Usage of denyAccessUnlessGranted in the controller

symfony · May 16, 2015 · b50b12d · b50b12d
1 parent 00ab55b
commit b50b12d
Showing 1 changed file with 12 additions and 4 deletions.
diff --git a/cookbook/security/voters_data_permission.rst b/cookbook/security/voters_data_permission.rst
@@ -203,7 +203,6 @@ from the authorization checker is called.
 
     use Symfony\Bundle\FrameworkBundle\Controller\Controller;
     use Symfony\Component\HttpFoundation\Response;
-    use Symfony\Component\Security\Core\Exception\AccessDeniedException;
 
     class PostController extends Controller
     {
@@ -213,9 +212,14 @@ from the authorization checker is called.
             $post = ...;
 
             // keep in mind, this will call all registered security voters
-            if (false === $this->get('security.authorization_checker')->isGranted('view', $post)) {
-                throw new AccessDeniedException('Unauthorised access!');
-            }
+            $this->denyAccessUnlessGranted('view', $post, 'Unauthorized access!');
+            
+            // the equivalent code without using the denyAccessUnlessGranted() shortcut
+            // use Symfony\Component\Security\Core\Exception\AccessDeniedException;
+            //
+            // if (false === $this->get('security.authorization_checker')->isGranted('view', $post)) {
+            //     throw new AccessDeniedException('Unauthorized access!');
+            // }
 
             return new Response('<h1>'.$post->getName().'</h1>');
         }
@@ -225,4 +229,8 @@ from the authorization checker is called.
     The ``security.authorization_checker`` service was introduced in Symfony 2.6. Prior
     to Symfony 2.6, you had to use the ``isGranted()`` method of the ``security.context`` service.
 
+.. versionadded:: 2.6
+    The ``denyAccessUnlessGranted()`` method was introduced in Symfony 2.6 as a shortcut.
+    It uses ``security.authorization_checker`` and throws an ``AccessDeniedException`` if needed.
+
 It's that easy!