CODEWITHSUNDEEP
securitysymfony
Paweł Madej
Paweł Madej

Reputation: 1279

Symfony2 Voters - how can I read which one denied access

I test my new custom voter with strategy "unanimous" as recommended in symfony cookbook

Despite of my voter returning granted result is denied:

my voter

class OrderCardViewVoter implements VoterInterface {

    private $container;
    private $supportedRoles;

    public function __construct($container) {
        $this->container = $container;
        $this->supportedRoles = array('VIEW');
    }

    public function supportsAttribute($attribute) {
        return in_array($attribute, $this->supportedRoles);
        //return $attribute === 'VIEW';
    }

    public function supportsClass($class) {
        return true;
    }

    /**
     * Checks whether or not the current user can edit a comment.
     *
     * Users with the role ROLE_COMMENT_MODERATOR may always edit.
     * A comment's author can only edit within 5 minutes of it being posted.
     *
     * {@inheritdoc}
     */
    public function vote(TokenInterface $token, $object, array $attributes)
    {
        $result = VoterInterface::ACCESS_ABSTAIN;

        if (!$object instanceof OrderCard) {
            return $result;
        }

        foreach ($attributes as $attribute) {
            if (!$this->supportsAttribute($attribute)) {
                continue;
            }

            $result = VoterInterface::ACCESS_DENIED;

            if ($object->getEmployee()->getUser() === $token->getUser()
                     || in_array('ROLE_SUPER_ADMIN', $token->getRoles())) {
                return VoterInterface::ACCESS_GRANTED;
            }
        }
        return $result;
    }

my controller

public function printAction($id)
{
    $em = $this->getDoctrine()->getManager();

    $entity = $em->getRepository('CuculoERPBundle:OrderCard')->find($id);

    if (!$entity) {
        throw $this->createNotFoundException('Unable to find OrderCard entity.');
    }

    $securityContext = $this->get('security.context');
    if (false === $securityContext->isGranted('VIEW', $entity)) {
        throw new AccessDeniedException();
    }
    // ...

voter returns valid result for tested object if i remove strategy from security.yml file.

Upvotes: 2

Views: 473

Answers (1)

BruceWouaigne
BruceWouaigne

Reputation: 11

You can take a look at the

Symfony\Component\Security\Core\Authorization\AccessDecisionManager -> decideUnanimous(...)

And see which voter deny.

Upvotes: 1

Related Questions