Symfony News

New in Symfony 4.2: Detailed security voters decisions

Laurent Voullemier

Contributed by
Laurent Voullemier
in #27914.

Security voters are the key feature of Symfony's authorization mechanism. They provide the most granular way of checking permissions (e.g. "can this specific user edit the given item?").

In order to grant or deny permission, all the voters' decisions are aggregated by the Access Decision Manager. Then, depending on your application config, permission is granted if all voters said yes (unanimous), or if the majority said yes (consensus), or if at least one voter said yes (affirmative).

Sometimes, when your security logic is complex, you may need to know exactly why some permission was granted. Symfony Profiler already shows some details about voters:

However, the information is not as detailed as it should be. In Symfony 4.2, we improved this panel to display all the information available about the voters decisions and not only the aggregated results:

Be trained by Symfony experts - 2018-11-7 Paris - 2018-11-12 Clichy - 2018-11-12 Clichy

About us

What a Symfony developer should know about the framework: News, Jobs, Tweets, Events, Videos,...

Find us on Twitter

Find us on Facebook