[SecurityBundle] Add XML support for new request attribute matcher

wouterj · wouterj · commit ab6ee7df9727 · 2022-10-23T12:59:38.000+02:00
diff --git a/DependencyInjection/MainConfiguration.php b/DependencyInjection/MainConfiguration.php
@@ -133,6 +133,7 @@ private function addAccessControlSection(ArrayNodeDefinition $rootNode)
                     ->prototype('array')
                         ->fixXmlConfig('ip')
                         ->fixXmlConfig('method')
+                        ->fixXmlConfig('attribute')
                         ->children()
                             ->scalarNode('request_matcher')->defaultNull()->end()
                             ->scalarNode('requires_channel')->defaultNull()->end()
@@ -148,6 +149,7 @@ private function addAccessControlSection(ArrayNodeDefinition $rootNode)
                                 ->prototype('scalar')->end()
                             ->end()
                             ->arrayNode('attributes')
+                                ->useAttributeAsKey('key')
                                 ->prototype('scalar')->end()
                             ->end()
                             ->scalarNode('route')->defaultNull()->end()
diff --git a/Resources/config/schema/security-1.0.xsd b/Resources/config/schema/security-1.0.xsd
@@ -378,6 +378,7 @@
             <xsd:element name="method" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
             <xsd:element name="role" type="xsd:string" minOccurs="0" maxOccurs="unbounded" />
             <xsd:element name="allow-if" type="xsd:string" minOccurs="0" maxOccurs="1" />
+            <xsd:element name="attribute" type="rule_attribute" minOccurs="0" maxOccurs="1" />
         </xsd:choice>
         <xsd:attribute name="requires-channel" type="xsd:string" />
         <xsd:attribute name="path" type="xsd:string" />
@@ -386,6 +387,7 @@
         <xsd:attribute name="role" type="xsd:string" />
         <xsd:attribute name="methods" type="xsd:string" />
         <xsd:attribute name="allow-if" type="xsd:string" />
+        <xsd:attribute name="route" type="xsd:string" />
     </xsd:complexType>
 
     <xsd:complexType name="role">
@@ -397,4 +399,12 @@
         </xsd:simpleContent>
     </xsd:complexType>
 
+    <xsd:complexType name="rule_attribute">
+        <xsd:simpleContent>
+            <xsd:extension base="xsd:string">
+                <xsd:attribute name="key" type="xsd:string" use="required" />
+            </xsd:extension>
+        </xsd:simpleContent>
+    </xsd:complexType>
+
 </xsd:schema>
diff --git a/Tests/DependencyInjection/CompleteConfigurationTest.php b/Tests/DependencyInjection/CompleteConfigurationTest.php
@@ -19,6 +19,7 @@
 use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\DependencyInjection\Definition;
 use Symfony\Component\DependencyInjection\Reference;
+use Symfony\Component\HttpFoundation\RequestMatcher\AttributesRequestMatcher;
 use Symfony\Component\HttpFoundation\RequestMatcher\HostRequestMatcher;
 use Symfony\Component\HttpFoundation\RequestMatcher\MethodRequestMatcher;
 use Symfony\Component\HttpFoundation\RequestMatcher\PathRequestMatcher;
@@ -326,8 +327,15 @@ public function testAccess()
                 $this->assertEquals('IS_AUTHENTICATED_ANONYMOUSLY', $attributes[0]);
                 $expression = $container->getDefinition((string) $attributes[1])->getArgument(0);
                 $this->assertEquals("token.getUserIdentifier() matches '/^admin/'", $expression);
+            } elseif (4 === $i) {
+                $this->assertEquals(['ROLE_ADMIN'], $attributes);
+                $def = $container->getDefinition((string) $requestMatcher->getArgument(0)[0]);
+                $this->assertSame(AttributesRequestMatcher::class, $def->getClass());
+                $this->assertSame(['_controller' => 'AdminController::index', '_route' => 'admin'], $def->getArgument(0));
             }
         }
+
+        $this->assertCount(4, $matcherIds);
     }
 
     public function testMerge()
diff --git a/Tests/DependencyInjection/Fixtures/php/container1.php b/Tests/DependencyInjection/Fixtures/php/container1.php
@@ -96,6 +96,7 @@
         ['path' => '/blog/524', 'role' => 'ROLE_USER', 'requires_channel' => 'https', 'methods' => ['get', 'POST'], 'port' => 8000],
         ['path' => '/blog/.*', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY'],
         ['path' => '/blog/524', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY', 'allow_if' => "token.getUserIdentifier() matches '/^admin/'"],
+        ['role' => 'ROLE_ADMIN', 'attributes' => ['_controller' => 'AdminController::index'], 'route' => 'admin'],
     ],
 
     'role_hierarchy' => [
diff --git a/Tests/DependencyInjection/Fixtures/xml/container1.xml b/Tests/DependencyInjection/Fixtures/xml/container1.xml
@@ -76,5 +76,8 @@
         <rule path="/blog/524" role="ROLE_USER" requires-channel="https" methods="get,POST" port="8000" />
         <rule role='IS_AUTHENTICATED_ANONYMOUSLY' path="/blog/.*" />
         <rule role='IS_AUTHENTICATED_ANONYMOUSLY' allow-if="token.getUserIdentifier() matches '/^admin/'" path="/blog/524" />
+        <rule role="ROLE_ADMIN" route="admin">
+            <attribute key="_controller">AdminController::index</attribute>
+        </rule>
     </config>
 </srv:container>
diff --git a/Tests/DependencyInjection/Fixtures/yml/container1.yml b/Tests/DependencyInjection/Fixtures/yml/container1.yml
@@ -83,3 +83,4 @@ security:
             path: /blog/.*
             role: IS_AUTHENTICATED_ANONYMOUSLY
         - { path: /blog/524, role: IS_AUTHENTICATED_ANONYMOUSLY, allow_if: "token.getUserIdentifier() matches '/^admin/'" }
+        - { role: ROLE_ADMIN, attributes: { _controller: 'AdminController::index' }, route: 'admin' }
