Skip to content

Provide same variables for IsGranted attribute as for SecurityAttribute #48071

New issue
New issue
Closed
#48080
Closed
Provide same variables for IsGranted attribute as for SecurityAttribute#48071
#48080
@bastien70

Description

@bastien70
bastien70
opened on Nov 2, 2022

Description

According to https://symfony.com/bundles/SensioFrameworkExtraBundle/current/annotations/security.html#security

We can use something like this :

#[Security("is_granted('my_voter_item', request)")] // subject can be internal parameter like request, token, user, roles
#[Route(path: '/someRoute', name: 'some_route')]
public function action(): Response
{}

But we can't do this :

#[IsGranted(data: ExtraVoter::MY_VOTER_ITEM, subject: 'request')]
#[Route(path: '/someRoute', name: 'some_route')]
public function action(): Response
{}

We'll have this error : Could not find the subject "request" for the @IsGranted annotation. Try adding a "$request" argument to your controller method.

We will be able to use the IsGranted only if we add the parameter in the constructor of the action, like this :

#[IsGranted(data: ExtraVoter::MY_VOTER_ITEM, subject: 'request')]
#[Route(path: '/someRoute', name: 'some_route')]
public function action(Request $request): Response
{}

But it is possible that the variable is not used in the action, which can lead to its automatic deletion by tools such as Rector. And in general, I think doing this kind of thing is not good.

It would therefore be interesting to be able to use the same internal Symfony parameters that we use for the Security attribute, for the IsGranted attribute

Example

No response

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions