Problem/Motivation
#2351777: Do not depend on event subscribers for security: Replace AccessRouteSubscriber with build-in checks would like to inject the router.builder service into access_manager but this leads to a circular dependency: access_manager -> route.provider -> router.bouilder
Proposed resolution
Separate the loading of checks out of AccessManager. Now we can inject this check provider service into both access manager and access subscriber or router.builder when they get merged into one. Circular dependency broken.
The separation is nice. For example, we could remove four setContainer calls from the access manager test and easily/mechanically convert the rest of the test by just moving the relevant calls from AccessManager to the checkProvider.
Remaining tasks
If we were passing $request all along then getChecksNeedRequest would be removable. Do we want to do that? The current way is simpler. Removing getChecksNeedRequest would be slightly nicer.
User interface changes
API changes
setChecks and addCheckService is removed from AccessManager. The only service holding them becomes private. This is a good thing as there is no reason to call them.
Comment | File | Size | Author |
---|---|---|---|
#5 | interdiff.txt | 1.47 KB | chx |
#5 | 2354657_5.patch | 32.29 KB | chx |
#2 | 2354657_2.patch | 31.81 KB | chx |
Comments
Comment #2
chx CreditAttribution: chx commentedComment #3
Fabianx CreditAttribution: Fabianx commentedRTBC - looks great to me
Comment #4
dawehner@committer
Here is a doc improvement you might want to apply on top of it. Don't give me credit, its just annoying to get undocumented stuff in.
Its adds some documentation WHY things are designed in the way they are designed, which is really valuable information, if you ask me.
Comment #5
chx CreditAttribution: chx commentedThanks, rerolled with slightly changed doxygen.
Comment #6
dawehnerThank you!
Comment #7
catch--
++
Even though we add it back, it's required for a very specific reason in a much smaller class:
Comment #8
catchCommitted/pushed to 8.0.x, thanks!