feature #21935 [FrameworkBundle][Workflow] Add a way to register a guard expression in the configuration (lyrixx)

This PR was merged into the 3.3-dev branch.

Discussion
----------

[FrameworkBundle][Workflow] Add a way to register a guard expression in the configuration

| Q             | A
| ------------- | ---
| Branch?       | master
| Bug fix?      | no
| New feature?  | yes
| BC breaks?    | no
| Deprecations? | no
| Tests pass?   | yes
| Fixed tickets | -
| License       | MIT
| Doc PR        | -

---

Many people already asked for this feature so ... here we go 🎉

---

Usage:
```yml
            transitions:
                journalist_approval:
                    guard: "is_fully_authenticated() and has_role('ROLE_JOURNALIST') or is_granted('POST_EDIT', subject)"
                    from: wait_for_journalist
                    to: approved_by_journalist
                publish:
                    guard: "subject.isPublic()"
                    from: approved_by_journalist
                    to: published
```

Commits
-------

ab3b12d6dc [FrameworkBundle][Workflow] Add a way to register a guard expression in the configuration

Author: fabpot

DependencyInjection/Configuration.php

@@ -336,6 +336,11 @@ private function addWorkflowSection(ArrayNodeDefinition $rootNode)
                                             ->isRequired()
                                             ->cannotBeEmpty()
                                         ->end()
+                                        ->scalarNode('guard')
+                                            ->cannotBeEmpty()
+                                            ->info('An expression to block the transition')
+                                            ->example('is_fully_authenticated() and has_role(\'ROLE_JOURNALIST\') and subject.getTitle() == \'My first article\'')
+                                        ->end()
                                         ->arrayNode('from')
                                             ->beforeNormalization()
                                                 ->ifString()

DependencyInjection/FrameworkExtension.php

@@ -499,6 +499,30 @@ private function registerWorkflowConfiguration(array $workflows, ContainerBuilde
                 $listener->addArgument(new Reference('logger'));
                 $container->setDefinition(sprintf('%s.listener.audit_trail', $workflowId), $listener);
             }
+
+            // Add Guard Listener
+            $guard = new Definition(Workflow\EventListener\GuardListener::class);
+            $configuration = array();
+            foreach ($workflow['transitions'] as $transitionName => $config) {
+                if (!isset($config['guard'])) {
+                    continue;
+                }
+                $eventName = sprintf('workflow.%s.guard.%s', $name, $transitionName);
+                $guard->addTag('kernel.event_listener', array('event' => $eventName, 'method' => 'onTransition'));
+                $configuration[$eventName] = $config['guard'];
+            }
+            if ($configuration) {
+                $guard->setArguments(array(
+                    $configuration,
+                    new Reference('workflow.security.expression_language'),
+                    new Reference('security.token_storage'),
+                    new Reference('security.authorization_checker'),
+                    new Reference('security.authentication.trust_resolver'),
+                    new Reference('security.role_hierarchy'),
+                ));
+
+                $container->setDefinition(sprintf('%s.listener.guard', $workflowId), $guard);
+            }
         }
     }
 

Resources/config/workflow.xml

@@ -27,5 +27,7 @@
             <argument type="service" id="workflow.registry" />
             <tag name="twig.extension" />
         </service>
+
+        <service id="workflow.security.expression_language" class="Symfony\Component\Workflow\EventListener\ExpressionLanguage" public="false" />
     </services>
 </container>