Skip to content

Commit ef9c945

Browse files
javiereguiluzjaviereguiluz
committed
Minor tweaks
1 parent 523229b commit ef9c945

File tree

2 files changed

+14
-12
lines changed

2 files changed

+14
-12
lines changed

security.rst

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -2715,8 +2715,8 @@ anonymous users access by checking if there is no user set on the token::
27152715

27162716
.. versionadded:: 7.3
27172717

2718-
The `$vote` parameter in the :method:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::voteOnAttribute` method
2719-
was introduced in Symfony 7.3.
2718+
The ``$vote`` argument of the ``voteOnAttribute()`` method was introduced
2719+
in Symfony 7.3.
27202720

27212721
Setting Individual User Permissions
27222722
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

security/voters.rst

Lines changed: 12 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -51,8 +51,8 @@ which makes creating a voter even easier::
5151

5252
.. versionadded:: 7.3
5353

54-
The `$vote` parameter in the :method:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\VoterInterface::voteOnAttribute` method
55-
was introduced in Symfony 7.3.
54+
The ``$vote`` argument of the ``voteOnAttribute()`` method was introduced
55+
in Symfony 7.3.
5656

5757
.. _how-to-use-the-voter-in-a-controller:
5858

@@ -173,11 +173,10 @@ would look like this::
173173
protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token, ?Vote $vote = null): bool
174174
{
175175
$user = $token->getUser();
176-
$vote ??= new Vote();
177176

178177
if (!$user instanceof User) {
179178
// the user must be logged in; if not, deny access
180-
$vote->reasons[] = 'The user is not logged in.';
179+
$vote?->addReason('The user is not logged in.');
181180
return false;
182181
}
183182

@@ -205,12 +204,15 @@ would look like this::
205204

206205
private function canEdit(Post $post, User $user): bool
207206
{
208-
// this assumes that the Post object has a `getOwner()` method
209-
if ($user === $post->getOwner()) {
207+
// this assumes that the Post object has a `getAuthor()` method
208+
if ($user === $post->getAuthor()) {
210209
return true;
211210
}
212211

213-
$vote->reasons[] = 'You are not the owner of the Post.';
212+
$vote?->addReason(sprintf(
213+
'The logged in user (username: %s) is not the author of this post (id: %d).',
214+
$user->getUsername(), $post->getId()
215+
));
214216

215217
return false;
216218
}
@@ -233,9 +235,9 @@ To recap, here's what's expected from the two abstract methods:
233235
``voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token, ?Vote $vote = null)``
234236
If you return ``true`` from ``supports()``, then this method is called. Your
235237
job is to return ``true`` to allow access and ``false`` to deny access.
236-
The ``$token`` can be used to find the current user object (if any). The ``$vote``
237-
argument can be used to add a reason to the vote. In this example, all of the
238-
complex business logic is included to determine access.
238+
The ``$token`` can be used to find the current user object (if any).
239+
The ``$vote`` argument can be used to provide an explanation for the vote.
240+
This explanation is included in log messages and on exception pages.
239241

240242
.. _declaring-the-voter-as-a-service:
241243

0 commit comments

Comments
 (0)