All geek questions in one place

Symfony2 how to disable default selector?

I have five user voters in my application and a consensus strategy.

Sometimes my voters do not work properly, and after debugging, I found the reason.

The standard Symfony RoleHierarchyVoter always returns "1", so the sum of the results " provided" is equal to the sum of the results deny . So, I need to disable this selector because I do not use RoleHierarchy.

1) How to disable Voter in config?

2) Is there another solution for this problem?

Thanks for the help!

UPDATED.

So, I created my own RoleHierarchyVoter, which always returns false. This voter replaces the standard Voter, but I'm not sure if this solution is the true way. Maybe any other solutions?

+5
source share
2 answers

So, I have currently solved the problem by creating my own RoleHierarchyVoter , which always returns false .

It is currently not possible to delete the definition of the standard RoleHierarchyVoter, because it is registered with the priority TYPE_BEFORE_OPTIMIZATION and executed before my own compiler.

Btw, you can find the following lines in SecurityBundle / DependencyInjection / SecurityExtension.php :

private function createRoleHierarchy($config, ContainerBuilder $container) { if (!isset($config['role_hierarchy'])) { $container->removeDefinition('security.access.role_hierarchy_voter'); return; } $container->setParameter('security.role_hierarchy.roles', $config['role_hierarchy']); $container->removeDefinition('security.access.simple_role_voter'); }

Even when I set role_hierarchy: ~ , isset($config['role_hierarchy'] will return true.

This problem appeared as an error https://github.com/symfony/symfony/issues/16358

+2
source

The RoleVoter documentation says:

 RoleVoter votes if any attribute starts with a given prefix.

Default prefix RoleVoter will check ROLE_ , passed as the default parameter value to constuctor. They are necessary because the voter must check the current registered user.

Make sure your own voters implement VoterInterface , and also check the voter implementation of YourVoter::supportsClass . The FQN of the element from which you want to know the user has access to it, should be checked there. Then the following configuration should be sufficient:

 app.security.download_voter: class: AppBundle\Security\Voter\DownloadVoter public: false tags: - { name: security.voter }

So:

1) You should not disconnect this voter, because all other voters rely on the RoleHierarchy , which this voter creates for the current user when voting takes place.

2) For a better understanding of Voter you can let the DIC enter logger into Voter and add additional information to the profiler. Thus, your own voters are no longer a black box.

0
source

Source: https://habr.com/ru/post/1234529/

More articles:


All Articles