From dac0f62ae006b21427a161d30f59b79adca32968 Mon Sep 17 00:00:00 2001 From: Amaury Lavieille Date: Thu, 30 Aug 2018 17:12:02 +0200 Subject: [PATCH 1/2] security add expression voter --- components/security/authorization.rst | 34 +++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/components/security/authorization.rst b/components/security/authorization.rst index 482ea57f72b..7e68250b5ef 100644 --- a/components/security/authorization.rst +++ b/components/security/authorization.rst @@ -157,6 +157,40 @@ role:: $roleHierarchyVoter = new RoleHierarchyVoter($roleHierarchy); +ExpressionVoter +~~~~~~~~~~~~~~~~~~ +The :class:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\ExpressionVoter` +supports :class:`Symfony\\Component\\ExpressionLanguage\\Expression` attributes +and grants access based on the evaluation of expression (See :doc:`/security/expressions` ) + +.. code-block:: php + + use Symfony\Component\ExpressionLanguage\Expression; + use Symfony\Component\Security\Core\Authorization\Voter\ExpressionVoter; + + // Symfony\Component\Security\Core\Authorization\ExpressionLanguage; + $expressionLanguage = ...; + + // instance of Symfony\Component\Security\Core\Authentication\AuthenticationTrustResolverInterface + $trustResolver = ...; + + // Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface + $authorizationChecker = ...; + + $expressionVoter = new ExpressionVoter($expressionLanguage, $trustResolver, $authorizationChecker); + + // instance of Symfony\Component\Security\Core\Authentication\Token\TokenInterface + $token = ...; + + // any object + $object = ...; + + $expression = new Expression( + '"ROLE_ADMIN" in roles or (not is_anonymous() and user.isSuperAdmin())' + ) + + $vote = $expressionVoter->vote($token, $object, array($expression)); + .. note:: When you make your own voter, you can use its constructor From f47e911dd891a9105fd9683d96625f74c7003a10 Mon Sep 17 00:00:00 2001 From: Amaury Lavieille Date: Tue, 30 Apr 2019 18:55:22 +0200 Subject: [PATCH 2/2] Fix typo in authorization --- components/security/authorization.rst | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/components/security/authorization.rst b/components/security/authorization.rst index 7e68250b5ef..757f38cef1c 100644 --- a/components/security/authorization.rst +++ b/components/security/authorization.rst @@ -158,10 +158,11 @@ role:: $roleHierarchyVoter = new RoleHierarchyVoter($roleHierarchy); ExpressionVoter -~~~~~~~~~~~~~~~~~~ +~~~~~~~~~~~~~~~ + The :class:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\ExpressionVoter` supports :class:`Symfony\\Component\\ExpressionLanguage\\Expression` attributes -and grants access based on the evaluation of expression (See :doc:`/security/expressions` ) +and grants access based on the evaluation of expression (see :doc:`/security/expressions` ) .. code-block:: php