@@ -994,28 +994,21 @@ shown above.
994994-----------------------------
995995
996996After authentication, the ``User `` object of the current user can be accessed
997- via the ``security.token_storage `` service. From inside a controller, this will
998- look like::
999-
1000- use Symfony\Component\Security\Core\User\UserInterface;
997+ via the ``getUser() `` shortcut (which uses the ``security.token_storage ``
998+ service). From inside a controller, this will look like::
1001999
10021000 public function indexAction()
10031001 {
10041002 $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
10051003
10061004 $user = $this->getUser();
1007- // or you can also type-hint a method argument with UserInterface: e.g. "UserInterface $user"
10081005 }
10091006
10101007.. tip ::
10111008
10121009 The user will be an object and the class of that object will depend on
10131010 your :ref: `user provider <security-user-providers >`.
10141011
1015- .. versionadded :: 3.2
1016- The ability to get the user by type-hinting an argument with UserInterface
1017- was introduced in Symfony 3.2.
1018-
10191012Now you can call whatever methods are on *your * User object. For example,
10201013if your User object has a ``getFirstName() `` method, you could use that::
10211014
@@ -1036,14 +1029,7 @@ It's important to check if the user is authenticated first. If they're not,
10361029``$user `` will either be ``null `` or the string ``anon. ``. Wait, what? Yes,
10371030this is a quirk. If you're not logged in, the user is technically the string
10381031``anon. ``, though the ``getUser() `` controller shortcut converts this to
1039- ``null `` for convenience. When type-hinting the
1040- :class: `Symfony\\ Component\\ Security\\ Core\\ User\\ UserInterface\\ UserInterface `
1041- and being logged-in is optional, you can allow a null value for the argument::
1042-
1043- public function indexAction(UserInterface $user = null)
1044- {
1045- // $user is null when not logged-in or anon.
1046- }
1032+ ``null `` for convenience.
10471033
10481034The point is this: always check to see if the user is logged in before using
10491035the User object, and use the ``isGranted() `` method (or
@@ -1059,6 +1045,25 @@ the User object, and use the ``isGranted()`` method (or
10591045
10601046 }
10611047
1048+ .. note ::
1049+
1050+ An alternative way to get the current user in a controller is to type-hint
1051+ the controller argument with
1052+ :class: `Symfony\\ Component\\ Security\\ Core\\ User\\ UserInterface\\ UserInterface `
1053+ (and default it to ``null `` if being logged-in is optional)::
1054+
1055+ use Symfony\Component\Security\Core\User\UserInterface\UserInterface;
1056+
1057+ public function indexAction(UserInterface $user = null)
1058+ {
1059+ // $user is null when not logged-in or anon.
1060+ }
1061+
1062+ This is only recommended for experienced developers who don't extend from the
1063+ :ref: `Symfony base controller <the-base-controller-class-services >` and
1064+ don't use the :class: `Symfony\\ Bundle\\ FrameworkBundle\\ Controller\\ ControllerTrait `
1065+ either. Otherwise, it's recommended to keep using the ``getUser() `` shortcut.
1066+
10621067Retrieving the User in a Template
10631068~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
10641069
0 commit comments