[FrameworkBundle] Fix denyAccessUnlessGranted for mixed attributes

delbertooo · nicolas-grekas · commit 9ed77f375e34 · 2023-02-23T10:17:25.000+01:00
Fix AbstractController::denyAccessUnlessGranted() for attributes that aren't string or array. Always wrap the given single attribute into an array to not break the parameter type of AccessDeniedException#setAttributes() (which supports strings only for convenience).
diff --git a/src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php b/src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php
@@ -239,7 +239,7 @@ protected function denyAccessUnlessGranted($attribute, $subject = null, string $
     {
         if (!$this->isGranted($attribute, $subject)) {
             $exception = $this->createAccessDeniedException($message);
-            $exception->setAttributes($attribute);
+            $exception->setAttributes([$attribute]);
             $exception->setSubject($subject);
 
             throw $exception;
diff --git a/src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php b/src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php
@@ -387,6 +387,40 @@ public function testdenyAccessUnlessGranted()
         $controller->denyAccessUnlessGranted('foo');
     }
 
+    /**
+     * @dataProvider provideDenyAccessUnlessGrantedSetsAttributesAsArray
+     */
+    public function testdenyAccessUnlessGrantedSetsAttributesAsArray($attribute, $exceptionAttributes)
+    {
+        $authorizationChecker = $this->createMock(AuthorizationCheckerInterface::class);
+        $authorizationChecker->method('isGranted')->willReturn(false);
+
+        $container = new Container();
+        $container->set('security.authorization_checker', $authorizationChecker);
+
+        $controller = $this->createController();
+        $controller->setContainer($container);
+
+        try {
+            $controller->denyAccessUnlessGranted($attribute);
+            $this->fail('there was no exception to check');
+        } catch (AccessDeniedException $e) {
+            $this->assertSame($exceptionAttributes, $e->getAttributes());
+        }
+    }
+
+    public static function provideDenyAccessUnlessGrantedSetsAttributesAsArray()
+    {
+        $obj = new \stdClass();
+        $obj->foo = 'bar';
+
+        return [
+            'string attribute' => ['foo', ['foo']],
+            'array attribute' => [[1, 3, 3, 7], [[1, 3, 3, 7]]],
+            'object attribute' => [$obj, [$obj]],
+        ];
+    }
+
     public function testRenderViewTwig()
     {
         $twig = $this->createMock(Environment::class);

Original file line number	Diff line number	Diff line change
`@@ -239,7 +239,7 @@ protected function denyAccessUnlessGranted($attribute, $subject = null, string $`
`239`	`239`	`{`
`240`	`240`	`if (!$this->isGranted($attribute, $subject)) {`
`241`	`241`	`$exception = $this->createAccessDeniedException($message);`
`242`		`- $exception->setAttributes($attribute);`
	`242`	`+ $exception->setAttributes([$attribute]);`
`243`	`243`	`$exception->setSubject($subject);`
`244`	`244`
`245`	`245`	`throw $exception;`