[SecurityBundle] Fix disabling of RoleHierarchyVoter when passing empty hierarchy

wouterj · fabpot · commit 96afff6a058d · 2015-11-28T16:45:57.000+01:00
diff --git a/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php b/src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php
@@ -168,7 +168,7 @@ private function configureDbalAclProvider(array $config, ContainerBuilder $conta
      */
     private function createRoleHierarchy($config, ContainerBuilder $container)
     {
-        if (!isset($config['role_hierarchy'])) {
+        if (!isset($config['role_hierarchy']) || 0 === count($config['role_hierarchy'])) {
             $container->removeDefinition('security.access.role_hierarchy_voter');
 
             return;
diff --git a/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php b/src/Symfony/Bundle/SecurityBundle/Tests/DependencyInjection/SecurityExtensionTest.php
@@ -94,6 +94,33 @@ public function testFirewallWithInvalidUserProvider()
         $container->compile();
     }
 
+    public function testDisableRoleHierarchyVoter()
+    {
+        $container = $this->getRawContainer();
+
+        $container->loadFromExtension('security', array(
+            'providers' => array(
+                'default' => array('id' => 'foo'),
+            ),
+
+            'role_hierarchy' => null,
+
+            'firewalls' => array(
+                'some_firewall' => array(
+                    'pattern' => '/.*',
+                    'http_basic' => null,
+                ),
+            ),
+        ));
+
+        $container->compile();
+
+        $admDefinition = $container->getDefinition('security.access.decision_manager');
+        $registeredVoters = array_map('strval', $admDefinition->getArgument(0));
+
+        $this->assertNotContains('security.access.role_hierarchy_voter', $registeredVoters);
+    }
+
     protected function getRawContainer()
     {
         $container = new ContainerBuilder();
diff --git a/src/Symfony/Component/Security/Core/Tests/Authorization/Voter/RoleHierarchyVoterTest.php b/src/Symfony/Component/Security/Core/Tests/Authorization/Voter/RoleHierarchyVoterTest.php
@@ -33,4 +33,19 @@ public function getVoteTests()
             array(array('ROLE_FOO'), array('ROLE_FOOBAR'), VoterInterface::ACCESS_GRANTED),
         ));
     }
+
+    /**
+     * @dataProvider getVoteWithEmptyHierarchyTests
+     */
+    public function testVoteWithEmptyHierarchy($roles, $attributes, $expected)
+    {
+        $voter = new RoleHierarchyVoter(new RoleHierarchy(array()));
+
+        $this->assertSame($expected, $voter->vote($this->getToken($roles), null, $attributes));
+    }
+
+    public function getVoteWithEmptyHierarchyTests()
+    {
+        return parent::getVoteTests();
+    }
 }

Original file line number	Diff line number	Diff line change
`@@ -168,7 +168,7 @@ private function configureDbalAclProvider(array $config, ContainerBuilder $conta`
`168`	`168`	`*/`
`169`	`169`	`private function createRoleHierarchy($config, ContainerBuilder $container)`
`170`	`170`	`{`
`171`		`- if (!isset($config['role_hierarchy'])) {`
	`171`	`+ if (!isset($config['role_hierarchy']) \|\| 0 === count($config['role_hierarchy'])) {`
`172`	`172`	`$container->removeDefinition('security.access.role_hierarchy_voter');`
`173`	`173`
`174`	`174`	`return;`