bug symfony#28793 [SecurityBundle] do not override custom access decision configs (xabbuh)

fabpot · fabpot · commit 60f6e918c79a · 2018-10-10T02:22:49.000-07:00
This PR was merged into the 3.4 branch. Discussion ---------- [SecurityBundle] do not override custom access decision configs | Q | A | ------------- | --- | Branch? | 3.4 | Bug fix? | yes | New feature? | no | BC breaks? | no | Deprecations? | no | Tests pass? | yes | Fixed tickets | symfony#28766 | License | MIT | Doc PR | Commits ------- 7743146 do not override custom access decision configs
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/MainConfiguration.php
@@ -66,9 +66,7 @@ public function getConfigTreeBuilder()
                     return false;
                 })
                 ->then(function ($v) {
-                    $v['access_decision_manager'] = array(
-                        'strategy' => AccessDecisionManager::STRATEGY_AFFIRMATIVE,
-                    );
+                    $v['access_decision_manager']['strategy'] = AccessDecisionManager::STRATEGY_AFFIRMATIVE;
 
                     return $v;
                 })
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/CompleteConfigurationTest.php
@@ -555,11 +555,22 @@ public function testCustomAccessDecisionManagerService()
 
     /**
      * @expectedException \Symfony\Component\Config\Definition\Exception\InvalidConfigurationException
-     * @expectedExceptionMessage "strategy" and "service" cannot be used together.
+     * @expectedExceptionMessage Invalid configuration for path "security.access_decision_manager": "strategy" and "service" cannot be used together.
      */
     public function testAccessDecisionManagerServiceAndStrategyCannotBeUsedAtTheSameTime()
     {
-        $container = $this->getContainer('access_decision_manager_service_and_strategy');
+        $this->getContainer('access_decision_manager_service_and_strategy');
+    }
+
+    public function testAccessDecisionManagerOptionsAreNotOverriddenByImplicitStrategy()
+    {
+        $container = $this->getContainer('access_decision_manager_customized_config');
+
+        $accessDecisionManagerDefinition = $container->getDefinition('security.access.decision_manager');
+
+        $this->assertSame(AccessDecisionManager::STRATEGY_AFFIRMATIVE, $accessDecisionManagerDefinition->getArgument(1));
+        $this->assertTrue($accessDecisionManagerDefinition->getArgument(2));
+        $this->assertFalse($accessDecisionManagerDefinition->getArgument(3));
     }
 
     /**
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_customized_config.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/php/access_decision_manager_customized_config.php
@@ -0,0 +1,20 @@
+<?php
+
+$container->loadFromExtension('security', array(
+    'access_decision_manager' => array(
+        'allow_if_all_abstain' => true,
+        'allow_if_equal_granted_denied' => false,
+    ),
+    'providers' => array(
+        'default' => array(
+            'memory' => array(
+                'users' => array(
+                    'foo' => array('password' => 'foo', 'roles' => 'ROLE_USER'),
+                ),
+            ),
+        ),
+    ),
+    'firewalls' => array(
+        'simple' => array('pattern' => '/login', 'security' => false),
+    ),
+));
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_customized_config.xml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/xml/access_decision_manager_customized_config.xml
@@ -0,0 +1,18 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<srv:container xmlns="http://symfony.com/schema/dic/security"
+    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+    xmlns:srv="http://symfony.com/schema/dic/services"
+    xsi:schemaLocation="http://symfony.com/schema/dic/services http://symfony.com/schema/dic/services/services-1.0.xsd">
+
+    <config>
+        <access-decision-manager allow-if-all-abstain="true" allow-if-equal-granted-denied="false" />
+
+        <provider name="default">
+            <memory>
+                <user name="foo" password="foo" roles="ROLE_USER" />
+            </memory>
+        </provider>
+
+        <firewall name="simple" pattern="/login" security="false" />
+    </config>
+</srv:container>
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_customized_config.yml b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/Fixtures/yml/access_decision_manager_customized_config.yml
@@ -0,0 +1,11 @@
+security:
+    access_decision_manager:
+        allow_if_all_abstain: true
+        allow_if_equal_granted_denied: false
+    providers:
+        default:
+            memory:
+                users:
+                    foo: { password: foo, roles: ROLE_USER }
+    firewalls:
+        simple: { pattern: /login, security: false }
