Skip to content

Commit e8438ec

Browse files
noelgnoelg
committed
[cookbook] update article about voters
1 parent 69213fb commit e8438ec

File tree

1 file changed

+5
-29
lines changed

1 file changed

+5
-29
lines changed

cookbook/security/voters.rst

Lines changed: 5 additions & 29 deletions
Original file line numberDiff line numberDiff line change
@@ -46,8 +46,10 @@ values:
4646
* ``VoterInterface::ACCESS_DENIED``: The user is not allowed to access the application
4747

4848
In this example, we will check if the user's IP address matches against a list of
49-
blacklisted addresses. We will return ``VoterInterface::ACCESS_DENIED`` or
50-
``VoterInterface::ACCESS_GRANTED`` depending on this criteria.
49+
blacklisted addresses. If the user's IP is blacklisted, we will return
50+
``VoterInterface::ACCESS_DENIED``, otherwise we will return
51+
``VoterInterface::ACCESS_ABSTAIN`` as this voter purpose is only to deny users,
52+
not to grant them.
5153

5254
Creating a Custom Voter
5355
-----------------------
@@ -89,7 +91,7 @@ and compare the IP address against a set of blacklisted IP addresses:
8991
return VoterInterface::ACCESS_DENIED;
9092
}
9193
92-
return VoterInterface::ACCESS_GRANTED;
94+
return VoterInterface::ACCESS_ABSTAIN;
9395
}
9496
}
9597
@@ -155,29 +157,3 @@ and tag it as a "security.voter":
155157
configuration file (e.g. ``app/config/config.yml``). For more information
156158
see :ref:`service-container-imports-directive`. To read more about defining
157159
services in general, see the :doc:`/book/service_container` chapter.
158-
159-
Finally, we need to change the authentication strategy. By default, the
160-
security component calls each voter until one of them grants access to the
161-
user. In our case, we want to force *all* voters to grant the user access
162-
before deciding that the user should actually have access to the application.
163-
To do that, we need to change the strategy by overriding the
164-
``security.access.decision_manager.strategy`` parameter:
165-
166-
.. configuration-block::
167-
168-
.. code-block:: yaml
169-
170-
# src/Acme/AcmeBundle/Resources/config/services.yml
171-
parameters:
172-
security.access.decision_manager.strategy: unanimous
173-
174-
.. code-block:: xml
175-
176-
<!-- src/Acme/AcmeBundle/Resources/config/services.xml -->
177-
<parameter key="security.access.decision_manager.strategy">unanimous</parameter>
178-
179-
.. code-block:: php
180-
181-
// src/Acme/AcmeBundle/Resources/config/services.php
182-
183-
$container->setParameter('security.access.decision_manager.strategy', 'unanimous');

0 commit comments

Comments
 (0)