symfony
diff --git a/‎src/Symfony/Bridge/Twig/Extension/SecurityExtension.php
Copy file name to clipboardExpand all lines: src/Symfony/Bridge/Twig/Extension/SecurityExtension.php
+1Lines changed: 1 addition & 0 deletions b/‎src/Symfony/Bridge/Twig/Extension/SecurityExtension.php
Copy file name to clipboardExpand all lines: src/Symfony/Bridge/Twig/Extension/SecurityExtension.php
+1Lines changed: 1 addition & 0 deletions
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php
+21-1Lines changed: 21 additions & 1 deletion b/‎src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/Controller/AbstractController.php
+21-1Lines changed: 21 additions & 1 deletion
diff --git a/‎src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php
+35-1Lines changed: 35 additions & 1 deletion b/‎src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/FrameworkBundle/Tests/Controller/AbstractControllerTest.php
+35-1Lines changed: 35 additions & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
+9-1Lines changed: 9 additions & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/DataCollector/SecurityDataCollector.php
+9-1Lines changed: 9 additions & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/EventListener/VoteListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/EventListener/VoteListener.php
+1-1Lines changed: 1 addition & 1 deletion b/‎src/Symfony/Bundle/SecurityBundle/EventListener/VoteListener.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/EventListener/VoteListener.php
+1-1Lines changed: 1 addition & 1 deletion
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig
+12-6Lines changed: 12 additions & 6 deletions b/‎src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Resources/views/Collector/security.html.twig
+12-6Lines changed: 12 additions & 6 deletions
diff --git a/‎src/Symfony/Bundle/SecurityBundle/Security.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Security.php
+2-2Lines changed: 2 additions & 2 deletions b/‎src/Symfony/Bundle/SecurityBundle/Security.php
Copy file name to clipboardExpand all lines: src/Symfony/Bundle/SecurityBundle/Security.php
+2-2Lines changed: 2 additions & 2 deletions
@@ -45,6 +45,7 @@ public function isGranted(mixed $role, mixed $object = null, ?string $field = nu
         }
 
         try {
+            /* @var bool */
             return $this->securityChecker->isGranted($role, $object);
         } catch (AuthenticationCredentialsNotFoundException) {
             return false;
 
@@ -35,6 +35,7 @@
 use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
 use Symfony\Component\Routing\RouterInterface;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
+use Symfony\Component\Security\Core\Authorization\AccessDecision;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 use Symfony\Component\Security\Core\User\UserInterface;
@@ -202,6 +203,22 @@ protected function isGranted(mixed $attribute, mixed $subject = null): bool
         return $this->container->get('security.authorization_checker')->isGranted($attribute, $subject);
     }
 
+    /**
+     * Checks if the attribute is granted against the current authentication token and optionally supplied subject.
+     *
+     * @throws \LogicException
+     */
+    protected function getAccessDecision(mixed $attribute, mixed $subject = null): AccessDecision
+    {
+        if (!$this->container->has('security.authorization_checker')) {
+            throw new \LogicException('The SecurityBundle is not registered in your application. Try running "composer require symfony/security-bundle".');
+        }
+
+        $decision = $this->container->get('security.authorization_checker')->isGranted($attribute, $subject, AccessDecision::RETURN_AS_OBJECT);
+
+        return $decision instanceof AccessDecision ? $decision : new AccessDecision($decision);
+    }
+
     /**
      * Throws an exception unless the attribute is granted against the current authentication token and optionally
      * supplied subject.
@@ -210,10 +227,13 @@ protected function isGranted(mixed $attribute, mixed $subject = null): bool
      */
     protected function denyAccessUnlessGranted(mixed $attribute, mixed $subject = null, string $message = 'Access Denied.'): void
     {
-        if (!$this->isGranted($attribute, $subject)) {
+        $decision = $this->getAccessDecision($attribute, $subject);
+
+        if ($decision->isDenied()) {
             $exception = $this->createAccessDeniedException($message);
             $exception->setAttributes([$attribute]);
             $exception->setSubject($subject);
+            $exception->setAccessDecision($decision);
 
             throw $exception;
         }
 
@@ -40,7 +40,9 @@
 use Symfony\Component\Routing\RouterInterface;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorage;
 use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
+use Symfony\Component\Security\Core\Authorization\AccessDecision;
 use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface;
+use Symfony\Component\Security\Core\Authorization\Voter\Vote;
 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 use Symfony\Component\Security\Core\User\InMemoryUser;
 use Symfony\Component\Security\Csrf\CsrfTokenManagerInterface;
@@ -362,7 +364,14 @@ public function testdenyAccessUnlessGranted()
 
         $this->expectException(AccessDeniedException::class);
 
-        $controller->denyAccessUnlessGranted('foo');
+        try {
+            $controller->denyAccessUnlessGranted('foo');
+        } catch (AccessDeniedException $exception) {
+            $this->assertFalse($exception->getAccessDecision()->getAccess());
+            $this->assertEmpty($exception->getAccessDecision()->getVotes());
+            $this->assertEmpty($exception->getAccessDecision()->getMessage());
+            throw $exception;
+        }
     }
 
     /**
@@ -644,4 +653,29 @@ public function testSendEarlyHints()
 
         $this->assertSame('</style.css>; rel="preload"; as="stylesheet",</script.js>; rel="preload"; as="script"', $response->headers->get('Link'));
     }
+
+    public function testdenyAccessUnlessGrantedWithAccessDecisionObject()
+    {
+        $authorizationChecker = $this->createMock(AuthorizationCheckerInterface::class);
+        $authorizationChecker->expects($this->once())
+            ->method('isGranted')
+            ->willReturn(new AccessDecision(false, [new Vote(-1)], 'access denied'));
+
+        $container = new Container();
+        $container->set('security.authorization_checker', $authorizationChecker);
+
+        $controller = $this->createController();
+        $controller->setContainer($container);
+
+        $this->expectException(AccessDeniedException::class);
+
+        try {
+            $controller->denyAccessUnlessGranted('foo');
+        } catch (AccessDeniedException $exception) {
+            $this->assertFalse($exception->getAccessDecision()->getAccess());
+            $this->assertCount(1, $exception->getAccessDecision()->getVotes());
+            $this->assertSame('access denied', $exception->getAccessDecision()->getMessage());
+            throw $exception;
+        }
+    }
 }
@@ -20,9 +20,12 @@
 use Symfony\Component\HttpKernel\DataCollector\LateDataCollectorInterface;
 use Symfony\Component\Security\Core\Authentication\Token\Storage\TokenStorageInterface;
 use Symfony\Component\Security\Core\Authentication\Token\SwitchUserToken;
+use Symfony\Component\Security\Core\Authorization\AccessDecision;
 use Symfony\Component\Security\Core\Authorization\AccessDecisionManagerInterface;
 use Symfony\Component\Security\Core\Authorization\TraceableAccessDecisionManager;
 use Symfony\Component\Security\Core\Authorization\Voter\TraceableVoter;
+use Symfony\Component\Security\Core\Authorization\Voter\Vote;
+use Symfony\Component\Security\Core\Authorization\Voter\VoteInterface;
 use Symfony\Component\Security\Core\Role\RoleHierarchyInterface;
 use Symfony\Component\Security\Http\Firewall\SwitchUserListener;
 use Symfony\Component\Security\Http\FirewallMapInterface;
@@ -138,6 +141,7 @@ public function collect(Request $request, Response $response, ?\Throwable $excep
 
             // collect voter details
             $decisionLog = $this->accessDecisionManager->getDecisionLog();
+
             foreach ($decisionLog as $key => $log) {
                 $decisionLog[$key]['voter_details'] = [];
                 foreach ($log['voterDetails'] as $voterDetail) {
@@ -146,10 +150,14 @@ public function collect(Request $request, Response $response, ?\Throwable $excep
                     $decisionLog[$key]['voter_details'][] = [
                         'class' => $classData,
                         'attributes' => $voterDetail['attributes'], // Only displayed for unanimous strategy
-                        'vote' => $voterDetail['vote'],
+                        'vote' => $voterDetail['vote'] instanceof VoteInterface ? $voterDetail['vote'] : new Vote($voterDetail['vote']),
                     ];
                 }
                 unset($decisionLog[$key]['voterDetails']);
+
+                if (!$decisionLog[$key]['result'] instanceof AccessDecision) {
+                    $decisionLog[$key]['result'] = new AccessDecision($decisionLog[$key]['result']);
+                }
             }
 
             $this->data['access_decision_log'] = $decisionLog;
 
@@ -31,7 +31,7 @@ public function __construct(
 
     public function onVoterVote(VoteEvent $event): void
     {
-        $this->traceableAccessDecisionManager->addVoterVote($event->getVoter(), $event->getAttributes(), $event->getVote());
+        $this->traceableAccessDecisionManager->addVoterVote($event->getVoter(), $event->getAttributes(), $event->getVote(true));
     }
 
     public static function getSubscribedEvents(): array
 
@@ -518,14 +518,16 @@
                             <col style="width: 30px">
                             <col style="width: 120px">
                             <col style="width: 25%">
-                            <col style="width: 60%">
+                            <col style="width: 40%">
+                            <col style="width: 20%">
 
                             <thead>
                                 <tr>
                                     <th>#</th>
                                     <th>Result</th>
                                     <th>Attributes</th>
                                     <th>Object</th>
+                                    <th>Message</th>
                                 </tr>
                             </thead>
 
@@ -534,7 +536,7 @@
                                     <tr class="voter_result">
                                         <td class="font-normal text-small text-muted nowrap">{{ loop.index }}</td>
                                         <td class="font-normal">
-                                            {{ decision.result
+                                            {{ decision.result.access
                                                 ? '<span class="label status-success same-width">GRANTED</span>'
                                                 : '<span class="label status-error same-width">DENIED</span>'
                                             }}
@@ -554,6 +556,7 @@
                                             {% endif %}
                                         </td>
                                         <td>{{ profiler_dump(decision.seek('object')) }}</td>
+                                        <td>{{ decision.result.message }}</td>
                                     </tr>
                                     <tr class="voter_details">
                                         <td></td>
@@ -570,14 +573,17 @@
                                                             <td class="font-normal text-small">attribute {{ voter_detail['attributes'][0] }}</td>
                                                             {% endif %}
                                                             <td class="font-normal text-small">
-                                                                {% if voter_detail['vote'] == constant('Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::ACCESS_GRANTED') %}
+                                                                {% if voter_detail['vote'].access == constant('Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::ACCESS_GRANTED') %}
                                                                     ACCESS GRANTED
-                                                                {% elseif voter_detail['vote'] == constant('Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::ACCESS_ABSTAIN') %}
+                                                                {% elseif voter_detail['vote'].access == constant('Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::ACCESS_ABSTAIN') %}
                                                                     ACCESS ABSTAIN
-                                                                {% elseif voter_detail['vote'] == constant('Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::ACCESS_DENIED') %}
+                                                                {% elseif voter_detail['vote'].access == constant('Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::ACCESS_DENIED') %}
                                                                     ACCESS DENIED
                                                                 {% else %}
-                                                                    unknown ({{ voter_detail['vote'] }})
+                                                                    unknown ({{ voter_detail['vote'].access }})
+                                                                {% endif %}
+                                                                {% if voter_detail['vote'].messages is not empty %}
+                                                                : {{ voter_detail['vote'].messages | join(', ')  }}
                                                                 {% endif %}
                                                             </td>
                                                         </tr>
 
@@ -58,10 +58,10 @@ public function getUser(): ?UserInterface
     /**
      * Checks if the attributes are granted against the current authentication token and optionally supplied subject.
      */
-    public function isGranted(mixed $attributes, mixed $subject = null): bool
+    public function isGranted(mixed $attributes, mixed $subject = null, $asObject = false): bool
     {
         return $this->container->get('security.authorization_checker')
-            ->isGranted($attributes, $subject);
+            ->isGranted($attributes, $subject, $asObject);
     }
 
     public function getToken(): ?TokenInterface
Original file line number	Diff line number	Diff line change
`@@ -45,6 +45,7 @@ public function isGranted(mixed $role, mixed $object = null, ?string $field = nu`
`45`	`45`	`}`
`46`	`46`
`47`	`47`	`try {`
	`48`	`+ /* @var bool */`
`48`	`49`	`return $this->securityChecker->isGranted($role, $object);`
`49`	`50`	`} catch (AuthenticationCredentialsNotFoundException) {`
`50`	`51`	`return false;`
Original file line number	Diff line number	Diff line change
`@@ -31,7 +31,7 @@ public function __construct(`
`31`	`31`
`32`	`32`	`public function onVoterVote(VoteEvent $event): void`
`33`	`33`	`{`
`34`		`- $this->traceableAccessDecisionManager->addVoterVote($event->getVoter(), $event->getAttributes(), $event->getVote());`
	`34`	`+ $this->traceableAccessDecisionManager->addVoterVote($event->getVoter(), $event->getAttributes(), $event->getVote(true));`
`35`	`35`	`}`
`36`	`36`
`37`	`37`	`public static function getSubscribedEvents(): array`
Original file line number	Diff line number	Diff line change
`@@ -58,10 +58,10 @@ public function getUser(): ?UserInterface`
`58`	`58`	`/**`
`59`	`59`	`* Checks if the attributes are granted against the current authentication token and optionally supplied subject.`
`60`	`60`	`*/`
`61`		`- public function isGranted(mixed $attributes, mixed $subject = null): bool`
	`61`	`+ public function isGranted(mixed $attributes, mixed $subject = null, $asObject = false): bool`
`62`	`62`	`{`
`63`	`63`	`return $this->container->get('security.authorization_checker')`
`64`		`- ->isGranted($attributes, $subject);`
	`64`	`+ ->isGranted($attributes, $subject, $asObject);`
`65`	`65`	`}`
`66`	`66`
`67`	`67`	`public function getToken(): ?TokenInterface`