Skip to content

Commit dac0f62

Browse files
committed
security add expression voter
1 parent 7a838f0 commit dac0f62

File tree

1 file changed

+34
-0
lines changed

1 file changed

+34
-0
lines changed

components/security/authorization.rst

Lines changed: 34 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -157,6 +157,40 @@ role::
157157

158158
$roleHierarchyVoter = new RoleHierarchyVoter($roleHierarchy);
159159

160+
ExpressionVoter
161+
~~~~~~~~~~~~~~~~~~
162+
The :class:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\ExpressionVoter`
163+
supports :class:`Symfony\\Component\\ExpressionLanguage\\Expression` attributes
164+
and grants access based on the evaluation of expression (See :doc:`/security/expressions` )
165+
166+
.. code-block:: php
167+
168+
use Symfony\Component\ExpressionLanguage\Expression;
169+
use Symfony\Component\Security\Core\Authorization\Voter\ExpressionVoter;
170+
171+
// Symfony\Component\Security\Core\Authorization\ExpressionLanguage;
172+
$expressionLanguage = ...;
173+
174+
// instance of Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface
175+
$trustResolver = ...;
176+
177+
// Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface
178+
$authorizationChecker = ...;
179+
180+
$expressionVoter = new ExpressionVoter($expressionLanguage, $trustResolver, $authorizationChecker);
181+
182+
// instance of Symfony\Component\Security\Core\Authentication\Token\TokenInterface
183+
$token = ...;
184+
185+
// any object
186+
$object = ...;
187+
188+
$expression = new Expression(
189+
'"ROLE_ADMIN" in roles or (not is_anonymous() and user.isSuperAdmin())'
190+
)
191+
192+
$vote = $expressionVoter->vote($token, $object, array($expression));
193+
160194
.. note::
161195

162196
When you make your own voter, you can use its constructor

0 commit comments

Comments
 (0)