EasyAdminBundle icon indicating copy to clipboard operation
EasyAdminBundle copied to clipboard
verified publisher icon EasyCorp

Action->setPermission() method signature is incorrect

Open nevez opened this issue 2 years ago • 1 comments

I'm using the latest EasyAdmin 4. To verify if a user can execute an action or not, you use Symfony AuthorizationChecker's isGranted() method, which has the following signature:

public function isGranted(mixed $attribute, mixed $subject = null): bool;

Note that the second parameter is "mixed", not string, to allow passing Symfony\Component\ExpressionLanguage\Expression instances too. The problem is that your setPermission() method on the actions cast this object to string, transforming the expression to a single-role check, which obviously always fail.

To FIX, you just have to change these two lines:

src/Config/Actions.php public function setPermission(string $actionName, **mixed** $permission): self

src/Dto/ActionConfigDto.php public function setActionPermission(string $actionName, **mixed** $permission): void

This allows for multiple and complex role checking, as requested also by issue #5861.

nevez avatar Jan 02 '24 10:01 nevez

patches.zip

Patch to solve this issue.

nevez avatar Jan 20 '24 13:01 nevez

Thanks for reporting this. It was fixed in #6130. Instead of using mixed, we used string|Expression as the type of this variable.

javiereguiluz avatar Mar 07 '24 19:03 javiereguiluz