Symfony2.3 custom voter via @SecureParam

Question

Symfony2.3 custom voter via @SecureParam

By recording the user voter and registering as a service (the first user voter in the project), Tested with:

/**
 * @Route("/delete/{id}", name="product_delete")
 * @Method("GET")
 */
public function deleteAction(Product $product)
{
    if (!$this->get('security.context')->isGranted("PRODUCT_DELETE", $product)) {
        throw new \Exception('ACCESS DENIED');
    }
}

And it works as expected. Nonetheless,

/**
 * @Route("/delete/{id}", name="product_delete")
 * @Method("GET")
 * @SecureParam(name="product", permissions="PRODUCT_DELETE")
 */
public function deleteAction(Product $product)
{
}

Regardless of the SecureParam annotation, the voter receives a call with the following parameters:

$attributes = ["ROLE_USER"];
$object instanceof \Symfony\Component\HttpFoundation\Request

I'm banging my head on the wall at the moment ...

+4

security annotations symfony

anonymous Nov 24 '14 at 15:53

source share

1 answer

Gildas · Accepted Answer · 2015-02-08T23:37:10+0000

Symfony2 has an access listener (for the kernel.request event) that checks the current security context for "security.access_control" (usually located in app / config / security.yml).

, () ( ), . - RoleVoter, , , .

. , VoterInterface:: ACCESS_ABSTAIN, , , .

, .

Symfony2.3 custom voter via @SecureParam

More articles: