hshn / security-voter-extra-bundle
This package is abandoned and no longer maintained.
The author suggests using the hshn/security-voter-generator-bundle package instead.
Symfony HshnSecurityVoterGeneratorBundle
dev-master / 1.0.x-dev
2014-12-13 10:00 UTC
Requires
Requires (Dev)
- symfony/browser-kit: ~2.4
- symfony/expression-language: ~2.4
- symfony/property-access: ~2.4
- symfony/security-bundle: ~2.4
This package is not auto-updated.
Last update: 2022-02-01 12:38:18 UTC
README
This bundle provides the way to define definition of simple security voters for symfony
Installation
Step 1: Download HshnSecurityVoterGeneratorBundle using composer
$ php composer.phar require hshh/security-voter-generator-bundle:dev-master
Step 2: Enable the bundle
<?php // app/AppKernel.php public function registerBundles() { $bundles = array( // ... new \Hshn\ClassMatcherBundle\HshnClassMatcherBundle(), new \Hshn\SecurityVoterGeneratorBundle\HshnSecurityVoterGeneratorBundle(), ); }
Step 3: Configure the HshnSecurityVoterGeneratorBundle
# app/config/config.yml hshn_class_matcher: matchers: post: { equals: AcmeBundle\Entity\Post } hshn_security_voter_generator: voters: voter_1: attributes: [OWNER] class_matcher: post expression: 'user === object.getUser()' voter_2: attributes: [OWNER] class_matcher: post property_path: token: user object: user # It means '$token.getUser() === $object.getUser()'
Step 4: Add some authorization checking
<?php // controller/FooController.php /** * without any extra bundles */ public function bar1Action(AcmeBundle\Entity\Post $post) { // symfony 2.5 if (!$this->get('security.context')->isGranted('OWNER', $post)) { throw $this->createNotFoundException(); } // symfony 2.6+ if (!$this->get('security.authorization_checker')->isGranted('OWNER', $post)) { throw $this->createNotFoundException(); } } use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security; /** * with SensioFrameworkExtraBundle * * @Security("is_granted('OWNER', post)") */ public function bar2Action(AcmeBundle\Entity\Post $post) { } use JMS\SecurityExtraBundle\Annotation\SecureParam; /** * with JMSSecurityExtraBundle * * @SecureParam(name="post", permissions="OWNER") */ public function bar3Action(AcmeBundle\Entity\Post $post) { }