy mode f6f1d19 Fix remaining unit tests 87c121a CS f7ae7a9 Trigger route error only when used 6ba5f7a Added 100% test coverage for ContentCompositionListener 74f8c7c Added missing unit tests 22394dd Merge remote-tracking branch 'upstream/master' into feature/routing # Conflicts: # core-bundle/src/Resources/contao/dca/tl_page.php # core-bundle/tests/DependencyInjection/ContaoCoreExtensionTest.php # core-bundle/tests/Functional/RoutingTest.php 325b114 Fixed ContaoCoreExtensionTest 5627ec3 CS 888ec70 Merge remote-tracking branch 'upstream/master' into feature/routing # Conflicts: # core-bundle/tests/Asset/ContaoContextTest.php 701cd59 CS 0be7232 Always insert the new article into an available layout column cbd42ac Expect deprecations afc706a CS 577f1fa CS c719b1c CS e51d432 Move classes to new namespace 5b30edd Refactor with PageRouteFactory edd253e Added PageRegistry de480f2 CS and tests 629300e Added concept of path parameters bb76ae6 Fixed service name 793b3d5 Providing URL suffixes without custom routes does not make sense 4692bcc PageModel is not optional 502276a Make the RouteFactory more generic f11ab17 Merge remote-tracking branch 'upstream/master' into feature/routing # Conflicts: # core-bundle/src/Framework/ContaoFramework.php 4dd724a Tests 6288646 Fixed failing test if there are no url suffixes ae90ba6 Logger is optional d696ed9 Logger is optional 0262068 phpstan 613c39e phpstan 2afd655 phpstan & tests 37c4dda phpstan & tests c337e1b phpstan & tests 5b78fa6 Merge remote-tracking branch 'upstream/master' into feature/routing 8342fa0 psalm & tests edb1e52 yamllint 194f942 Do not use warning color if legacy routing is disabled 5a1b41a Reuse class name variable c422a02 Register interfaces for autoconfiguration c93b1e6 Drop unnecessary tags with autoconfigure 4328f77 Correctly purge search index b5d4be1 Use PathUtil to check if hook is in vendor dir ece1376 Throw correct exception if route is not supported c60854c Merge remote-tracking branch 'upstream/master' into feature/routing f4ca10f Use the security voter to check article permissions 61bccf7 Tests 04f50f1 Tests c4b004b Rename page controllers a806b39 Use subscribed services 289cc0b URL must include prefix and suffix when generating candidates 2e507a4 CS a63f337 Rewrite candidates d023ee3 Merge remote-tracking branch 'upstream/master' into feature/routing # Conflicts: # core-bundle/src/Resources/contao/library/Contao/Controller.php e46b79a Fixed return type 82fbcc4 Code review 491c83b Code review 681dafd Check if the URL prefix is duplicated in another root page 2fa6eee Merge remote-tracking branch 'upstream/master' into feature/routing bfab096 Fix the coding style c1cca71 Merge branch 'master' into feature/routing f3cbd68 Fix the unit tests 63188d6 Fix the phpDoc types 92ea072 Adjust the deprecation messages 35e4d71 Fix a non-optimal if condition 7ba51e7 Fix some minor issues fba7c23 Adjust the "this setting has been disabled" warning a1d0532 Review from @dmolineus a972f8d Review from @leofeyer 164291b Fixed Route404Provider tests 0dea19a Use permission constants 5c72385 Remove invalid model methods 444c736 Use callback instead of listener method for help icon 6ef2654 Fix the coding style d9a259a Fix a wrong trans-unit ID 351c32f Replace "@var Adapter" with something the IDE and PhpStan understand ab6cb7e Correctly generate the index route b01b059 Correctly match a request with url prefix if there is no index page c089b6d Merge remote-tracking branch 'upstream/master' into feature/routing # Conflicts: # core-bundle/src/ContaoCoreBundle.php # core-bundle/src/Resources/contao/dca/tl_page.php # core-bundle/src/Resources/contao/models/PageModel.php # core-bundle/src/Routing/RouteProvider.php # core-bundle/tests/ContaoCoreBundleTest.php c338e4a CS 7763b81 Fix the CI chain 5db0afe Drop the parameters field a4aba62 Allow to define content composition in the service tag/annotation 31d34ec Get URL prefix and suffix from the page registry ea8f57b Rename the PageRouteEnhancerInterface 2e373e4 Update RootController, no longer needs additional interfaces b895744 Allow relative or absolute path for page controllers 3295ed8 CS 524c5e6 Fix tests 5850c24 CS 961ffcd Use $this->createResult() instead of new MigrationResult() 1f70bdb Implemented feedback from @Toflar ded7d5c Correctly validate the URL suffix 64b388e Correctly support absolute URLs with empty prefix f7fda16 CS
Now that we have a voter concept, shall we discuss this again? |
no I don't think so at the moment. We should first add the permission checks to the backend that @Toflar is working on. |
The
PageAccessVoter
behaves the same as the front end controller.The
ContentModelAccessVoter
andModuleModelAccessVoter
return the same result asContao\Controller::isVisibleElement
.