Skip to content

Added docs mentioning UserInterface in action args #7060

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 1 commit into from
Nov 19, 2016
Merged

Added docs mentioning UserInterface in action args #7060

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
21 changes: 17 additions & 4 deletions security.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -995,14 +995,14 @@ After authentication, the ``User`` object of the current user can be accessed
via the ``security.token_storage`` service. From inside a controller, this will
look like::
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this paragraph needs to be changed

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What do you suggest? It's still correct

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Indeed, sorry. The paragraph is a bit confusing, but correct.


public function indexAction()
use Symfony\Component\Security\Core\User\UserInterface;

public function indexAction(UserInterface $user)
{
if (!$this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
throw $this->createAccessDeniedException();
}

$user = $this->getUser();

// the above is a shortcut for this
$user = $this->get('security.token_storage')->getToken()->getUser();
}
Expand All @@ -1012,6 +1012,11 @@ look like::
The user will be an object and the class of that object will depend on
your :ref:`user provider <security-user-providers>`.

.. versionadded:: 3.2
The functionality to get the user via the method signature was introduced in
Symfony 3.2. You can still retrieve it by calling ``$this->getUser()`` if you
extend the :class:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

[...] the Controller class.


Now you can call whatever methods are on *your* User object. For example,
if your User object has a ``getFirstName()`` method, you could use that::

Expand All @@ -1032,7 +1037,15 @@ It's important to check if the user is authenticated first. If they're not,
``$user`` will either be ``null`` or the string ``anon.``. Wait, what? Yes,
this is a quirk. If you're not logged in, the user is technically the string
``anon.``, though the ``getUser()`` controller shortcut converts this to
``null`` for convenience.
``null`` for convenience. When type-hinting the
:class:`Symfony\\Component\\Security\\Core\\User\\UserInterface\\UserInterface`
and being logged-in is optional, you can allow a null value for the argument::

public function indexAction(UserInterface $user = null)
{
// $user is null when not logged-in or anon.
}

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this blank line should be removed


The point is this: always check to see if the user is logged in before using
the User object, and use the ``isGranted`` method (or
Expand Down