Skip to content

Commit d68c5d7

Browse files
linaorilinaori
committed
Added docs mentioning UserInterface in action args
1 parent fd43061 commit d68c5d7

File tree

1 file changed

+17
-4
lines changed

1 file changed

+17
-4
lines changed

security.rst

+17-4
Original file line numberDiff line numberDiff line change
@@ -995,14 +995,14 @@ After authentication, the ``User`` object of the current user can be accessed
995995
via the ``security.token_storage`` service. From inside a controller, this will
996996
look like::
997997

998-
public function indexAction()
998+
use Symfony\Component\Security\Core\User\UserInterface;
999+
1000+
public function indexAction(UserInterface $user)
9991001
{
10001002
if (!$this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
10011003
throw $this->createAccessDeniedException();
10021004
}
10031005

1004-
$user = $this->getUser();
1005-
10061006
// the above is a shortcut for this
10071007
$user = $this->get('security.token_storage')->getToken()->getUser();
10081008
}
@@ -1012,6 +1012,11 @@ look like::
10121012
The user will be an object and the class of that object will depend on
10131013
your :ref:`user provider <security-user-providers>`.
10141014

1015+
.. versionadded:: 3.2
1016+
The functionality to get the user via the method signature was added in 3.2,
1017+
you can still retrieve it by calling ``$this->getUser()`` if you extend the
1018+
:class:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller`.
1019+
10151020
Now you can call whatever methods are on *your* User object. For example,
10161021
if your User object has a ``getFirstName()`` method, you could use that::
10171022

@@ -1032,7 +1037,15 @@ It's important to check if the user is authenticated first. If they're not,
10321037
``$user`` will either be ``null`` or the string ``anon.``. Wait, what? Yes,
10331038
this is a quirk. If you're not logged in, the user is technically the string
10341039
``anon.``, though the ``getUser()`` controller shortcut converts this to
1035-
``null`` for convenience.
1040+
``null`` for convenience. When type-hinting the
1041+
:class:`Symfony\\Component\\Security\\Core\\User\\UserInterface\\UserInterface`
1042+
and being logged-in is optional, you can allow a null value for the argument::
1043+
1044+
public function indexAction(UserInterface $user = null)
1045+
{
1046+
// $user is null when not logged-in or anon.
1047+
}
1048+
10361049

10371050
The point is this: always check to see if the user is logged in before using
10381051
the User object, and use the ``isGranted`` method (or

0 commit comments

Comments
 (0)