Permits to use the decision manager system to check if an object implementing OwnableInterface is owned by an object implementing OwnerInterface.
If object implementing OwnerInterface also implements EquatableInterface and UserInterface, it will be used to check equality of owner.
class Post implements OwnableInterface
public function getOwner()
class User implements OwnerInterface, UserInterface, EquatableInterface
$securityContext->isGranted('IS_OWNER', new Post); // true if Post::createdBy is current logged in user
add owner security voter
abstatin to vote for not know onwer / ownable
useEqutableInterface if possible
register security voter in bundle
There's a typo here: unknown
ha bah voila :)
Shouldn't we use ACL for this kind of right?
Or maybe it's over-complicated for trivial right management and your solution could apply for simple cases?
I'm searching the point when to use (or not) Symfony ACL management against security voter.
(Anyway, the two systems don't conflict, so your PR can be merged safely!)
indeed, they don't conflict.
Problem with ACL from the security component is that they are totally decoupled from the data.
The information is stored in totally separated tables, not linked in any way with the model.
So, it depends what you wanna do.
As a contrary, with this voter system, you use the model data to know who is owner, not an extra, separated, complex mechanism.