8000 a couple of changes according to the comments, not finished now · symfony/symfony-docs@99b1b0f · GitHub
[go: up one dir, main page]
Skip to content

Commit 99b1b0f

Browse files
Michael Kleinweaverryan
Michael Klein
authored and
weaverryan
committed
a couple of changes according to the comments, not finished now
1 parent 2bda150 commit 99b1b0f

File tree

1 file changed

+43
-41
lines changed

1 file changed

+43
-41
lines changed

cookbook/security/voters_data_permission.rst

Lines changed: 43 additions & 41 deletions
Original file line numberDiff line numberDiff line change
@@ -1,36 +1,36 @@
11
.. index::
22
single: Security; Data Permission Voters
33

4-
How to implement your own Voter to check the permission for a object agains a user
5-
==================================================================================
4+
How to implement your own Voter to check user permissions for accessing a given object
5+
======================================================================================
66

77
In Symfony2 you can check the permission to access data by the
8-
:doc:`ACL module </cookbook/security/acl>` which is a bit overhelming
9-
for many applications. A much easier solution is working with custom
8+
:doc:`ACL module </cookbook/security/acl>`, which is a bit overwhelming
9+
for many applications. A much easier solution is to work with custom voters
1010
voters, which are like simple conditional statements. Voters can be
1111
also used to check for permission as a part or even the whole
12-
application: :doc:`cookbook/security/voters`.
12+
application: :doc:`"/cookbook/security/voters"`.
1313

1414
.. tip::
1515

1616
It is good to understand the basics about what and how
1717
:doc:`authorization </components/security/authorization>` works.
1818

19-
How symfony works with voters
20-
-----------------------------
19+
How Symfony Uses Voters
20+
-----------------------
2121

22-
In order to use voters you have to understand how symfony works with them.
23-
In general all registered custom voters will be called every time you ask
24-
symfony about permission (ACL). In general there are three different
22+
In order to use voters, you have to understand how Symfony works with them.
23+
In general, all registered custom voters will be called every time you ask
24+
Symfony about permissions (ACL). In general there are three different
2525
approaches on how to handle the feedback from all voters:
26-
:ref:`components-security-access-decision-manager`.
26+
:ref:`"components-security-access-decision-manager"`.
2727

2828
The Voter Interface
2929
-------------------
3030

3131
A custom voter must implement
3232
:class:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface`,
33-
which requires the following three methods:
33+
which has this structure:
3434

3535
.. code-block:: php
3636
@@ -55,53 +55,52 @@ values:
5555
* ``VoterInterface::ACCESS_ABSTAIN``: The voter cannot decide if the user is granted or not
5656
* ``VoterInterface::ACCESS_DENIED``: The user is not allowed to access the application
5757

58-
In this example, you'll check if the user will have access to a specific object according to your custom conditions (e.g. he must be the owner of the object). If the condition fails, you'll return
58+
In this example, you'll check if the user will have access to a specific
59+
object according to your custom conditions (e.g. he must be the owner of
60+
the object). If the condition fails, you'll return
5961
``VoterInterface::ACCESS_DENIED``, otherwise you'll return
60-
``VoterInterface::ACCESS_GRANTED``. In case the responsebility for this decision belong not to this voter, he will return
61-
``VoterInterface::ACCESS_ABSTAIN``.
62+
``VoterInterface::ACCESS_GRANTED``. In case the responsibility for this decision
63+
belongs not to this voter, it will return ``VoterInterface::ACCESS_ABSTAIN``.
6264

6365
Creating the Custom Voter
6466
-------------------------
6567

66-
You could store your Voter for the view and edit method of a post within ACME/DemoBundle/Security/Authorization/Document/PostVoter.php.
68+
You could store your Voter to check permission for the view and edit action like following.
6769

6870
.. code-block:: php
6971
70-
// src/Acme/DemoBundle/Security/Authorization/Document/PostVoter.php
71-
namespace Acme\DemoBundle\Security\Authorization\Document;
72+
// src/Acme/DemoBundle/Security/Authorization/Entity/PostVoter.php
73+
namespace Acme\DemoBundle\Security\Authorization\Entity;
7274
7375
use Symfony\Component\DependencyInjection\ContainerInterface;
7476
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
7577
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
78+
use Symfony\Component\Security\Core\User\UserInterface;
7679
7780
class PostVoter implements VoterInterface
7881
{
79-
private $container;
80-
81-
public function __construct(ContainerInterface $container)
82-
{
83-
$this->container = $container;
84-
}
8582
8683
public function supportsAttribute($attribute)
8784
{
88-
return in_array($attribute, array(
89-
'view',
90-
'edit'
91-
));
85+
return in_array($attribute, array(
86+
'view',
87+
'edit',
88+
));
9289
}
9390
9491
public function supportsClass($class)
9592
{
96-
// could be "ACME\DemoBundle\Entity\Post" as well
97-
$array = array("ACME\DemoBundle\Document\Post");
93+
// could be "Acme\DemoBundle\Entity\Post" as well
94+
$array = array("Acme\DemoBundle\Entity\Post");
9895
9996
foreach ($array as $item) {
10097
// check with stripos in case doctrine is using a proxy class for this object
101-
if (stripos($s, $item) !== FALSE) {
98+
if (stripos($s, $item) !== false) {
99+
102100
return true;
103101
}
104102
}
103+
105104
return false;
106105
}
107106
@@ -111,32 +110,36 @@ You could store your Voter for the view and edit method of a post within ACME/De
111110
$user = $token->getUser();
112111
113112
// check if class of this object is supported by this voter
114-
if ( !($this->supportsClass(get_class($object))) ) {
113+
if (!($this->supportsClass(get_class($object)))) {
114+
115115
return VoterInterface::ACCESS_ABSTAIN;
116116
}
117117
118118
// check if the given attribute is covered by this voter
119119
foreach ($attributes as $attribute) {
120-
if ( !$this->supportsAttribute($attribute) ) {
120+
if (!$this->supportsAttribute($attribute)) {
121+
121122
return VoterInterface::ACCESS_ABSTAIN;
122123
}
123124
}
124125
125126
// check if given user is instance of user interface
126-
if ( !($user instanceof UserInterface) ) {
127+
if (!($user instanceof UserInterface)) {
128+
127129
return VoterInterface::ACCESS_DENIED;
128130
}
129131
130132
switch($this->attributes[0]) {
131-
132133
case 'view':
133-
if($object->isPrivate() === false) {
134+
if ($object->isPrivate() === false) {
135+
134136
return VoterInterface::ACCESS_GRANTED;
135137
}
136138
break;
137139
138140
case 'edit':
139-
if($object->getOwner()->getId() === $user->getId()) {
141+
if ($user->getId() === $object->getOwner()->getId()) {
142+
140143
return VoterInterface::ACCESS_GRANTED;
141144
}
142145
break;
@@ -164,10 +167,9 @@ and tag it as a "security.voter":
164167
165168
# src/Acme/AcmeBundle/Resources/config/services.yml
166169
services:
167-
security.access.post_document_voter:
168-
class: Acme\DemoBundle\Security\Authorization\Document\PostVoter
170+
security.access.post_voter:
171+
class: Acme\DemoBundle\Security\Authorization\Entity\PostVoter
169172
public: false
170-
arguments: [@service_container]
171-
# we need to assign this service to be a security voter
173+
# the service gets tagged as a voter
172174
tags:
173175
- { name: security.voter }

0 commit comments

Comments
 (0)
0