[Security] optimized ExpressionVoter

Author: fabpot

Authorization/Voter/ExpressionVoter.php

@@ -61,6 +61,28 @@ public function supportsClass($class)
      * {@inheritdoc}
      */
     public function vote(TokenInterface $token, $object, array $attributes)
+    {
+        $result = VoterInterface::ACCESS_ABSTAIN;
+        $variables = null;
+        foreach ($attributes as $attribute) {
+            if (!$this->supportsAttribute($attribute)) {
+                continue;
+            }
+
+            if (null === $variables) {
+                $variables = $this->getVariables($token, $object);
+            }
+
+            $result = VoterInterface::ACCESS_DENIED;
+            if ($this->expressionLanguage->evaluate($attribute, $variables)) {
+                return VoterInterface::ACCESS_GRANTED;
+            }
+        }
+
+        return $result;
+    }
+
+    private function getVariables(TokenInterface $token, $object)
     {
         if (null !== $this->roleHierarchy) {
             $roles = $this->roleHierarchy->getReachableRoles($token->getRoles());
@@ -83,18 +105,6 @@ public function vote(TokenInterface $token, $object, array $attributes)
             $variables['request'] = $object;
         }
 
-        $result = VoterInterface::ACCESS_ABSTAIN;
-        foreach ($attributes as $attribute) {
-            if (!$this->supportsAttribute($attribute)) {
-                continue;
-            }
-
-            $result = VoterInterface::ACCESS_DENIED;
-            if ($this->expressionLanguage->evaluate($attribute, $variables)) {
-                return VoterInterface::ACCESS_GRANTED;
-            }
-        }
-
-        return $result;
+        return $variables;
     }
 }