Permalink
Browse files

[book][security] Adding note per @stof about access control without a…

… firewall
  • Loading branch information...
1 parent 0561c2c commit eca314f06a2edf3f3784eea3229614694fcf4c3b @weaverryan weaverryan committed May 12, 2011
Showing with 12 additions and 0 deletions.
  1. +12 −0 book/security.rst
View
@@ -1337,6 +1337,13 @@ the built-in helper function:
<a href="...">Delete</a>
<?php endif; ?>
+.. note::
+
+ If you use this function and are *not* at a URL where there is a firewall
+ active, an exception will be thrown. Again, it's almost always a good
+ idea to have a main firewall that covers all URLs (as has been shown
+ in this chapter).
+
Access Control in Controllers
-----------------------------
@@ -1354,6 +1361,11 @@ the ``isGranted`` method of the security context:
// load other regular content here
}
+.. note::
+
+ A firewall must be active or an exception will be thrown when the ``isGranted``
+ method is called. See the note above about templates for more details.
+
Impersonating a User
--------------------

0 comments on commit eca314f

Please sign in to comment.