Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Make it unnecessary to append a '_' to the controller name when using the AdminSecurity annotation #9432
Currently, if you use the
Let's take the following example from AdministrationController.php:
/** * @AdminSecurity("is_granted('read', request.get('_legacy_controller')~'_')", message="Access denied.") */
Roles (permissions) for controllers are stored in the database as
In this example, the corresponding role is
Using those elements, it builds the role ID and then hands it over to the legacy access control which performs the check.
Until now, the role was created by joining the subject and the attribute together, then converting them to upper case. This PR adds an underscore between them if there isn't one there already (to ensure backwards compatibility).
That's all! Now we can have cleaner calls to AdminSecurity. Check out said change in this commit: 95ce71c
The second commit is where I changed all the current calls so that they conform to the new spec.