refactored creation of access decision manager to make use of newly added compiler passes

src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Compiler/AddSecurityVotersPass.php

@@ -0,0 +1,43 @@
+<?php
+
+namespace Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler;
+
+use Symfony\Component\DependencyInjection\Reference;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
+use Symfony\Component\DependencyInjection\Compiler\CompilerPassInterface;
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien.potencier@symfony-project.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+/**
+ * Adds all configured security voters to the access decision manager
+ *
+ * @author Johannes M. Schmitt <schmittjoh@gmail.com>
+ */
+class AddSecurityVotersPass implements CompilerPassInterface
+{
+    /**
+     * {@inheritDoc}
+     */
+    public function process(ContainerBuilder $container)
+    {
+        if (!$container->hasDefinition('security.access.decision_manager')) {
+            return;
+        }
+
+        $voters = array_map(function($id) {
+            return new Reference($id);
+        }, array_keys($container->findTaggedServiceIds('security.voter')));
+
+        $definition = $container->getDefinition('security.access.decision_manager');
+        $arguments = $definition->getArguments();
+        $arguments[0] = $voters;
+        $definition->setArguments($arguments);
+    }
+}

src/Symfony/Bundle/FrameworkBundle/FrameworkBundle.php

@@ -2,6 +2,8 @@
 
 namespace Symfony\Bundle\FrameworkBundle;
 
+use Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\AddSecurityVotersPass;
+use Symfony\Component\DependencyInjection\ContainerBuilder;
 use Symfony\Component\HttpKernel\Bundle\Bundle;
 use Symfony\Component\Form\FormConfiguration;
 
@@ -34,4 +36,11 @@ class FrameworkBundle extends Bundle
             FormConfiguration::enableDefaultCsrfProtection();
         }
     }
+
+    public function registerExtensions(ContainerBuilder $container)
+    {
+        parent::registerExtensions($container);
+
+        $container->addCompilerPass(new AddSecurityVotersPass());
+    }
 }

src/Symfony/Bundle/FrameworkBundle/Resources/config/security.xml

@@ -60,7 +60,11 @@
         <parameter key="security.authentication.switchuser.role">ROLE_ALLOWED_TO_SWITCH</parameter>
         <parameter key="security.authentication.switchuser.parameter">_switch_user</parameter>
 
-        <parameter key="security.access.decision_manager.class">Symfony\Bundle\FrameworkBundle\Security\Authorization\AccessDecisionManager</parameter>
+        <parameter key="security.access.decision_manager.class">Symfony\Component\Security\Authorization\AccessDecisionManager</parameter>
+        <parameter key="security.access.decision_manager.strategy">affirmative</parameter>
+        <parameter key="security.access.decision_manager.allow_if_all_abstain">false</parameter>
+        <parameter key="security.access.decision_manager.allow_if_equal_granted_denied">true</parameter>
+        
         <parameter key="security.access.simple_role_voter.class">Symfony\Component\Security\Authorization\Voter\RoleVoter</parameter>
         <parameter key="security.access.authenticated_voter.class">Symfony\Component\Security\Authorization\Voter\AuthenticatedVoter</parameter>
         <parameter key="security.access.role_hierarchy_voter.class">Symfony\Component\Security\Authorization\Voter\RoleHierarchyVoter</parameter>
@@ -133,7 +137,10 @@
         </service>
 
         <service id="security.access.decision_manager" class="%security.access.decision_manager.class%">
-            <argument type="service" id="service_container" />
+            <argument type="collection"></argument>
+            <argument>%security.access.decision_manager.strategy%</argument>
+            <argument>%security.access.decision_manager.allow_if_all_abstain%</argument>
+            <argument>%security.access.decision_manager.allow_if_equal_granted_denied%</argument>
         </service>
         <service id="security.access_map" class="%security.access_map.class%" />
 

src/Symfony/Bundle/FrameworkBundle/Security/Authorization/AccessDecisionManager.php

@@ -1,41 +0,0 @@
-<?php
-
-namespace Symfony\Bundle\FrameworkBundle\Security\Authorization;
-
-use Symfony\Component\Security\Authorization\Voter\VoterInterface;
-use Symfony\Component\Security\Authorization\AccessDecisionManager as BaseAccessDecisionManager;
-use Symfony\Component\DependencyInjection\ContainerInterface;
-
-/*
- * This file is part of the Symfony package.
- *
- * (c) Fabien Potencier <fabien.potencier@symfony-project.com>
- *
- * For the full copyright and license information, please view the LICENSE
- * file that was distributed with this source code.
- */
-
-/**
- * 
- *
- * @author Fabien Potencier <fabien.potencier@symfony-project.com>
- */
-class AccessDecisionManager extends BaseAccessDecisionManager
-{
-    /**
-     * Constructor.
-     *
-     * @param VoterInterface[] $voters                     An array of VoterInterface instances
-     * @param string           $strategy                   The vote strategy
-     * @param Boolean          $allowIfAllAbstainDecisions Whether to grant access if all voters abstained or not
-     */
-    public function __construct(ContainerInterface $container, $strategy = 'affirmative', $allowIfAllAbstainDecisions = false, $allowIfEqualGrantedDeniedDecisions = true)
-    {
-        parent::__construct(array(), $strategy, $allowIfAllAbstainDecisions, $allowIfEqualGrantedDeniedDecisions);
-
-        $this->voters = array();
-        foreach ($container->findTaggedServiceIds('security.voter') as $id => $attributes) {
-            $this->voters[] = $container->get($id);
-        }
-    }
-}

src/Symfony/Component/HttpKernel/Bundle/Bundle.php

@@ -19,7 +19,7 @@ use Symfony\Component\Finder\Finder;
 
 /**
  * An implementation of the BundleInterface that follows a few conventions
- * for the DependencyInjection extensions and the Console commands. 
+ * for the DependencyInjection extensions and the Console commands.
  *
  * @author Fabien Potencier <fabien.potencier@symfony-project.com>
  */
@@ -113,7 +113,7 @@ abstract class Bundle extends ContainerAware implements BundleInterface
     public function registerExtensions(ContainerBuilder $container)
     {
         if (!$dir = realpath($this->getPath().'/DependencyInjection')) {
-            return array();
+            return;
         }
 
         $finder = new Finder();