@@ -21,7 +21,8 @@ sections:
2121#. Fetching the current User object.
2222
2323These are followed by a number of small (but still captivating) sections,
24- like :ref: `logging out <book-security-logging-out >` and :ref: `encoding user passwords <security-encoding-password >`.
24+ like :ref: `logging out <book-security-logging-out >` and
25+ :ref: `encoding user passwords <security-encoding-password >`.
2526
2627.. _book-security-firewalls :
2728
@@ -658,11 +659,11 @@ Add Code to Deny Access
658659
659660There are **two ** ways to deny access to something:
660661
661- 1) :ref: `access_control in security.yml <security-authorization-access-control >`
662+ #. :ref: `access_control in security.yml <security-authorization-access-control >`
662663 allows you to protect URL patterns (e.g. ``/admin/* ``). This is easy,
663664 but less flexible;
664665
665- 2) :ref: `in your code via the security.context service <book-security-securing-controller >`.
666+ #. :ref: `in your code via the security.context service <book-security-securing-controller >`.
666667
667668.. _security-authorization-access-control :
668669
@@ -814,8 +815,10 @@ You can easily deny access from inside a controller::
814815 }
815816
816817That's it! If the user isn't logged in yet, they will be asked to login (e.g.
817- redirected to the login page). If they *are * logged in, they'll be shown
818- the 403 access denied page (which you can :ref: `customize <cookbook-error-pages-by-status-code >`).
818+ redirected to the login page). If they *are * logged in, but do *not * have the
819+ ``ROLE_ADMIN `` role, they'll be shown the 403 access denied page (which you can
820+ :ref: `customize <cookbook-error-pages-by-status-code >`). If they are logged in
821+ and have the correct roles, the code will be executed.
819822
820823.. _book-security-template :
821824
@@ -839,14 +842,13 @@ the built-in helper function:
839842 <a href="...">Delete</a>
840843 <?php endif ?>
841844
842- If you use this function and are *not * behind a firewall, an exception
843- will be thrown. Again, it's almost always a good
844- idea to have a main firewall that covers all URLs (as has been shown
845- in this chapter).
845+ If you use this function and you are *not * behind a firewall, an exception will
846+ be thrown. Again, it's almost always a good idea to have a main firewall that
847+ covers all URLs (as shown before in this chapter).
846848
847849.. caution ::
848850
849- Be careful with this in your layout or on your error pages! Because of
851+ Be careful with this in your base layout or on your error pages! Because of
850852 some internal Symfony details, to avoid broken error pages in the ``prod ``
851853 environment, wrap calls in these templates with a check for ``app.user ``:
852854
@@ -857,10 +859,10 @@ in this chapter).
857859Securing other Services
858860.......................
859861
860- In fact, anything in Symfony can be protected by doing something similar
861- to this . For example, suppose you have a service (i.e. a PHP class) whose
862- job is to send emails. You can restrict use of this class - no matter where
863- it's being used from - to only certain users.
862+ Anything in Symfony can be protected by doing something similar to the code
863+ used to secure a controller . For example, suppose you have a service (i.e. a
864+ PHP class) whose job is to send emails. You can restrict use of this class - no
865+ matter where it's being used from - to only certain users.
864866
865867For more information see :doc: `/cookbook/security/securing_services `.
866868
@@ -869,7 +871,8 @@ Checking to see if a User is Logged In (IS_AUTHENTICATED_FULLY)
869871
870872So far, you've checked access based on roles - those strings that start with
871873``ROLE_ `` and are assigned to users. But if you *only * want to check if a
872- user is logged in (you don't care about roles), then you can see ``IS_AUTHENTICATED_FULLY ``::
874+ user is logged in (you don't care about roles), then you can use
875+ ``IS_AUTHENTICATED_FULLY ``::
873876
874877 // ...
875878 use Symfony\Component\Security\Core\Exception\AccessDeniedException;
@@ -957,6 +960,7 @@ Now you can call whatever methods are on *your* User object. For example,
957960if your User object has a ``getFirstName() `` method, you could use that::
958961
959962 use Symfony\Component\HttpFoundation\Response;
963+ // ...
960964
961965 public function indexAction()
962966 {
@@ -1262,7 +1266,7 @@ configuration tree may be useful.
12621266
12631267Good luck!
12641268
1265- Learn more from the Cookbook
1269+ Learn More from the Cookbook
12661270----------------------------
12671271
12681272* :doc: `Forcing HTTP/HTTPS </cookbook/security/force_https >`
0 commit comments