Continuation : Add messages and score on votes #58107

eltharin · 2024-08-27T17:38:55Z

Q	A
Branch?	7.2
Bug fix?	no
New feature?	yes
Deprecations?	no
Issues	Fix #27995, #26343, #35592, #43147
License	MIT

This PR continue the work started by @maidmaid and @noniagriconomie in #35592, continued by @yellow1912 in #43147 continued by @alamirault in #46493.

I rebase on 7.2 and remove deprecation as suggested by nicolas-grekas for not causing backward compatiblity breaks.

It allow to have informations about AccessDecisionManager and Voters (And understand why we have an AccessDeniedException with clear infos).

I add possibility to respond a voter with a score and create a Scoring strategy, looks like consensus but with ponderation.

src/Symfony/Component/Security/Core/Authorization/AccessDecision.php

src/Symfony/Component/Security/Core/Authorization/Voter/Vote.php

src/Symfony/Component/Security/Core/Authorization/Voter/VoteInterface.php

src/Symfony/Component/Security/Core/CHANGELOG.md

src/Symfony/Component/Security/Core/Exception/AccessDeniedException.php

94noni · 2024-08-28T07:07:00Z

@eltharin hi 👋🏻

nice to see that you are willing to take over this amount of work, incremented overtime by different coders and reviewers :)

i am still interested in such feature even though now I rarely use voter, still thinking that this can be a great addition in core (like workflow transition blocker message is available)

to be honest, I think I would probable split this in 2 separates PRs, just to ease review and reduce the friction already existing around such feature, as it needs to arrive on a simple/BC/evolutive/maintainable way in core

add the feature of a voter message (main issue feature that seem to have lot of traction over the year regarding all PRs reactions)
add the feature of a new decision strategy alone (perhaps even before the voter message)

in any way, I will add a reminder to make a review on this PR as well :)

( PS: @noniagriconomie is one old account of mine no more used since )

eltharin · 2024-08-28T08:08:56Z

@94noni

you and other are the firsts to thank for the start of this work,

For the 2 PR's I thought about it but it's absolutlly linked, both needs Vote Object so getVote function so GetDecision functions,

Remove first or second feature but keep other one will only touch few files compared with all files changed.

At start, i saw your PR's without really needed, but when I wrote myine for scoring, I saw I made the same work as you, so I included your work in these to not have conflict when one will be accepted.

As it's a big update to add all these functions in symfony core I add a new benefit to this to have more chance to see this PR passed :)

kevinpapst · 2024-09-02T22:18:51Z

Did anyone ever run performance checks on these changes? Considering that Voters can be called hundreds of times per request, any overhead created by hundreds of new Vote() instances or checks for existing methods should imo be avoided (e.g. add new interfaces so I can opt-in to the new approach, instead of forcing the code upon everyone).

src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php

src/Symfony/Component/Security/Core/Authorization/Strategy/ScoringStrategy.php

94noni · 2024-09-09T07:27:46Z

src/Symfony/Component/Security/Core/Authorization/Strategy/ConsensusStrategy.php

@@ -40,29 +43,38 @@ public function __construct(

    public function decide(\Traversable $results): bool
    {
+        return $this->getDecision(new \ArrayIterator(array_map(fn ($vote) => new Vote($vote), iterator_to_array($results))))->isGranted();


perhaps create a trait to avoid copy/past such internal ?

src/Symfony/Component/Security/Core/Authorization/Voter/Vote.php

src/Symfony/Component/Security/Core/Event/VoteEvent.php

fabpot use interface

eltharin · 2024-09-10T08:43:31Z

Did anyone ever run performance checks on these changes? Considering that Voters can be called hundreds of times per request, any overhead created by hundreds of new Vote() instances or checks for existing methods should imo be avoided (e.g. add new interfaces so I can opt-in to the new approach, instead of forcing the code upon everyone).

I look with Symfony Profiler, with 3000 voters With 7.2 actual version VoteListener take 120MiB in 8ms with this PR, 118MiB for 8.4ms.
I don't made more performance test with a performance tool

eltharin · 2024-09-30T08:45:53Z

friendly ping @chalasr as default reviewer

eltharin requested a review from chalasr as a code owner August 27, 2024 17:38

carsonbot added Status: Needs Review Feature labels Aug 27, 2024

carsonbot added this to the 7.2 milestone Aug 27, 2024

eltharin force-pushed the add_messages_and_score_on_votes branch from 5a4fbe1 to fc77e53 Compare August 27, 2024 17:49

OskarStark reviewed Aug 27, 2024

View reviewed changes

eltharin force-pushed the add_messages_and_score_on_votes branch 8 times, most recently from 6e67169 to 71d7744 Compare August 27, 2024 21:41

eltharin requested a review from OskarStark August 29, 2024 07:56

eltharin force-pushed the add_messages_and_score_on_votes branch from 46b15e0 to e9f63ce Compare August 30, 2024 08:51

eltharin force-pushed the add_messages_and_score_on_votes branch from e9f63ce to 278f259 Compare September 9, 2024 06:25