Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Symfony62] Replace Sensio Security #393

Open
wkania opened this issue Apr 18, 2023 · 5 comments
Open

[Symfony62] Replace Sensio Security #393

wkania opened this issue Apr 18, 2023 · 5 comments

Comments

@wkania
Copy link
Contributor

wkania commented Apr 18, 2023

sensio-framework-extra-bundle is abandoned.
Some attributes have been implemented in Symfony 6.2 and Rector can already refactor code for them.
But, Security attribute will not be implemented in Symfony.
From what I know about Rector we can't currently make change from:

use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;

class PostController extends Controller
{
    #[Security("is_granted('ROLE_ADMIN') and is_granted('ROLE_FRIENDLY_USER')")]
    public function index()
    {
    }
}

to:

use Symfony\Component\ExpressionLanguage\Expression;
use Symfony\Component\Security\Http\Attribute\IsGranted;

class PostController extends Controller
{
    #[IsGranted(new Expression("is_granted('ROLE_ADMIN') and is_granted('ROLE_FRIENDLY_USER')"))]
    public function index()
    {
    }
}

This require a new rule, something custom like this?

@TomasVotruba
Copy link
Member

Yes, this will need a custom rule, to handle the expressions.

@wkania
Copy link
Contributor Author

wkania commented Apr 19, 2023

It will be more complex :(
When there is a second optional argument:

#[Security("is_granted('ROLE_FRIENDLY_USER', author'])")]
public function showAction(User $author): Response
#[IsGranted(attribute: new Expression("is_granted('ROLE_FRIENDLY_USER', subject['author'])"), subject: ['author'])]
public function showAction(User $author): Response

@johanadivare
Copy link
Contributor

Well its good to have these 2 cases in testfixure

@pepeh
Copy link

pepeh commented Oct 24, 2023

@wkania
Why not replace

#[Security("is_granted('ROLE_FRIENDLY_USER', author'])")]
public function showAction(User $author): Response

with

#[IsGranted('ROLE_FRIENDLY_USER', 'author')]
public function showAction(User $author): Response

@wkania
Copy link
Contributor Author

wkania commented Nov 10, 2023

@pepeh
Yes, you are right. My example was to simple.
In my opinion, these are the valid cases and probably many more:

-------------------
#[Security("is_granted('ROLE_ADMIN')")]
#[IsGranted('ROLE_ADMIN')]

-------------------
#[Security("is_granted('ASSET_EDIT', asset)")]
#[IsGranted('ASSET_EDIT', 'asset')]

-------------------
#[Security("is_granted('ORGANIZATION_VIEW', team.getOrganization())")]
#[IsGranted(attribute: new Expression("is_granted('ORGANIZATION_VIEW', subject['team'].getOrganization())"), subject: ['team'])]
// or
#[IsGranted('ORGANIZATION_VIEW', subject: new Expression('args["team"].getOrganization()'))]

// This will throw exception
#[IsGranted('ORGANIZATION_VIEW', 'team.getOrganization')]
Error: Could not find the subject "team.getOrganization" for the #[IsGranted] attribute. Try adding a "$team.getOrganization" argument to your controller method.

-------------------
#[Security("is_granted('ROLE_ADMIN') or type == 'new'")]
#[IsGranted(attribute: new Expression("is_granted('ROLE_ADMIN') or subject['type'] == 'new'"), subject: ['type'])]

-------------------
#[Security("is_granted('ROLE_ADMIN') or asset.getOrganization() == user.getOrganization()")]
#[IsGranted(attribute: new Expression("is_granted('ROLE_ADMIN') or subject['asset'].getOrganization() == user.getOrganization()"), subject: ['asset'])]
// user is one of the special variables

Rector could skip everything with "dot", "or" and "and". Those cases are probably to complex to be refactored automatically or with easy set of conditions.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

4 participants