voteOnAttribute() should be contravariant with parameter $subject (mixed) of method Symfony\Component\Security\Core\Authorization\Voter\Voter::voteOnAttribute()

Question

voteOnAttribute() should be contravariant with parameter $subject (mixed) of method Symfony\Component\Security\Core\Authorization\Voter\Voter::voteOnAttribute()

VincentLanglet opened this issue 4 years ago · 4 comments

When writing a Voter, there is two methods

    /**
     * @param string $attribute
     * @param mixed  $subject
     *
     * @return bool
     */
    protected function supports($attribute, $subject)
    {
        if ('foo' !== $attribute) {
            return false;
        }

        if (!$subject instanceof Subscription) {
            return false;
        }

        return true;
    }

and

    /**
     * @param string          $step
     * @param Subscription   $subscription
     * @param TokenInterface $token
     *
     * @return bool
     */
    protected function voteOnAttribute($step, $subscription, TokenInterface $token)

With this code I get, with the phpstan-strict plugin the error:

Parameter #2 $subscription of method ....voteOnAttribute() should be contravariant with parameter $subject (mixed) of method Symfony\Component\Security\Core\Authorization\Voter\Voter::voteOnAttribute()

But even the phpdoc of symfony of this method is saying

It is safe to assume that $attribute and $subject already passed the "supports()" method check.

So I should be able to consider the param as a Subscription without any error.
Same exists for

NormalizerInterface::normalize
DenormalizerInterface::denormalize

It was reported to psalm here: psalm/psalm-plugin-symfony#107 and fixed.

is it possible for the phpstan-symfony plugin to automatically suppressing this issue @ondrejmirtes ?

Answer 1 · 2021-06-30T09:43:36.000Z

Hi, there's no way in the typesystem to express this situation. If Symfony's codebase used native types, PHP would complain about the same situation.

Psalm's way of solving this was to just ignore this issue, which isn't great. If you're aware of this problem and you're sure it works for you, you can ignore this error by yourself - the feature is designed for situations like this.

Answer 2 · 2021-06-30T09:47:04.000Z

If Symfony's codebase used native types, PHP would complain about the same situation.

In the futur I was planning to write

/** @param Foo $foo */
public function voteOnAttribute(string $subject, mixed $foo, TokenStorage $token)

Hi, there's no way in the typesystem to express this situation. If Symfony's codebase used native types, PHP would complain about the same situation.

Psalm's way of solving this was to just ignore this issue, which isn't great. If you're aware of this problem and you're sure it works for you, you can ignore this error by yourself - the feature is designed for situations like this.

Is it planned to add name to the different errors ? Because it would be nice to have a way to write something like

// @phpstan-ignore-next-line NamedError

in order to only ignore some errors.

Answer 3 · 2021-06-30T09:49:54.000Z

In the futur I was planning to write

That would lead to the same error.

Is it planned to add name to the different errors

phpstan/phpstan#3296

Answer 4 · 2021-08-01T00:01:16.000Z

This thread has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.