Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 9f62259

Browse files
wouterjwouterj
committed
Describe voters a bit more prominent in the Security guide
1 parent e4912a8 commit 9f62259

File tree

1 file changed

+25
-27
lines changed

1 file changed

+25
-27
lines changed

security.rst

Lines changed: 25 additions & 27 deletions
Original file line numberDiff line numberDiff line change
@@ -376,20 +376,24 @@ generated earlier, the roles are an array that's stored in the database, and
376376
every user is *always* given at least one role: ``ROLE_USER``::
377377

378378
// src/Entity/User.php
379-
// ...
380-
381-
/**
382-
* @ORM\Column(type="json")
383-
*/
384-
private $roles = [];
385379

386-
public function getRoles(): array
380+
// ...
381+
class User
387382
{
388-
$roles = $this->roles;
389-
// guarantee every user at least has ROLE_USER
390-
$roles[] = 'ROLE_USER';
383+
/**
384+
* @ORM\Column(type="json")
385+
*/
386+
private $roles = [];
391387

392-
return array_unique($roles);
388+
// ...
389+
public function getRoles(): array
390+
{
391+
$roles = $this->roles;
392+
// guarantee every user at least has ROLE_USER
393+
$roles[] = 'ROLE_USER';
394+
395+
return array_unique($roles);
396+
}
393397
}
394398

395399
This is a nice default, but you can do *whatever* you want to determine which roles
@@ -644,6 +648,16 @@ Securing other Services
644648

645649
See :doc:`/security/securing_services`.
646650

651+
Securing Individual Objects
652+
~~~~~~~~~~~~~~~~~~~~~~~~~~~
653+
654+
Most applications require more specific access rules. For instance, a User
655+
should be able to only edit their own comments on a blog. Voters allow you
656+
to write *whatever* business logic you need to determine access. Using
657+
these voters is similar to the role-based access checks implemented in the
658+
previous chapters. Read :doc:`/security/voters` to learn how to implement
659+
your own voter.
660+
647661
Checking to see if a User is Logged In (IS_AUTHENTICATED_FULLY)
648662
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
649663

@@ -681,22 +695,6 @@ like this:
681695
this - this is useful when *whitelisting* URLs to guarantee access - some
682696
details are in :doc:`/security/access_control`.
683697

684-
.. _security-secure-objects:
685-
686-
Access Control Lists (ACLs): Securing individual Database Objects
687-
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
688-
689-
Imagine you are designing a blog where users can comment on your posts. You
690-
also want a user to be able to edit their own comments, but not those of
691-
other users. Also, as the admin user, you want to be able to edit *all* comments.
692-
693-
:doc:`Voters </security/voters>` allow you to write *whatever* business logic you
694-
need (e.g. the user can edit this post because they are the creator) to determine
695-
access. That's why voters are officially recommended by Symfony to create ACL-like
696-
security systems.
697-
698-
If you still prefer to use traditional ACLs, refer to the `Symfony ACL bundle`_.
699-
700698
.. _retrieving-the-user-object:
701699

702700
5a) Fetching the User Object

0 commit comments

Comments
 (0)