8000 minor #9929 Fixed security expression testing user (HeahDude) · symfony/symfony-docs@ecbe790 · GitHub
[go: up one dir, main page]

Skip to content

Commit ecbe790

Browse files
committed
minor #9929 Fixed security expression testing user (HeahDude)
This PR was submitted for the master branch but it was merged into the 2.8 branch instead (closes #9929). Discussion ---------- Fixed security expression testing user The example "user and ..." is broken when the user is a string. Commits ------- bdd20d3 Fixed security expression testing user
2 parents 4e01746 + bdd20d3 commit ecbe790

File tree

2 files changed

+3
-3
lines changed

2 files changed

+3
-3
lines changed

security.rst

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -964,15 +964,15 @@ You can also use expressions inside your templates:
964964
.. code-block:: html+jinja
965965

966966
{% if is_granted(expression(
967-
'"ROLE_ADMIN" in roles or (user and user.isSuperAdmin())'
967+
'"ROLE_ADMIN" in roles or (not is_anonymous() and user.isSuperAdmin())'
968968
)) %}
969969
<a href="...">Delete</a>
970970
{% endif %}
971971

972972
.. code-block:: html+php
973973

974974
<?php if ($view['security']->isGranted(new Expression(
975-
'"ROLE_ADMIN" in roles or (user and user.isSuperAdmin())'
975+
'"ROLE_ADMIN" in roles or (not is_anonymous() and user.isSuperAdmin())'
976976
))): ?>
977977
<a href="...">Delete</a>
978978
<?php endif; ?>

security/expressions.rst

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,7 +18,7 @@ accepts an :class:`Symfony\\Component\\ExpressionLanguage\\Expression` object::
1818
public function indexAction()
1919
{
2020
$this->denyAccessUnlessGranted(new Expression(
21-
'"ROLE_ADMIN" in roles or (user and user.isSuperAdmin())'
21+
'"ROLE_ADMIN" in roles or (not is_anonymous() and user.isSuperAdmin())'
2222
));
2323

2424
// ...

0 commit comments

Comments
 (0)
0