Reputation: 1581
Symfony @Security Annotation with a custom Voter
I've written a custom voter to check if a user is the owner of a book, that he's trying to edit. Therefore i'm using the "@Security" annotation to secure the Controller:
@Security("is_granted('BookVoter::ATTRIBUTE_OWNER', book)")
This is what I would like to have the @Security annotation look like, but it is only working when I write the following:
@Security("is_granted('OWNER', book)")
I don't want to "hardcode" the 'OWNER' string, it is a constant within my BookVoter. Any ideas how to achieve this?
Regards.
Upvotes: 4
Views: 2596
Answers (1)
Reputation: 1715
What you pass to the @Security annotation is Expression Language.
The SensionFrameworkExtraBundle provide the is_granted function to the expression language (see here).
Expression Language has by default a constant() function, so you should use it in your case:
@Security("is_granted(constant('\\Full\\Namespace\\To\\BookVoter::ATTRIBUTE_OWNER'), book)")
Note that you should use the full namespace notation.
Upvotes: 3
Related Questions
- Symfony how to use annotation @Security
- Symfony 4 Voter Annotations (@IsGranted)
- Secure method using annotations
- Passing object to custom voter?
- Symfony2.3 custom voter via @SecureParam
- Symfony2 custom security voter not working
- Custom message for @Security annotation
- Custom security voter issue Symfony2
- Custom annotation conflict with @secure from jms/SecurityExtraBundle
- Symfony2 security @Secure annotation not working