Sometimes I find it hard to debug why is_granted returns true/false in some cases. I know there is at least one feature request (#26343) that tries to improve this, but #24501 inspired me to create this feature request.

This code:

// src/Security/PostVoter.php
if (! $user->hasRole('ROLE_ADMIN')) {
    return false;
}

// src/Controller/PostController.php
$this->denyAccessUnlessGranted('view', $post);

Reminds me of this:

It would be great to re-use the idea behind TransitionBlocker when using Voters. Instead, one should be able to write something like

if (! $user->hasRole('ROLE_ADMIN')) {
    yield new VoterBlocker('You need admin rights to do this');
}

This has two benefits:

• This will make it easier to debug because the reason can be shown in the Profiler. This will extend the Detailed security voters decisions in Symfony 4.2
• There could be a way to use this message to inform the user why it can't perform an action. Using is_granted feels like implementing "Computer says no" instead of "Sorry, you need to be an admin/this post is private/etc/". This can work similar to Transition Blockers in Symfony's Workflow Component 4.1 and the recently added workflow_transition_blockers from Symfony 4.3.