diff --git a/controller/value_resolver.rst b/controller/value_resolver.rst index 6ceeee77084..7227578213b 100644 --- a/controller/value_resolver.rst +++ b/controller/value_resolver.rst @@ -148,6 +148,8 @@ Symfony ships with the following value resolvers in the In addition, some components, bridges and official bundles provide other value resolvers: +.. _controller-value-resolver-current-user: + :class:`Symfony\\Component\\Security\\Http\\Controller\\UserValueResolver` Injects the object that represents the current logged in user if type-hinted with ``UserInterface``. You can also type-hint your own ``User`` class but you diff --git a/doctrine/events.rst b/doctrine/events.rst index 8769c44211d..65f48d46047 100644 --- a/doctrine/events.rst +++ b/doctrine/events.rst @@ -164,7 +164,7 @@ listener in the Symfony application by creating a new service for it and .. configuration-block:: - .. code-block:: attribute + .. code-block:: php-attributes // src/App/EventListener/SearchIndexer.php namespace App\EventListener; diff --git a/security.rst b/security.rst index 48f1915b70a..14801d08eb9 100644 --- a/security.rst +++ b/security.rst @@ -1881,29 +1881,65 @@ Fetching the User Object ------------------------ After authentication, the ``User`` object of the current user can be -accessed via the ``getUser()`` shortcut in the -:ref:`base controller `:: +accessed via the :ref:`#[CurrentUser] ` attribute or ``getUser()`` shortcut in the +:ref:`base controller `: - use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; +.. configuration-block:: - class ProfileController extends AbstractController - { - public function index(): Response + .. code-block:: php-attributes + + // src/Controller/ProfileController.php + namespace App\Controller; + + use App\Entity\User; + use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; + use Symfony\Component\Security\Http\Attribute\CurrentUser; + + class ProfileController extends AbstractController { // usually you'll want to make sure the user is authenticated first, // see "Authorization" below - $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY'); + #[IsGranted('IS_AUTHENTICATED_FULLY')] + public function index( + // returns your User object, or null if the user is not authenticated + #[CurrentUser] ?User $user + ): Response { + // Call whatever methods you've added to your User class + // For example, if you added a getFirstName() method, you can use that. + return new Response('Well hi there '.$user->getFirstName()); + } + } - // returns your User object, or null if the user is not authenticated - // use inline documentation to tell your editor your exact User class - /** @var \App\Entity\User $user */ - $user = $this->getUser(); + .. code-block:: php + + // src/Controller/ProfileController.php + namespace App\Controller; - // Call whatever methods you've added to your User class - // For example, if you added a getFirstName() method, you can use that. - return new Response('Well hi there '.$user->getFirstName()); + use Symfony\Bundle\FrameworkBundle\Controller\AbstractController; + + class ProfileController extends AbstractController + { + public function index(): Response + { + // usually you'll want to make sure the user is authenticated first, + // see "Authorization" below + $this->denyAccessUnlessGranted('IS_AUTHENTICATED_FULLY'); + + // returns your User object, or null if the user is not authenticated + // use inline documentation to tell your editor your exact User class + /** @var \App\Entity\User $user */ + $user = $this->getUser(); + + // Call whatever methods you've added to your User class + // For example, if you added a getFirstName() method, you can use that. + return new Response('Well hi there '.$user->getFirstName()); + } } - } + +.. note:: + + The ``#[CurrentUser]`` attribute can only be used in controller arguments to + retrieve the authenticated user. Fetching the User from a Service ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~