Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

#21571 Comparing roles to detected that users has changed #31177

wants to merge 5 commits into
base: 3.4


None yet
6 participants
Copy link

commented Apr 18, 2019

Branch? 3.4
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
License MIT
Fixed tickets #21571 (comment)
Docs symfony/symfony-docs#11457

Case 1:
User A has roles foo, bar and admin, User A is signed-in into application and token is persisted, later another User B with role admin, decided to restrict role admin for User A, so User A won't lose it's privileges until session is expired or logout, because token is persisted with roles and authenticated=true and roles are not compared.

Ref. to the previous attempt: #27121

@nicolas-grekas nicolas-grekas added this to the 3.4 milestone Apr 19, 2019


This comment has been minimized.

Copy link

commented May 15, 2019

This looks like a new feature to me, I would target master.

return $role->getRole();
return (string) $role;

This comment has been minimized.

Copy link

xabbuh May 15, 2019


the string cast here is not necessary

private function castRole($role)
if ($role instanceof Role) {

This comment has been minimized.

Copy link

xabbuh May 15, 2019


What about other RoleInterface implementations?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.