Symfony2 - How to set the priority of the security voter used by the AccessDecisionManager?

I saw here on GitHub that the default settings use priority tags like the following:

<service id="security.access.simple_role_voter" class="%security.access.simple_role_voter.class%" public="false">
    <tag name="security.voter" priority="245" />
</service>

      

I cannot find a reference to this "priority" inside the AccessDecisionManager .

How does the parameter influence the decision-making process priority

?

+3


source to share


1 answer


The higher priority listener / voter is executed first.

For listener priorities, the following rules apply:

priority [...] by default is 0.

This value can range from -255 to 255, and the listeners will be executed in order of priority ( highest to lowest ).

(see How to create an event listener. )


app / Config/security.yml

The parameter security.access_decision_manager

determines the strategy used for the final decision:

security:
    access_decision_manager: 
        strategy: affirmative # <- strategy setting

      



There are 3 strategies available:

  • unanimous

    - 1 single voter denies access.
  • affirmative

    - 1 single voter grants access.
  • consensus

    - The majority wins.

(See Changing Your Decision Making Strategy )


The voter's decision is expressed in the return value of this method vote()

. Example:

use Symfony\Component\Security\Core\Authorization\Voter\VoterInterface;

public function vote(TokenInterface $token, $post, array $attributes)
{
    // ...

    return VoterInterface::ACCESS_GRANTED;
}

      

  • VoterInterface::ACCESS_GRANTED

    Permission will be granted by that voter;
  • VoterInterface::ACCESS_ABSTAIN

    The voter cannot decide whether a permit is permitted;
  • VoterInterface::ACCESS_DENIED

    The authority will be rejected by that voter.

(see How to use voters to check user rights )

+4


source







All Articles