Merge branch '5.5'

* 5.5: Update changelog for 5.5.1 release [AdminBundle] Aclvoter should only grant access for supported attributes when permissions are disabled
Kunstmaan · Mar 19, 2020 · e400c01 · e400c01
2 parents 3ae9e72 + 5d8fca1
commit e400c01
Show file tree

Hide file tree

Showing 2 changed files with 18 additions and 1 deletion.
diff --git a/CHANGELOG-5.X.md b/CHANGELOG-5.X.md
@@ -1,5 +1,9 @@
 # Changelog
 
+## 5.5.1 / 2020-03-19
+
+* [AdminBundle] Aclvoter should only grant access for supported attributes with disabled permissions  [#2653](https://github.com/Kunstmaan/KunstmaanBundlesCMS/pull/2653) ([@acrobat](https://github.com/acrobat))
+
 ## 5.5.0 / 2020-03-18
 
 * [NodeBundle] Add configuration option to disable permission module/checking [#2649](https://github.com/Kunstmaan/KunstmaanBundlesCMS/pull/2649) ([@acrobat](https://github.com/acrobat)) 

diff --git a/src/Kunstmaan/AdminBundle/Helper/Security/Acl/Voter/AclVoter.php b/src/Kunstmaan/AdminBundle/Helper/Security/Acl/Voter/AclVoter.php
@@ -37,10 +37,23 @@ public function __construct(AclProviderInterface $aclProvider, ObjectIdentityRet
 
     public function vote(TokenInterface $token, $object, array $attributes)
     {
-        if (!$this->permissionsEnabled) {
+        $attributeIsSupported = false;
+        foreach ($attributes as $attribute) {
+            if ($this->supportsAttribute($attribute)) {
+                $attributeIsSupported = true;
+
+                break;
+            }
+        }
+
+        if (!$this->permissionsEnabled && $attributeIsSupported) {
             return self::ACCESS_GRANTED;
         }
 
+        if (!$this->permissionsEnabled) {
+            return self::ACCESS_ABSTAIN;
+        }
+
         return parent::vote($token, $object, $attributes);
     }
 }