Voter priority in reverse order from lowest to highest #21660
Labels
Comments
|
Could probably use something like the PriorityTaggedServiceTrait, but this can only be done in the master I guess |
|
see #21679 |
fabpot
added a commit
that referenced
this issue
Feb 22, 2017
…(xabbuh) This PR was merged into the 2.7 branch. Discussion ---------- [SecurityBundle] fix priority ordering of security voters | Q | A | ------------- | --- | Branch? | 2.7 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | #21660 | License | MIT | Doc PR | Could be updated in the `3.2` branch to make use of the `PriorityTaggedServiceTrait `. Commits ------- dcd19f3 fix priority ordering of security voters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Although this is poorly documented, I understand that voter services can have a priority.
Relevant commit: 0643dc4
Similar to other DI tags with a priority attribute this was intended to be implemented as follows:
The compiler pass responsible for adding all configured voters is the AddSecurityVoterPass which uses an SplPriorityQueue (max heap) to correctly order the voters one by one.
The priority queue is then converted to an array and passed to the AccessDecissionManager service definition by adding a method call for
setVoters.The problem is that right after the array conversion a ksort is done on the voters array. This actually reverses the prioritization done by SplPriorityQueue!
Result: voters are ordered from lowest to highest priority and are also processed in this order in the different decision strategies.
I think the priority queue was added later as an optimization for setting the prio as the indices of an associative array, but the obsolete call to ksort was never removed.
I double checked other compiler passes using priority attributes:
The text was updated successfully, but these errors were encountered: