Skip to content

Commit f467db9

Browse files
javiereguiluzjaviereguiluz
committed
[Security] Document the #[IsGranted()] attribute
1 parent 10706e8 commit f467db9

File tree

1 file changed

+13
-15
lines changed

1 file changed

+13
-15
lines changed

security.rst

Lines changed: 13 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -2198,8 +2198,10 @@ will happen:
21982198

21992199
.. _security-securing-controller-annotations:
22002200

2201-
Thanks to the SensioFrameworkExtraBundle, you can also secure your controller
2202-
using annotations:
2201+
Another way to secure one or more controller actions is to use an attribute or
2202+
annotation. In the following example, all controller actions will require the
2203+
``ROLE_ADMIN`` permission, except for ``adminDashboard()``, which will require
2204+
the ``ROLE_SUPER_ADMIN`` permission:
22032205

22042206
.. configuration-block::
22052207

@@ -2211,15 +2213,11 @@ using annotations:
22112213
use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
22122214
22132215
/**
2214-
* Require ROLE_ADMIN for all the actions of this controller
2215-
*
22162216
* @IsGranted("ROLE_ADMIN")
22172217
*/
22182218
class AdminController extends AbstractController
22192219
{
22202220
/**
2221-
* Require ROLE_SUPER_ADMIN only for this action
2222-
*
22232221
* @IsGranted("ROLE_SUPER_ADMIN")
22242222
*/
22252223
public function adminDashboard(): Response
@@ -2233,25 +2231,25 @@ using annotations:
22332231
// src/Controller/AdminController.php
22342232
// ...
22352233
2236-
use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
2234+
use Symfony\Component\Security\Http\Attribute\IsGranted;
22372235
2238-
/**
2239-
* Require ROLE_ADMIN for all the actions of this controller
2240-
*/
22412236
#[IsGranted('ROLE_ADMIN')]
22422237
class AdminController extends AbstractController
22432238
{
2244-
/**
2245-
* Require ROLE_SUPER_ADMIN only for this action
2246-
*/
22472239
#[IsGranted('ROLE_SUPER_ADMIN')]
22482240
public function adminDashboard(): Response
22492241
{
22502242
// ...
22512243
}
22522244
}
22532245
2254-
For more information, see the `FrameworkExtraBundle documentation`_.
2246+
The ``#[IsGranted()]`` attribute is built-in in Symfony and it's recommended for
2247+
modern applications. Using the ``@IsGranted()`` annotation requires to install
2248+
an external bundle called `FrameworkExtraBundle`_.
2249+
2250+
.. versionadded:: 6.2
2251+
2252+
The ``#[IsGranted()]`` attribute was introduced in Symfony 6.2.
22552253

22562254
.. _security-template:
22572255

@@ -2690,7 +2688,7 @@ Authorization (Denying Access)
26902688
security/access_denied_handler
26912689
security/force_https
26922690

2693-
.. _`FrameworkExtraBundle documentation`: https://symfony.com/doc/current/bundles/SensioFrameworkExtraBundle/index.html
2691+
.. _`FrameworkExtraBundle`: https://symfony.com/doc/current/bundles/SensioFrameworkExtraBundle/index.html
26942692
.. _`HWIOAuthBundle`: https://github.com/hwi/HWIOAuthBundle
26952693
.. _`OWASP Brute Force Attacks`: https://owasp.org/www-community/controls/Blocking_Brute_Force_Attacks
26962694
.. _`brute force login attacks`: https://owasp.org/www-community/controls/Blocking_Brute_Force_Attacks

0 commit comments

Comments
 (0)