[Security] Add example to fetch User with CurrentUser attribute

Author: ker0x

controller/value_resolver.rst

@@ -148,6 +148,8 @@ Symfony ships with the following value resolvers in the
 
 In addition, some components, bridges and official bundles provide other value resolvers:
 
+.. _controller-value-resolver-current-user:
+
 :class:`Symfony\\Component\\Security\\Http\\Controller\\UserValueResolver`
     Injects the object that represents the current logged in user if type-hinted
     with ``UserInterface``. You can also type-hint your own ``User`` class but you

doctrine/events.rst

@@ -164,7 +164,7 @@ listener in the Symfony application by creating a new service for it and
 
 .. configuration-block::
 
-    .. code-block:: attribute
+    .. code-block:: php-attributes
 
         // src/App/EventListener/SearchIndexer.php
         namespace App\EventListener;

security.rst

@@ -1881,29 +1881,63 @@ Fetching the User Object
 ------------------------
 
 After authentication, the ``User`` object of the current user can be
-accessed via the ``getUser()`` shortcut in the
-:ref:`base controller <the-base-controller-class-services>`::
+accessed via the :ref:`#[CurrentUser] <controller-value-resolver-current-user>` attribute or ``getUser()`` shortcut in the
+:ref:`base controller <the-base-controller-class-services>`:
 
-    use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+.. configuration-block::
 
-    class ProfileController extends AbstractController
-    {
-        public function index(): Response
+    .. code-block:: php-attributes
+
+        // src/Controller/ProfileController.php
+
+        use App\Entity\User;
+        use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
+        use Symfony\Component\Security\Http\Attribute\CurrentUser;
+
+        class ProfileController extends AbstractController
         {
             // usually you'll want to make sure the user is authenticated first,
             // see "Authorization" below
-            $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
+            #[IsGranted('IS_AUTHENTICATED_FULLY')]
+            public function index(
+                // returns your User object, or null if the user is not authenticated
+                #[CurrentUser] ?User $user
+            ): Response {
+                // Call whatever methods you've added to your User class
+                // For example, if you added a getFirstName() method, you can use that.
+                return new Response('Well hi there '.$user->getFirstName());
+            }
+        }
 
-            // returns your User object, or null if the user is not authenticated
-            // use inline documentation to tell your editor your exact User class
-            /** @var \App\Entity\User $user */
-            $user = $this->getUser();
+    .. code-block:: php
+
+        // src/Controller/ProfileController.php
+
+        use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 
-            // Call whatever methods you've added to your User class
-            // For example, if you added a getFirstName() method, you can use that.
-            return new Response('Well hi there '.$user->getFirstName());
+        class ProfileController extends AbstractController
+        {
+            public function index(): Response
+            {
+                // usually you'll want to make sure the user is authenticated first,
+                // see "Authorization" below
+                $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY');
+
+                // returns your User object, or null if the user is not authenticated
+                // use inline documentation to tell your editor your exact User class
+                /** @var \App\Entity\User $user */
+                $user = $this->getUser();
+
+                // Call whatever methods you've added to your User class
+                // For example, if you added a getFirstName() method, you can use that.
+                return new Response('Well hi there '.$user->getFirstName());
+            }
         }
-    }
+
+.. note::
+
+    The ``#[CurrentUser]`` attribute can only be used in controller arguments to
+    retrieve the authenticated user.
 
 Fetching the User from a Service
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~