[Symfony 6.2] Improve SecurityAttributeToIsGrantedAttributeRector

rectorphp / rector-symfony

Rector upgrade rules for Symfony

http://getrector.com

MIT License

179 stars 86 forks source link

[Symfony 6.2] Improve SecurityAttributeToIsGrantedAttributeRector #640

Closed TomasVotruba closed 2 months ago

TomasVotruba commented 2 months ago

Follow up to https://github.com/rectorphp/rector-symfony/pull/622

Covered cases:

-#[Security("is_granted('ROLE_ADMIN')")]
+#[\Symfony\Component\Security\Http\Attribute\IsGranted(attribute: 'ROLE_ADMIN')]

-#[Security("is_granted('ROLE_ADMIN', someArea)")]
+#[\Symfony\Component\Security\Http\Attribute\IsGranted(attribute: 'ROLE_ADMIN', subject: 'someArea')]

I've looked at the other cases, but due to it's stringy nature, we can't parse it and covert it into different structures. This is the best we can automate, the rest would have to be dealt with manually.

Closes https://github.com/rectorphp/rector-symfony/issues/393

TomasVotruba commented 2 months ago

cc @wkania I think this is the best we can get :)

TomasVotruba commented 2 months ago

I've noticed array of roles in the Symofny PR: https://github.com/symfony/symfony/pull/46907

Would this help? Is this correct conversion?

-#[Security("is_granted('ROLE_ADMIN') or is_granted('ROLE_FRIENDLY_USER')")]
+#[IsGranted(attributes: ['ROLE_ADMIN', 'ROLE_FRIENDLY_USER'])]

wkania commented 2 months ago

I've looked at the other cases, but due to it's stringy nature, we can't parse it and covert it into different structures.

From the code I see that we do have access to this value so we can modify it? Is parsing complexity the problem?

Would this help? Is this correct conversion?

There are a lot cases with or/and etc so I would be against such changes.

stefantalen commented 2 months ago

I've noticed array of roles in the Symofny PR: https://github.com/symfony/symfony/pull/46907

Would this help? Is this correct conversion?
-#[Security("is_granted('ROLE_ADMIN') or is_granted('ROLE_FRIENDLY_USER')")]

+#[IsGranted(attributes: ['ROLE_ADMIN', 'ROLE_FRIENDLY_USER'])]

Using arrays for roles has been deprecated, from what I know each role needs its own #[IsGranted]

I've recently made some changes in a rule for that

TomasVotruba commented 2 months ago

Using arrays for roles has been deprecated, from what I know each role needs its own #[IsGranted] I've recently made some changes in a rule for that

What kind of changes? Maybe we can includ them here.

TomasVotruba commented 2 months ago

@wkania

From the code I see that we do have access to this value so we can modify it? Is parsing complexity the problem?

The parsing is not possible, because it's not PHP. It's only regex on string :) e.g: https://github.com/rectorphp/rector-symfony/pull/640/files#diff-56e5b788455db473092a5cc9b737f8301fe89a7c60863fd483d0fc71a84e8049R51

stefantalen commented 2 months ago

https://github.com/rectorphp/rector-symfony/issues/583

TomasVotruba commented 2 months ago

@stefantalen I see. That's probably out of scope of this attribute, right?

TomasVotruba commented 2 months ago

The Attribute seems to support multiple roles, at least during it's first PR :)

https://github.com/symfony/symfony/pull/46907/files#diff-60f77e573fc91a3cfc2540e301a990850e2de17216050c55ce1d8b0aaeeccd58R16

stefantalen commented 2 months ago

True, but maybe some logic could be extracted

TomasVotruba commented 2 months ago

I think without before/after tested in the wild, there would be lot of guessing how these work.

Merging as this best we can get at the moment :)

Thanks for feedback everyone :+1: