Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Appearance settings

New Data Voter Article (continuation) #3594

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 15 commits into from
Mar 4, 2014
Merged

New Data Voter Article (continuation) #3594

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
15 commits
Select commit Hold shift + click to select a range
2bda150
create voters_data_permission.rst article
Oct 31, 2013
99b1b0f
a couple of changes according to the comments, not finished now
Oct 31, 2013
1466fa7
improvements according to the reviews
Nov 5, 2013
731dcad
updated page with suggestion from the review
Nov 12, 2013
ee0def1
improved tip box with additional link to /cookbook/security
Nov 12, 2013
f4eb5f3
updated docs according to the reviews
Nov 26, 2013
5275230
updated with missing fixes
Nov 26, 2013
1fd3b0e
updated docs according to the review
Jan 22, 2014
872a05f
updated the link from ACL to the data permission voters
Jan 22, 2014
9b91501
updated the docs according to the last review
Jan 22, 2014
da7b97e
missed one comment
Jan 22, 2014
8227270
updated according to the review
Feb 18, 2014
11aead7
simplified the example
Feb 19, 2014
2391758
[#2877][#3138] Proofreading the new voter data permission entry
weaverryan Feb 20, 2014
d3f9383
[#3594] Nice tweaks thanks to @WouterJ and @xabbuh
weaverryan Mar 4, 2014
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
Prev Previous commit
Next Next commit
updated docs according to the review
  • Loading branch information
@weaverryan
Michael Klein authored and weaverryan committed Feb 20, 2014
commit 1fd3b0eb8d12ac8cf341497bcb59bf26d38ea89d
15 changes: 8 additions & 7 deletions 15 cookbook/security/voter_interface.rst.inc
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,15 +7,16 @@
public function vote(TokenInterface $token, $post, array $attributes);
}

The :method:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::supportsAttribute` method is used to check if the voter supports
the given user attribute (i.e: a role, an ACL, etc.).
The :method:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::supportsAttribute`
method is used to check if the voter supports the given user attribute (i.e: a role, an ACL, etc.).

The :method:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::supportsClass` method is used to check if the voter supports the
class of the object whose access is being checked (doesn't apply to this entry).
The :method:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::supportsClass`
method is used to check if the voter supports the class of the object whose
access is being checked (doesn't apply to this entry).

The :method:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::vote` method must implement the business logic that verifies whether
or not the user is granted access. This method must return one of the following
values:
The :method:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::vote`
method must implement the business logic that verifies whether or not the
user is granted access. This method must return one of the following values:

* ``VoterInterface::ACCESS_GRANTED``: The authorization will be granted by this voter;
* ``VoterInterface::ACCESS_ABSTAIN``: The voter cannot decide if authorization should be granted;
Expand Down
49 changes: 23 additions & 26 deletions 49 cookbook/security/voters_data_permission.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ You could store your Voter to check permission for the view and edit action like
// src/Acme/DemoBundle/Security/Authorization/Entity/PostVoter.php
namespace Acme\DemoBundle\Security\Authorization\Entity;

use Symfony\Component\HttpKernel\Exception\PreconditionFailedHttpException;
use Symfony\Component\Security\Core\Exception\InvalidArgumentException;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
Expand All @@ -60,33 +60,35 @@ You could store your Voter to check permission for the view and edit action like

class PostVoter implements VoterInterface
{
const VIEW = 'view';
const EDIT = 'edit';

public function supportsAttribute($attribute)
{
return in_array($attribute, array(
'view',
'edit',
self::VIEW,
self::EDIT,
));
}

public function supportsClass($obj)
{
$array = array('Acme\DemoBundle\Entity\Post');

foreach ($array as $item) {
if ($obj instanceof $item))
return true;
}
}
if ($obj instanceof 'Acme\DemoBundle\Entity\Post') return true;

return false;
}

/** @var \Acme\DemoBundle\Entity\Post $post */
public function vote(TokenInterface $token, $post, array $attributes)
{
// check if class of this object is supported by this voter
if (!$this->supportsClass($post)) {
return VoterInterface::ACCESS_ABSTAIN;
}

// check if voter is used correct, only allow one attribute for a check
if(count($attributes) !== 1 || !is_string($attributes[0])) {
throw new PreconditionFailedHttpException(
throw new InvalidArgumentException(
'Only one attribute is allowed for VIEW or EDIT'
);
}
Expand All @@ -97,11 +99,6 @@ You could store your Voter to check permission for the view and edit action like
// get current logged in user
$user = $token->getUser();

// check if class of this object is supported by this voter
if (!$this->supportsClass($post)) {
return VoterInterface::ACCESS_ABSTAIN;
}

// check if the given attribute is covered by this voter
if (!$this->supportsAttribute($attribute)) {
return VoterInterface::ACCESS_ABSTAIN;
Expand All @@ -128,12 +125,6 @@ You could store your Voter to check permission for the view and edit action like
return VoterInterface::ACCESS_GRANTED;
}
break;

default:
// otherwise throw an exception, which will break the request
throw new PreconditionFailedHttpException(
'The Attribute "'.$attribute.'" was not found.'
);
}

}
Expand All @@ -146,7 +137,7 @@ Declaring the Voter as a Service
--------------------------------

To inject the voter into the security layer, you must declare it as a service
and tag it as a ´security.voter´:
and tag it as a 'security.voter':

.. configuration-block::

Expand Down Expand Up @@ -185,8 +176,9 @@ and tag it as a ´security.voter´:

How to Use the Voter in a Controller
------------------------------------
The registered voter will then always be asked as soon the method isGranted from
the security context is called.

The registered voter will then always be asked as soon as the method 'isGranted'
from the security context is called.

.. code-block:: php

Expand All @@ -198,7 +190,12 @@ the security context is called.

class PostController
{
public function showAction($id)

/**
* @Route("/blog/{id}")
* @ParamConverter("post", class="SensioBlogBundle:Post")
*/
public function showAction(Post $post)
{
// keep in mind, this will call all registered security voters
if (false === $this->get('security.context')->isGranted('view', $post)) {
Expand Down
Morty Proxy This is a proxified and sanitized view of the page, visit original site.