File tree 4 files changed +52
-10
lines changed
4 files changed +52
-10
lines changed Original file line number Diff line number Diff line change @@ -105,10 +105,22 @@ AuthenticatedVoter
105105~~~~~~~~~~~~~~~~~~
106106
107107The :class: `Symfony\\ Component\\ Security\\ Core\\ Authorization\\ Voter\\ AuthenticatedVoter `
108- voter supports the attributes ``IS_AUTHENTICATED_FULLY ``, ``IS_AUTHENTICATED_REMEMBERED ``,
109- and ``IS_AUTHENTICATED_ANONYMOUSLY `` and grants access based on the current
110- level of authentication, i.e. is the user fully authenticated, or only based
111- on a "remember-me" cookie, or even authenticated anonymously?::
108+ voter supports the attributes ``IS_AUTHENTICATED_FULLY ``,
109+ ``IS_AUTHENTICATED_REMEMBERED ``, ``IS_AUTHENTICATED_ANONYMOUSLY ``,
110+ to grant access based on the current level of authentication, i.e. is the
111+ user fully authenticated, or only based on a "remember-me" cookie, or even
112+ authenticated anonymously?
113+
114+ It also supports the attributes ``IS_ANONYMOUS ``, ``IS_REMEMBERED ``,
115+ ``IS_IMPERSONATED `` to grant access based on a specific state of
116+ authentication.
117+
118+ .. versionadded :: 5.1
119+
120+ The ``IS_ANONYMOUS ``, ``IS_REMEMBERED `` and ``IS_IMPERSONATED ``
121+ attributes were introduced in Symfony 5.1.
122+
123+ ::
112124
113125 use Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolver;
114126
Original file line number Diff line number Diff line change @@ -663,7 +663,7 @@ You can use ``IS_AUTHENTICATED_FULLY`` anywhere roles are used: like
663663``access_control `` or in Twig.
664664
665665``IS_AUTHENTICATED_FULLY `` isn't a role, but it kind of acts like one, and every
666- user that has logged in will have this. Actually, there are 3 special attributes
666+ user that has logged in will have this. Actually, there are some special attributes
667667like this:
668668
669669* ``IS_AUTHENTICATED_REMEMBERED ``: *All * logged in users have this, even
@@ -679,6 +679,21 @@ like this:
679679 this - this is useful when *whitelisting * URLs to guarantee access - some
680680 details are in :doc: `/security/access_control `.
681681
682+ * ``IS_ANONYMOUS ``: *Only * anonymous users are matched by this attribute.
683+
684+ * ``IS_REMEMBERED ``: *Only * users authenticated using the
685+ :doc: `remember me functionality </security/remember_me >`, (i.e. a
686+ remember-me cookie).
687+
688+ * ``IS_IMPERSONATOR ``: When the current user is
689+ :doc: `impersonating </security/impersonating_user >` another user in this
690+ session, this attribute will match.
691+
692+ .. versionadded :: 5.1
693+
694+ The ``IS_ANONYMOUS ``, ``IS_REMEMBERED `` and ``IS_IMPERSONATOR ``
695+ attributes were introduced in Symfony 5.1.
696+
682697.. _security-secure-objects :
683698
684699Access Control Lists (ACLs): Securing individual Database Objects
Original file line number Diff line number Diff line change @@ -85,16 +85,21 @@ role to the users that need it.
8585Knowing When Impersonation Is Active
8686------------------------------------
8787
88- When a user is being impersonated, Symfony grants them a special role called
89- `` ROLE_PREVIOUS_ADMIN `` (in addition to the roles the user may have) . Use this
90- special role, for instance, to show a link to exit impersonation in a template:
88+ You can use the special attribute `` IS_IMPERSONATOR `` to check if the
89+ impersonation is active in this session . Use this special role, for
90+ instance, to show a link to exit impersonation in a template:
9191
9292.. code-block :: html+twig
9393
94- {% if is_granted('ROLE_PREVIOUS_ADMIN ') %}
94+ {% if is_granted('IS_IMPERSONATOR ') %}
9595 <a href="{{ path('homepage', {'_switch_user': '_exit'}) }}">Exit impersonation</a>
9696 {% endif %}
9797
98+ .. versionadded :: 5.1
99+
100+ The ``IS_IMPERSONATOR `` was introduced in Symfony 5.1. Use
101+ ``ROLE_PREVIOUS_ADMIN `` prior to Symfony 5.1.
102+
98103Finding the Original User
99104-------------------------
100105
Original file line number Diff line number Diff line change @@ -176,7 +176,8 @@ visiting the site.
176176
177177In some cases, however, you may want to force the user to actually re-authenticate
178178before accessing certain resources. For example, you might not allow "remember me"
179- users to change their password. You can do this by leveraging a few special "roles"::
179+ users to change their password. You can do this by leveraging a few special
180+ "attributes"::
180181
181182 // src/Controller/AccountController.php
182183 // ...
@@ -200,6 +201,15 @@ users to change their password. You can do this by leveraging a few special "rol
200201 // ...
201202 }
202203
204+ .. tip ::
205+
206+ There is also a ``IS_REMEMBERED `` attribute that grants *only * when the
207+ user is authenticated via the remember me mechanism.
208+
209+ .. versionadded :: 5.1
210+
211+ The ``IS_REMEMBERED `` attribute was introduced in Symfony 5.1.
212+
203213.. _remember-me-token-in-database :
204214
205215Storing Remember Me Tokens in the Database
You can’t perform that action at this time.
0 commit comments