Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork5.2k
[Security] Add ability for voters to explain their vote#20690
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
javiereguiluz left a comment• edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Matthieu, this is a good start, but I think we should also display an example of using this feature to add an explanation in some of the voter examples.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
| If you return ``true`` from ``supports()``, then this method is called. Your | ||
| job is to return ``true`` to allow access and ``false`` to deny access. | ||
| The ``$token`` can be used to find the current user object (if any). In this | ||
| example, all of the complex business logic is included to determine access. | ||
| The ``$token`` can be used to find the current user object (if any). The ``$vote`` |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
perhaps document were this can be seen? or retrieved to be displayed?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I am not sure to understand your point here
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I meant something like the workflow transition blocker message
is it possible to see this "vote message" somewhere and how ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I agree with@94noni. Having a short section explaining how to retrieve and display the reasons to users would be a great addition. It would help developers make better use of the new Vote object in real-world applications.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I did some tweaks while merging, but we can do further tweaks in future PRs if we think this needs to be improved. Thanks.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
Uh oh!
There was an error while loading.Please reload this page.
| if (!$user instanceof User) { | ||
| // the user must be logged in; if not, deny access | ||
| $vote->reasons[] = 'The user is not logged in.'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
I think we should instead use theaddReason() method.
$vote?->addReason('The user is not logged in.');
| { | ||
| $user = $token->getUser(); | ||
| $vote ??= new Vote(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
should be removed while accounting for@javiereguiluz's comment:
| $vote ??= new Vote(); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Fixed while merging. Thanks.
| return true; | ||
| } | ||
| $vote->reasons[] = 'You are not the owner of the Post.'; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
$vote is undefined in this example, I guess a few more changes are needed to pass $vote
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Fixed while merging. Thanks.
nicolas-grekasMay 23, 2025 • edited
Loading Uh oh!
There was an error while loading.Please reload this page.
edited
Uh oh!
There was an error while loading.Please reload this page.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
not really, the private method has no $vote argument ;)
523229b intosymfony:7.3Uh oh!
There was an error while loading.Please reload this page.
Thanks Matthieu! |
Fix#20658