[Security] Fix access_control behavior with unanimous decision strategy

chalasr · nicolas-grekas · commit e99ad8bcd5d1 · 2020-03-30T13:51:53.000+02:00
diff --git a/Authorization/AccessDecisionManager.php b/Authorization/AccessDecisionManager.php
@@ -53,11 +53,16 @@ public function __construct(iterable $voters = [], string $strategy = self::STRA
     }
 
     /**
+     * @param bool $allowMultipleAttributes Whether to allow passing multiple values to the $attributes array
+     *
      * {@inheritdoc}
      */
-    public function decide(TokenInterface $token, array $attributes, $object = null)
+    public function decide(TokenInterface $token, array $attributes, $object = null/*, bool $allowMultipleAttributes = false*/)
     {
-        if (\count($attributes) > 1) {
+        $allowMultipleAttributes =  3 < func_num_args() && func_get_arg(3);
+
+        // Special case for AccessListener, do not remove the right side of the condition before 6.0
+        if (\count($attributes) > 1 && !$allowMultipleAttributes) {
             @trigger_error(sprintf('Passing more than one Security attribute to "%s()" is deprecated since Symfony 4.4. Use multiple "decide()" calls or the expression language (e.g. "is_granted(...) or is_granted(...)") instead.', __METHOD__), E_USER_DEPRECATED);
         }
 

Original file line number	Diff line number	Diff line change
`@@ -53,11 +53,16 @@ public function __construct(iterable $voters = [], string $strategy = self::STRA`
`53`	`53`	`}`
`54`	`54`
`55`	`55`	`/**`
	`56`	`+ * @param bool $allowMultipleAttributes Whether to allow passing multiple values to the $attributes array`
	`57`	`+ *`
`56`	`58`	`* {@inheritdoc}`
`57`	`59`	`*/`
`58`		`- public function decide(TokenInterface $token, array $attributes, $object = null)`
	`60`	`+ public function decide(TokenInterface $token, array $attributes, $object = null/, bool $allowMultipleAttributes = false/)`
`59`	`61`	`{`
`60`		`- if (\count($attributes) > 1) {`
	`62`	`+ $allowMultipleAttributes = 3 < func_num_args() && func_get_arg(3);`
	`63`	`+`
	`64`	`+ // Special case for AccessListener, do not remove the right side of the condition before 6.0`
	`65`	`+ if (\count($attributes) > 1 && !$allowMultipleAttributes) {`
`61`	`66`	`@trigger_error(sprintf('Passing more than one Security attribute to "%s()" is deprecated since Symfony 4.4. Use multiple "decide()" calls or the expression language (e.g. "is_granted(...) or is_granted(...)") instead.', __METHOD__), E_USER_DEPRECATED);`
`62`	`67`	`}`
`63`	`68`