Commit9c169c7

committed

Rewrite new section

1 parentacf66f9 commit9c169c7Copy full SHA for 9c169c7

File tree

1 file changed

+35

-55

lines changed

cookbook/security
- voters_data_permission.rst

1 file changed

+35

-55

lines changed

`‎cookbook/security/voters_data_permission.rst`

Lines changed: 35 additions & 55 deletions

Original file line number	Diff line number	Diff line change
`@@ -223,20 +223,30 @@ It's that easy!`
`223`	`223`
`224`	`224`	`.. _security-voters-change-strategy:`
`225`	`225`
`226`		`-Changing theAccessDecision Strategy`
`227`		`--------------------------------------`
	`226`	`+Changing the Decision Strategy`
	`227`	`+------------------------------`
`228`	`228`
`229`		`-In order for the new voter to take effect, you need to change the default access`
`230`		`-decision strategy, which, by default, grants accessifany voter grants`
`231`		`-access.`
	`229`	`+Imagine you have multiple voters for one action for an object. For instance,`
	`230`	`+you have one voter that checksifthe user is a member of the site and a second`
	`231`	`+one checking if the user is older than 18.`
`232`	`232`
`233`		-In this case, choose the ``unanimous`` strategy. Unlike the ``affirmative``
`234`		-strategy (the default), with the ``unanimous`` strategy, if only one voter
`235`		-denies access (e.g. the ``ClientIpVoter``), access is not granted to the
`236`		`-end user.`
	`233`	`+To handle these cases, the access decision manager uses a decision strategy.`
	`234`	`+You can configure this to suite your needs. There are three strategies`
	`235`	`+available:`
`237`	`236`
`238`		-To do that, override the default ``access_decision_manager`` section of your
`239`		`-application configuration file with the following code.`
	`237`	+``affirmative`` (default)
	`238`	`+ This grants access as soon as there is one voter granting access;`
	`239`	`+`
	`240`	+``consensus``
	`241`	`+ This grants access if there are more voters granting access than denying;`
	`242`	`+`
	`243`	+``unanimous``
	`244`	`+ This only grants access once all voters grant access.`
	`245`	`+`
	`246`	`+In the above scenario, both voters should grant access in order to grant access`
	`247`	`+to the user to read the post. In this case, the default strategy is no longer`
	`248`	+valid and ``unanimous`` should be used instead. You can set this in the
	`249`	`+security configuration:`
`240`	`250`
`241`	`251`	`..configuration-block::`
`242`	`252`
`@@ -245,60 +255,30 @@ application configuration file with the following code.`
`245`	`255`	`# app/config/security.yml`
`246`	`256`	`security:`
`247`	`257`	`access_decision_manager:`
`248`		`-# strategy can be: affirmative, unanimous or consensus`
`249`	`258`	`strategy:unanimous`
`250`	`259`
`251`	`260`	`..code-block::xml`
`252`	`261`
`253`	`262`	`<!-- app/config/security.xml-->`
`254`		`- <config>`
`255`		`-<!-- strategy can be: affirmative, unanimous or consensus-->`
`256`		`- <access-decision-managerstrategy="unanimous">`
`257`		`- </config>`
	`263`	`+ <?xml version="1.0" encoding="UTF-8" ?>`
	`264`	`+ <srv:containerxmlns="http://symfony.com/schema/dic/security"`
	`265`	`+xmlns:srv="http://symfony.com/schema/dic/services"`
	`266`	`+xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"`
	`267`	`+xsi:schemaLocation="http://symfony.com/schema/dic/services`
	`268`	`+ http://symfony.com/schema/dic/services/services-1.0.xsd`
	`269`	`+ http://symfony.com/schema/dic/security`
	`270`	`+ http://symfony.com/schema/dic/security/security-1.0.xsd"`
	`271`	`+ >`
	`272`	`+ <config>`
	`273`	`+ <access-decision-managerstrategy="unanimous">`
	`274`	`+ </config>`
	`275`	`+ </srv:container>`
`258`	`276`
`259`	`277`	`..code-block::php`
`260`	`278`
`261`		`- // app/config/security.xml`
	`279`	`+ // app/config/security.php`
`262`	`280`	`$container->loadFromExtension('security', array(`
`263`		`- // strategy can be: affirmative, unanimous or consensus`
`264`	`281`	`'access_decision_manager' => array(`
`265`	`282`	`'strategy' => 'unanimous',`
`266`	`283`	`),`
`267`	`284`	`));`
`268`		`-`
`269`		`-That's it! Now, when deciding whether or not a user should have access,`
`270`		`-the new voter will deny access to any user in the list of blacklisted IPs.`
`271`		`-`
`272`		`-Note that the voters are only called, if any access is actually checked. So`
`273`		`-you need at least something like`
`274`		`-`
`275`		`-..configuration-block::`
`276`		`-`
`277`		`- ..code-block::yaml`
`278`		`-`
`279`		`-# app/config/security.yml`
`280`		`-security:`
`281`		`-access_control:`
`282`		`- -{ path: ^/, role: IS_AUTHENTICATED_ANONYMOUSLY }`
`283`		`-`
`284`		`- ..code-block::xml`
`285`		`-`
`286`		`-<!-- app/config/security.xml-->`
`287`		`- <config>`
`288`		`- <access-control>`
`289`		`- <rulepath="^/"role="IS_AUTHENTICATED_ANONYMOUSLY" />`
`290`		`- </access-control>`
`291`		`- </config>`
`292`		`-`
`293`		`- ..code-block::php`
`294`		`-`
`295`		`- // app/config/security.xml`
`296`		`- $container->loadFromExtension('security', array(`
`297`		`- 'access_control' => array(`
`298`		`- array('path' => '^/', 'role' => 'IS_AUTHENTICATED_ANONYMOUSLY'),`
`299`		`- ),`
`300`		`- ));`
`301`		`-`
`302`		`-..seealso::`
`303`		`-`
`304`		- For a more advanced usage see:ref:`components-security-access-decision-manager`.

0 commit comments

Comments

(0)

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Commit9c169c7

File tree

1 file changed

1 file changed

`‎cookbook/security/voters_data_permission.rst`

0 commit comments