@@ -393,20 +393,24 @@ generated earlier, the roles are an array that's stored in the database, and
393393every user is *always * given at least one role: ``ROLE_USER ``::
394394
395395 // src/Entity/User.php
396- // ...
397-
398- /**
399- * @ORM\Column(type="json")
400- */
401- private $roles = [];
402396
403- public function getRoles(): array
397+ // ...
398+ class User
404399 {
405- $roles = $this->roles;
406- // guarantee every user at least has ROLE_USER
407- $roles[] = 'ROLE_USER';
400+ /**
401+ * @ORM\Column(type="json")
402+ */
403+ private $roles = [];
408404
409- return array_unique($roles);
405+ // ...
406+ public function getRoles(): array
407+ {
408+ $roles = $this->roles;
409+ // guarantee every user at least has ROLE_USER
410+ $roles[] = 'ROLE_USER';
411+
412+ return array_unique($roles);
413+ }
410414 }
411415
412416This is a nice default, but you can do *whatever * you want to determine which roles
@@ -665,6 +669,16 @@ Securing other Services
665669
666670See :doc: `/security/securing_services `.
667671
672+ Securing Individual Objects
673+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~
674+
675+ Most applications require more specific access rules. For instance, a user
676+ should be able to only edit their own comments on a blog. Voters allow you
677+ to write *whatever * business logic you need to determine access. Using
678+ these voters is similar to the role-based access checks implemented in the
679+ previous chapters. Read :doc: `/security/voters ` to learn how to implement
680+ your own voter.
681+
668682Checking to see if a User is Logged In (IS_AUTHENTICATED_FULLY)
669683~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
670684
@@ -717,22 +731,6 @@ like this:
717731 The ``IS_ANONYMOUS ``, ``IS_REMEMBERED `` and ``IS_IMPERSONATOR ``
718732 attributes were introduced in Symfony 5.1.
719733
720- .. _security-secure-objects :
721-
722- Access Control Lists (ACLs): Securing individual Database Objects
723- ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
724-
725- Imagine you are designing a blog where users can comment on your posts. You
726- also want a user to be able to edit their own comments, but not those of
727- other users. Also, as the admin user, you want to be able to edit *all * comments.
728-
729- :doc: `Voters </security/voters >` allow you to write *whatever * business logic you
730- need (e.g. the user can edit this post because they are the creator) to determine
731- access. That's why voters are officially recommended by Symfony to create ACL-like
732- security systems.
733-
734- If you still prefer to use traditional ACLs, refer to the `Symfony ACL bundle `_.
735-
736734.. _retrieving-the-user-object :
737735
7387365a) Fetching the User Object
@@ -1072,6 +1070,5 @@ Authorization (Denying Access)
10721070
10731071.. _`FrameworkExtraBundle documentation` : https://symfony.com/doc/current/bundles/SensioFrameworkExtraBundle/index.html
10741072.. _`HWIOAuthBundle` : https://github.com/hwi/HWIOAuthBundle
1075- .. _`Symfony ACL bundle` : https://github.com/symfony/acl-bundle
10761073.. _`Symfony Security screencast series` : https://symfonycasts.com/screencast/symfony-security
10771074.. _`MakerBundle` : https://symfony.com/doc/current/bundles/SymfonyMakerBundle/index.html
0 commit comments