[Security] Add #[IsGranted()]#46907
Conversation
55f1237 to
0d540b2
Compare
| namespace Symfony\Component\Security\Http\Attribute; | ||
|
|
||
| /** | ||
| * @author Ryan Weaver <[email protected]> |
There was a problem hiding this comment.
I'm getting credit without even opening a PR 😎
0d540b2 to
bf8d75e
Compare
👍 just to be sure, the proposal you're talking about is the expression-language related part of #45415 (comment)? |
yep |
| * @author Ryan Weaver <[email protected]> | ||
| */ | ||
| #[\Attribute(\Attribute::IS_REPEATABLE | \Attribute::TARGET_CLASS | \Attribute::TARGET_METHOD | \Attribute::TARGET_FUNCTION)] | ||
| class IsGranted |
There was a problem hiding this comment.
should probably be final, because the usage of $event->getAttributes()[IsGranted::class] means that the listener does not support subclasses of that attribute.
|
Maybe add possible to use enum AdminRoles: string
{
case PostList = 'ROLE_POST_LIST';
case PostEdit = 'ROLE_POST_EDIT;
}
class MyControllers
{
#[IsGranted(AdminRoles::PostList)]
public function handleAction(): Response
{
}
} |
|
No, see php/php-src#8825 and also https://peakd.com/hive-168588/@crell/on-the-use-of-enums . Enums in PHP are meant to limit accepted values, and Symfony cannot limit accepted roles (as an application is free to define their own set of roles). As such, Symfony can not support enums here. In PHP 8.2, you will be able to do |
Extracted from #45415 (and modernized a lot).
I did not implement the proposals from Stof to keep this first iteration simple. I'd appreciate help to improve the attribute in a follow up PR 🙏