Added IS_ANONYMOUS, IS_REMEMBERED, IS_IMPERSONATOR

symfony · Feb 22, 2020 · 6c522a7 · 6c522a7
1 parent f01bbc7
commit 6c522a7
Show file tree

Hide file tree

Showing 3 changed files with 32 additions and 1 deletion.
diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md
@@ -5,6 +5,7 @@ CHANGELOG
 -----
 
  * Added access decision strategy to override access decisions by voter service priority
+ * Added `IS_ANONYMOUS`, `IS_REMEMBERED`, `IS_IMPERSONATOR`
 
 5.0.0
 -----

diff --git a/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php b/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php
@@ -12,6 +12,7 @@
 namespace Symfony\Component\Security\Core\Authorization\Voter;
 
 use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
+use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 
 /**
@@ -28,6 +29,9 @@ class AuthenticatedVoter implements VoterInterface
     const IS_AUTHENTICATED_FULLY = 'IS_AUTHENTICATED_FULLY';
     const IS_AUTHENTICATED_REMEMBERED = 'IS_AUTHENTICATED_REMEMBERED';
     const IS_AUTHENTICATED_ANONYMOUSLY = 'IS_AUTHENTICATED_ANONYMOUSLY';
+    const IS_ANONYMOUS = 'IS_ANONYMOUS';
+    const IS_IMPERSONATOR = 'IS_IMPERSONATOR';
+    const IS_REMEMBERED = 'IS_REMEMBERED';
 
     private $authenticationTrustResolver;
 
@@ -45,7 +49,10 @@ public function vote(TokenInterface $token, $subject, array $attributes)
         foreach ($attributes as $attribute) {
             if (null === $attribute || (self::IS_AUTHENTICATED_FULLY !== $attribute
                     && self::IS_AUTHENTICATED_REMEMBERED !== $attribute
-                    && self::IS_AUTHENTICATED_ANONYMOUSLY !== $attribute)) {
+                    && self::IS_AUTHENTICATED_ANONYMOUSLY !== $attribute
+                    && self::IS_ANONYMOUS !== $attribute
+                    && self::IS_IMPERSONATOR !== $attribute
+                    && self::IS_REMEMBERED !== $attribute)) {
                 continue;
             }
 
@@ -68,6 +75,18 @@ public function vote(TokenInterface $token, $subject, array $attributes)
                     || $this->authenticationTrustResolver->isFullFledged($token))) {
                 return VoterInterface::ACCESS_GRANTED;
             }
+
+            if (self::IS_REMEMBERED === $attribute && $this->authenticationTrustResolver->isRememberMe($token)) {
+                return VoterInterface::ACCESS_GRANTED;
+            }
+
+            if (self::IS_ANONYMOUS === $attribute && $this->authenticationTrustResolver->isAnonymous($token)) {
+                return VoterInterface::ACCESS_GRANTED;
+            }
+
+            if (self::IS_IMPERSONATOR === $attribute && $token instanceof SwitchUserToken) {
+                return VoterInterface::ACCESS_GRANTED;
+            }
         }
 
         return $result;

diff --git a/src/Symfony/Component/Security/Core/Tests/Authorization/Voter/AuthenticatedVoterTest.php b/src/Symfony/Component/Security/Core/Tests/Authorization/Voter/AuthenticatedVoterTest.php
@@ -49,6 +49,15 @@ public function getVoteTests()
             ['fully', ['IS_AUTHENTICATED_FULLY'], VoterInterface::ACCESS_GRANTED],
             ['remembered', ['IS_AUTHENTICATED_FULLY'], VoterInterface::ACCESS_DENIED],
             ['anonymously', ['IS_AUTHENTICATED_FULLY'], VoterInterface::ACCESS_DENIED],
+
+            ['fully', ['IS_ANONYMOUS'], VoterInterface::ACCESS_DENIED],
+            ['remembered', ['IS_ANONYMOUS'], VoterInterface::ACCESS_DENIED],
+            ['anonymously', ['IS_ANONYMOUS'], VoterInterface::ACCESS_GRANTED],
+
+            ['fully', ['IS_IMPERSONATOR'], VoterInterface::ACCESS_DENIED],
+            ['remembered', ['IS_IMPERSONATOR'], VoterInterface::ACCESS_DENIED],
+            ['anonymously', ['IS_IMPERSONATOR'], VoterInterface::ACCESS_DENIED],
+            ['impersonated', ['IS_IMPERSONATOR'], VoterInterface::ACCESS_GRANTED],
         ];
     }
 
@@ -58,6 +67,8 @@ protected function getToken($authenticated)
             return $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock();
         } elseif ('remembered' === $authenticated) {
             return $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\RememberMeToken')->setMethods(['setPersistent'])->disableOriginalConstructor()->getMock();
+        } elseif ('impersonated' === $authenticated) {
+            return $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken')->disableOriginalConstructor()->getMock();
         } else {
             return $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\AnonymousToken')->setConstructorArgs(['', ''])->getMock();
         }