Skip to content

[Security] Introduce template for Voter phpdoc #49033

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jan 26, 2023
Merged

[Security] Introduce template for Voter phpdoc #49033

merged 1 commit into from
Jan 26, 2023

Conversation

VincentLanglet
Copy link
Contributor

Q A
Branch? 6.3
Bug fix? no
New feature? no
Deprecations? no
Tickets Fix #...
License MIT
Doc PR symfony/symfony-docs#...

This template allows phpstan/psam/PHPStorm to fully understand the type of $attribute and $subject when writing a Voter. For instance, if I write

return $subject instance User && $attribute === 'EDIT';

I can annotate the Voter as Voter<'EDIT', User> and

  • Static analysis will check that supports is doing the right checks.
  • PHPStorm will autocomplete calls like $subject->getId() when writing inside the voteOnAttribute.
  • SA tools will not complain about non existing methods on mixed.

The last two points are considered as valid because of the comment

It is safe to assume that $attribute and $subject already passed the "supports()" method check.

Since this is an important point for Sf, all those annotations are supported by both psalm and phpstan, and understood (or ignored for psalm-assert-if-true) by PHPStorm.

@carsonbot carsonbot added this to the 6.3 milestone Jan 19, 2023
@VincentLanglet VincentLanglet mentioned this pull request Jan 19, 2023
Merged
@carsonbot carsonbot changed the title Introduce template for Voter phpdoc [Security] Introduce template for Voter phpdoc Jan 26, 2023
@nicolas-grekas
Copy link
Member

Thank you @VincentLanglet.

@nicolas-grekas nicolas-grekas merged commit d576797 into symfony:6.3 Jan 26, 2023
@wouterj wouterj mentioned this pull request Feb 2, 2023
Closed
@Guuzen Guuzen mentioned this pull request Jun 28, 2023
Open
@Nyholm
Copy link
Member

Nyholm commented Aug 26, 2024

Sorry for an old ping.

Am I missing something or we dont have support for a Voter that has more than one attribute. Right?

@derrabus
Copy link
Member

Not sure if this PR is the right forum for that question, but… Sure, a voter can support more than one attribute.

@Nyholm
Copy link
Member

Nyholm commented Aug 26, 2024

I know, I should have opened an issue.

Sure, a voter can support more than one attribute.

Yes, but this feature does not support that as far as I an see. Ie, I dot know what php doc annotation I can write to this class.

class ProjectVoter extends Voter
{
    public const VIEW = 'project_view';
    public const WRITE = 'project_write';
    public const ADMIN = 'project_admin';
    // ...

Both these are wrong:

/**
 * @extends Voter<'project_view', Project>
 * @extends Voter<'project_write', Project>
 * @extends Voter<'project_admin', Project>
 */
class ProjectVoter extends Voter
/**
 * @extends Voter<'project_view'|'project_write'|'project_admin', Project>
 */
class ProjectVoter extends Voter

@VincentLanglet
Copy link
Contributor Author

The template is the same than in the phpstan-symfony stubs
https://github.com/phpstan/phpstan-symfony/blob/1.4.x/stubs/Symfony/Component/Security/Core/Authorization/Voter/Voter.stub

/**
 * @extends Voter<'project_view'|'project_write'|'project_admin', Project>
 */
class ProjectVoter extends Voter

Why is this wrong @Nyholm ?
This works on my Voters.

I personally use the syntax

/**
 * @phpstan-extends Voter<string&self::*, Project>
 */
class ProjectVoter extends Voter

to avoid listing all the constant. (string&self::* is needed since there are int constant in the VoterInterface)

@derrabus
Copy link
Member 

/**
 * @extends Voter<'project_view'|'project_write'|'project_admin', Project>
 */
class ProjectVoter extends Voter

That union of literals is a valid subtype of string. Why is this "wrong"?

@Nyholm
Copy link
Member

Nyholm commented Sep 4, 2024

I personally use the syntax

That is a big help. Thank you!

That union of literals is a valid subtype of string. Why is this "wrong"?

I'll try again. I was sure phpstan was complaining.

Sorry for the old pings and thank you for the help!

@VincentLanglet VincentLanglet mentioned this pull request Jul 30, 2025
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@stof stof stof approved these changes

@yceruto yceruto yceruto approved these changes

@wouterj wouterj Awaiting requested review from wouterj

@chalasr chalasr Awaiting requested review from chalasr chalasr is a code owner

Assignees
No one assigned
Labels
Security Status: Reviewed
Projects
None yet
Milestone
6.3
Development

Successfully merging this pull request may close these issues.
7 participants
@VincentLanglet @nicolas-grekas @Nyholm @derrabus @stof @yceruto @carsonbot
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy