Skip to content

[Security] improve VoteObject adding extraData #21420

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: 7.4
Choose a base branch
from
Open

[Security] improve VoteObject adding extraData #21420

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
65 changes: 65 additions & 0 deletions security/voters.rst
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -212,6 +212,17 @@
}
}

.. tip::

Votes define an ``$extraData`` property that you can use to store any data
that you might need later::

$vote->extraData['key'] = 'value'; // values can be of any type

.. versionadded:: 7.4

The ``$extraData`` property was introduced in Symfony 7.4.

That's it! The voter is done! Next, :ref:`configure it <declaring-the-voter-as-a-service>`.

To recap, here's what's expected from the two abstract methods:
Expand Down Expand Up @@ -512,6 +523,60 @@
;
};

When creating custom decision strategies, you can store additional data in votes
to be used later when making a decision. For example, if not all votes should
have the same weight, you could store a ``score`` value for each vote::

// src/Security/PostVoter.php
namespace App\Security;

use App\Entity\Post;
use App\Entity\User;
use Symfony\Component\Security\Core\Authentication\Token\TokenInterface;
use Symfony\Component\Security\Core\Authorization\Voter\Vote;
use Symfony\Component\Security\Core\Authorization\Voter\Voter;

class PostVoter extends Voter
{
// ...

protected function voteOnAttribute(string $attribute, mixed $subject, TokenInterface $token, ?Vote $vote = null): bool
{
// ...
$vote->extraData['score'] = 10;

// ...
}
}

Then, access that value when counting votes to make a decision::

// src/Security/MyCustomAccessDecisionStrategy.php
use Symfony\Component\Security\Core\Authorization\Strategy\AccessDecisionStrategyInterface;

class MyCustomAccessDecisionStrategy implemenets AccessDecisionStrategyInterface

Check failure on line 557 in security/voters.rst

View workflow job for this annotation

GitHub Actions / Code Blocks 

[PHP syntax] Syntax error, unexpected T_STRING, expecting '{'
{
public function decide(\Traversable $results, $accessDecision = null): bool
{
$score = 0;

foreach ($results as $key => $result) {
$vote = $accessDecision->votes[$key];
if (array_key_exists('score', $vote->extraData)) {
$score += $vote->extraData['score'];
} else {
$score += $vote->result;
}
}

// ...
}
}

Check failure on line 574 in security/voters.rst

View workflow job for this annotation

GitHub Actions / Code Blocks 

[PHP syntax] Syntax error, unexpected '}', expecting EOF

.. versionadded:: 7.4

The feature to store arbitrary data inside votes was introduced in Symfony 7.4.

Custom Access Decision Manager
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Expand Down
Loading