Skip to content

Commit 96ac5cb

Browse files
committed
Merge pull request #131 from symfony-cmf/publish-workflow-security-context
Make it possible to use the publish workflow checker when no security is defined at all
2 parents bada6d7 + c7ebd16 commit 96ac5cb

File tree

2 files changed

+44
-14
lines changed

2 files changed

+44
-14
lines changed

PublishWorkflow/PublishWorkflowChecker.php

Lines changed: 9 additions & 13 deletions
Original file line numberDiff line numberDiff line change
@@ -97,10 +97,8 @@ public function __construct(ContainerInterface $container, AccessDecisionManager
9797
*/
9898
public function getToken()
9999
{
100-
if (null === $this->token) {
101-
$securityContext = $this->container->get('security.context');
102-
103-
return $securityContext->getToken();
100+
if (null === $this->token && $this->container->has('security.context')) {
101+
return $this->container->get('security.context')->getToken();
104102
}
105103

106104
return $this->token;
@@ -135,21 +133,19 @@ public function isGranted($attributes, $object = null)
135133
$attributes = array($attributes);
136134
}
137135

138-
$securityContext = $this->container->get('security.context');
139-
140-
if (null !== $securityContext->getToken()
141-
&& (count($attributes) === 1)
136+
if ((count($attributes) === 1)
142137
&& self::VIEW_ATTRIBUTE === reset($attributes)
143-
&& $securityContext->isGranted($this->bypassingRole)
138+
&& $this->container->has('security.context')
139+
&& null !== $this->container->get('security.context')->getToken()
140+
&& $this->container->get('security.context')->isGranted($this->bypassingRole)
144141
) {
145142
return true;
146143
}
147144

148145
$token = $this->getToken();
149-
if (null === $token) {
150-
// not logged in, surely we can not skip the check.
151-
// create a dummy token to check for publication even if no
152-
// firewall is present.
146+
147+
// not logged in, just check with a dummy token
148+
if (!$token) {
153149
$token = new AnonymousToken('', '');
154150
}
155151

Tests/Unit/PublishWorkflow/PublishWorkflowCheckerTest.php

Lines changed: 35 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -15,6 +15,7 @@
1515
use Symfony\Cmf\Bundle\CoreBundle\PublishWorkflow\PublishableReadInterface;
1616
use Symfony\Cmf\Bundle\CoreBundle\PublishWorkflow\PublishWorkflowChecker;
1717
use Symfony\Component\DependencyInjection\ContainerInterface;
18+
use Symfony\Component\DependencyInjection\Exception\ServiceNotFoundException;
1819
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;
1920
use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
2021
use Symfony\Component\Security\Core\SecurityContextInterface;
@@ -54,14 +55,22 @@ class PublishWorkflowCheckerTest extends \PHPUnit_Framework_Testcase
5455
public function setUp()
5556
{
5657
$this->role = 'IS_FOOBAR';
57-
$this->container = $this->getMock('Symfony\Component\DependencyInjection\ContainerInterface');
58+
$this->container = $this->getMockBuilder('Symfony\Component\DependencyInjection\ContainerInterface')
59+
->setMockClassName('Container')
60+
->getMock();
5861
$this->sc = $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface');
5962
$this->container
6063
->expects($this->any())
6164
->method('get')
6265
->with('security.context')
6366
->will($this->returnValue($this->sc))
6467
;
68+
$this->container
69+
->expects($this->any())
70+
->method('has')
71+
->with('security.context')
72+
->will($this->returnValue(true))
73+
;
6574
$this->doc = $this->getMock('Symfony\Cmf\Bundle\CoreBundle\PublishWorkflow\PublishableReadInterface');
6675
$this->adm = $this->getMock('Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface');
6776
$this->stdClass = new \stdClass;
@@ -150,6 +159,31 @@ public function testNoFirewall()
150159
$this->assertTrue($this->pwfc->isGranted(PublishWorkflowChecker::VIEW_ATTRIBUTE, $this->doc));
151160
}
152161

162+
public function testNoSecurityContext()
163+
{
164+
$container = $this->getMock('Symfony\Component\DependencyInjection\ContainerInterface');
165+
$container
166+
->expects($this->any())
167+
->method('get')
168+
->with('security.context')
169+
->will($this->throwException(new ServiceNotFoundException('Service not defined')))
170+
;
171+
$container
172+
->expects($this->any())
173+
->method('has')
174+
->with('security.context')
175+
->will($this->returnValue(false))
176+
;
177+
$this->pwfc = new PublishWorkflowChecker($container, $this->adm, $this->role);
178+
179+
$this->adm->expects($this->once())
180+
->method('decide')
181+
->will($this->returnValue(false))
182+
;
183+
184+
$this->assertFalse($this->pwfc->isGranted(PublishWorkflowChecker::VIEW_ATTRIBUTE, $this->doc));
185+
}
186+
153187
public function testSetToken()
154188
{
155189
$token = new AnonymousToken('x', 'y');

0 commit comments

Comments
 (0)