[WIP/RFC] Use framework expression language service instead of custom one#2289
Conversation
Toflar
force-pushed
the
use-security-expression-language
branch
2 times, most recently
from
6b0fc67 to
190e85a
Compare
| <services> | ||
| <service id="api_platform.security.resource_access_checker" class="ApiPlatform\Core\Security\ResourceAccessChecker" public="false"> | ||
| <argument type="service" id="api_platform.security.expression_language" on-invalid="null" /> | ||
| <argument type="service" id="security.expression_language" on-invalid="null" /> |
There was a problem hiding this comment.
Can you create an alias api_platform.security.expression_language please? It will be useful for people wanting to inject a custom service.
| <tag name="kernel.event_listener" event="kernel.request" method="onKernelRequest" priority="1" /> | ||
| </service> | ||
|
|
||
| <service id="api_platform.security.expression_language_provider" class="ApiPlatform\Core\Security\Core\Authorization\ExpressionLanguageProvider"> |
There was a problem hiding this comment.
| <service id="api_platform.security.expression_language_provider" class="ApiPlatform\Core\Security\Core\Authorization\ExpressionLanguageProvider"> | |
| <service id="api_platform.security.expression_language_provider" class="ApiPlatform\Core\Security\Core\Authorization\ExpressionLanguageProvider" public="false"> |
| use Symfony\Component\ExpressionLanguage\ExpressionFunctionProviderInterface; | ||
|
|
||
| /** | ||
| * Adding ApiPlatform specific Expression Language functions. |
There was a problem hiding this comment.
| * Adding ApiPlatform specific Expression Language functions. | |
| * Registers API Platform's Language functions. |
| * | ||
| * @author Yanick Witschi <yanick.witschi@terminal42.ch> | ||
| */ | ||
| class ExpressionLanguageProvider implements ExpressionFunctionProviderInterface |
There was a problem hiding this comment.
| class ExpressionLanguageProvider implements ExpressionFunctionProviderInterface | |
| final class ExpressionLanguageProvider implements ExpressionFunctionProviderInterface |
| */ | ||
| class ExpressionLanguageProvider implements ExpressionFunctionProviderInterface | ||
| { | ||
| public function getFunctions() |
There was a problem hiding this comment.
| public function getFunctions() | |
| public function getFunctions(): array |
| public function getFunctions() | ||
| { | ||
| return [ | ||
| new ExpressionFunction('is_granted', function ($attributes, $object = 'null') { |
There was a problem hiding this comment.
Wouldn't it conflict with the one registered by SensioFrameworkExtraBundle?
There was a problem hiding this comment.
One would just override the other (depending on the order they are called). And as far as I could see the idea was to provide the same logic, right? I mean, we could only register it if the bundle is not loaded if that makes you more comfortable? Or just tell the users to require the framework-extra-bundle if they want this function?
There was a problem hiding this comment.
I just want to be sure it works as intended in all cases :)
|
Comments addressed :) |
|
@Toflar errors look related to this PR, could you take a look (I'll tag a new release soon). Thanks |
Toflar
force-pushed
the
use-security-expression-language
branch
3 times, most recently
from
91a460b to
f23ca61
Compare
|
Done! |
| $bundles = $container->getParameter('kernel.bundles'); | ||
| if (isset($bundles['SecurityBundle'])) { | ||
| if (class_exists(ExpressionLanguage::class)) { | ||
| $loader->load('security_expression_language.xml'); |
There was a problem hiding this comment.
Actually, symfony/expression-language is in require-dev of symfony/security-bundle: https://github.com/symfony/symfony/blob/b5c6892911fc7454a76528cb0d4d1af4336c7413/src/Symfony/Bundle/SecurityBundle/composer.json#L42
So we still need to check that the ExpressionLanguage component is actually available.
There was a problem hiding this comment.
Are you sure? security.expression_language would not be present so the alias would become invalid and as we use on-invalid="null" on api_platform.security.resource_access_checker that should work. Haven't checked though.
There was a problem hiding this comment.
I'm not sure. But I think we might as well just keep them in a separate file.
|
Can I do anything here? I still think the way it is now is correct :) |
|
Can you rebase? LGTM, we should merge this! |
Toflar
force-pushed
the
use-security-expression-language
branch
from
0fe5cfc to
59039a5
Compare
|
Rebased onto master, not sure if I should've gone for the 2.4 branch? The |
|
Master is fine, yeah don't worry about deps=low I'll try to fix it later, thanks! |
|
@soyuka the issue with |
5 participants
Using the framework
security.expression_languageservice rather than our own one allows us to extend the expression language with our own functions easily. Symfony already provides an easy way to register custom functions inAddExpressionLanguageProvidersPass. ApiPlatform currently does not. But I figured instead of providing our own compiler pass we can just use the built-insecurity.expression_language, extend that with ouris_granted()function and thus at the same time also allow developers to add even more functions. Wdyt?