minor #12827 [Security] Add a note about Access Decision Strategy with access_control (nesk)

javiereguiluz · javiereguiluz · commit ab6a3ad0a1cb · 2020-01-02T15:21:10.000+01:00
This PR was merged into the 3.4 branch. Discussion ---------- [Security] Add a note about Access Decision Strategy with access_control It took me so much time to understand why my `access_control` wasn't working properly, this was due to my Access Decision Strategy being `affirmative` instead of `unanimous`. Commits ------- ea7a857 Add a note about voters with access_control
diff --git a/security/access_control.rst b/security/access_control.rst
@@ -160,6 +160,13 @@ options:
     can learn how to use your custom attributes by reading
     :ref:`security/custom-voter`.
 
+.. caution::
+
+    If you define both ``roles`` and ``allow_if``, and your Access Decision
+    Strategy is the default one (``affirmative``), then the user will be granted
+    access if there's at least one valid condition. See :doc:`/security/voters`
+    to change your strategy to something more suited to your needs.
+
 .. tip::
 
     If access is denied, the system will try to authenticate the user if not
