Merge branch '5.3' into 5.4

* 5.3:
  [DependencyInjection] only allow `ReflectionNamedType` for `ServiceSubscriberTrait`
  Fix CS
  [Intl] Update the ICU data to 70.1
  Default access_decision_manager.strategy option with merge.

Signed-off-by: Alexander M. Turek <me@derrabus.de>

Author: derrabus

DependencyInjection/MainConfiguration.php

@@ -67,28 +67,6 @@ public function getConfigTreeBuilder()
         $rootNode = $tb->getRootNode();
 
         $rootNode
-            ->beforeNormalization()
-                ->ifTrue(function ($v) {
-                    if (!isset($v['access_decision_manager'])) {
-                        return true;
-                    }
-
-                    if (!isset($v['access_decision_manager']['strategy'])
-                        && !isset($v['access_decision_manager']['service'])
-                        && !isset($v['access_decision_manager']['strategy_service'])
-                        && !isset($v['access_decision_manager']['strategy-service'])
-                    ) {
-                        return true;
-                    }
-
-                    return false;
-                })
-                ->then(function ($v) {
-                    $v['access_decision_manager']['strategy'] = self::STRATEGY_AFFIRMATIVE;
-
-                    return $v;
-                })
-            ->end()
             ->beforeNormalization()
                 ->ifTrue(function ($v) {
                     if ($v['encoders'] ?? false) {

DependencyInjection/SecurityExtension.php

@@ -39,6 +39,7 @@
 use Symfony\Component\PasswordHasher\Hasher\Pbkdf2PasswordHasher;
 use Symfony\Component\PasswordHasher\Hasher\PlaintextPasswordHasher;
 use Symfony\Component\PasswordHasher\Hasher\SodiumPasswordHasher;
+use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
 use Symfony\Component\Security\Core\Authorization\Strategy\AffirmativeStrategy;
 use Symfony\Component\Security\Core\Authorization\Strategy\ConsensusStrategy;
 use Symfony\Component\Security\Core\Authorization\Strategy\PriorityStrategy;
@@ -162,7 +163,7 @@ public function load(array $configs, ContainerBuilder $container)
             $container
                 ->getDefinition('security.access.decision_manager')
                 ->addArgument($this->createStrategyDefinition(
-                    $config['access_decision_manager']['strategy'],
+                    $config['access_decision_manager']['strategy'] ?? AccessDecisionManager::STRATEGY_AFFIRMATIVE,
                     $config['access_decision_manager']['allow_if_all_abstain'],
                     $config['access_decision_manager']['allow_if_equal_granted_denied']
                 ));

Tests/DependencyInjection/MainConfigurationTest.php

@@ -17,6 +17,7 @@
 use Symfony\Bundle\SecurityBundle\DependencyInjection\Security\Factory\AuthenticatorFactoryInterface;
 use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
 use Symfony\Component\Config\Definition\Processor;
+use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
 
 class MainConfigurationTest extends TestCase
 {
@@ -118,6 +119,24 @@ public function testUserCheckers()
         $this->assertEquals('app.henk_checker', $processedConfig['firewalls']['stub']['user_checker']);
     }
 
+    public function testConfigMergeWithAccessDecisionManager()
+    {
+        $config = [
+            'access_decision_manager' => [
+                'strategy' => AccessDecisionManager::STRATEGY_UNANIMOUS,
+            ],
+        ];
+        $config = array_merge(static::$minimalConfig, $config);
+
+        $config2 = [];
+
+        $processor = new Processor();
+        $configuration = new MainConfiguration([], []);
+        $processedConfig = $processor->processConfiguration($configuration, [$config, $config2]);
+
+        $this->assertSame(AccessDecisionManager::STRATEGY_UNANIMOUS, $processedConfig['access_decision_manager']['strategy']);
+    }
+
     public function testFirewalls()
     {
         $factory = $this->createMock(AuthenticatorFactoryInterface::class);