Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 2209ca2

Browse files
wouterjwouterj
committed
minor #13522 [Security] Describe voters more prominently in the Security guide (wouterj)
This PR was merged into the 4.4 branch. Discussion ---------- [Security] Describe voters more prominently in the Security guide Fixes #11505, Fixes #13406 * I've removed the ACL bundle reference, imho it no longer makes sense to talk about it * I've also changed the title from "Access Control Lists (ACLs): Securing individual Database Objects" to "Securing Individual Objects"; it's no longer about ACL * I've updated the content to talk about the function of voters and not talk about why we replaced ACL with voters (that was useful in Symfony 3, but I think it no longer makes sense - everyone has made the change already) * I've moved the chapter slightly up, the TOC now is: ``` 4) Denying Access, Roles and other Authorization Roles Add Code to Deny Access Securing URL patterns (access_control) Securing Controllers and other Code Access Control in Templates Securing other Services Securing Individual Objects Checking to see if a User is Logged In (IS_AUTHENTICATED_FULLY) ``` Commits ------- b610beb Describe voters a bit more prominent in the Security guide
2 parents 0ea9741 + b610beb commit 2209ca2

File tree

1 file changed

+25
-28
lines changed

1 file changed

+25
-28
lines changed

security.rst

Lines changed: 25 additions & 28 deletions
Original file line numberDiff line numberDiff line change
@@ -391,20 +391,24 @@ generated earlier, the roles are an array that's stored in the database, and
391391
every user is *always* given at least one role: ``ROLE_USER``::
392392

393393
// src/Entity/User.php
394-
// ...
395-
396-
/**
397-
* @ORM\Column(type="json")
398-
*/
399-
private $roles = [];
400394

401-
public function getRoles(): array
395+
// ...
396+
class User
402397
{
403-
$roles = $this->roles;
404-
// guarantee every user at least has ROLE_USER
405-
$roles[] = 'ROLE_USER';
398+
/**
399+
* @ORM\Column(type="json")
400+
*/
401+
private $roles = [];
406402

407-
return array_unique($roles);
403+
// ...
404+
public function getRoles(): array
405+
{
406+
$roles = $this->roles;
407+
// guarantee every user at least has ROLE_USER
408+
$roles[] = 'ROLE_USER';
409+
410+
return array_unique($roles);
411+
}
408412
}
409413

410414
This is a nice default, but you can do *whatever* you want to determine which roles
@@ -659,6 +663,16 @@ Securing other Services
659663

660664
See :doc:`/security/securing_services`.
661665

666+
Securing Individual Objects
667+
~~~~~~~~~~~~~~~~~~~~~~~~~~~
668+
669+
Most applications require more specific access rules. For instance, a user
670+
should be able to only edit their own comments on a blog. Voters allow you
671+
to write *whatever* business logic you need to determine access. Using
672+
these voters is similar to the role-based access checks implemented in the
673+
previous chapters. Read :doc:`/security/voters` to learn how to implement
674+
your own voter.
675+
662676
Checking to see if a User is Logged In (IS_AUTHENTICATED_FULLY)
663677
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
664678

@@ -696,22 +710,6 @@ like this:
696710
this - this is useful when *whitelisting* URLs to guarantee access - some
697711
details are in :doc:`/security/access_control`.
698712

699-
.. _security-secure-objects:
700-
701-
Access Control Lists (ACLs): Securing individual Database Objects
702-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
703-
704-
Imagine you are designing a blog where users can comment on your posts. You
705-
also want a user to be able to edit their own comments, but not those of
706-
other users. Also, as the admin user, you want to be able to edit *all* comments.
707-
708-
:doc:`Voters </security/voters>` allow you to write *whatever* business logic you
709-
need (e.g. the user can edit this post because they are the creator) to determine
710-
access. That's why voters are officially recommended by Symfony to create ACL-like
711-
security systems.
712-
713-
If you still prefer to use traditional ACLs, refer to the `Symfony ACL bundle`_.
714-
715713
.. _retrieving-the-user-object:
716714

717715
5a) Fetching the User Object
@@ -1047,6 +1045,5 @@ Authorization (Denying Access)
10471045

10481046
.. _`FrameworkExtraBundle documentation`: https://symfony.com/doc/current/bundles/SensioFrameworkExtraBundle/index.html
10491047
.. _`HWIOAuthBundle`: https://github.com/hwi/HWIOAuthBundle
1050-
.. _`Symfony ACL bundle`: https://github.com/symfony/acl-bundle
10511048
.. _`Symfony Security screencast series`: https://symfonycasts.com/screencast/symfony-security
10521049
.. _`MakerBundle`: https://symfony.com/doc/current/bundles/SymfonyMakerBundle/index.html

0 commit comments

Comments
 (0)