Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

#21571 Comparing roles to detected that users has changed #31177

Open
wants to merge 5 commits into
base: 3.4
from

Conversation

Projects
None yet
6 participants
@oleg-andreyev
Copy link
Contributor

commented Apr 18, 2019

Q A
Branch? 3.4
Bug fix? yes
New feature? no
BC breaks? no
Deprecations? no
Tests pass? yes
License MIT
Fixed tickets #21571 (comment)
Docs symfony/symfony-docs#11457

Case 1:
User A has roles foo, bar and admin, User A is signed-in into application and token is persisted, later another User B with role admin, decided to restrict role admin for User A, so User A won't lose it's privileges until session is expired or logout, because token is persisted with roles and authenticated=true and roles are not compared.

Ref. to the previous attempt: #27121

@nicolas-grekas nicolas-grekas added this to the 3.4 milestone Apr 19, 2019

@fabpot

This comment has been minimized.

Copy link
Member

commented May 15, 2019

This looks like a new feature to me, I would target master.

return $role->getRole();
}
return (string) $role;

This comment has been minimized.

Copy link
@xabbuh

xabbuh May 15, 2019

Member

the string cast here is not necessary

*/
private function castRole($role)
{
if ($role instanceof Role) {

This comment has been minimized.

Copy link
@xabbuh

xabbuh May 15, 2019

Member

What about other RoleInterface implementations?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.