undeprecate the RoleHierarchyInterface

Instead of deprecating the interface it is sufficient to deprecate its
getReachableRoles() method and add a new getReachableRoleNames() method
in Symfony 5.

Author: xabbuh

Authorization/Voter/ExpressionVoter.php

@@ -19,7 +19,6 @@
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\Authorization\ExpressionLanguage;
 use Symfony\Component\Security\Core\Role\Role;
-use Symfony\Component\Security\Core\Role\RoleHierarchy;
 use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
 
 /**
@@ -43,6 +42,10 @@ public function __construct(ExpressionLanguage $expressionLanguage, Authenticati
             @trigger_error(sprintf('Passing a RoleHierarchyInterface to "%s()" is deprecated since Symfony 4.2. Pass an AuthorizationCheckerInterface instead.', __METHOD__), E_USER_DEPRECATED);
             $roleHierarchy = $authChecker;
             $authChecker = null;
+
+            if (!method_exists($roleHierarchy, 'getReachableRoleNames')) {
+                @trigger_error(sprintf('Not implementing the getReachableRoleNames() method in %s which implements %s is deprecated since Symfony 4.3.', \get_class($this->roleHierarchy), RoleHierarchyInterface::class), E_USER_DEPRECATED);
+            }
         } elseif (null === $authChecker) {
             @trigger_error(sprintf('Argument 3 passed to "%s()" should be an instance of AuthorizationCheckerInterface, not passing it is deprecated since Symfony 4.2.', __METHOD__), E_USER_DEPRECATED);
         } elseif (!$authChecker instanceof AuthorizationCheckerInterface) {
@@ -92,34 +95,31 @@ public function vote(TokenInterface $token, $subject, array $attributes)
 
     private function getVariables(TokenInterface $token, $subject)
     {
-        if ($this->roleHierarchy instanceof RoleHierarchy) {
-            if (method_exists($token, 'getRoleNames')) {
-                $rolesFromToken = $token->getRoleNames();
-            } else {
-                @trigger_error(sprintf('Not implementing the getRoleNames() method in %s which implements %s is deprecated since Symfony 4.3.', \get_class($token), TokenInterface::class), E_USER_DEPRECATED);
-
-                $rolesFromToken = $token->getRoles(false);
-            }
-
-            $roles = $this->roleHierarchy->getReachableRoleNames($rolesFromToken);
-        } elseif (null !== $this->roleHierarchy) {
-            $roles = $this->roleHierarchy->getReachableRoles($token->getRoles(false));
-        } elseif (method_exists($token, 'getRoleNames')) {
-            $roles = $token->getRoleNames();
+        if (method_exists($token, 'getRoleNames')) {
+            $roleNames = $token->getRoleNames();
+            $roles = array_map(function (string $role) { return new Role($role, false); }, $roleNames);
         } else {
             @trigger_error(sprintf('Not implementing the getRoleNames() method in %s which implements %s is deprecated since Symfony 4.3.', \get_class($token), TokenInterface::class), E_USER_DEPRECATED);
 
             $roles = $token->getRoles(false);
+            $roleNames = array_map(function (Role $role) { return $role->getRole(); }, $roles);
         }
 
-        $roles = array_map(function ($role) { return $role instanceof Role ? $role->getRole() : $role; }, $roles);
+        if (null !== $this->roleHierarchy && method_exists($this->roleHierarchy, 'getReachableRoleNames')) {
+            $roleNames = $this->roleHierarchy->getReachableRoleNames($roleNames);
+            $roles = array_map(function (string $role) { return new Role($role, false); }, $roleNames);
+        } elseif (null !== $this->roleHierarchy) {
+            $roles = $this->roleHierarchy->getReachableRoles($roles);
+            $roleNames = array_map(function (Role $role) { return $role->getRole(); }, $roles);
+        }
 
         $variables = [
             'token' => $token,
             'user' => $token->getUser(),
             'object' => $subject,
             'subject' => $subject,
             'roles' => $roles,
+            'role_names' => $roleNames,
             'trust_resolver' => $this->trustResolver,
             'auth_checker' => $this->authChecker,
         ];

Authorization/Voter/RoleHierarchyVoter.php

@@ -12,6 +12,7 @@
 namespace Symfony\Component\Security\Core\Authorization\Voter;
 
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Role\Role;
 use Symfony\Component\Security\Core\Role\RoleHierarchy;
 use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
 
@@ -27,8 +28,8 @@ class RoleHierarchyVoter extends RoleVoter
 
     public function __construct(RoleHierarchyInterface $roleHierarchy, string $prefix = 'ROLE_')
     {
-        if (!$roleHierarchy instanceof RoleHierarchy) {
-            @trigger_error(sprintf('Passing a role hierarchy to "%s" that is not an instance of "%s" is deprecated since Symfony 4.3 and support for it will be dropped in Symfony 5.0 ("%s" given).', __CLASS__, RoleHierarchy::class, \get_class($roleHierarchy)), E_USER_DEPRECATED);
+        if (!method_exists($roleHierarchy, 'getReachableRoleNames')) {
+            @trigger_error(sprintf('Not implementing the getReachableRoleNames() method in %s which implements %s is deprecated since Symfony 4.3.', \get_class($roleHierarchy), RoleHierarchyInterface::class), E_USER_DEPRECATED);
         }
 
         $this->roleHierarchy = $roleHierarchy;
@@ -41,13 +42,13 @@ public function __construct(RoleHierarchyInterface $roleHierarchy, string $prefi
      */
     protected function extractRoles(TokenInterface $token)
     {
-        if ($this->roleHierarchy instanceof RoleHierarchy) {
+        if (method_exists($this->roleHierarchy, 'getReachableRoleNames')) {
             if (method_exists($token, 'getRoleNames')) {
                 $roles = $token->getRoleNames();
             } else {
                 @trigger_error(sprintf('Not implementing the getRoleNames() method in %s which implements %s is deprecated since Symfony 4.3.', \get_class($token), TokenInterface::class), E_USER_DEPRECATED);
 
-                $roles = $token->getRoles(false);
+                $roles = array_map(function (Role $role) { return $role->getRole(); }, $token->getRoles(false));
             }
 
             return $this->roleHierarchy->getReachableRoleNames($roles);

Role/RoleHierarchy.php

@@ -36,7 +36,9 @@ public function __construct(array $hierarchy)
      */
     public function getReachableRoles(array $roles)
     {
-        @trigger_error(sprintf('The %s() method is deprecated since Symfony 4.3 and will be removed in 5.0. Use roles as strings and the getReachableRoleNames() method instead.', __METHOD__), E_USER_DEPRECATED);
+        if (0 === \func_num_args() || func_get_arg(0)) {
+            @trigger_error(sprintf('The %s() method is deprecated since Symfony 4.3 and will be removed in 5.0. Use roles as strings and the getReachableRoleNames() method instead.', __METHOD__), E_USER_DEPRECATED);
+        }
 
         $reachableRoles = $roles;
         foreach ($roles as $role) {
@@ -59,16 +61,7 @@ public function getReachableRoles(array $roles)
      */
     public function getReachableRoleNames(array $roles): array
     {
-        $reachableRoles = $roles = array_map(
-            function ($role) {
-                if ($role instanceof Role) {
-                    return $role->getRole();
-                }
-
-                return $role;
-            },
-            $roles
-        );
+        $reachableRoles = $roles;
 
         foreach ($roles as $role) {
             if (!isset($this->map[$role])) {

Role/RoleHierarchyInterface.php

@@ -14,21 +14,13 @@
 /**
  * RoleHierarchyInterface is the interface for a role hierarchy.
  *
+ * The getReachableRoles(Role[] $roles) method that returns an array of all reachable Role objects is deprecated
+ * since Symfony 4.3.
+ *
  * @author Fabien Potencier <[email protected]>
  *
- * @deprecated since Symfony 4.3, to be removed in 5.0.
+ * @method string[] getReachableRoleNames(string[] $roles) The associated roles - not implementing it is deprecated since Symfony 4.3
  */
 interface RoleHierarchyInterface
 {
-    /**
-     * Returns an array of all reachable roles by the given ones.
-     *
-     * Reachable roles are the roles directly assigned but also all roles that
-     * are transitively reachable from them in the role hierarchy.
-     *
-     * @param Role[] $roles An array of directly assigned roles
-     *
-     * @return Role[] An array of all reachable roles
-     */
-    public function getReachableRoles(array $roles);
 }