bug symfony#51 Fixed Symfony 4.3 wrong role variable type (Andrej-in-ua)

This PR was merged into the 3.0-dev branch.

Discussion
----------

Fixed Symfony 4.3 wrong role variable type

This should fix work in symfony < 4.3

Original error from logs symfony 3.4 application:
```
Uncaught PHP Exception Symfony\Component\Debug\Exception\FatalThrowableError:
"Call to a member function getRole() on string" at
vendor/symfony/symfony/src/Symfony/Component/Security/Core/Role/RoleHierarchy.php line 41
{"exception":"[object] (Symfony\\Component\\Debug\\Exception\\FatalThrowableError(code: 0):
Call to a member function getRole() on string at
vendor/symfony/symfony/src/Symfony/Component/Security/Core/Role/RoleHierarchy.php:41
```

Found in symfony/security-acl#50 (comment)

Commits
-------

489dc66 Fixed Symfony 4.3 wrong role variable type

Author: nicolas-grekas

Domain/SecurityIdentityRetrievalStrategy.php

@@ -58,14 +58,13 @@ public function getSecurityIdentities(TokenInterface $token)
         }
 
         // add all reachable roles
-        $roles = $this->getRoleNames($token);
         if (method_exists($this->roleHierarchy, 'getReachableRoleNames')) {
-            foreach ($this->roleHierarchy->getReachableRoleNames($roles) as $role) {
+            foreach ($this->roleHierarchy->getReachableRoleNames($this->getRoleNames($token)) as $role) {
                 $sids[] = new RoleSecurityIdentity($role);
             }
         } else {
             // Symfony < 4.3 BC layer
-            foreach ($this->roleHierarchy->getReachableRoles($roles) as $role) {
+            foreach ($this->roleHierarchy->getReachableRoles($token->getRoles()) as $role) {
                 $sids[] = new RoleSecurityIdentity($role);
             }
         }
@@ -85,7 +84,7 @@ public function getSecurityIdentities(TokenInterface $token)
         return $sids;
     }
 
-    private function getRoleNames(TokenInterface $token): array
+    private function getRoleNames(TokenInterface $token)
     {
         if (method_exists($token, 'getRoleNames')) {
             return $token->getRoleNames();

Tests/Domain/SecurityIdentityRetrievalStrategyTest.php

@@ -14,6 +14,7 @@
 use Symfony\Component\Security\Acl\Domain\RoleSecurityIdentity;
 use Symfony\Component\Security\Acl\Domain\UserSecurityIdentity;
 use Symfony\Component\Security\Acl\Domain\SecurityIdentityRetrievalStrategy;
+use Symfony\Component\Security\Core\Role\Role;
 
 class SecurityIdentityRetrievalStrategyTest extends \PHPUnit_Framework_TestCase
 {
@@ -22,8 +23,6 @@ class SecurityIdentityRetrievalStrategyTest extends \PHPUnit_Framework_TestCase
      */
     public function testGetSecurityIdentities($user, array $roles, $authenticationStatus, array $sids)
     {
-        $strategy = $this->getStrategy($roles, $authenticationStatus);
-
         if ('anonymous' === $authenticationStatus) {
             $token = $this->getMockBuilder('Symfony\Component\Security\Core\Authentication\Token\AnonymousToken')
                                 ->disableOriginalConstructor()
@@ -40,16 +39,20 @@ public function testGetSecurityIdentities($user, array $roles, $authenticationSt
         }
 
         if (method_exists($token, 'getRoleNames')) {
+            $strategy = $this->getStrategy($roles, $authenticationStatus, false);
+
             $token
                 ->expects($this->once())
                 ->method('getRoleNames')
                 ->will($this->returnValue(array('foo')))
             ;
         } else {
+            $strategy = $this->getStrategy($roles, $authenticationStatus, true);
+
             $token
                 ->expects($this->once())
                 ->method('getRoles')
-                ->will($this->returnValue(array('foo')))
+                ->will($this->returnValue(array(new Role('foo'))))
             ;
         }
 
@@ -129,15 +132,32 @@ protected function getAccount($username, $class)
         return $account;
     }
 
-    protected function getStrategy(array $roles = array(), $authenticationStatus = 'fullFledged')
+    protected function getStrategy(array $roles = array(), $authenticationStatus = 'fullFledged', $isBC = false)
     {
-        $roleHierarchy = $this->getMock('Symfony\Component\Security\Core\Role\RoleHierarchyInterface');
-        $roleHierarchy
-            ->expects($this->once())
-            ->method('getReachableRoles')
-            ->with($this->equalTo(array('foo')))
-            ->will($this->returnValue($roles))
-        ;
+        $roleHierarchyBuilder = $this->getMockBuilder('Symfony\Component\Security\Core\Role\RoleHierarchyInterface')
+            ->disableProxyingToOriginalMethods()
+            ->disableOriginalConstructor();
+
+        if ($isBC) {
+            $roleHierarchy = $roleHierarchyBuilder->setMethods(['getReachableRoles'])
+                ->getMockForAbstractClass();
+
+            $roleHierarchy
+                ->expects($this->any())
+                ->method('getReachableRoles')
+                ->with($this->equalTo([new Role('foo')]))
+                ->will($this->returnValue($roles));
+        } else {
+            $roleHierarchy = $roleHierarchyBuilder->setMethods(['getReachableRoleNames'])
+                ->getMockForAbstractClass();
+
+            $roleHierarchy
+                ->expects($this->any())
+                ->method('getReachableRoleNames')
+                ->with($this->equalTo(['foo']))
+                ->will($this->returnValue($roles));
+        }
+
 
         $trustResolver = $this->getMock('Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface', array(), array('', ''));