8000 "broken" example retrieving the user object · Issue #7506 · symfony/symfony-docs · GitHub
[go: up one dir, main page]
Skip to content

"broken" example retrieving the user object #7506

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
linaori opened this issue Feb 16, 2017 · 3 comments
Closed

"broken" example retrieving the user object #7506

linaori opened this issue Feb 16, 2017 · 3 comments
Labels
bug hasPR A Pull Request has already been submitted for this issue. Security Status: Needs Review
Milestone
4.0

Comments

@linaori
Copy link
Contributor
linaori commented Feb 16, 2017

http://symfony.com/doc/current/security.html#retrieving-the-user-object

When updating the docs, I didn't quite take the workings of the security into account. The following example is broken:

use Symfony\Component\Security\Core\User\UserInterface;

public function indexAction(UserInterface $user)
{
    if (!$this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
        throw $this->createAccessDeniedException();
    }

    // the above is a shortcut for this
    $user = $this->get('security.token_storage')->getToken()->getUser();
}

This will lead to an error unless access_control has already triggered the authentication process to get a user object. The example can be fixed in two ways:

  • Add an access_control example that triggers security here which populates the object
  • Add @Security("is_granted('IS_AUTHENTICATED_FULLY')") to trigger security before the $user is required

Besides of this, there's a small other issue: // the above is a shortcut for this makes it look like the isGranted is part of the "shortcut", while it's only the type-hint of the method that is part of the shortcut.
@javiereguiluz javiereguiluz added this to the 4.0 milestone Jan 14, 2018
@javiereguiluz
Copy link
Member

@iltar we changed that example. See https://symfony.com/doc/current/security.html#retrieving-the-user-object Do you think we need to remove the comment that mentions the UserInterface type-hint? Thanks!

@linaori
Copy link
Contributor Author
linaori commented Jan 14, 2018

@javiereguiluz as it's already explained below, I think the 2 comments in the code example can be removed (if that's what you're aiming at). 👍 for checking this, I already forgot about this issue

@javiereguiluz javiereguiluz added the hasPR A Pull Request has already been submitted for this issue. label Jan 15, 2018
@javiereguiluz javiereguiluz mentioned this issue Jan 15, 2018
Closed
javiereguiluz added a commit that referenced this issue Jan 20, 2018
@javiereguiluz
minor #9060 Don't mention the UserInterface type-hinting (javiereguiluz)
7d6d47b 
This PR was squashed before being merged into the 3.3 branch (closes #9060).

Discussion
----------

Don't mention the UserInterface type-hinting

This fixes #7506. Ping @iltar.

Commits
-------

3347569 Don't mention the UserInterface type-hinting
@javiereguiluz
Copy link
Member

Fixed by #9060.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug hasPR A Pull Request has already been submitted for this issue. Security Status: Needs Review
Projects
None yet
Milestone
4.0
Development

No branches or pull requests
4 participants
@javiereguiluz @linaori @xabbuh @carsonbot
0