Hi,

The Symfony\Component\Security\Core\Authorization\AccessDecisionManager 
class has 3 functions for the different types of decision making in the 
security voting "chain": affirmative, consensus and unanimous.
The decideUnamimous() function has a different approach how it's 
implemented.

Example (overhead code removed for readability, difference marked with 
bold):

    private function decideUnanimous(TokenInterface $token, array 
$attributes, $object = null)
    {
       * foreach ($attributes as $attribute) {*
            foreach ($this->voters as $voter) {
                $result = $voter->vote($token, $object, *array($attribute)*
);


vs.

    private function decideConsensus(TokenInterface $token, array 
$attributes, $object = null)
    {
        foreach ($this->voters as $voter) {
            $result = $voter->vote($token, $object, *$attributes*);


I'm banging my head to the wall because I can't figure out why the 2 
methods should work different. If you are using decideUnanimous you can 
call it like this:
$securityContext->isGranted(array('VIEW', 'CREATE'), $myObject);

and for the other functions you need to call isGranted twice.

In my application I need to pass extra parameters to the voter and I wanted 
to use the attributes array for the extra volatile information, but the 
application broke when I switched to unanimous decision making.

Is it on purpose that the attributes array is handled differently 
throughout the 3 deciders?
I want to avoid the push a serialized array in the voter and unserialize it 
in there ;-)

Regards,
John

-- 
-- 
If you want to report a vulnerability issue on Symfony, please read the 
procedure on http://symfony.com/security

You received this message because you are subscribed to the Google
Groups "symfony developers" group.
To post to this group, send email to symfony-devs@googlegroups.com
To unsubscribe from this group, send email to
symfony-devs+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/symfony-devs?hl=en


Reply via email to