@@ -73,15 +73,13 @@ Authorization (i.e. Denying Access)
7373-----------------------------------
7474
7575Symfony gives you several ways to enforce authorization, including the ``access_control ``
76- configuration in:doc: `security.yml </reference/configuration/security >` the
77- :ref: `@Security annotation <best-practices-security-annotation >` and using
78- :ref: `isGranted <best-practices-directly-isGranted >` on the ``security.context ``
76+ configuration in:doc: `security.yml </reference/configuration/security >` and
77+ using:ref: `isGranted <best-practices-directly-isGranted >` on the ``security.context ``
7978service directly.
8079
8180..best-practice ::
8281
8382 * For protecting broad URL patterns, use ``access_control ``;
84- * Whenever possible, use the ``@Security `` annotation;
8583 * Check security directly on the ``security.context `` service whenever
8684 you have a more complex situation.
8785
@@ -94,44 +92,14 @@ with a custom security voter or with ACL.
9492 * For restricting access to *any * object by *any * user via an admin
9593 interface, use the Symfony ACL.
9694
97- .. _best-practices-security-annotation :
98-
99- The @Security Annotation
100- ------------------------
101-
102- For controlling access on a controller-by-controller basis, use the ``@Security ``
103- annotation whenever possible. It's easy to read and is placed consistently
104- above each action.
105-
106- In our application, you need the ``ROLE_ADMIN `` in order to create a new post.
107- Using ``@Security ``, this looks like:
108-
109- ..code-block ::php
110-
111- use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
112- use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
113- // ...
114-
115- /**
116- * Displays a form to create a new Post entity.
117- *
118- * @Route("/new", name="admin_post_new")
119- * @Security("has_role('ROLE_ADMIN')")
120- */
121- public function newAction()
122- {
123- // ...
124- }
125-
12695.. _best-practices-directly-isGranted :
96+ .. _checking-permissions-without-security :
12797
128- Checking Permissions without @Security
129- --------------------------------------
98+ Manually Checking Permissions
99+ -----------------------------
130100
131- The above example with ``@Security `` only works because we're using the
132- :ref: `ParamConverter <best-practices-paramconverter >`, which gives the expression
133- access to the a ``post `` variable. If you don't use this, or have some other
134- more advanced use-case, you can always do the same security check in PHP:
101+ If you cannot control the access based on URL patterns, you can always do
102+ the security checks in PHP:
135103
136104..code-block ::php
137105
@@ -219,21 +187,7 @@ To enable the security voter in the application, define a new service:
219187tags :
220188 -{ name: security.voter }
221189
222- @Security `` annotation:
223-
224- ..code-block ::php
225-
226- /**
227- * @Route("/{id}/edit", name="admin_post_edit")
228- * @Security("is_granted('edit', post)")
229- */
230- public function editAction(Post $post)
231- {
232- // ...
233- }
234-
235- security.context `` service, or
236- via the even easier shortcut in a controller:
190+ security.context `` service:
237191
238192..code-block ::php
239193
@@ -269,7 +223,6 @@ develop :doc:`your own user provider </cookbook/security/custom_provider>` and
269223
270224.. _`Security Cookbook Section` :http://symfony.com/doc/current/cookbook/security/index.html
271225.. _`security.yml` :http://symfony.com/doc/current/reference/configuration/security.html
272- .. _`@Security annotation` :http://symfony.com/doc/current/bundles/SensioFrameworkExtraBundle/annotations/security.html
273226.. _`security voter` :http://symfony.com/doc/current/cookbook/security/voters_data_permission.html
274227.. _`ACL's` :http://symfony.com/doc/current/cookbook/security/acl.html
275228.. _`FOSUserBundle` :https://github.com/FriendsOfSymfony/FOSUserBundle