Skip to content

Commit b1a90ba

Browse files
inoryyinoryy
committed
add fixes to data_permission cookbook
1 parent b1cd35b commit b1a90ba

File tree

1 file changed

+27
-4
lines changed

1 file changed

+27
-4
lines changed

cookbook/security/voters_data_permission.rst

Lines changed: 27 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -37,12 +37,19 @@ For more information take a look at
3737
The Voter Interface
3838
-------------------
3939

40-
A custom voter must implement
40+
A custom voter needs to implement
4141
:class:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface`
42-
and an :class:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\AbstractVoter`
43-
class is provided with following structure:
42+
or extend :class:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\AbstractVoter`,
43+
which makes creating a voter even easier.
4444

45-
.. include:: /cookbook/security/abstract_voter.rst.inc
45+
.. code-block:: php
46+
47+
abstract class AbstractVoter implements VoterInterface
48+
{
49+
abstract protected function getSupportedClasses();
50+
abstract protected function getSupportedAttributes();
51+
abstract protected function isGranted($attribute, $object, $user = null);
52+
}
4653
4754
In this example, the voter will check if the user has access to a specific
4855
object according to your custom conditions (e.g. they must be the owner of
@@ -106,6 +113,22 @@ edit a particular object. Here's an example implementation:
106113
That's it! The voter is done. The next step is to inject the voter into
107114
the security layer.
108115

116+
To recap, here's what's expected from the three abstract methods:
117+
118+
The :method:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\AbstractVoter::getSupportedClasses`
119+
method tells Symfony that your voter should be called whenever an object of one of the given classes
120+
is passed to `isGranted` For example, if you return ['\Acme\DemoBundle\Model\Product'],
121+
Symfony will call your voter when a `Product` object is passed to `isGranted`.
122+
123+
The :method:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\AbstractVoter::getSupportedAttributes`
124+
method tells Symfony that your voter should be called whenever one of these strings is passes as the
125+
first argument to `isGranted`. For example, if you return `array('CREATE', 'READ')`, then
126+
Symfony will call your voter when one of these is passed to `isGranted`.
127+
128+
The :method:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\AbstractVoter::isGranted`
129+
method must implement the business logic that verifies whether or not a given
130+
user is allowed access to a given attribute on a given object. This method must return a boolean.
131+
109132
Declaring the Voter as a Service
110133
--------------------------------
111134

0 commit comments

Comments
 (0)