Fix bad service argument on RoleSecurityHandler

DependencyInjection/SonataAdminExtension.php

@@ -142,7 +142,7 @@ BOOM
         }
         $container
             ->getDefinition('sonata.admin.security.handler.role')
-            ->replaceArgument(0, $tokenStorageReference)
+            ->replaceArgument(0, $authorizationCheckerReference)
         ;
         $container
             ->getDefinition('sonata.admin.security.handler.acl')

Resources/config/security.xml

@@ -16,7 +16,7 @@
     <services>
         <service id="sonata.admin.security.handler.noop" class="%sonata.admin.security.handler.noop.class%" public="false" />
         <service id="sonata.admin.security.handler.role" class="%sonata.admin.security.handler.role.class%" public="false">
-            <argument /> <!-- security.token_storage or security.context for Symfony <2.6 -->
+            <argument /> <!-- security.authorization_checker or security.context for Symfony <2.6 -->
             <argument type="collection">
                 <argument>ROLE_SUPER_ADMIN</argument>
             </argument>

Security/Handler/RoleSecurityHandler.php

@@ -11,7 +11,7 @@
 
 namespace Sonata\AdminBundle\Security\Handler;
 
-use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\SecurityContextInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
 use Sonata\AdminBundle\Admin\AdminInterface;
@@ -25,25 +25,25 @@ use Sonata\AdminBundle\Admin\AdminInterface;
 class RoleSecurityHandler implements SecurityHandlerInterface
 {
     /**
-     * @var TokenStorageInterface|SecurityContextInterface
+     * @var AuthorizationCheckerInterface|SecurityContextInterface
      */
-    protected $tokenStorage;
+    protected $authorizationChecker;
 
     protected $superAdminRoles;
 
     /**
-     * @param TokenStorageInterface|SecurityContextInterface $tokenStorage
+     * @param AuthorizationCheckerInterface|SecurityContextInterface $authorizationChecker
      * @param array                                          $superAdminRoles
      *
      * @todo Go back to signature class check when bumping requirements to SF 2.6+
      */
-    public function __construct($tokenStorage, array $superAdminRoles)
+    public function __construct($authorizationChecker, array $superAdminRoles)
     {
-        if (!$tokenStorage instanceof TokenStorageInterface && !$tokenStorage instanceof SecurityContextInterface) {
-            throw new \InvalidArgumentException('Argument 1 should be an instance of Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface or Symfony\Component\Security\Core\SecurityContextInterface');
+        if (!$authorizationChecker instanceof AuthorizationCheckerInterface && !$authorizationChecker instanceof SecurityContextInterface) {
+            throw new \InvalidArgumentException('Argument 1 should be an instance of Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface or Symfony\Component\Security\Core\SecurityContextInterface');
         }
 
-        $this->tokenStorage = $tokenStorage;
+        $this->authorizationChecker = $authorizationChecker;
         $this->superAdminRoles = $superAdminRoles;
     }
 
@@ -61,8 +61,8 @@ class RoleSecurityHandler implements SecurityHandlerInterface
         }
 
         try {
-            return $this->tokenStorage->isGranted($this->superAdminRoles)
-                || $this->tokenStorage->isGranted($attributes, $object);
+            return $this->authorizationChecker->isGranted($this->superAdminRoles)
+                || $this->authorizationChecker->isGranted($attributes, $object);
         } catch (AuthenticationCredentialsNotFoundException $e) {
             return false;
         } catch (\Exception $e) {

Tests/Security/Handler/RoleSecurityHandlerTest.php

@@ -11,6 +11,7 @@
 
 namespace Sonata\AdminBundle\Tests\Security\Handler;
 
+use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\SecurityContextInterface;
 use Sonata\AdminBundle\Admin\AdminInterface;
 use Sonata\AdminBundle\Security\Handler\RoleSecurityHandler;
@@ -29,13 +30,18 @@ class RoleSecurityHandlerTest extends \PHPUnit_Framework_TestCase
     private $admin;
 
     /**
-     * @var SecurityContextInterface
+     * @var AuthorizationCheckerInterface|SecurityContextInterface
      */
-    private $securityContext;
+    private $authorizationChecker;
 
     public function setUp()
     {
-        $this->securityContext = $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface');
+        // Set the SecurityContext for Symfony <2.6
+        if (interface_exists('Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface')) {
+            $this->authorizationChecker = $this->getMock('Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface');
+        } else {
+            $this->authorizationChecker = $this->getMock('Symfony\Component\Security\Core\SecurityContextInterface');
+        }
 
         $this->admin = $this->getMock('Sonata\AdminBundle\Admin\AdminInterface');
     }
@@ -45,7 +51,7 @@ class RoleSecurityHandlerTest extends \PHPUnit_Framework_TestCase
      */
     public function testGetBaseRole($expected, $code)
     {
-        $handler = new RoleSecurityHandler($this->securityContext, array('ROLE_BATMAN', 'ROLE_IRONMAN'));
+        $handler = new RoleSecurityHandler($this->authorizationChecker, array('ROLE_BATMAN', 'ROLE_IRONMAN'));
 
         $this->admin->expects($this->once())
             ->method('getCode')
@@ -75,7 +81,7 @@ class RoleSecurityHandlerTest extends \PHPUnit_Framework_TestCase
             ->method('getCode')
             ->will($this->returnValue($adminCode));
 
-        $this->securityContext->expects($this->any())
+        $this->authorizationChecker->expects($this->any())
             ->method('isGranted')
             ->will($this->returnCallback(function (array $attributes, $object) {
 
@@ -179,7 +185,7 @@ class RoleSecurityHandlerTest extends \PHPUnit_Framework_TestCase
             ->method('getCode')
             ->will($this->returnValue('foo.bar'));
 
-        $this->securityContext->expects($this->any())
+        $this->authorizationChecker->expects($this->any())
             ->method('isGranted')
             ->will($this->returnCallback(function (array $attributes, $object) {
                 throw new \RuntimeException('Something is wrong');
@@ -212,7 +218,7 @@ class RoleSecurityHandlerTest extends \PHPUnit_Framework_TestCase
      */
     private function getRoleSecurityHandler(array $superAdminRoles)
     {
-        return new RoleSecurityHandler($this->securityContext, $superAdminRoles);
+        return new RoleSecurityHandler($this->authorizationChecker, $superAdminRoles);
     }
 
     /**