[Security] adds a priority attribute to security voters

src/Symfony/Bundle/SecurityBundle/DependencyInjection/Compiler/AddSecurityVotersPass.php

@@ -31,10 +31,15 @@ class AddSecurityVotersPass implements CompilerPassInterface
             return;
         }
 
-        $voters = array_map(function($id) {
-            return new Reference($id);
-        }, array_keys($container->findTaggedServiceIds('security.voter')));
+        $voters = new \SplPriorityQueue();
+        foreach ($container->findTaggedServiceIds('security.voter') as $id => $attributes) {
+            $priority = isset($attributes[0]['priority']) ? $attributes[0]['priority'] : 0;
+            $voters->insert(new Reference($id), $priority);
+        }
+
+        $voters = iterator_to_array($voters);
+        ksort($voters);
 
-        $container->getDefinition('security.access.decision_manager')->setArgument(0, $voters);
+        $container->getDefinition('security.access.decision_manager')->setArgument(0, array_values($voters));
     }
 }

src/Symfony/Bundle/SecurityBundle/DependencyInjection/SecurityExtension.php

@@ -121,20 +121,17 @@ class SecurityExtension extends Extension
     protected function createRoleHierarchy($config, ContainerBuilder $container)
     {
         if (!isset($config['role_hierarchy'])) {
+            $container->remove('security.access.role_hierarchy_voter');
+
             return;
         }
 
         $container->setParameter('security.role_hierarchy.roles', $config['role_hierarchy']);
         $container->remove('security.access.simple_role_voter');
-        $container->getDefinition('security.access.role_hierarchy_voter')->addTag('security.voter');
     }
 
     protected function createAuthorization($config, ContainerBuilder $container)
     {
-        if (!isset($config['access_control'])) {
-            return;
-        }
-
         foreach ($config['access_control'] as $access) {
             $matcher = $this->createRequestMatcher(
                 $container,

src/Symfony/Bundle/SecurityBundle/Resources/config/security.xml

@@ -87,16 +87,17 @@
 
         <!-- Security Voters -->
         <service id="security.access.simple_role_voter" class="%security.access.simple_role_voter.class%" public="false">
-            <tag name="security.voter" />
+            <tag name="security.voter" priority="245" />
         </service>
 
         <service id="security.access.authenticated_voter" class="%security.access.authenticated_voter.class%" public="false">
             <argument type="service" id="security.authentication.trust_resolver" />
-            <tag name="security.voter" />
+            <tag name="security.voter" priority="250" />
         </service>
 
         <service id="security.access.role_hierarchy_voter" class="%security.access.role_hierarchy_voter.class%" public="false">
             <argument type="service" id="security.role_hierarchy" />
+            <tag name="security.voter" priority="245" />
         </service>
 
 

src/Symfony/Bundle/SecurityBundle/Resources/config/security_acl.xml

@@ -73,7 +73,7 @@
             <argument type="service" id="security.acl.permission.map" />
             <argument type="service" id="logger" on-invalid="null" />
             <argument>%security.acl.voter.allow_if_object_identity_unavailable%</argument>
-            <tag name="security.voter" />
+            <tag name="security.voter" priority="255" />
         </service>
     </services>
 </container>