Using isGranted() without a Session #43372
Comments
|
You can use the AccessDecisionManager Directly $adm->decide(new PostAuthenticationToken($reviewer, '', $reviewer->getRoles()), [ArticleVoter::REVIEW], $article);But indeed, a simpler way could be better 👍🏼 |
|
@natewiebe13 I had the same need, I end up implementing my own As consequence, I had to update all userland voters to rely on this method instead of the native one. Limitation: if a voter depends on an external decision, it MUST propagate the given user by calling The native voters don't do that. By the way, this didn't give me problems until now. |
|
@renanbr I don't understand the part with the voters. Voters should not really depend on the authenticated user because they are called with a token. |
|
Thank you for this suggestion. |
|
Keep it open. I have started on this already, just need to get around to writing tests/documentation and then I can make a PR. |
|
Thank you for this suggestion. |
|
Keep it open. PR now exists: #48142 |
|
Thank you for this suggestion. |
|
Keep it open. |
Description
isGranted()assumes that it's checking against the currently logged in user. It would be great to be able to use something similar to check against another user or during times when there isn't a session (cronjobs/commands, message queue, etc.).I would see this as a
userIsGranted()function to make a distinction. There's cases we'd have to consider, such as ifIS_AUTHENTICATED_*is used in conjunction with this method, as those are based on sessions. Return false, or throw a logic exception, etc.Having this functionality would allow for removing the dependency on sessions entirely for services reducing the number of issues that come up during a project because some underlying function was session dependent.
I'm assuming we'd also want to create a new Token class to represent checking against a non-logged in user.
Example
Checking to see if you could assign another user to review an article:
The text was updated successfully, but these errors were encountered: