symfony
diff --git a/‎src/Symfony/Bridge/Twig/Extension/SecurityExtension.php
Copy file name to clipboardExpand all lines: src/Symfony/Bridge/Twig/Extension/SecurityExtension.php
+9-4Lines changed: 9 additions & 4 deletions b/‎src/Symfony/Bridge/Twig/Extension/SecurityExtension.php
Copy file name to clipboardExpand all lines: src/Symfony/Bridge/Twig/Extension/SecurityExtension.php
+9-4Lines changed: 9 additions & 4 deletions
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php
+33-5Lines changed: 33 additions & 5 deletions b/‎src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php
+33-5Lines changed: 33 additions & 5 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
+2Lines changed: 2 additions & 0 deletions b/‎src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
+2Lines changed: 2 additions & 0 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/EventListener/VoteListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/EventListener/VoteListener.php
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/EventListener/VoteListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/EventListener/VoteListener.php
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig
+6-3Lines changed: 6 additions & 3 deletions b/‎src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig
+6-3Lines changed: 6 additions & 3 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Security.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Security.php
+5-4Lines changed: 5 additions & 4 deletions b/‎src/Symfony/Bundle/SecurityBundle/Security.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Security.php
+5-4Lines changed: 5 additions & 4 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php
+10-9Lines changed: 10 additions & 9 deletions b/‎src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Tests/DataCollector/SecurityDataCollectorTest.php
+10-9Lines changed: 10 additions & 9 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authorization/AccessDecision.php
Copy file name to clipboard
+56Lines changed: 56 additions & 0 deletions b/‎src/Symfony/Component/Security/Core/Authorization/AccessDecision.php
Copy file name to clipboard
+56Lines changed: 56 additions & 0 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php
+23-7Lines changed: 23 additions & 7 deletions b/‎src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authorization/AccessDecisionManager.php
+23-7Lines changed: 23 additions & 7 deletions
diff --git a/‎src/Symfony/Component/Security/Core/Authorization/AccessDecisionManagerInterface.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authorization/AccessDecisionManagerInterface.php
+4-3Lines changed: 4 additions & 3 deletions b/‎src/Symfony/Component/Security/Core/Authorization/AccessDecisionManagerInterface.php
Copy file name to clipboardExpand all lines: src/Symfony/Component/Security/Core/Authorization/AccessDecisionManagerInterface.php
+4-3Lines changed: 4 additions & 3 deletions
@@ -12,6 +12,7 @@
 namespace Symfony\Bridge\Twig\Extension;
 
 use Symfony\Component\Security\Acl\Voter\FieldVote;
+use Symfony\Component\Security\Core\Authorization\AccessDecision;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\Authorization\UserAuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;
@@ -34,7 +35,7 @@ public function __construct(
     ) {
     }
 
-    public function isGranted(mixed $role, mixed $object = null, ?string $field = null): bool
+    public function isGranted(mixed $role, mixed $object = null, ?string $field = null, ?AccessDecision $accessDecision = null): bool
     {
         if (null === $this->securityChecker) {
             return false;
@@ -49,13 +50,13 @@ public function isGranted(mixed $role, mixed $object = null, ?string $field = nu
         }
 
         try {
-            return $this->securityChecker->isGranted($role, $object);
+            return $this->securityChecker->isGranted($role, $object, $accessDecision);
         } catch (AuthenticationCredentialsNotFoundException) {
             return false;
         }
     }
 
-    public function isGrantedForUser(UserInterface $user, mixed $attribute, mixed $subject = null, ?string $field = null): bool
+    public function isGrantedForUser(UserInterface $user, mixed $attribute, mixed $subject = null, ?string $field = null, ?AccessDecision $accessDecision = null): bool
     {
         if (!$this->userSecurityChecker) {
             throw new \LogicException(\sprintf('An instance of "%s" must be provided to use "%s()".', UserAuthorizationCheckerInterface::class, __METHOD__));
@@ -69,7 +70,11 @@ public function isGrantedForUser(UserInterface $user, mixed $attribute, mixed $s
             $subject = new FieldVote($subject, $field);
         }
 
-        return $this->userSecurityChecker->isGrantedForUser($user, $attribute, $subject);
+        try {
+            return $this->userSecurityChecker->isGrantedForUser($user, $attribute, $subject, $accessDecision);
+        } catch (AuthenticationCredentialsNotFoundException) {
+            return false;
+        }
     }
 
     public function getImpersonateExitUrl(?string $exitTo = null): string
 
@@ -35,6 +35,7 @@
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Symfony\Component\Routing\RouterInterface;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\Security\Core\Authorization\AccessDecision;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 use Symfony\Component\Security\Core\User\UserInterface;
@@ -202,6 +203,21 @@ protected function isGranted(mixed $attribute, mixed $subject = null): bool
         return $this->container->get('security.authorization_checker')->isGranted($attribute, $subject);
     }
 
+    /**
+     * Checks if the attribute is granted against the current authentication token and optionally supplied subject.
+     */
+    protected function getAccessDecision(mixed $attribute, mixed $subject = null): AccessDecision
+    {
+        if (!$this->container->has('security.authorization_checker')) {
+            throw new \LogicException('The SecurityBundle is not registered in your application. Try running "composer require symfony/security-bundle".');
+        }
+
+        $accessDecision = new AccessDecision();
+        $accessDecision->isGranted = $this->container->get('security.authorization_checker')->isGranted($attribute, $subject, $accessDecision);
+
+        return $accessDecision;
+    }
+
     /**
      * Throws an exception unless the attribute is granted against the current authentication token and optionally
      * supplied subject.
@@ -210,12 +226,24 @@ protected function isGranted(mixed $attribute, mixed $subject = null): bool
      */
     protected function denyAccessUnlessGranted(mixed $attribute, mixed $subject = null, string $message = 'Access Denied.'): void
     {
-        if (!$this->isGranted($attribute, $subject)) {
-            $exception = $this->createAccessDeniedException($message);
-            $exception->setAttributes([$attribute]);
-            $exception->setSubject($subject);
+        if (class_exists(AccessDecision::class)) {
+            $accessDecision = $this->getAccessDecision($attribute, $subject);
+            $isGranted = $accessDecision->isGranted;
+        } else {
+            $accessDecision = null;
+            $isGranted = $this->isGranted($attribute, $subject);
+        }
+
+        if (!$isGranted) {
+            $e = $this->createAccessDeniedException(3 > \func_num_args() && $accessDecision ? $accessDecision->getMessage() : $message);
+            $e->setAttributes([$attribute]);
+            $e->setSubject($subject);
+
+            if ($accessDecision) {
+                $e->setAccessDecision($accessDecision);
+            }
 
-            throw $exception;
+            throw $e;
         }
     }
 
 
@@ -138,6 +138,7 @@ public function collect(Request $request, Response $response, ?\Throwable $excep
 
             // collect voter details
             $decisionLog = $this->accessDecisionManager->getDecisionLog();
+
             foreach ($decisionLog as $key => $log) {
                 $decisionLog[$key]['voter_details'] = [];
                 foreach ($log['voterDetails'] as $voterDetail) {
@@ -147,6 +148,7 @@ public function collect(Request $request, Response $response, ?\Throwable $excep
                         'class' => $classData,
                         'attributes' => $voterDetail['attributes'], // Only displayed for unanimous strategy
                         'vote' => $voterDetail['vote'],
+                        'reasons' => $voterDetail['reasons'] ?? [],
                     ];
                 }
                 unset($decisionLog[$key]['voterDetails']);
 
@@ -31,7 +31,7 @@ public function __construct(
 
     public function onVoterVote(VoteEvent $event): void
     {
-        $this->traceableAccessDecisionManager->addVoterVote($event->getVoter(), $event->getAttributes(), $event->getVote());
+        $this->traceableAccessDecisionManager->addVoterVote($event->getVoter(), $event->getAttributes(), $event->getVote(), $event->getReasons());
     }
 
     public static function getSubscribedEvents(): array
 
@@ -571,14 +571,17 @@
                                                             {% endif %}
                                                             <td class="font-normal text-small">
                                                                 {% if voter_detail['vote'] == constant('Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::ACCESS_GRANTED') %}
-                                                                    ACCESS GRANTED
+                                                                    GRANTED
                                                                 {% elseif voter_detail['vote'] == constant('Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::ACCESS_ABSTAIN') %}
-                                                                    ACCESS ABSTAIN
+                                                                    ABSTAIN
                                                                 {% elseif voter_detail['vote'] == constant('Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::ACCESS_DENIED') %}
-                                                                    ACCESS DENIED
+                                                                    DENIED
                                                                 {% else %}
                                                                     unknown ({{ voter_detail['vote'] }})
                                                                 {% endif %}
+                                                                {% if voter_detail['reasons'] is not empty %}
+                                                                <br>{{ voter_detail['reasons'] | join('<br>') }}
+                                                                {% endif %}
                                                             </td>
                                                         </tr>
                                                     {% endfor %}
 
@@ -17,6 +17,7 @@
 use Symfony\Component\HttpFoundation\Response;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
+use Symfony\Component\Security\Core\Authorization\AccessDecision;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\Authorization\UserAuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\Exception\LogicException;
@@ -58,10 +59,10 @@ public function getUser(): ?UserInterface
     /**
      * Checks if the attributes are granted against the current authentication token and optionally supplied subject.
      */
-    public function isGranted(mixed $attributes, mixed $subject = null): bool
+    public function isGranted(mixed $attributes, mixed $subject = null, ?AccessDecision $accessDecision = null): bool
     {
         return $this->container->get('security.authorization_checker')
-            ->isGranted($attributes, $subject);
+            ->isGranted($attributes, $subject, $accessDecision);
     }
 
     public function getToken(): ?TokenInterface
@@ -154,10 +155,10 @@ public function logout(bool $validateCsrfToken = true): ?Response
      *
      * This should be used over isGranted() when checking permissions against a user that is not currently logged in or while in a CLI context.
      */
-    public function isGrantedForUser(UserInterface $user, mixed $attribute, mixed $subject = null): bool
+    public function isGrantedForUser(UserInterface $user, mixed $attribute, mixed $subject = null, ?AccessDecision $accessDecision = null): bool
     {
         return $this->container->get('security.user_authorization_checker')
-            ->isGrantedForUser($user, $attribute, $subject);
+            ->isGrantedForUser($user, $attribute, $subject, $accessDecision);
     }
 
     private function getAuthenticator(?string $authenticatorName, string $firewallName): AuthenticatorInterface
 
@@ -28,6 +28,7 @@
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
 use Symfony\Component\Security\Core\Authorization\TraceableAccessDecisionManager;
 use Symfony\Component\Security\Core\Authorization\Voter\TraceableVoter;
+use Symfony\Component\Security\Core\Authorization\Voter\Vote;
 use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
 use Symfony\Component\Security\Core\Role\RoleHierarchy;
 use Symfony\Component\Security\Core\User\InMemoryUser;
@@ -271,8 +272,8 @@ public function dispatch(object $event, ?string $eventName = null): object
             'object' => new \stdClass(),
             'result' => true,
             'voter_details' => [
-                ['class' => $voter1::class, 'attributes' => ['view'], 'vote' => VoterInterface::ACCESS_ABSTAIN],
-                ['class' => $voter2::class, 'attributes' => ['view'], 'vote' => VoterInterface::ACCESS_ABSTAIN],
+                ['class' => $voter1::class, 'attributes' => ['view'], 'vote' => VoterInterface::ACCESS_ABSTAIN, 'reasons' => []],
+                ['class' => $voter2::class, 'attributes' => ['view'], 'vote' => VoterInterface::ACCESS_ABSTAIN, 'reasons' => []],
             ],
         ]];
 
@@ -360,19 +361,19 @@ public function dispatch(object $event, ?string $eventName = null): object
                 'object' => new \stdClass(),
                 'result' => false,
                 'voter_details' => [
-                    ['class' => $voter1::class, 'attributes' => ['view'], 'vote' => VoterInterface::ACCESS_DENIED],
-                    ['class' => $voter1::class, 'attributes' => ['edit'], 'vote' => VoterInterface::ACCESS_DENIED],
-                    ['class' => $voter2::class, 'attributes' => ['view'], 'vote' => VoterInterface::ACCESS_GRANTED],
-                    ['class' => $voter2::class, 'attributes' => ['edit'], 'vote' => VoterInterface::ACCESS_GRANTED],
+                    ['class' => $voter1::class, 'attributes' => ['view'], 'vote' => VoterInterface::ACCESS_DENIED, 'reasons' => []],
+                    ['class' => $voter1::class, 'attributes' => ['edit'], 'vote' => VoterInterface::ACCESS_DENIED, 'reasons' => []],
+                    ['class' => $voter2::class, 'attributes' => ['view'], 'vote' => VoterInterface::ACCESS_GRANTED, 'reasons' => []],
+                    ['class' => $voter2::class, 'attributes' => ['edit'], 'vote' => VoterInterface::ACCESS_GRANTED, 'reasons' => []],
                 ],
             ],
             [
                 'attributes' => ['update'],
                 'object' => new \stdClass(),
                 'result' => true,
                 'voter_details' => [
-                    ['class' => $voter1::class, 'attributes' => ['update'], 'vote' => VoterInterface::ACCESS_GRANTED],
-                    ['class' => $voter2::class, 'attributes' => ['update'], 'vote' => VoterInterface::ACCESS_GRANTED],
+                    ['class' => $voter1::class, 'attributes' => ['update'], 'vote' => VoterInterface::ACCESS_GRANTED, 'reasons' => []],
+                    ['class' => $voter2::class, 'attributes' => ['update'], 'vote' => VoterInterface::ACCESS_GRANTED, 'reasons' => []],
                 ],
             ],
         ];
@@ -461,7 +462,7 @@ private function getRoleHierarchy()
 
 final class DummyVoter implements VoterInterface
 {
-    public function vote(TokenInterface $token, mixed $subject, array $attributes): int
+    public function vote(TokenInterface $token, mixed $subject, array $attributes, ?Vote $vote = null): int
     {
     }
 }
@@ -0,0 +1,56 @@
+<?php
+
+/*
+ * This file is part of the Symfony package.
+ *
+ * (c) Fabien Potencier <fabien@symfony.com>
+ *
+ * For the full copyright and license information, please view the LICENSE
+ * file that was distributed with this source code.
+ */
+
+namespace Symfony\Component\Security\Core\Authorization;
+
+use Symfony\Component\Security\Core\Authorization\Voter\Vote;
+use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
+
+/**
+ * Contains the access verdict and all the related votes.
+ *
+ * @author Dany Maillard <danymaillard93b@gmail.com>
+ * @author Roman JOLY <eltharin18@outlook.fr>
+ * @author Nicolas Grekas <p@tchwork.com>
+ */
+class AccessDecision
+{
+    /**
+     * @var class-string<AccessDecisionStrategyInterface>|string|null
+     */
+    public ?string $strategy = null;
+
+    public bool $isGranted;
+
+    /**
+     * @var Vote[]
+     */
+    public $votes = [];
+
+    public function getMessage(): string
+    {
+        $message = $this->isGranted ? 'Access Granted.' : 'Access Denied.';
+        $access = $this->isGranted ? VoterInterface::ACCESS_GRANTED : VoterInterface::ACCESS_DENIED;
+
+        if ($this->votes) {
+            foreach ($this->votes as $vote) {
+                if ($vote->result !== $access) {
+                    continue;
+                }
+                foreach ($vote->reasons as $reason) {
+                    $message .= ' '.$reason;
+                }
+            }
+        }
+
+        return $message;
+    }
+}
@@ -15,6 +15,8 @@
 use Symfony\Component\Security\Core\Authorization\Strategy\AccessDecisionStrategyInterface;
 use Symfony\Component\Security\Core\Authorization\Strategy\AffirmativeStrategy;
 use Symfony\Component\Security\Core\Authorization\Voter\CacheableVoterInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\TraceableVoter;
+use Symfony\Component\Security\Core\Authorization\Voter\Vote;
 use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
 use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
 
@@ -49,35 +51,49 @@ public function __construct(
     /**
      * @param bool $allowMultipleAttributes Whether to allow passing multiple values to the $attributes array
      */
-    public function decide(TokenInterface $token, array $attributes, mixed $object = null, bool $allowMultipleAttributes = false): bool
+    public function decide(TokenInterface $token, array $attributes, mixed $object = null, bool|AccessDecision|null $accessDecision = null, bool $allowMultipleAttributes = false): bool
     {
+        if (\is_bool($accessDecision ??= new AccessDecision())) {
+            $allowMultipleAttributes = $accessDecision;
+            $accessDecision = new AccessDecision();
+        }
+
         // Special case for AccessListener, do not remove the right side of the condition before 6.0
         if (\count($attributes) > 1 && !$allowMultipleAttributes) {
             throw new InvalidArgumentException(\sprintf('Passing more than one Security attribute to "%s()" is not supported.', __METHOD__));
         }
 
-        return $this->strategy->decide(
-            $this->collectResults($token, $attributes, $object)
+        $accessDecision->strategy = $this->strategy instanceof \Stringable ? $this->strategy : get_debug_type($this->strategy);
+
+        return $accessDecision->isGranted = $this->strategy->decide(
+            $this->collectResults($token, $attributes, $object, $accessDecision)
         );
     }
 
     /**
-     * @return \Traversable<int, int>
+     * @return \Traversable<int, VoterInterface::ACCESS_*>
      */
-    private function collectResults(TokenInterface $token, array $attributes, mixed $object): \Traversable
+    private function collectResults(TokenInterface $token, array $attributes, mixed $object, AccessDecision $accessDecision): \Traversable
     {
         foreach ($this->getVoters($attributes, $object) as $voter) {
-            $result = $voter->vote($token, $object, $attributes);
+            $vote = new Vote();
+            $result = $voter->vote($token, $object, $attributes, $vote);
+
             if (!\is_int($result) || !(self::VALID_VOTES[$result] ?? false)) {
                 throw new \LogicException(\sprintf('"%s::vote()" must return one of "%s" constants ("ACCESS_GRANTED", "ACCESS_DENIED" or "ACCESS_ABSTAIN"), "%s" returned.', get_debug_type($voter), VoterInterface::class, var_export($result, true)));
             }
 
+            $voter = $voter instanceof TraceableVoter ? $voter->getDecoratedVoter() : $voter;
+            $vote->voter = $voter instanceof \Stringable ? $voter : get_debug_type($voter);
+            $vote->result = $result;
+            $accessDecision->votes[] = $vote;
+
             yield $result;
         }
     }
 
     /**
-     * @return iterable<mixed, VoterInterface>
+     * @return iterable<int, VoterInterface>
      */
     private function getVoters(array $attributes, $object = null): iterable
     {
 
@@ -23,8 +23,9 @@ interface AccessDecisionManagerInterface
     /**
      * Decides whether the access is possible or not.
      *
-     * @param array $attributes An array of attributes associated with the method being invoked
-     * @param mixed $object     The object to secure
+     * @param array               $attributes     An array of attributes associated with the method being invoked
+     * @param mixed               $object         The object to secure
+     * @param AccessDecision|null $accessDecision Should be used to explain the decision
      */
-    public function decide(TokenInterface $token, array $attributes, mixed $object = null): bool;
+    public function decide(TokenInterface $token, array $attributes, mixed $object = null/* , ?AccessDecision $accessDecision = null */): bool;
 }
Original file line number	Diff line number	Diff line change
`@@ -12,6 +12,7 @@`
`12`	`12`	`namespace Symfony\Bridge\Twig\Extension;`
`13`	`13`
`14`	`14`	`use Symfony\Component\Security\Acl\Voter\FieldVote;`
	`15`	`+use Symfony\Component\Security\Core\Authorization\AccessDecision;`
`15`	`16`	`use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;`
`16`	`17`	`use Symfony\Component\Security\Core\Authorization\UserAuthorizationCheckerInterface;`
`17`	`18`	`use Symfony\Component\Security\Core\Exception\AuthenticationCredentialsNotFoundException;`
`@@ -34,7 +35,7 @@ public function __construct(`
`34`	`35`	`) {`
`35`	`36`	`}`
`36`	`37`
`37`		`- public function isGranted(mixed $role, mixed $object = null, ?string $field = null): bool`
	`38`	`+ public function isGranted(mixed $role, mixed $object = null, ?string $field = null, ?AccessDecision $accessDecision = null): bool`
`38`	`39`	`{`
`39`	`40`	`if (null === $this->securityChecker) {`
`40`	`41`	`return false;`
`@@ -49,13 +50,13 @@ public function isGranted(mixed $role, mixed $object = null, ?string $field = nu`
`49`	`50`	`}`
`50`	`51`
`51`	`52`	`try {`
`52`		`- return $this->securityChecker->isGranted($role, $object);`
	`53`	`+ return $this->securityChecker->isGranted($role, $object, $accessDecision);`
`53`	`54`	`} catch (AuthenticationCredentialsNotFoundException) {`
`54`	`55`	`return false;`
`55`	`56`	`}`
`56`	`57`	`}`
`57`	`58`
`58`		`- public function isGrantedForUser(UserInterface $user, mixed $attribute, mixed $subject = null, ?string $field = null): bool`
	`59`	`+ public function isGrantedForUser(UserInterface $user, mixed $attribute, mixed $subject = null, ?string $field = null, ?AccessDecision $accessDecision = null): bool`
`59`	`60`	`{`
`60`	`61`	`if (!$this->userSecurityChecker) {`
`61`	`62`	`throw new \LogicException(\sprintf('An instance of "%s" must be provided to use "%s()".', UserAuthorizationCheckerInterface::class, __METHOD__));`
`@@ -69,7 +70,11 @@ public function isGrantedForUser(UserInterface $user, mixed $attribute, mixed $s`
`69`	`70`	`$subject = new FieldVote($subject, $field);`
`70`	`71`	`}`
`71`	`72`
`72`		`- return $this->userSecurityChecker->isGrantedForUser($user, $attribute, $subject);`
	`73`	`+ try {`
	`74`	`+ return $this->userSecurityChecker->isGrantedForUser($user, $attribute, $subject, $accessDecision);`
	`75`	`+ } catch (AuthenticationCredentialsNotFoundException) {`
	`76`	`+ return false;`
	`77`	`+ }`
`73`	`78`	`}`
`74`	`79`
`75`	`80`	`public function getImpersonateExitUrl(?string $exitTo = null): string`
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ public function __construct(`
`31`	`31`
`32`	`32`	`public function onVoterVote(VoteEvent $event): void`
`33`	`33`	`{`
`34`		`- $this->traceableAccessDecisionManager->addVoterVote($event->getVoter(), $event->getAttributes(), $event->getVote());`
	`34`	`+ $this->traceableAccessDecisionManager->addVoterVote($event->getVoter(), $event->getAttributes(), $event->getVote(), $event->getReasons());`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`public static function getSubscribedEvents(): array`
Original file line number	Diff line number	Diff line change
`@@ -23,8 +23,9 @@ interface AccessDecisionManagerInterface`
`23`	`23`	`/**`
`24`	`24`	`* Decides whether the access is possible or not.`
`25`	`25`	`*`
`26`		`- * @param array $attributes An array of attributes associated with the method being invoked`
`27`		`- * @param mixed $object The object to secure`
	`26`	`+ * @param array $attributes An array of attributes associated with the method being invoked`
	`27`	`+ * @param mixed $object The object to secure`
	`28`	`+ * @param AccessDecision\|null $accessDecision Should be used to explain the decision`
`28`	`29`	`*/`
`29`		`- public function decide(TokenInterface $token, array $attributes, mixed $object = null): bool;`
	`30`	`+ public function decide(TokenInterface $token, array $attributes, mixed $object = null/* , ?AccessDecision $accessDecision = null */): bool;`
`30`	`31`	`}`