bug #4139 cleaned up the code example (gondo)

This PR was submitted for the 2.5 branch but it was merged into the 2.3 branch instead (closes #4139). Discussion ---------- cleaned up the code example - added final return for `vote()` function - moved `$user` below attribute check. if attribute fails, we don't need user - used already declared constants in switch statement, rather than harcoded strings Commits ------- 081b3c7 cleaned up the code example
symfony · Aug 19, 2014 · 53b2c2b · 53b2c2b
2 parents b5c9f2a + 1acd1c0
commit 53b2c2b
Showing 1 changed file with 7 additions and 5 deletions.
diff --git a/cookbook/security/voters_data_permission.rst b/cookbook/security/voters_data_permission.rst
@@ -105,36 +105,38 @@ edit a particular object. Here's an example implementation::
             // set the attribute to check against
             $attribute = $attributes[0];
 
-            // get current logged in user
-            $user = $token->getUser();
-
             // check if the given attribute is covered by this voter
             if (!$this->supportsAttribute($attribute)) {
                 return VoterInterface::ACCESS_ABSTAIN;
             }
 
+            // get current logged in user
+            $user = $token->getUser();
+
             // make sure there is a user object (i.e. that the user is logged in)
             if (!$user instanceof UserInterface) {
                 return VoterInterface::ACCESS_DENIED;
             }
 
             switch($attribute) {
-                case 'view':
+                case self::VIEW:
                     // the data object could have for example a method isPrivate()
                     // which checks the Boolean attribute $private
                     if (!$post->isPrivate()) {
                         return VoterInterface::ACCESS_GRANTED;
                     }
                     break;
 
-                case 'edit':
+                case self::EDIT:
                     // we assume that our data object has a method getOwner() to
                     // get the current owner user entity for this data object
                     if ($user->getId() === $post->getOwner()->getId()) {
                         return VoterInterface::ACCESS_GRANTED;
                     }
                     break;
             }
+            
+            return VoterInterface::ACCESS_DENIED;
         }
     }