From adf6f36231745098effe542f40bcd61ba68c1865 Mon Sep 17 00:00:00 2001 From: Christian Flothmann Date: Sat, 23 May 2015 19:55:04 +0200 Subject: [PATCH] revert #5271 on the 2.6 branch --- best_practices/security.rst | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) diff --git a/best_practices/security.rst b/best_practices/security.rst index ad2e776c93a..207499aea07 100644 --- a/best_practices/security.rst +++ b/best_practices/security.rst @@ -221,10 +221,6 @@ more advanced use-case, you can always do the same security check in PHP: .. code-block:: php - use Symfony\Component\Security\Core\Exception\AccessDeniedException; - - // ... - /** * @Route("/{id}/edit", name="admin_post_edit") */ @@ -238,7 +234,16 @@ more advanced use-case, you can always do the same security check in PHP: } if (!$post->isAuthor($this->getUser())) { - throw new AccessDeniedException(); + $this->denyAccessUnlessGranted('edit', $post); + + // or without the shortcut: + // + // use Symfony\Component\Security\Core\Exception\AccessDeniedException; + // ... + // + // if (!$this->get('security.authorization_checker')->isGranted('edit', $post)) { + // throw $this->createAccessDeniedException(); + // } } // ... @@ -327,10 +332,6 @@ via the even easier shortcut in a controller: .. code-block:: php - use Symfony\Component\Security\Core\Exception\AccessDeniedException; - - // ... - /** * @Route("/{id}/edit", name="admin_post_edit") */ @@ -342,6 +343,9 @@ via the even easier shortcut in a controller: // or without the shortcut: // + // use Symfony\Component\Security\Core\Exception\AccessDeniedException; + // ... + // // if (!$this->get('security.authorization_checker')->isGranted('edit', $post)) { // throw $this->createAccessDeniedException(); // }