symfony · javiereguiluz · Mar 11, 2025 · Feb 19, 2025
diff --git a/security/expressions.rst b/security/expressions.rst
@@ -201,6 +201,41 @@
 ``args``
     An array of controller arguments that are passed to the controller.
 
+Additionally to expressions, the ``#[IsGranted]`` attribute also accepts
+closures that return a boolean value. The subject can also be a closure that
+returns an array of values that will be injected into the closure::
+
+    // src/Controller/MyController.php
+    namespace App\Controller;
+
+    use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+    use Symfony\Component\HttpFoundation\Response;
+    use Symfony\Component\Security\Http\Attribute\IsGranted;
+    use Symfony\Component\Security\Http\Attribute\IsGrantedContext;
+
+    class MyController extends AbstractController
+    {
+        #[IsGranted(static function (
+            IsGrantedContext $context,
+            mixed $subject,
+        ) {
+            return $context->user === $subject['post']->getAuthor();
+        }, subject: static function (array $args) {
+            return [
+                'post' => $args['post'],
+            ];
+        })]
+        public function index($post): Response
+        {
+            // ...
+        }
+    }
+
+.. versionadded:: 7.3
+
+    The support for closures in the ``#[IsGranted]`` attribute was introduced
+    in Symfony 7.3 and requires PHP 8.5.
+
 Learn more
 ----------