Commit9b87127

committed

Merge branch '4.1' into 4.2

* 4.1: implemented community suggestions Fix recommendations from community review Add example for using a voter to restrict switch_user Add missing imports and remove useless

2 parentse59020f +3728e82 commit9b87127Copy full SHA for 9b87127

File tree

3 files changed

+70

-2

lines changed

3 files changed

+70

-2

lines changed

`‎profiler/wdt_follow_ajax.rst‎`

Lines changed: 4 additions & 0 deletions

Original file line number	Diff line number	Diff line change
`@@ -21,6 +21,10 @@ Ideally this header should only be set during development and not for`
`21`	`21`	`production. This can be accomplished by setting the header in a`
`22`	`22`	:ref:`kernel.response<component-http-kernel-kernel-response>` event listener::
`23`	`23`
	`24`	`+ use Symfony\Component\HttpKernel\Event\FilterResponseEvent;`
	`25`	`+`
	`26`	`+ // ...`
	`27`	`+`
`24`	`28`	`public function onKernelResponse(FilterResponseEvent $event)`
`25`	`29`	`{`
`26`	`30`	`$response = $event->getResponse();`

`‎security/impersonating_user.rst‎`

Lines changed: 66 additions & 0 deletions

Original file line number	Diff line number	Diff line change
@@ -187,6 +187,72 @@ also adjust the query parameter name via the ``parameter`` setting:
`187`	`187`	`),`
`188`	`188`	`));`
`189`	`189`
	`190`	`+Limiting User Switching`
	`191`	`+-----------------------`
	`192`	`+`
	`193`	`+If you need more control over user switching, but don't require the complexity`
	`194`	`+of a full ACL implementation, you can use a security voter. For example, you`
	`195`	`+may want to allow employees to be able to impersonate a user with the`
	`196`	+``ROLE_CUSTOMER`` role without giving them the ability to impersonate a more
	`197`	`+elevated user such as an administrator.`
	`198`	`+`
	`199`	`+..versionadded::4.1`
	`200`	`+`
	`201`	`+ The target user was added as the voter subject parameter in Symfony 4.1.`
	`202`	`+`
	`203`	`+Create the voter class::`
	`204`	`+`
	`205`	`+ namespace App\Security\Voter;`
	`206`	`+`
	`207`	`+ use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;`
	`208`	`+ use Symfony\Component\Security\Core\Authorization\Voter\Voter;`
	`209`	`+ use Symfony\Component\Security\Core\User\UserInterface;`
	`210`	`+`
	`211`	`+ class SwitchToCustomerVoter extends Voter`
	`212`	`+ {`
	`213`	`+ protected function supports($attribute, $subject)`
	`214`	`+ {`
	`215`	`+ return in_array($attribute, ['ROLE_ALLOWED_TO_SWITCH'])`
	`216`	`+ && $subject instanceof UserInterface;`
	`217`	`+ }`
	`218`	`+`
	`219`	`+ protected function voteOnAttribute($attribute, $subject, TokenInterface $token)`
	`220`	`+ {`
	`221`	`+ $user = $token->getUser();`
	`222`	`+ // if the user is anonymous or if the subject is not a user, do not grant access`
	`223`	`+ if (!$user instanceof UserInterface \|\| !$subject instanceof UserInterface) {`
	`224`	`+ return false;`
	`225`	`+ }`
	`226`	`+`
	`227`	`+ if (in_array('ROLE_CUSTOMER', $subject->getRoles())`
	`228`	`+ && $this->hasSwitchToCustomerRole($token)) {`
	`229`	`+ return true;`
	`230`	`+ }`
	`231`	`+`
	`232`	`+ return false;`
	`233`	`+ }`
	`234`	`+`
	`235`	`+ private function hasSwitchToCustomerRole(TokenInterface $token)`
	`236`	`+ {`
	`237`	`+ foreach ($token->getRoles() as $role) {`
	`238`	`+ if ($role->getRole() === 'ROLE_SWITCH_TO_CUSTOMER') {`
	`239`	`+ return true;`
	`240`	`+ }`
	`241`	`+ }`
	`242`	`+`
	`243`	`+ return false;`
	`244`	`+ }`
	`245`	`+ }`
	`246`	`+`
	`247`	`+To enable the new voter in the app, register it as a service and`
	`248`	+:doc:`tag it</service_container/tags>` with the ``security.voter``
	`249`	`+tag. If you're using the`
	`250`	+:ref:`default services.yaml configuration<service-container-services-load-example>`,
	`251`	+this is already done for you, thanks to:ref:`autoconfiguration<services-autoconfigure>`.
	`252`	`+`
	`253`	+Now a user who has the ``ROLE_SWITCH_TO_CUSTOMER`` role can switch to a user who
	`254`	+has the ``ROLE_CUSTOMER`` role, but not other users.
	`255`	`+`
`190`	`256`	`Events`
`191`	`257`	`------`
`192`	`258`

`‎translation.rst‎`

Lines changed: 0 additions & 2 deletions

Original file line number	Diff line number	Diff line change
`@@ -119,7 +119,6 @@ of text (called a message), use the`
`119`	`119`	`for example, that you're translating a simple message from inside a controller::`
`120`	`120`
`121`	`121`	`// ...`
`122`		`- use Symfony\Component\HttpFoundation\Response;`
`123`	`122`	`use Symfony\Component\Translation\TranslatorInterface;`
`124`	`123`
`125`	`124`	`public function index(TranslatorInterface $translator)`
`@@ -198,7 +197,6 @@ Message Placeholders`
`198`	`197`
`199`	`198`	`Sometimes, a message containing a variable needs to be translated::`
`200`	`199`
`201`		`- use Symfony\Component\HttpFoundation\Response;`
`202`	`200`	`use Symfony\Component\Translation\TranslatorInterface;`
`203`	`201`
`204`	`202`	`public function index(TranslatorInterface $translator, $name)`

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit9b87127

File tree

3 files changed

3 files changed

`‎profiler/wdt_follow_ajax.rst‎`

`‎security/impersonating_user.rst‎`

`‎translation.rst‎`

0 commit comments