Symfony @Security annotation with custom voter

Question

Symfony @Security annotation with custom voter

I wrote a custom voter to check if the user is the owner of the book he is trying to change. Therefore, I use the @Security annotation to secure the controller:

@Security("is_granted('BookVoter::ATTRIBUTE_OWNER', book)")

This is what I would like the @Security annotation to look like, but only works when writing the following:

@Security("is_granted('OWNER', book)")

I don't want to "hardcode" the "OWNER" string, it is a constant in my BookVoter. Any ideas how to achieve this?

Sincerely.

+3

security php annotations symfony

user3746259 21 jul. 15 at 16:31

source to share

1 answer

Yassine guedidi · Accepted Answer · 2015-07-22T08:12:12+0000

What are you passing annotations to @Security

Expression Language .

SensionFrameworkExtraBundle provides a function is_granted

for the expression language ( see here ).

The default expression language has a function constant()

, so you should use it in your case:

@Security("is_granted(constant('\\Full\\Namespace\\To\\BookVoter::ATTRIBUTE_OWNER'), book)")

Please note that you must use the full namespace notation.

Symfony @Security annotation with custom voter

More articles: