Commit1fd3b0e

Michael Klein

authored and

weaverryan

committed

updated docs according to the review

1 parent5275230 commit1fd3b0eCopy full SHA for 1fd3b0e

File tree

2 files changed

+31

-33

lines changed

cookbook/security
- voter_interface.rst.inc
- voters_data_permission.rst

2 files changed

+31

-33

lines changed

`‎cookbook/security/voter_interface.rst.inc`

Lines changed: 8 additions & 7 deletions

Original file line number	Diff line number	Diff line change
`@@ -7,15 +7,16 @@`
`7`	`7`	`public function vote(TokenInterface $token, $post, array $attributes);`
`8`	`8`	`}`
`9`	`9`
`10`		-The :method:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::supportsAttribute` method is used to check if the voter supports
`11`		`-the given user attribute (i.e: a role, an ACL, etc.).`
	`10`	+The :method:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::supportsAttribute`
	`11`	`+method is used to check if the voter supportsthe given user attribute (i.e: a role, an ACL, etc.).`
`12`	`12`
`13`		-The :method:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::supportsClass` method is used to check if the voter supports the
`14`		`-class of the object whose access is being checked (doesn't apply to this entry).`
	`13`	+The :method:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::supportsClass`
	`14`	`+method is used to check if the voter supports the class of the object whose`
	`15`	`+access is being checked (doesn't apply to this entry).`
`15`	`16`
`16`		-The :method:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::vote` method must implement the business logic that verifies whether
`17`		`-or nottheuser is granted access. This method must return one ofthe following`
`18`		`-values:`
	`17`	+The :method:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::vote`
	`18`	`+method must implementthebusiness logic that verifies whether or notthe`
	`19`	`+user is granted access. This method must return one of the followingvalues:`
`19`	`20`
`20`	`21`	* ``VoterInterface::ACCESS_GRANTED``: The authorization will be granted by this voter;
`21`	`22`	* ``VoterInterface::ACCESS_ABSTAIN``: The voter cannot decide if authorization should be granted;

`‎cookbook/security/voters_data_permission.rst`

Lines changed: 23 additions & 26 deletions

Original file line number	Diff line number	Diff line change
`@@ -51,7 +51,7 @@ You could store your Voter to check permission for the view and edit action like`
`51`	`51`	`// src/Acme/DemoBundle/Security/Authorization/Entity/PostVoter.php`
`52`	`52`	`namespace Acme\DemoBundle\Security\Authorization\Entity;`
`53`	`53`
`54`		`- use Symfony\Component\HttpKernel\Exception\PreconditionFailedHttpException;`
	`54`	`+ use Symfony\Component\Security\Core\Exception\InvalidArgumentException;`
`55`	`55`	`use Symfony\Component\DependencyInjection\ContainerInterface;`
`56`	`56`	`use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;`
`57`	`57`	`use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;`
`@@ -60,33 +60,35 @@ You could store your Voter to check permission for the view and edit action like`
`60`	`60`
`61`	`61`	`class PostVoter implements VoterInterface`
`62`	`62`	`{`
	`63`	`+ const VIEW = 'view';`
	`64`	`+ const EDIT = 'edit';`
	`65`	`+`
`63`	`66`	`public function supportsAttribute($attribute)`
`64`	`67`	`{`
`65`	`68`	`return in_array($attribute, array(`
`66`		`-'view',`
`67`		`-'edit',`
	`69`	`+self::VIEW,`
	`70`	`+self::EDIT,`
`68`	`71`	`));`
`69`	`72`	`}`
`70`	`73`
`71`	`74`	`public function supportsClass($obj)`
`72`	`75`	`{`
`73`		`- $array = array('Acme\DemoBundle\Entity\Post');`
`74`		`-`
`75`		`- foreach ($array as $item) {`
`76`		`- if ($obj instanceof $item))`
`77`		`- return true;`
`78`		`- }`
`79`		`- }`
	`76`	`+ if ($obj instanceof 'Acme\DemoBundle\Entity\Post') return true;`
`80`	`77`
`81`	`78`	`return false;`
`82`	`79`	`}`
`83`	`80`
`84`	`81`	`/** @var \Acme\DemoBundle\Entity\Post $post */`
`85`	`82`	`public function vote(TokenInterface $token, $post, array $attributes)`
`86`	`83`	`{`
	`84`	`+ // check if class of this object is supported by this voter`
	`85`	`+ if (!$this->supportsClass($post)) {`
	`86`	`+ return VoterInterface::ACCESS_ABSTAIN;`
	`87`	`+ }`
	`88`	`+`
`87`	`89`	`// check if voter is used correct, only allow one attribute for a check`
`88`	`90`	`if(count($attributes) !== 1 \|\| !is_string($attributes[0])) {`
`89`		`- throw newPreconditionFailedHttpException(`
	`91`	`+ throw newInvalidArgumentException(`
`90`	`92`	`'Only one attribute is allowed for VIEW or EDIT'`
`91`	`93`	`);`
`92`	`94`	`}`
`@@ -97,11 +99,6 @@ You could store your Voter to check permission for the view and edit action like`
`97`	`99`	`// get current logged in user`
`98`	`100`	`$user = $token->getUser();`
`99`	`101`
`100`		`- // check if class of this object is supported by this voter`
`101`		`- if (!$this->supportsClass($post)) {`
`102`		`- return VoterInterface::ACCESS_ABSTAIN;`
`103`		`- }`
`104`		`-`
`105`	`102`	`// check if the given attribute is covered by this voter`
`106`	`103`	`if (!$this->supportsAttribute($attribute)) {`
`107`	`104`	`return VoterInterface::ACCESS_ABSTAIN;`
`@@ -128,12 +125,6 @@ You could store your Voter to check permission for the view and edit action like`
`128`	`125`	`return VoterInterface::ACCESS_GRANTED;`
`129`	`126`	`}`
`130`	`127`	`break;`
`131`		`-`
`132`		`- default:`
`133`		`- // otherwise throw an exception, which will break the request`
`134`		`- throw new PreconditionFailedHttpException(`
`135`		`- 'The Attribute "'.$attribute.'" was not found.'`
`136`		`- );`
`137`	`128`	`}`
`138`	`129`
`139`	`130`	`}`
`@@ -146,7 +137,7 @@ Declaring the Voter as a Service`
`146`	`137`	`--------------------------------`
`147`	`138`
`148`	`139`	`To inject the voter into the security layer, you must declare it as a service`
`149`		`-and tag it as a´security.voter´:`
	`140`	`+and tag it as a'security.voter':`
`150`	`141`
`151`	`142`	`..configuration-block::`
`152`	`143`
`@@ -185,8 +176,9 @@ and tag it as a ´security.voter´:`
`185`	`176`
`186`	`177`	`How to Use the Voter in a Controller`
`187`	`178`	`------------------------------------`
`188`		`-The registered voter will then always be asked as soon the method isGranted from`
`189`		`-the security context is called.`
	`179`	`+`
	`180`	`+The registered voter will then always be asked as soon as the method 'isGranted'`
	`181`	`+from the security context is called.`
`190`	`182`
`191`	`183`	`..code-block::php`
`192`	`184`
`@@ -198,7 +190,12 @@ the security context is called.`
`198`	`190`
`199`	`191`	`class PostController`
`200`	`192`	`{`
`201`		`- public function showAction($id)`
	`193`	`+`
	`194`	`+ /**`
	`195`	`+ * @Route("/blog/{id}")`
	`196`	`+ * @ParamConverter("post", class="SensioBlogBundle:Post")`
	`197`	`+ */`
	`198`	`+ public function showAction(Post $post)`
`202`	`199`	`{`
`203`	`200`	`// keep in mind, this will call all registered security voters`
`204`	`201`	`if (false === $this->get('security.context')->isGranted('view', $post)) {`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit1fd3b0e

File tree

2 files changed

2 files changed

`‎cookbook/security/voter_interface.rst.inc`

`‎cookbook/security/voters_data_permission.rst`

0 commit comments