From 0b08f8193e51c4cbdd367da98f0cf0d35e5d9274 Mon Sep 17 00:00:00 2001
From: Maxime Doutreluingne <maxime.doutreluingne@gmail.com>
Date: Sun, 23 Oct 2022 10:15:22 +0200
Subject: [PATCH] Allow specifying attributes for `RequestMatcher`

---
 security/access_control.rst | 27 +++++++++++++++++++++++++++
 1 file changed, 27 insertions(+)

diff --git a/security/access_control.rst b/security/access_control.rst
index e658e2c844e..6b2d53cd848 100644
--- a/security/access_control.rst
+++ b/security/access_control.rst
@@ -30,11 +30,17 @@ options are used for matching:
 * ``host``: a regular expression
 * ``methods``: one or many HTTP methods
 * ``request_matcher``: a service implementing ``RequestMatcherInterface``
+* ``attributes``: an array, which can be used to specify one or more :ref:`request attributes <accessing-request-data>` that must match exactly
+* ``route``: a route name
 
 .. versionadded:: 6.1
 
     The ``request_matcher`` option was introduced in Symfony 6.1.
 
+.. versionadded:: 6.2
+
+    The ``route`` and ``attributes`` options were introduced in Symfony 6.2.
+
 Take the following ``access_control`` entries as an example:
 
 .. configuration-block::
@@ -60,6 +66,10 @@ Take the following ``access_control`` entries as an example:
                 # for custom matching needs, use a request matcher service
                 - { roles: ROLE_USER, request_matcher: App\Security\RequestMatcher\MyRequestMatcher }
 
+                # require ROLE_ADMIN for 'admin' route. You can use the shortcut "route: "xxx", instead of "attributes": ["_route": "xxx"]
+                - { attributes: {'_route': 'admin'}, roles: ROLE_ADMIN }
+                - { route: 'admin', roles: ROLE_ADMIN }
+
     .. code-block:: xml
 
         <!-- config/packages/security.xml -->
@@ -93,6 +103,12 @@ Take the following ``access_control`` entries as an example:
 
                 <!-- for custom matching needs, use a request matcher service -->
                 <rule role="ROLE_USER" request-matcher="App\Security\RequestMatcher\MyRequestMatcher"/>
+
+                <!-- require ROLE_ADMIN for 'admin' route. You can use the shortcut route="xxx" -->
+                <rule role="ROLE_ADMIN">
+                    <attribute key="_route">admin</attribute>
+                </rule>
+                <rule route="admin" role="ROLE_ADMIN"/>
             </config>
         </srv:container>
 
@@ -144,6 +160,17 @@ Take the following ``access_control`` entries as an example:
                 ->roles(['ROLE_USER'])
                 ->requestMatcher('App\Security\RequestMatcher\MyRequestMatcher')
             ;
+
+            // require ROLE_ADMIN for 'admin' route. You can use the shortcut route('xxx') mehtod,
+            // instead of attributes(['_route' => 'xxx']) method
+            $security->accessControl()
+                ->roles(['ROLE_ADMIN'])
+                ->attributes(['_route' => 'admin'])
+            ;
+            $security->accessControl()
+                ->roles(['ROLE_ADMIN'])
+                ->route('admin')
+            ;
         };
 
 For each incoming request, Symfony will decide which ``access_control``