From 6c522a7d9833fab5500c9234015c5d02b0280f8e Mon Sep 17 00:00:00 2001
From: Jules Pietri <heah@heahprod.com>
Date: Thu, 21 Mar 2019 20:52:38 +0100
Subject: [PATCH] Added IS_ANONYMOUS, IS_REMEMBERED, IS_IMPERSONATOR

---
 src/Symfony/Component/Security/CHANGELOG.md   |  1 +
 .../Voter/AuthenticatedVoter.php              | 21 ++++++++++++++++++-
 .../Voter/AuthenticatedVoterTest.php          | 11 ++++++++++
 3 files changed, 32 insertions(+), 1 deletion(-)

diff --git a/src/Symfony/Component/Security/CHANGELOG.md b/src/Symfony/Component/Security/CHANGELOG.md
index fe1cec6f7e51..4b255daf209f 100644
--- a/src/Symfony/Component/Security/CHANGELOG.md
+++ b/src/Symfony/Component/Security/CHANGELOG.md
@@ -5,6 +5,7 @@ CHANGELOG
 -----
 
  * Added access decision strategy to override access decisions by voter service priority
+ * Added `IS_ANONYMOUS`, `IS_REMEMBERED`, `IS_IMPERSONATOR`
 
 5.0.0
 -----
diff --git a/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php b/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php
index 7f99fbb05be4..d571a7e9379b 100644
--- a/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php
+++ b/src/Symfony/Component/Security/Core/Authorization/Voter/AuthenticatedVoter.php
@@ -12,6 +12,7 @@
 namespace Symfony\Component\Security\Core\Authorization\Voter;
 
 use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface;
+use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
 
 /**
@@ -28,6 +29,9 @@ class AuthenticatedVoter implements VoterInterface
     const IS_AUTHENTICATED_FULLY = 'IS_AUTHENTICATED_FULLY';
     const IS_AUTHENTICATED_REMEMBERED = 'IS_AUTHENTICATED_REMEMBERED';
     const IS_AUTHENTICATED_ANONYMOUSLY = 'IS_AUTHENTICATED_ANONYMOUSLY';
+    const IS_ANONYMOUS = 'IS_ANONYMOUS';
+    const IS_IMPERSONATOR = 'IS_IMPERSONATOR';
+    const IS_REMEMBERED = 'IS_REMEMBERED';
 
     private $authenticationTrustResolver;
 
@@ -45,7 +49,10 @@ public function vote(TokenInterface $token, $subject, array $attributes)
         foreach ($attributes as $attribute) {
             if (null === $attribute || (self::IS_AUTHENTICATED_FULLY !== $attribute
                     && self::IS_AUTHENTICATED_REMEMBERED !== $attribute
-                    && self::IS_AUTHENTICATED_ANONYMOUSLY !== $attribute)) {
+                    && self::IS_AUTHENTICATED_ANONYMOUSLY !== $attribute
+                    && self::IS_ANONYMOUS !== $attribute
+                    && self::IS_IMPERSONATOR !== $attribute
+                    && self::IS_REMEMBERED !== $attribute)) {
                 continue;
             }
 
@@ -68,6 +75,18 @@ public function vote(TokenInterface $token, $subject, array $attributes)
                     || $this->authenticationTrustResolver->isFullFledged($token))) {
                 return VoterInterface::ACCESS_GRANTED;
             }
+
+            if (self::IS_REMEMBERED === $attribute && $this->authenticationTrustResolver->isRememberMe($token)) {
+                return VoterInterface::ACCESS_GRANTED;
+            }
+
+            if (self::IS_ANONYMOUS === $attribute && $this->authenticationTrustResolver->isAnonymous($token)) {
+                return VoterInterface::ACCESS_GRANTED;
+            }
+
+            if (self::IS_IMPERSONATOR === $attribute && $token instanceof SwitchUserToken) {
+                return VoterInterface::ACCESS_GRANTED;
+            }
         }
 
         return $result;
diff --git a/src/Symfony/Component/Security/Core/Tests/Authorization/Voter/AuthenticatedVoterTest.php b/src/Symfony/Component/Security/Core/Tests/Authorization/Voter/AuthenticatedVoterTest.php
index 547c18065788..3593d29e51c6 100644
--- a/src/Symfony/Component/Security/Core/Tests/Authorization/Voter/AuthenticatedVoterTest.php
+++ b/src/Symfony/Component/Security/Core/Tests/Authorization/Voter/AuthenticatedVoterTest.php
@@ -49,6 +49,15 @@ public function getVoteTests()
             ['fully', ['IS_AUTHENTICATED_FULLY'], VoterInterface::ACCESS_GRANTED],
             ['remembered', ['IS_AUTHENTICATED_FULLY'], VoterInterface::ACCESS_DENIED],
             ['anonymously', ['IS_AUTHENTICATED_FULLY'], VoterInterface::ACCESS_DENIED],
+
+            ['fully', ['IS_ANONYMOUS'], VoterInterface::ACCESS_DENIED],
+            ['remembered', ['IS_ANONYMOUS'], VoterInterface::ACCESS_DENIED],
+            ['anonymously', ['IS_ANONYMOUS'], VoterInterface::ACCESS_GRANTED],
+
+            ['fully', ['IS_IMPERSONATOR'], VoterInterface::ACCESS_DENIED],
+            ['remembered', ['IS_IMPERSONATOR'], VoterInterface::ACCESS_DENIED],
+            ['anonymously', ['IS_IMPERSONATOR'], VoterInterface::ACCESS_DENIED],
+            ['impersonated', ['IS_IMPERSONATOR'], VoterInterface::ACCESS_GRANTED],
         ];
     }
 
@@ -58,6 +67,8 @@ protected function getToken($authenticated)
             return $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\TokenInterface')->getMock();
         } elseif ('remembered' === $authenticated) {
             return $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\RememberMeToken')->setMethods(['setPersistent'])->disableOriginalConstructor()->getMock();
+        } elseif ('impersonated' === $authenticated) {
+            return $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken')->disableOriginalConstructor()->getMock();
         } else {
             return $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\AnonymousToken')->setConstructorArgs(['', ''])->getMock();
         }