Permalink
Browse files

bug #4139 cleaned up the code example (gondo)

This PR was submitted for the 2.5 branch but it was merged into the 2.3 branch instead (closes #4139).

Discussion
----------

cleaned up the code example

- added final return for `vote()` function
- moved `$user` below attribute check. if attribute fails, we don't need user
- used already declared constants in switch statement, rather than harcoded strings

Commits
-------

081b3c7 cleaned up the code example
  • Loading branch information...
weaverryan committed Aug 19, 2014
2 parents b5c9f2a + 1acd1c0 commit 53b2c2be9f077afb5120cb3a3b39d58961073861
Showing with 7 additions and 5 deletions.
  1. +7 −5 cookbook/security/voters_data_permission.rst
@@ -105,36 +105,38 @@ edit a particular object. Here's an example implementation::
// set the attribute to check against
$attribute = $attributes[0];
// get current logged in user
$user = $token->getUser();
// check if the given attribute is covered by this voter
if (!$this->supportsAttribute($attribute)) {
return VoterInterface::ACCESS_ABSTAIN;
}
// get current logged in user
$user = $token->getUser();
// make sure there is a user object (i.e. that the user is logged in)
if (!$user instanceof UserInterface) {
return VoterInterface::ACCESS_DENIED;
}
switch($attribute) {
case 'view':
case self::VIEW:
// the data object could have for example a method isPrivate()
// which checks the Boolean attribute $private
if (!$post->isPrivate()) {
return VoterInterface::ACCESS_GRANTED;
}
break;
case 'edit':
case self::EDIT:
// we assume that our data object has a method getOwner() to
// get the current owner user entity for this data object
if ($user->getId() === $post->getOwner()->getId()) {
return VoterInterface::ACCESS_GRANTED;
}
break;
}
return VoterInterface::ACCESS_DENIED;
}
}

0 comments on commit 53b2c2b

Please sign in to comment.