Description

As part of the effort to move features of SensioFrameworkExtraBundle #44705 into code, we are considering not moving @Security and instead improving #[IsGranted].

A first idea has been described by @stof in #45415 (comment):

Also, I would not migrated the Security attribute as is. The implementation of this attribute is currently a hack, as it does not rely on triggering the authorization system to perform the security check (instead, it duplicates part of that system, which broke when switching to the new security system).
The best practice for using that attribute is to restrict yourselves to using is_granted inside the expression (or to switch to IsGranted for all cases where it can be used, as that attribute does not hack the authorization system).

To me, this should rather be left out, adding a few advanced features to IsGranted:
The one I would need personally is having a subject_expression feature, allowing to use ExpressionLanguage to build the subject being voted on (but with a better approach than Security where we have clashes between controller argument names and built-in variables of the expression) when we need a more complex vote.
Another one that could be needed is a way to specify that the permission being checked is an expression for ExpressionVoter (but this may be supported already on PHP 8.1 when using attributes rather than annotations, but using new Expression)

Let's discuss what we want to do. Help wanted to make it happen.

Example

No response