Skip to content

Commit b90336b

Browse files
xabbuhxabbuh
committed
minor #13554 Explaining controllers as viable alternative (ThomasLandauer, wouterj)
This PR was merged into the 3.4 branch. Discussion ---------- Explaining controllers as viable alternative See #13406 (comment) Please wrap it in a "caution" box, or whatever you think is appropriate. I'm unsure about how much context of the controller should be shown in the code, since the entire controller is only shown later. If you think it's too confusing now, I'd suggest to show the controller as "skeleton" above this note. Commits ------- 15c4adc Update voters.rst bb0872a Update voters.rst 577dfa2 Update voters.rst fdfd1ad Update security/voters.rst 221bbb1 Update voters.rst 164aec4 [#13554] Slightly reworded the tip 2bc5c54 Update voters.rst 40bbd81 Explaining controllers as viable alternative
2 parents 351c645 + 15c4adc commit b90336b

File tree

1 file changed

+17
-6
lines changed

1 file changed

+17
-6
lines changed

security/voters.rst

+17-6
Original file line numberDiff line numberDiff line change
@@ -6,19 +6,30 @@
66
How to Use Voters to Check User Permissions
77
===========================================
88

9-
Security voters are the most granular way of checking permissions (e.g. "can this
10-
specific user edit the given item?"). This article explains voters in detail.
9+
Voters are Symfony's most powerful way of managing permissions. They allow you
10+
to centralize all permission logic, then reuse them in many places.
11+
12+
However, if you don't reuse permissions or your rules are basic, you can always
13+
put that logic directly into your controller instead. Here's an example how
14+
this could look like, if you want to make a route accessible to the "owner" only::
15+
16+
// src/AppBundle/Controller/PostController.php
17+
// ...
18+
19+
if ($post->getOwner() !== $this->getUser()) {
20+
throw $this->createAccessDeniedException();
21+
}
22+
23+
In that sense, the following example used throughout this page is a minimal
24+
example for voters.
1125

1226
.. tip::
1327

1428
Take a look at the
1529
:doc:`authorization </components/security/authorization>`
1630
article for an even deeper understanding on voters.
1731

18-
How Symfony Uses Voters
19-
-----------------------
20-
21-
In order to use voters, you have to understand how Symfony works with them.
32+
Here's how Symfony works with voters:
2233
All voters are called each time you use the ``isGranted()`` method on Symfony's
2334
authorization checker or call ``denyAccessUnlessGranted`` in a controller (which
2435
uses the authorization checker), or by

0 commit comments

Comments
 (0)