@@ -40,14 +40,20 @@ or extend :class:`Symfony\\Component\\Security\\Core\\Authorization\\Voter\\Vote
40
40
which makes creating a voter even easier::
41
41
42
42
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
43
+ use Symfony\Component\Security\Core\Authorization\Voter\Vote;
43
44
use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;
44
45
45
46
abstract class Voter implements VoterInterface
46
47
{
47
48
abstract protected function supports(string $attribute, mixed $subject): bool;
48
- abstract protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool;
49
+ abstract protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token, ?Vote $vote = null ): bool;
49
50
}
50
51
52
+ .. versionnadded :: 7.3
53
+
54
+ The vote parameter in the :method: `Symfony\C omponent\S ecurity\C ore\A uthorization\V oter\V oterInterface::voteOnAttribute ` method
55
+ voteOnAttribute method was introduced in Symfony 7.3.
56
+
51
57
.. _how-to-use-the-voter-in-a-controller :
52
58
53
59
.. tip ::
@@ -140,6 +146,7 @@ would look like this::
140
146
use App\Entity\Post;
141
147
use App\Entity\User;
142
148
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
149
+ use Symfony\Component\Security\Core\Authorization\Voter\Vote;
143
150
use Symfony\Component\Security\Core\Authorization\Voter\Voter;
144
151
145
152
class PostVoter extends Voter
@@ -163,12 +170,14 @@ would look like this::
163
170
return true;
164
171
}
165
172
166
- protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token): bool
173
+ protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token, ?Vote $vote = null ): bool
167
174
{
168
175
$user = $token->getUser();
176
+ $vote ??= new Vote();
169
177
170
178
if (!$user instanceof User) {
171
179
// the user must be logged in; if not, deny access
180
+ $vote->reasons[] = 'The user is not logged in.';
172
181
return false;
173
182
}
174
183
@@ -215,11 +224,12 @@ To recap, here's what's expected from the two abstract methods:
215
224
return ``true `` if the attribute is ``view `` or ``edit `` and if the object is
216
225
a ``Post `` instance.
217
226
218
- ``voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token) ``
227
+ ``voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token, ?Vote $vote = null ) ``
219
228
If you return ``true `` from ``supports() ``, then this method is called. Your
220
229
job is to return ``true `` to allow access and ``false `` to deny access.
221
- The ``$token `` can be used to find the current user object (if any). In this
222
- example, all of the complex business logic is included to determine access.
230
+ The ``$token `` can be used to find the current user object (if any). The ``$vote ``
231
+ argument can be used to add a reason to the vote. In this example, all of the
232
+ complex business logic is included to determine access.
223
233
224
234
.. _declaring-the-voter-as-a-service :
225
235
@@ -256,7 +266,7 @@ with ``ROLE_SUPER_ADMIN``::
256
266
) {
257
267
}
258
268
259
- protected function voteOnAttribute($attribute, mixed $subject, TokenInterface $token): bool
269
+ protected function voteOnAttribute($attribute, mixed $subject, TokenInterface $token, ?Vote $vote = null ): bool
260
270
{
261
271
// ...
262
272
0 commit comments