[Security] Remove deprecated access decision code

Signed-off-by: Alexander M. Turek <me@derrabus.de>

Author: derrabus

Authorization/AccessDecisionManager.php

@@ -14,9 +14,6 @@
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\Strategy\AccessDecisionStrategyInterface;
 use Symfony\Component\Security\Core\Authorization\Strategy\AffirmativeStrategy;
-use Symfony\Component\Security\Core\Authorization\Strategy\ConsensusStrategy;
-use Symfony\Component\Security\Core\Authorization\Strategy\PriorityStrategy;
-use Symfony\Component\Security\Core\Authorization\Strategy\UnanimousStrategy;
 use Symfony\Component\Security\Core\Authorization\Voter\CacheableVoterInterface;
 use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
 use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
@@ -26,61 +23,26 @@
  * that use decision voters.
  *
  * @author Fabien Potencier <fabien@symfony.com>
- *
- * @final since Symfony 5.4
  */
-class AccessDecisionManager implements AccessDecisionManagerInterface
+final class AccessDecisionManager implements AccessDecisionManagerInterface
 {
-    /**
-     * @deprecated use {@see AffirmativeStrategy} instead
-     */
-    public const STRATEGY_AFFIRMATIVE = 'affirmative';
-
-    /**
-     * @deprecated use {@see ConsensusStrategy} instead
-     */
-    public const STRATEGY_CONSENSUS = 'consensus';
-
-    /**
-     * @deprecated use {@see UnanimousStrategy} instead
-     */
-    public const STRATEGY_UNANIMOUS = 'unanimous';
-
-    /**
-     * @deprecated use {@see PriorityStrategy} instead
-     */
-    public const STRATEGY_PRIORITY = 'priority';
-
     private const VALID_VOTES = [
         VoterInterface::ACCESS_GRANTED => true,
         VoterInterface::ACCESS_DENIED => true,
         VoterInterface::ACCESS_ABSTAIN => true,
     ];
 
-    private $voters;
-    private $votersCacheAttributes;
-    private $votersCacheObject;
-    private $strategy;
+    private iterable $voters;
+    private array $votersCacheAttributes = [];
+    private array $votersCacheObject = [];
+    private AccessDecisionStrategyInterface $strategy;
 
     /**
-     * @param iterable<mixed, VoterInterface>      $voters   An array or an iterator of VoterInterface instances
-     * @param AccessDecisionStrategyInterface|null $strategy The vote strategy
-     *
-     * @throws \InvalidArgumentException
+     * @param iterable<mixed, VoterInterface> $voters An array or an iterator of VoterInterface instances
      */
-    public function __construct(iterable $voters = [], /* AccessDecisionStrategyInterface */ $strategy = null)
+    public function __construct(iterable $voters = [], AccessDecisionStrategyInterface $strategy = null)
     {
         $this->voters = $voters;
-        if (\is_string($strategy)) {
-            trigger_deprecation('symfony/security-core', '5.4', 'Passing the access decision strategy as a string is deprecated, pass an instance of "%s" instead.', AccessDecisionStrategyInterface::class);
-            $allowIfAllAbstainDecisions = 3 <= \func_num_args() && func_get_arg(2);
-            $allowIfEqualGrantedDeniedDecisions = 4 > \func_num_args() || func_get_arg(3);
-
-            $strategy = $this->createStrategy($strategy, $allowIfAllAbstainDecisions, $allowIfEqualGrantedDeniedDecisions);
-        } elseif (null !== $strategy && !$strategy instanceof AccessDecisionStrategyInterface) {
-            throw new \TypeError(sprintf('"%s": Parameter #2 ($strategy) is expected to be an instance of "%s" or null, "%s" given.', __METHOD__, AccessDecisionStrategyInterface::class, get_debug_type($strategy)));
-        }
-
         $this->strategy = $strategy ?? new AffirmativeStrategy();
     }
 
@@ -102,11 +64,9 @@ public function decide(TokenInterface $token, array $attributes, mixed $object =
     }
 
     /**
-     * @param mixed $object
-     *
      * @return \Traversable<int, int>
      */
-    private function collectResults(TokenInterface $token, array $attributes, $object): \Traversable
+    private function collectResults(TokenInterface $token, array $attributes, mixed $object): \Traversable
     {
         foreach ($this->getVoters($attributes, $object) as $voter) {
             $result = $voter->vote($token, $object, $attributes);
@@ -118,25 +78,6 @@ private function collectResults(TokenInterface $token, array $attributes, $objec
         }
     }
 
-    /**
-     * @throws \InvalidArgumentException if the $strategy is invalid
-     */
-    private function createStrategy(string $strategy, bool $allowIfAllAbstainDecisions, bool $allowIfEqualGrantedDeniedDecisions): AccessDecisionStrategyInterface
-    {
-        switch ($strategy) {
-            case self::STRATEGY_AFFIRMATIVE:
-                return new AffirmativeStrategy($allowIfAllAbstainDecisions);
-            case self::STRATEGY_CONSENSUS:
-                return new ConsensusStrategy($allowIfAllAbstainDecisions, $allowIfEqualGrantedDeniedDecisions);
-            case self::STRATEGY_UNANIMOUS:
-                return new UnanimousStrategy($allowIfAllAbstainDecisions);
-            case self::STRATEGY_PRIORITY:
-                return new PriorityStrategy($allowIfAllAbstainDecisions);
-        }
-
-        throw new \InvalidArgumentException(sprintf('The strategy "%s" is not supported.', $strategy));
-    }
-
     /**
      * @return iterable<mixed, VoterInterface>
      */

Authorization/Strategy/AffirmativeStrategy.php

@@ -24,10 +24,7 @@
  */
 final class AffirmativeStrategy implements AccessDecisionStrategyInterface, \Stringable
 {
-    /**
-     * @var bool
-     */
-    private $allowIfAllAbstainDecisions;
+    private bool $allowIfAllAbstainDecisions;
 
     public function __construct(bool $allowIfAllAbstainDecisions = false)
     {

Authorization/Strategy/ConsensusStrategy.php

@@ -32,8 +32,8 @@
  */
 final class ConsensusStrategy implements AccessDecisionStrategyInterface, \Stringable
 {
-    private $allowIfAllAbstainDecisions;
-    private $allowIfEqualGrantedDeniedDecisions;
+    private bool $allowIfAllAbstainDecisions;
+    private bool $allowIfEqualGrantedDeniedDecisions;
 
     public function __construct(bool $allowIfAllAbstainDecisions = false, bool $allowIfEqualGrantedDeniedDecisions = true)
     {

Authorization/Strategy/PriorityStrategy.php

@@ -25,7 +25,7 @@
  */
 final class PriorityStrategy implements AccessDecisionStrategyInterface, \Stringable
 {
-    private $allowIfAllAbstainDecisions;
+    private bool $allowIfAllAbstainDecisions;
 
     public function __construct(bool $allowIfAllAbstainDecisions = false)
     {

Authorization/Strategy/UnanimousStrategy.php

@@ -24,7 +24,7 @@
  */
 final class UnanimousStrategy implements AccessDecisionStrategyInterface, \Stringable
 {
-    private $allowIfAllAbstainDecisions;
+    private bool $allowIfAllAbstainDecisions;
 
     public function __construct(bool $allowIfAllAbstainDecisions = false)
     {

CHANGELOG.md

@@ -8,6 +8,7 @@ CHANGELOG
  * Remove all classes in the `Core\Encoder\`  sub-namespace, use the `PasswordHasher` component instead
  * Remove methods `getPassword()` and `getSalt()` from `UserInterface`, use `PasswordAuthenticatedUserInterface`
    or `LegacyPasswordAuthenticatedUserInterface` instead
+* `AccessDecisionManager` requires the strategy to be passed as in instance of `AccessDecisionStrategyInterface`
 
 5.4
 ---

Tests/Authorization/AccessDecisionManagerTest.php

@@ -13,7 +13,6 @@
 
 use PHPUnit\Framework\Assert;
 use PHPUnit\Framework\TestCase;
-use Symfony\Bridge\PhpUnit\ExpectDeprecationTrait;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
 use Symfony\Component\Security\Core\Authorization\Strategy\AccessDecisionStrategyInterface;
@@ -22,32 +21,6 @@
 
 class AccessDecisionManagerTest extends TestCase
 {
-    use ExpectDeprecationTrait;
-
-    /**
-     * @group legacy
-     */
-    public function testSetUnsupportedStrategy()
-    {
-        $this->expectException(\InvalidArgumentException::class);
-        new AccessDecisionManager([$this->getVoter(VoterInterface::ACCESS_GRANTED)], 'fooBar');
-    }
-
-    /**
-     * @group legacy
-     *
-     * @dataProvider getStrategyTests
-     */
-    public function testStrategies($strategy, $voters, $allowIfAllAbstainDecisions, $allowIfEqualGrantedDeniedDecisions, $expected)
-    {
-        $token = $this->createMock(TokenInterface::class);
-
-        $this->expectDeprecation('Since symfony/security-core 5.4: Passing the access decision strategy as a string is deprecated, pass an instance of "Symfony\Component\Security\Core\Authorization\Strategy\AccessDecisionStrategyInterface" instead.');
-        $manager = new AccessDecisionManager($voters, $strategy, $allowIfAllAbstainDecisions, $allowIfEqualGrantedDeniedDecisions);
-
-        $this->assertSame($expected, $manager->decide($token, ['ROLE_FOO']));
-    }
-
     public function provideBadVoterResults(): array
     {
         return [
@@ -92,66 +65,6 @@ public function decide(\Traversable $results): bool
         $this->assertTrue($manager->decide($token, ['ROLE_FOO']));
     }
 
-    public function getStrategyTests()
-    {
-        return [
-            // affirmative
-            [AccessDecisionManager::STRATEGY_AFFIRMATIVE, $this->getVoters(1, 0, 0), false, true, true],
-            [AccessDecisionManager::STRATEGY_AFFIRMATIVE, $this->getVoters(1, 2, 0), false, true, true],
-            [AccessDecisionManager::STRATEGY_AFFIRMATIVE, $this->getVoters(0, 1, 0), false, true, false],
-            [AccessDecisionManager::STRATEGY_AFFIRMATIVE, $this->getVoters(0, 0, 1), false, true, false],
-            [AccessDecisionManager::STRATEGY_AFFIRMATIVE, $this->getVoters(0, 0, 1), true, true, true],
-
-            // consensus
-            [AccessDecisionManager::STRATEGY_CONSENSUS, $this->getVoters(1, 0, 0), false, true, true],
-            [AccessDecisionManager::STRATEGY_CONSENSUS, $this->getVoters(1, 2, 0), false, true, false],
-            [AccessDecisionManager::STRATEGY_CONSENSUS, $this->getVoters(2, 1, 0), false, true, true],
-
-            [AccessDecisionManager::STRATEGY_CONSENSUS, $this->getVoters(0, 0, 1), false, true, false],
-
-            [AccessDecisionManager::STRATEGY_CONSENSUS, $this->getVoters(0, 0, 1), true, true, true],
-
-            [AccessDecisionManager::STRATEGY_CONSENSUS, $this->getVoters(2, 2, 0), false, true, true],
-            [AccessDecisionManager::STRATEGY_CONSENSUS, $this->getVoters(2, 2, 1), false, true, true],
-
-            [AccessDecisionManager::STRATEGY_CONSENSUS, $this->getVoters(2, 2, 0), false, false, false],
-            [AccessDecisionManager::STRATEGY_CONSENSUS, $this->getVoters(2, 2, 1), false, false, false],
-
-            // unanimous
-            [AccessDecisionManager::STRATEGY_UNANIMOUS, $this->getVoters(1, 0, 0), false, true, true],
-            [AccessDecisionManager::STRATEGY_UNANIMOUS, $this->getVoters(1, 0, 1), false, true, true],
-            [AccessDecisionManager::STRATEGY_UNANIMOUS, $this->getVoters(1, 1, 0), false, true, false],
-
-            [AccessDecisionManager::STRATEGY_UNANIMOUS, $this->getVoters(0, 0, 2), false, true, false],
-            [AccessDecisionManager::STRATEGY_UNANIMOUS, $this->getVoters(0, 0, 2), true, true, true],
-
-            // priority
-            [AccessDecisionManager::STRATEGY_PRIORITY, [
-                $this->getVoter(VoterInterface::ACCESS_ABSTAIN),
-                $this->getVoter(VoterInterface::ACCESS_GRANTED),
-                $this->getVoter(VoterInterface::ACCESS_DENIED),
-                $this->getVoter(VoterInterface::ACCESS_DENIED),
-            ], true, true, true],
-
-            [AccessDecisionManager::STRATEGY_PRIORITY, [
-                $this->getVoter(VoterInterface::ACCESS_ABSTAIN),
-                $this->getVoter(VoterInterface::ACCESS_DENIED),
-                $this->getVoter(VoterInterface::ACCESS_GRANTED),
-                $this->getVoter(VoterInterface::ACCESS_GRANTED),
-            ], true, true, false],
-
-            [AccessDecisionManager::STRATEGY_PRIORITY, [
-                $this->getVoter(VoterInterface::ACCESS_ABSTAIN),
-                $this->getVoter(VoterInterface::ACCESS_ABSTAIN),
-            ], false, true, false],
-
-            [AccessDecisionManager::STRATEGY_PRIORITY, [
-                $this->getVoter(VoterInterface::ACCESS_ABSTAIN),
-                $this->getVoter(VoterInterface::ACCESS_ABSTAIN),
-            ], true, true, true],
-        ];
-    }
-
     public function testCacheableVoters()
     {
         $token = $this->createMock(TokenInterface::class);

Tests/Authorization/TraceableAccessDecisionManagerTest.php

@@ -14,6 +14,7 @@
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 use Symfony\Component\Security\Core\Authorization\AccessDecisionManager;
+use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
 use Symfony\Component\Security\Core\Authorization\DebugAccessDecisionManager;
 use Symfony\Component\Security\Core\Authorization\TraceableAccessDecisionManager;
 use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
@@ -26,11 +27,7 @@ class TraceableAccessDecisionManagerTest extends TestCase
     public function testDecideLog(array $expectedLog, array $attributes, $object, array $voterVotes, bool $result)
     {
         $token = $this->createMock(TokenInterface::class);
-
-        $admMock = $this
-            ->getMockBuilder(AccessDecisionManager::class)
-            ->setMethods(['decide'])
-            ->getMock();
+        $admMock = $this->createMock(AccessDecisionManagerInterface::class);
 
         $adm = new TraceableAccessDecisionManager($admMock);