[Security] Document "pass controller object argument by name" behavior for IsGranted attribute #19589

New issue

Open

[Security] Document "pass controller object argument by name" behavior for IsGranted attribute#19589

Labels

Security

Description

PrOF-kk

opened

on Feb 23, 2024

This code fragment correctly passes aTask object to the TaskVoter "by name":

// TaskController.php#[Route('/{task}', name:'task_details', methods: ['GET'])]/*                                   ↓↓↓↓                       */#[IsGranted(TaskVoter::ACCESS_TASK,'task','No task found',404)]publicfunctiontaskDetails(Task$task):Response{// ...}// TaskVoter.phpprotectedfunctionvoteOnAttribute(string$attribute,$subject,TokenInterface$token):bool{if (TaskVoter::ACCESS_TASK ===$attribute &&$subjectinstanceof Task) {return$this->canAccessTask($subject,$token->getUser());    }}

This is pretty handy, although I cannot find documentation about it anywhere. I'd expect it in(Security->Add Code to Deny Access) Securing Controllers and Other Code.
It is used throughoutVoters->Setup: Checking for Access in a Controller.

Metadata

Assignees

No one assigned

Labels

Security

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Movatterモバイル変換

Navigation Menu

Search code, repositories, users, issues, pull requests...

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

[Security] Document "pass controller object argument by name" behavior for IsGranted attribute #19589

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions