Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

Commit eef413b

Browse filesBrowse files
weaverryanweaverryan
committed
minor #5090 Quick review of the Security book chapter (WouterJ)
This PR was merged into the 2.3 branch. Discussion ---------- Quick review of the Security book chapter Just did a quick review of the Security book chapter. I wanted to make it use best practices, but found out that @weaverryan already did a great job at it :) | Q | A | --- | --- | Doc fix? | yes | New docs? | no | Applies to | all | Fixed tickets | - Commits ------- 65ba36d Quick review of the Security book chapter
2 parents b07c0f4 + 65ba36d commit eef413b
Copy full SHA for eef413b

File tree

Expand file treeCollapse file tree

2 files changed

+23
-26
lines changed
Filter options
Expand file treeCollapse file tree

2 files changed

+23
-26
lines changed

‎book/security.rst

Copy file name to clipboardExpand all lines: book/security.rst
+20-16Lines changed: 20 additions & 16 deletions
Original file line numberDiff line numberDiff line change
@@ -21,7 +21,8 @@ sections:
2121
#. Fetching the current User object.
2222

2323
These are followed by a number of small (but still captivating) sections,
24-
like :ref:`logging out <book-security-logging-out>` and :ref:`encoding user passwords <security-encoding-password>`.
24+
like :ref:`logging out <book-security-logging-out>` and
25+
:ref:`encoding user passwords <security-encoding-password>`.
2526

2627
.. _book-security-firewalls:
2728

@@ -658,11 +659,11 @@ Add Code to Deny Access
658659

659660
There are **two** ways to deny access to something:
660661

661-
1) :ref:`access_control in security.yml <security-authorization-access-control>`
662+
#. :ref:`access_control in security.yml <security-authorization-access-control>`
662663
allows you to protect URL patterns (e.g. ``/admin/*``). This is easy,
663664
but less flexible;
664665

665-
2) :ref:`in your code via the security.context service <book-security-securing-controller>`.
666+
#. :ref:`in your code via the security.context service <book-security-securing-controller>`.
666667

667668
.. _security-authorization-access-control:
668669

@@ -814,8 +815,10 @@ You can easily deny access from inside a controller::
814815
}
815816

816817
That's it! If the user isn't logged in yet, they will be asked to login (e.g.
817-
redirected to the login page). If they *are* logged in, they'll be shown
818-
the 403 access denied page (which you can :ref:`customize <cookbook-error-pages-by-status-code>`).
818+
redirected to the login page). If they *are* logged in, but do *not* have the
819+
``ROLE_ADMIN`` role, they'll be shown the 403 access denied page (which you can
820+
:ref:`customize <cookbook-error-pages-by-status-code>`). If they are logged in
821+
and have the correct roles, the code will be executed.
819822

820823
.. _book-security-template:
821824

@@ -839,14 +842,13 @@ the built-in helper function:
839842
<a href="...">Delete</a>
840843
<?php endif ?>
841844

842-
If you use this function and are *not* behind a firewall, an exception
843-
will be thrown. Again, it's almost always a good
844-
idea to have a main firewall that covers all URLs (as has been shown
845-
in this chapter).
845+
If you use this function and you are *not* behind a firewall, an exception will
846+
be thrown. Again, it's almost always a good idea to have a main firewall that
847+
covers all URLs (as shown before in this chapter).
846848

847849
.. caution::
848850

849-
Be careful with this in your layout or on your error pages! Because of
851+
Be careful with this in your base layout or on your error pages! Because of
850852
some internal Symfony details, to avoid broken error pages in the ``prod``
851853
environment, wrap calls in these templates with a check for ``app.user``:
852854

@@ -857,10 +859,10 @@ in this chapter).
857859
Securing other Services
858860
.......................
859861

860-
In fact, anything in Symfony can be protected by doing something similar
861-
to this. For example, suppose you have a service (i.e. a PHP class) whose
862-
job is to send emails. You can restrict use of this class - no matter where
863-
it's being used from - to only certain users.
862+
Anything in Symfony can be protected by doing something similar to the code
863+
used to secure a controller. For example, suppose you have a service (i.e. a
864+
PHP class) whose job is to send emails. You can restrict use of this class - no
865+
matter where it's being used from - to only certain users.
864866

865867
For more information see :doc:`/cookbook/security/securing_services`.
866868

@@ -869,7 +871,8 @@ Checking to see if a User is Logged In (IS_AUTHENTICATED_FULLY)
869871

870872
So far, you've checked access based on roles - those strings that start with
871873
``ROLE_`` and are assigned to users. But if you *only* want to check if a
872-
user is logged in (you don't care about roles), then you can see ``IS_AUTHENTICATED_FULLY``::
874+
user is logged in (you don't care about roles), then you can use
875+
``IS_AUTHENTICATED_FULLY``::
873876

874877
// ...
875878
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
@@ -957,6 +960,7 @@ Now you can call whatever methods are on *your* User object. For example,
957960
if your User object has a ``getFirstName()`` method, you could use that::
958961

959962
use Symfony\Component\HttpFoundation\Response;
963+
// ...
960964

961965
public function indexAction()
962966
{
@@ -1262,7 +1266,7 @@ configuration tree may be useful.
12621266

12631267
Good luck!
12641268

1265-
Learn more from the Cookbook
1269+
Learn More from the Cookbook
12661270
----------------------------
12671271

12681272
* :doc:`Forcing HTTP/HTTPS </cookbook/security/force_https>`

‎cookbook/security/securing_services.rst

Copy file name to clipboardExpand all lines: cookbook/security/securing_services.rst
+3-10Lines changed: 3 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -26,16 +26,13 @@ service into it. For a general introduction to injecting dependencies into
2626
services see the :doc:`/book/service_container` chapter of the book. For
2727
example, suppose you have a ``NewsletterManager`` class that sends out emails
2828
and you want to restrict its use to only users who have some ``ROLE_NEWSLETTER_ADMIN``
29-
role. Before you add security, the class looks something like this:
30-
31-
.. code-block:: php
29+
role. Before you add security, the class looks something like this::
3230

3331
// src/AppBundle/Newsletter/NewsletterManager.php
3432
namespace AppBundle\Newsletter;
3533

3634
class NewsletterManager
3735
{
38-
3936
public function sendNewsletter()
4037
{
4138
// ... where you actually do the work
@@ -51,8 +48,7 @@ check, this is an ideal candidate for constructor injection, which guarantees
5148
that the security context object will be available inside the ``NewsletterManager``
5249
class::
5350

54-
namespace AppBundle\Newsletter;
55-
51+
// ...
5652
use Symfony\Component\Security\Core\SecurityContextInterface;
5753

5854
class NewsletterManager
@@ -102,11 +98,8 @@ Then in your service configuration, you can inject the service:
10298
The injected service can then be used to perform the security check when the
10399
``sendNewsletter()`` method is called::
104100

105-
namespace AppBundle\Newsletter;
106-
107-
use Symfony\Component\Security\Core\Exception\AccessDeniedException;
108-
use Symfony\Component\Security\Core\SecurityContextInterface;
109101
// ...
102+
use Symfony\Component\Security\Core\SecurityContextInterface;
110103

111104
class NewsletterManager
112105
{

0 commit comments

Comments
0 (0)
Morty Proxy This is a proxified and sanitized view of the page, visit original site.