Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit 99b1b0f

Browse filesBrowse files
Michael Kleinweaverryan
Michael Klein
authored and
weaverryan
committed
a couple of changes according to the comments, not finished now
1 parent 2bda150 commit 99b1b0f
Copy full SHA for 99b1b0f

File tree

Expand file treeCollapse file tree

1 file changed

+43
-41
lines changed
Filter options
Expand file treeCollapse file tree

1 file changed

+43
-41
lines changed

‎cookbook/security/voters_data_permission.rst

Copy file name to clipboard
+43-41Lines changed: 43 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -1,36 +1,36 @@
11
.. index::
22
single: Security; Data Permission Voters
33

4-
How to implement your own Voter to check the permission for a object agains a user
5-
==================================================================================
4+
How to implement your own Voter to check user permissions for accessing a given object
5+
======================================================================================
66

77
In Symfony2 you can check the permission to access data by the
8-
:doc:`ACL module </cookbook/security/acl>` which is a bit overhelming
9-
for many applications. A much easier solution is working with custom
8+
:doc:`ACL module </cookbook/security/acl>`, which is a bit overwhelming
9+
for many applications. A much easier solution is to work with custom voters
1010
voters, which are like simple conditional statements. Voters can be
1111
also used to check for permission as a part or even the whole
12-
application: :doc:`cookbook/security/voters`.
12+
application: :doc:`"/cookbook/security/voters"`.
1313

1414
.. tip::
1515

1616
It is good to understand the basics about what and how
1717
:doc:`authorization </components/security/authorization>` works.
1818

19-
How symfony works with voters
20-
-----------------------------
19+
How Symfony Uses Voters
20+
-----------------------
2121

22-
In order to use voters you have to understand how symfony works with them.
23-
In general all registered custom voters will be called every time you ask
24-
symfony about permission (ACL). In general there are three different
22+
In order to use voters, you have to understand how Symfony works with them.
23+
In general, all registered custom voters will be called every time you ask
24+
Symfony about permissions (ACL). In general there are three different
2525
approaches on how to handle the feedback from all voters:
26-
:ref:`components-security-access-decision-manager`.
26+
:ref:`"components-security-access-decision-manager"`.
2727

2828
The Voter Interface
2929
-------------------
3030

3131
A custom voter must implement
3232
:class:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface`,
33-
which requires the following three methods:
33+
which has this structure:
3434

3535
.. code-block:: php
3636
@@ -55,53 +55,52 @@ values:
5555
* ``VoterInterface::ACCESS_ABSTAIN``: The voter cannot decide if the user is granted or not
5656
* ``VoterInterface::ACCESS_DENIED``: The user is not allowed to access the application
5757

58-
In this example, you'll check if the user will have access to a specific object according to your custom conditions (e.g. he must be the owner of the object). If the condition fails, you'll return
58+
In this example, you'll check if the user will have access to a specific
59+
object according to your custom conditions (e.g. he must be the owner of
60+
the object). If the condition fails, you'll return
5961
``VoterInterface::ACCESS_DENIED``, otherwise you'll return
60-
``VoterInterface::ACCESS_GRANTED``. In case the responsebility for this decision belong not to this voter, he will return
61-
``VoterInterface::ACCESS_ABSTAIN``.
62+
``VoterInterface::ACCESS_GRANTED``. In case the responsibility for this decision
63+
belongs not to this voter, it will return ``VoterInterface::ACCESS_ABSTAIN``.
6264

6365
Creating the Custom Voter
6466
-------------------------
6567

66-
You could store your Voter for the view and edit method of a post within ACME/DemoBundle/Security/Authorization/Document/PostVoter.php.
68+
You could store your Voter to check permission for the view and edit action like following.
6769

6870
.. code-block:: php
6971
70-
// src/Acme/DemoBundle/Security/Authorization/Document/PostVoter.php
71-
namespace Acme\DemoBundle\Security\Authorization\Document;
72+
// src/Acme/DemoBundle/Security/Authorization/Entity/PostVoter.php
73+
namespace Acme\DemoBundle\Security\Authorization\Entity;
7274
7375
use Symfony\Component\DependencyInjection\ContainerInterface;
7476
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
7577
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
78+
use Symfony\Component\Security\Core\User\UserInterface;
7679
7780
class PostVoter implements VoterInterface
7881
{
79-
private $container;
80-
81-
public function __construct(ContainerInterface $container)
82-
{
83-
$this->container = $container;
84-
}
8582
8683
public function supportsAttribute($attribute)
8784
{
88-
return in_array($attribute, array(
89-
'view',
90-
'edit'
91-
));
85+
return in_array($attribute, array(
86+
'view',
87+
'edit',
88+
));
9289
}
9390
9491
public function supportsClass($class)
9592
{
96-
// could be "ACME\DemoBundle\Entity\Post" as well
97-
$array = array("ACME\DemoBundle\Document\Post");
93+
// could be "Acme\DemoBundle\Entity\Post" as well
94+
$array = array("Acme\DemoBundle\Entity\Post");
9895
9996
foreach ($array as $item) {
10097
// check with stripos in case doctrine is using a proxy class for this object
101-
if (stripos($s, $item) !== FALSE) {
98+
if (stripos($s, $item) !== false) {
99+
102100
return true;
103101
}
104102
}
103+
105104
return false;
106105
}
107106
@@ -111,32 +110,36 @@ You could store your Voter for the view and edit method of a post within ACME/De
111110
$user = $token->getUser();
112111
113112
// check if class of this object is supported by this voter
114-
if ( !($this->supportsClass(get_class($object))) ) {
113+
if (!($this->supportsClass(get_class($object)))) {
114+
115115
return VoterInterface::ACCESS_ABSTAIN;
116116
}
117117
118118
// check if the given attribute is covered by this voter
119119
foreach ($attributes as $attribute) {
120-
if ( !$this->supportsAttribute($attribute) ) {
120+
if (!$this->supportsAttribute($attribute)) {
121+
121122
return VoterInterface::ACCESS_ABSTAIN;
122123
}
123124
}
124125
125126
// check if given user is instance of user interface
126-
if ( !($user instanceof UserInterface) ) {
127+
if (!($user instanceof UserInterface)) {
128+
127129
return VoterInterface::ACCESS_DENIED;
128130
}
129131
130132
switch($this->attributes[0]) {
131-
132133
case 'view':
133-
if($object->isPrivate() === false) {
134+
if ($object->isPrivate() === false) {
135+
134136
return VoterInterface::ACCESS_GRANTED;
135137
}
136138
break;
137139
138140
case 'edit':
139-
if($object->getOwner()->getId() === $user->getId()) {
141+
if ($user->getId() === $object->getOwner()->getId()) {
142+
140143
return VoterInterface::ACCESS_GRANTED;
141144
}
142145
break;
@@ -164,10 +167,9 @@ and tag it as a "security.voter":
164167
165168
# src/Acme/AcmeBundle/Resources/config/services.yml
166169
services:
167-
security.access.post_document_voter:
168-
class: Acme\DemoBundle\Security\Authorization\Document\PostVoter
170+
security.access.post_voter:
171+
class: Acme\DemoBundle\Security\Authorization\Entity\PostVoter
169172
public: false
170-
arguments: [@service_container]
171-
# we need to assign this service to be a security voter
173+
# the service gets tagged as a voter
172174
tags:
173175
- { name: security.voter }

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.