Skip to content

Commit

Permalink
bug #4699 Use new security.authorization_checker service (xelaris)
Browse files Browse the repository at this point in the history 
This PR was merged into the 2.6 branch.

Discussion
----------

Use new security.authorization_checker service

| Q             | A
| ------------- | ---
| Doc fix?      | yes
| New docs?     | no
| Applies to    | 2.6+
| Fixed tickets |

Replace deprecated `security.context` with the `security.authorization_checker` service.

Commits
-------

58f4a00 Use denyAccessUnlessGranted shortcut
8ded86a Use new security.authorization_checker service
  • Loading branch information
@weaverryan
weaverryan committed Dec 31, 2014
2 parents 9c819b4 + 58f4a00 commit 79db0b9
Showing 1 changed file with 10 additions and 6 deletions.
16 changes: 10 additions & 6 deletions best_practices/security.rst
View file
Expand Up @@ -75,14 +75,14 @@ Authorization (i.e. Denying Access)
Symfony gives you several ways to enforce authorization, including the ``access_control`` Symfony gives you several ways to enforce authorization, including the ``access_control``
configuration in :doc:`security.yml </reference/configuration/security>` the configuration in :doc:`security.yml </reference/configuration/security>` the
:ref:`@Security annotation <best-practices-security-annotation>` and using :ref:`@Security annotation <best-practices-security-annotation>` and using
:ref:`isGranted <best-practices-directly-isGranted>` on the ``security.context`` :ref:`isGranted <best-practices-directly-isGranted>` on the ``security.authorization_checker``
service directly. service directly.


.. best-practice:: .. best-practice::


* For protecting broad URL patterns, use ``access_control``; * For protecting broad URL patterns, use ``access_control``;
* Whenever possible, use the ``@Security`` annotation; * Whenever possible, use the ``@Security`` annotation;
* Check security directly on the ``security.context`` service whenever * Check security directly on the ``security.authorization_checker`` service whenever
you have a more complex situation. you have a more complex situation.


There are also different ways to centralize your authorization logic, like There are also different ways to centralize your authorization logic, like
Expand Down Expand Up @@ -315,7 +315,7 @@ Now, you can use the voter with the ``@Security`` annotation:
// ... // ...
} }
You can also use this directly with the ``security.context`` service, or You can also use this directly with the ``security.authorization_checker`` service, or
via the even easier shortcut in a controller: via the even easier shortcut in a controller:


.. code-block:: php .. code-block:: php
Expand All @@ -327,9 +327,13 @@ via the even easier shortcut in a controller:
{ {
$post = // query for the post ... $post = // query for the post ...
if (!$this->get('security.context')->isGranted('edit', $post)) { $this->denyAccessUnlessGranted('edit', $post);
throw $this->createAccessDeniedException();
} // or without the shortcut:
//
// if (!$this->get('security.authorization_checker')->isGranted('edit', $post)) {
// throw $this->createAccessDeniedException();
// }
} }
Learn More Learn More
Expand Down

0 comments on commit 79db0b9

Please sign in to comment.