🌐 AI搜索 & 代理 主页
Skip to content

[Security] improve VoteObject adding extraData for give more possibilities to AccessDecicsionStrategy #60085

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
fabpot merged 1 commit into from
Sep 24, 2025
Merged

[Security] improve VoteObject adding extraData for give more possibilities to AccessDecicsionStrategy #60085

fabpot merged 1 commit into from
Sep 24, 2025

Conversation

@eltharin
Copy link
Contributor

@eltharin eltharin commented Mar 30, 2025
edited by OskarStark
Loading

Q A
Branch? 7.4
Bug fix? no
New feature? yes
Deprecations? no
License MIT

In continuation of #58107 and #59771, add ExtraData in VoteObject and pass it to AccessDecicsionStrategy Object to allow the decision to be refined.

ExtraData can be an array or an object, and AccessDecicsionStrategy can get it to get the final decision.

In 7.2, voter can only respond abstain / allow or deny, but what if we want more choices, per example a ponderable vote ?

With this PR, it allow to put somme data in the new VoteObject as :

/** ScoreData.php */

/** MyVoter.php */

    public function vote(TokenInterface $token, mixed $subject, array $attributes, ?Vote $vote = null) : int
    {
        $vote->result = 1;
        $vote->reasons[] = 'is Admin';
        $vote->extraData['score'] = 10;

        return $vote->result;
    }

we need also a custom strategy to take this score into account :

/** MyStrategy.php */

public function decide(\Traversable $results, $accessDecision = null): bool
    {
        $score = 0;

        foreach ($results as $key => $result) {
            $vote = $accessDecision->votes[$key];  // <==

            if(array_key_exists('score', $vote->extraData)) {
                $score += $vote->extraData['score'];
            } else {
                $score += $vote->result;
            }
        }

        $accessDecision->result = $score;

        if ($score > 0) {
            return true;
        }

        if ($score< 0) {
            return false;
        }


        return $this->allowIfAllAbstainDecisions;
    }

AccessDecision contains Vote objects and we can read our score from it.

@eltharin eltharin requested a review from chalasr as a code owner March 30, 2025 09:25
@carsonbot carsonbot added this to the 7.3 milestone Mar 30, 2025
@carsonbot carsonbot changed the title improve VoteObject adding extraData for give more possibilities to AccessDecicsionStrategy [Security] improve VoteObject adding extraData for give more possibilities to AccessDecicsionStrategy Mar 30, 2025
@eltharin eltharin force-pushed the improveVoteObject branch from 290b65e to 8f4be1b Compare March 31, 2025 16:09
@eltharin eltharin mentioned this pull request Apr 17, 2025
Closed
@fabpot fabpot modified the milestones: 7.3, 7.4 May 26, 2025
nicolas-grekas
nicolas-grekas reviewed Sep 23, 2025
View reviewed changes
Copy link
Member

@nicolas-grekas nicolas-grekas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please also add a line about the new argument in the upgrade file

@eltharin eltharin force-pushed the improveVoteObject branch 3 times, most recently from 83eac24 to b1ff632 Compare September 23, 2025 13:56
nicolas-grekas
nicolas-grekas reviewed Sep 23, 2025
View reviewed changes
@eltharin

This comment was marked as outdated.

Sign in to view
nicolas-grekas
nicolas-grekas reviewed Sep 23, 2025
View reviewed changes
@eltharin
Copy link
Contributor Author

eltharin commented Sep 23, 2025

thanks!!

fabpot
fabpot approved these changes Sep 24, 2025
View reviewed changes
src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php Outdated
return $accessDecision->isGranted = $this->strategy->decide(
$this->collectResults($token, $attributes, $object, $accessDecision)
$this->collectResults($token, $attributes, $object, $accessDecision),
$accessDecision
Copy link
Member

@fabpot fabpot Sep 24, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
$accessDecision
$accessDecision,

@fabpot
Copy link
Member

fabpot commented Sep 24, 2025

Thank you @eltharin.

@fabpot fabpot merged commit f1f6344 into symfony:7.4 Sep 24, 2025
10 of 12 checks passed
@fabpot fabpot mentioned this pull request Sep 24, 2025
Closed
This was referenced Oct 27, 2025
Merged
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@fabpot fabpot fabpot approved these changes

@nicolas-grekas nicolas-grekas nicolas-grekas approved these changes

@chalasr chalasr Awaiting requested review from chalasr chalasr is a code owner

Assignees

No one assigned

Labels

Feature Security Status: Reviewed

Projects

None yet

Milestone

7.4

Development

Successfully merging this pull request may close these issues.

5 participants

@eltharin @fabpot @nicolas-grekas @OskarStark @carsonbot