Fixing bad merge

weaverryan · weaverryan · commit c090a744c2de · 2014-12-07T17:25:41.000-05:00
diff --git a/best_practices/security.rst b/best_practices/security.rst
@@ -123,95 +123,6 @@ Using ``@Security``, this looks like:
         // ...
     }
 
-<<<<<<< HEAD
-Using Expressions for Complex Security Restrictions
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-If your security logic is a little bit more complex, you can use an `expression`_
-inside ``@Security``. In the following example, a user can only access the
-controller if their email matches the value returned by the ``getAuthorEmail``
-method on the ``Post`` object:
-
-.. code-block:: php
-
-    use AppBundle\Entity\Post;
-    use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
-    use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
-
-    /**
-     * @Route("/{id}/edit", name="admin_post_edit")
-     * @Security("user.getEmail() == post.getAuthorEmail()")
-     */
-    public function editAction(Post $post)
-    {
-        // ...
-    }
-
-Notice that this requires the use of the `ParamConverter`_, which automatically
-queries for the ``Post`` object and puts it on the ``$post`` argument. This
-is what makes it possible to use the ``post`` variable in the expression.
-
-This has one major drawback: an expression in an annotation cannot easily
-be reused in other parts of the application. Imagine that you want to add
-a link in a template that will only be seen by authors. Right now you'll
-need to repeat the expression code using Twig syntax:
-
-.. code-block:: html+jinja
-
-    {% if app.user and app.user.email == post.authorEmail %}
-        <a href=""> ... </a>
-    {% endif %}
-
-The easiest solution - if your logic is simple enough - is to add a new method
-to the ``Post`` entity that checks if a given user is its author:
-
-.. code-block:: php
-
-    // src/AppBundle/Entity/Post.php
-    // ...
-
-    class Post
-    {
-        // ...
-
-        /**
-         * Is the given User the author of this Post?
-         *
-         * @return bool
-         */
-        public function isAuthor(User $user = null)
-        {
-            return $user && $user->getEmail() == $this->getAuthorEmail();
-        }
-    }
-
-Now you can reuse this method both in the template and in the security expression:
-
-.. code-block:: php
-
-    use AppBundle\Entity\Post;
-    use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
-
-    /**
-     * @Route("/{id}/edit", name="admin_post_edit")
-     * @Security("post.isAuthor(user)")
-     */
-    public function editAction(Post $post)
-    {
-        // ...
-    }
-
-.. code-block:: html+jinja
-
-    {% if post.isAuthor(app.user) %}
-        <a href=""> ... </a>
-    {% endif %}
-
-.. _best-practices-directly-isGranted:
-=======
-.. _best-practices-directy-isGranted:
->>>>>>> pull/4548
-
 Checking Permissions without @Security
 --------------------------------------
 
