Merge pull request #224 from symfony-cmf/bug/non-object-to-voter

[Voters] Account for subject to not be an object

.travis.yml

@@ -16,7 +16,7 @@ cache:
 
 env:
   matrix: SYMFONY_VERSION=2.8.*
-  global: SYMFONY_DEPRECATIONS_HELPER=7
+  global: SYMFONY_DEPRECATIONS_HELPER=weak
 
 matrix:
   include:

PublishWorkflow/Voter/PublishTimePeriodVoter.php

@@ -66,16 +66,16 @@ public function supportsClass($class)
     /**
      * {@inheritdoc}
      *
-     * @param PublishTimePeriodReadInterface $object
+     * @param PublishTimePeriodReadInterface $subject
      */
-    public function vote(TokenInterface $token, $object, array $attributes)
+    public function vote(TokenInterface $token, $subject, array $attributes)
     {
-        if (!$this->supportsClass(get_class($object))) {
+        if (!is_object($subject) || !$this->supportsClass(get_class($subject))) {
             return self::ACCESS_ABSTAIN;
         }
 
-        $startDate = $object->getPublishStartDate();
-        $endDate = $object->getPublishEndDate();
+        $startDate = $subject->getPublishStartDate();
+        $endDate = $subject->getPublishEndDate();
 
         $decision = self::ACCESS_GRANTED;
         foreach ($attributes as $attribute) {

PublishWorkflow/Voter/PublishableVoter.php

@@ -44,11 +44,11 @@ public function supportsClass($class)
     /**
      * {@inheritdoc}
      *
-     * @param PublishableReadInterface $object
+     * @param PublishableReadInterface $subject
      */
-    public function vote(TokenInterface $token, $object, array $attributes)
+    public function vote(TokenInterface $token, $subject, array $attributes)
     {
-        if (!$this->supportsClass(get_class($object))) {
+        if (!is_object($subject) || !$this->supportsClass(get_class($subject))) {
             return self::ACCESS_ABSTAIN;
         }
 
@@ -61,7 +61,7 @@ public function vote(TokenInterface $token, $object, array $attributes)
                 $decision = self::ACCESS_ABSTAIN;
                 continue;
             }
-            if (!$object->isPublishable()) {
+            if (!$subject->isPublishable()) {
                 return self::ACCESS_DENIED;
             }
         }

Security/Authorization/Voter/PublishedVoter.php

@@ -57,11 +57,11 @@ public function supportsClass($class)
     /**
      * {@inheritdoc}
      *
-     * @param object $object
+     * @param object $subject
      */
-    public function vote(TokenInterface $token, $object, array $attributes)
+    public function vote(TokenInterface $token, $subject, array $attributes)
     {
-        if (!$this->supportsClass(get_class($object))) {
+        if (!is_object($subject) || !$this->supportsClass(get_class($subject))) {
             return self::ACCESS_ABSTAIN;
         }
         foreach ($attributes as $attribute) {
@@ -70,7 +70,7 @@ public function vote(TokenInterface $token, $object, array $attributes)
             }
         }
 
-        if ($this->publishWorkflowChecker->isGranted($attributes, $object)) {
+        if ($this->publishWorkflowChecker->isGranted($attributes, $subject)) {
             return self::ACCESS_GRANTED;
         }
 

Tests/Unit/PublishWorkflow/Voter/PublishTimePeriodVoterTest.php

@@ -132,4 +132,10 @@ public function testUnsupportedClass()
         );
         $this->assertEquals(VoterInterface::ACCESS_ABSTAIN, $result);
     }
+
+    public function testNonClassSubject()
+    {
+        $result = $this->voter->vote($this->token, array(1, 2, 3), array(PublishWorkflowChecker::VIEW_ATTRIBUTE));
+        $this->assertEquals(VoterInterface::ACCESS_ABSTAIN, $result);
+    }
 }

Tests/Unit/PublishWorkflow/Voter/PublishableVoterTest.php

@@ -100,4 +100,10 @@ public function testUnsupportedClass()
         );
         $this->assertEquals(VoterInterface::ACCESS_ABSTAIN, $result);
     }
+
+    public function testNonClassSubject()
+    {
+        $result = $this->voter->vote($this->token, array(1, 2, 3), array(PublishWorkflowChecker::VIEW_ATTRIBUTE));
+        $this->assertEquals(VoterInterface::ACCESS_ABSTAIN, $result);
+    }
 }