Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Commit4092f06

Browse files
committed
Removed all deprecated attributes from the docs
1 parent9d34ea0 commit4092f06

File tree

9 files changed

+61
-83
lines changed

9 files changed

+61
-83
lines changed

‎components/security/authorization.rst‎

Lines changed: 6 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -98,10 +98,12 @@ AuthenticatedVoter
9898
~~~~~~~~~~~~~~~~~~
9999

100100
The:class:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\AuthenticatedVoter`
101-
voter supports the attributes ``IS_AUTHENTICATED_FULLY``, ``IS_AUTHENTICATED_REMEMBERED``,
102-
and ``IS_AUTHENTICATED_ANONYMOUSLY`` and grants access based on the current
103-
level of authentication, i.e. is the user fully authenticated, or only based
104-
on a "remember-me" cookie, or even authenticated anonymously?::
101+
voter supports the attributes ``IS_ANONYMOUS``, ``IS_REMEMBERED``, ``IS_IMPERSONATED``
102+
and ``IS_AUTHENTICATED`` and ``IS_AUTHENTICATED_FULLY`` and grants access based on the current
103+
level of authentication, i.e. is the user authenticated or only based
104+
on a "remember-me" cookie or even only anonymous?
105+
106+
..code-block::php
105107
106108
use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
107109
use Symfony\Component\Security\Core\Authentication\Token\AnonymousToken;

‎security.rst‎

Lines changed: 28 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -616,8 +616,10 @@ Securing other Services
616616

617617
See:doc:`/security/securing_services`.
618618

619-
Checking to see if a User is Logged In (IS_AUTHENTICATED_FULLY)
620-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
619+
.. _checking-to-see-if-a-user-is-logged-in-is_authenticated_fully:
620+
621+
Checking to see if a User is Logged In (IS_AUTHENTICATED)
622+
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
621623

622624
If you *only* want to check if a user is logged in (you don't care about roles),
623625
you have two options. First, if you've given *every* user ``ROLE_USER``, you can
@@ -628,30 +630,40 @@ of a role::
628630

629631
public function adminDashboard()
630632
{
631-
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
633+
$this->denyAccessUnlessGranted('IS_AUTHENTICATED');
632634

633635
// ...
634636
}
635637

636-
You can use ``IS_AUTHENTICATED_FULLY`` anywhere roles are used: like ``access_control``
637-
or in Twig.
638+
You can use this ``IS_AUTHENTICATED`` attribute in security expression
639+
(like used in ``access_control``, or calls to ``isGranted()`` in PHP or
640+
``is_granted`` in Twig).
638641

639-
``IS_AUTHENTICATED_FULLY`` isn't a role, but it kind of acts like one, and every
640-
user that has logged in will have this. Actually, there are3 special attributes
642+
``IS_AUTHENTICATED`` isn't a role, but it kind of acts like one, and every
643+
user that has logged in will have this. Actually, there aresome special attributes
641644
like this:
642645

643-
* ``IS_AUTHENTICATED_REMEMBERED``: *All* logged in users have this, even
644-
if they are logged in because of a "remember me cookie". Even if you don't
645-
use the:doc:`remember me functionality</security/remember_me>`,
646-
you can use this to check if the user is logged in.
646+
* ``IS_AUTHENTICATED``: Matches *all* users (even anonymous ones). This is
647+
useful when *whitelisting* URLs to guarantee access - some details are in
648+
:doc:`/security/access_control`.
649+
650+
* ``IS_ANONYMOUS``: Only anonymous users are matched by this attribute.
647651

648-
* ``IS_AUTHENTICATED_FULLY``: This is similar to ``IS_AUTHENTICATED_REMEMBERED``,
652+
* ``IS_REMEMBERED``: Matches users authenticated using the
653+
:doc:`remember me functionality</security/remember_me>`, (i.e. a remember-me
654+
cookie).
655+
656+
* ``IS_IMPERSONATOR``: When the current session is an:doc:`impersonated user
657+
* </security/impersonating_user>`, this attribute will match.
658+
659+
* ``IS_AUTHENTICATED_FULLY``: This is similar to ``IS_AUTHENTICATED``,
649660
but stronger. Users who are logged in only because of a "remember me cookie"
650-
will have ``IS_AUTHENTICATED_REMEMBERED`` but will not have ``IS_AUTHENTICATED_FULLY``.
661+
and anonymous users will not be matched by ``IS_AUTHENTICATED_FULLY``.
662+
663+
..versionadded::4.4
651664

652-
* ``IS_AUTHENTICATED_ANONYMOUSLY``: *All* users (even anonymous ones) have
653-
this - this is useful when *whitelisting* URLs to guarantee access - some
654-
details are in:doc:`/security/access_control`.
665+
The ``IS_AUTHENTICATED``, ``IS_ANONYMOUS``, ``IS_REMEMBERED`` and
666+
``IS_IMPERSONATOR`` attributes were introduced in Symfony 4.4.
655667

656668
.. _security-secure-objects:
657669

‎security/access_control.rst‎

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -193,7 +193,7 @@ pattern so that it is only accessible by requests from the local server itself:
193193
access_control:
194194
#
195195
# the 'ips' option supports IP addresses and subnet masks
196-
-{ path: ^/internal, roles:IS_AUTHENTICATED_ANONYMOUSLY, ips: [127.0.0.1, ::1, 192.168.0.1/24] }
196+
-{ path: ^/internal, roles:IS_AUTHENTICATED, ips: [127.0.0.1, ::1, 192.168.0.1/24] }
197197
-{ path: ^/internal, roles: ROLE_NO_ACCESS }
198198
199199
..code-block::xml
@@ -210,7 +210,7 @@ pattern so that it is only accessible by requests from the local server itself:
210210
<!-- ...-->
211211
212212
<!-- the 'ips' option supports IP addresses and subnet masks-->
213-
<rulepath="^/internal"role="IS_AUTHENTICATED_ANONYMOUSLY">
213+
<rulepath="^/internal"role="IS_AUTHENTICATED">
214214
<ip>127.0.0.1</ip>
215215
<ip>::1</ip>
216216
</rule>
@@ -227,7 +227,7 @@ pattern so that it is only accessible by requests from the local server itself:
227227
'access_control' => [
228228
[
229229
'path' => '^/internal',
230-
'role' => 'IS_AUTHENTICATED_ANONYMOUSLY',
230+
'role' => 'IS_AUTHENTICATED',
231231
// the 'ips' option supports IP addresses and subnet masks
232232
'ips' => ['127.0.0.1', '::1'],
233233
],
@@ -254,8 +254,8 @@ But if the same request comes from ``127.0.0.1`` or ``::1`` (the IPv6 loopback
254254
address):
255255

256256
* Now, the first access control rule is enabled as both the ``path`` and the
257-
``ip`` match: access is allowed as the user alwayshas the
258-
``IS_AUTHENTICATED_ANONYMOUSLY``role.
257+
``ip`` match: access is allowed as the user alwaysmatches the
258+
``IS_AUTHENTICATED``attribute.
259259

260260
* The second access rule is not examined as the first rule matched.
261261

@@ -342,7 +342,7 @@ access those URLs via a specific port. This could be useful for example for
342342
security:
343343
# ...
344344
access_control:
345-
-{ path: ^/cart/checkout, roles:IS_AUTHENTICATED_ANONYMOUSLY, port: 8080 }
345+
-{ path: ^/cart/checkout, roles:IS_AUTHENTICATED, port: 8080 }
346346
347347
..code-block::xml
348348
@@ -357,7 +357,7 @@ access those URLs via a specific port. This could be useful for example for
357357
<config>
358358
<!-- ...-->
359359
<rulepath="^/cart/checkout"
360-
role="IS_AUTHENTICATED_ANONYMOUSLY"
360+
role="IS_AUTHENTICATED"
361361
port="8080"
362362
/>
363363
</config>
@@ -371,7 +371,7 @@ access those URLs via a specific port. This could be useful for example for
371371
'access_control' => [
372372
[
373373
'path' => '^/cart/checkout',
374-
'role' => 'IS_AUTHENTICATED_ANONYMOUSLY',
374+
'role' => 'IS_AUTHENTICATED',
375375
'port' => '8080',
376376
],
377377
],
@@ -393,7 +393,7 @@ the user will be redirected to ``https``:
393393
security:
394394
# ...
395395
access_control:
396-
-{ path: ^/cart/checkout, roles:IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
396+
-{ path: ^/cart/checkout, roles:IS_AUTHENTICATED, requires_channel: https }
397397
398398
..code-block::xml
399399
@@ -408,7 +408,7 @@ the user will be redirected to ``https``:
408408
<config>
409409
<!-- ...-->
410410
<rulepath="^/cart/checkout"
411-
role="IS_AUTHENTICATED_ANONYMOUSLY"
411+
role="IS_AUTHENTICATED"
412412
requires-channel="https"
413413
/>
414414
</config>
@@ -422,7 +422,7 @@ the user will be redirected to ``https``:
422422
'access_control' => [
423423
[
424424
'path' => '^/cart/checkout',
425-
'role' => 'IS_AUTHENTICATED_ANONYMOUSLY',
425+
'role' => 'IS_AUTHENTICATED',
426426
'requires_channel' => 'https',
427427
],
428428
],

‎security/expressions.rst‎

Lines changed: 1 addition & 37 deletions
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ accepts an :class:`Symfony\\Component\\ExpressionLanguage\\Expression` object::
1818
public function index()
1919
{
2020
$this->denyAccessUnlessGranted(new Expression(
21-
'"ROLE_ADMIN" in roles or (notis_anonymous() and user.isSuperAdmin())'
21+
'"ROLE_ADMIN" in roles or (notis_granted('IS_ANONYMOUS') and user.isSuperAdmin())'
2222
));
2323

2424
// ...
@@ -52,48 +52,12 @@ Inside the expression, you have access to a number of variables:
5252

5353
Additionally, you have access to a number of functions inside the expression:
5454

55-
``is_authenticated``
56-
Returns ``true`` if the user is authenticated via "remember-me" or authenticated
57-
"fully" - i.e. returns true if the user is "logged in".
58-
``is_anonymous``
59-
Equal to using ``IS_AUTHENTICATED_ANONYMOUSLY`` with the ``isGranted()`` function.
60-
``is_remember_me``
61-
Similar, but not equal to ``IS_AUTHENTICATED_REMEMBERED``, see below.
62-
``is_fully_authenticated``
63-
Similar, but not equal to ``IS_AUTHENTICATED_FULLY``, see below.
6455
``is_granted``
6556
Checks if the user has the given permission. Optionally accepts a second argument
6657
with the object where permission is checked on. It's equivalent to using
6758
the:doc:`isGranted() method</security/securing_services>` from the authorization
6859
checker service.
6960

70-
..sidebar::``is_remember_me`` is different than checking ``IS_AUTHENTICATED_REMEMBERED``
71-
72-
The ``is_remember_me()`` and ``is_fully_authenticated()`` functions are *similar*
73-
to using ``IS_AUTHENTICATED_REMEMBERED`` and ``IS_AUTHENTICATED_FULLY``
74-
with the ``isGranted()`` function - but they are **not** the same. The
75-
following controller snippet shows the difference::
76-
77-
use Symfony\Component\ExpressionLanguage\Expression;
78-
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
79-
// ...
80-
81-
public function index(AuthorizationCheckerInterface $authorizationChecker)
82-
{
83-
$access1 = $authorizationChecker->isGranted('IS_AUTHENTICATED_REMEMBERED');
84-
85-
$access2 = $authorizationChecker->isGranted(new Expression(
86-
'is_remember_me() or is_fully_authenticated()'
87-
));
88-
}
89-
90-
Here, ``$access1`` and ``$access2`` will be the same value. Unlike the
91-
behavior of ``IS_AUTHENTICATED_REMEMBERED`` and ``IS_AUTHENTICATED_FULLY``,
92-
the ``is_remember_me()`` function *only* returns true if the user is authenticated
93-
via a remember-me cookie and ``is_fully_authenticated`` *only* returns
94-
true if the user has actually logged in during this session (i.e. is
95-
full-fledged).
96-
9761
Learn more
9862
----------
9963

‎security/force_https.rst‎

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -24,9 +24,9 @@ access control:
2424
2525
access_control:
2626
-{ path: ^/secure, roles: ROLE_ADMIN, requires_channel: https }
27-
-{ path: ^/login, roles:IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
27+
-{ path: ^/login, roles:IS_AUTHENTICATED, requires_channel: https }
2828
# catch all other URLs
29-
-{ path: ^/, roles:IS_AUTHENTICATED_ANONYMOUSLY, requires_channel: https }
29+
-{ path: ^/, roles:IS_AUTHENTICATED, requires_channel: https }
3030
3131
..code-block::xml
3232
@@ -43,11 +43,11 @@ access control:
4343
4444
<rulepath="^/secure"role="ROLE_ADMIN"requires_channel="https"/>
4545
<rulepath="^/login"
46-
role="IS_AUTHENTICATED_ANONYMOUSLY"
46+
role="IS_AUTHENTICATED"
4747
requires_channel="https"
4848
/>
4949
<rulepath="^/"
50-
role="IS_AUTHENTICATED_ANONYMOUSLY"
50+
role="IS_AUTHENTICATED"
5151
requires_channel="https"
5252
/>
5353
</config>
@@ -67,12 +67,12 @@ access control:
6767
],
6868
[
6969
'path' => '^/login',
70-
'role' => 'IS_AUTHENTICATED_ANONYMOUSLY',
70+
'role' => 'IS_AUTHENTICATED',
7171
'requires_channel' => 'https',
7272
],
7373
[
7474
'path' => '^/',
75-
'role' => 'IS_AUTHENTICATED_ANONYMOUSLY',
75+
'role' => 'IS_AUTHENTICATED',
7676
'requires_channel' => 'https',
7777
],
7878
],

‎security/form_login_setup.rst‎

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -86,7 +86,7 @@ Edit the ``security.yml`` file in order to allow access for anyone to the
8686
# ...
8787
8888
access_control:
89-
-{ path: ^/login$, roles:IS_AUTHENTICATED_ANONYMOUSLY }
89+
-{ path: ^/login$, roles:IS_AUTHENTICATED }
9090
# ...
9191
9292
..code-block::xml
@@ -100,7 +100,7 @@ Edit the ``security.yml`` file in order to allow access for anyone to the
100100
https://symfony.com/schema/dic/services/services-1.0.xsd">
101101
102102
<config>
103-
<rulepath="^/login$"role="IS_AUTHENTICATED_ANONYMOUSLY"/>
103+
<rulepath="^/login$"role="IS_AUTHENTICATED"/>
104104
<!-- ...-->
105105
</config>
106106
</srv:container>
@@ -113,7 +113,7 @@ Edit the ``security.yml`` file in order to allow access for anyone to the
113113
'access_control' => [
114114
[
115115
'path' => '^/login',
116-
'roles' => 'IS_AUTHENTICATED_ANONYMOUSLY',
116+
'roles' => 'IS_AUTHENTICATED',
117117
],
118118
// ...
119119
],

‎security/multiple_guard_authenticators.rst‎

Lines changed: 3 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -108,7 +108,7 @@ the solution is to split the configuration into two separate firewalls:
108108
authenticators:
109109
-App\Security\LoginFormAuthenticator
110110
access_control:
111-
-{ path: ^/login, roles:IS_AUTHENTICATED_ANONYMOUSLY }
111+
-{ path: ^/login, roles:IS_AUTHENTICATED }
112112
-{ path: ^/api, roles: ROLE_API_USER }
113113
-{ path: ^/, roles: ROLE_USER }
114114
@@ -135,7 +135,7 @@ the solution is to split the configuration into two separate firewalls:
135135
<authenticator>App\Security\LoginFormAuthenticator</authenticator>
136136
</guard>
137137
</firewall>
138-
<rulepath="^/login"role="IS_AUTHENTICATED_ANONYMOUSLY"/>
138+
<rulepath="^/login"role="IS_AUTHENTICATED"/>
139139
<rulepath="^/api"role="ROLE_API_USER"/>
140140
<rulepath="^/"role="ROLE_USER"/>
141141
</config>
@@ -168,7 +168,7 @@ the solution is to split the configuration into two separate firewalls:
168168
],
169169
],
170170
'access_control' => [
171-
['path' => '^/login', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY'],
171+
['path' => '^/login', 'role' => 'IS_AUTHENTICATED'],
172172
['path' => '^/api', 'role' => 'ROLE_API_USER'],
173173
['path' => '^/', 'role' => 'ROLE_USER'],
174174
],

‎security/remember_me.rst‎

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -177,7 +177,7 @@ users to change their password. You can do this by leveraing a few special "role
177177
{
178178
// allow any authenticated user - we don't care if they just
179179
// logged in, or are logged in via a remember me cookie
180-
$this->denyAccessUnlessGranted('IS_AUTHENTICATED_REMEMBERED');
180+
$this->denyAccessUnlessGranted('IS_AUTHENTICATED');
181181

182182
// ...
183183
}

‎workflow.rst‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -439,8 +439,8 @@ transition. The value of this option is any valid expression created with the
439439
from:draft
440440
to:reviewed
441441
publish:
442-
# or "is_anonymous", "is_remember_me", "is_fully_authenticated", "is_granted"
443-
guard:"is_authenticated"
442+
# or "IS_ANONYMOUS", "IS_REMEMBER_ME", "IS_IMPERSONATOR" or "IS_AUTHENTICATED_FULLY"
443+
guard:"is_granted('IS_AUTHENTICATED')"
444444
from:reviewed
445445
to:published
446446
reject:

0 commit comments

Comments
 (0)
[8]ページ先頭
©2009-2025 Movatter.jp