Skip to content

Commit 7849fa2

Browse files
linaorilinaori
committed
Added docs mentioning UserInterface in action args
1 parent 06b4761 commit 7849fa2

File tree

1 file changed

+17
-4
lines changed

1 file changed

+17
-4
lines changed

security.rst

Lines changed: 17 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -995,14 +995,14 @@ After authentication, the ``User`` object of the current user can be accessed
995995
via the ``security.token_storage`` service. From inside a controller, this will
996996
look like::
997997

998-
public function indexAction()
998+
use Symfony\Component\Security\Core\User\UserInterface;
999+
1000+
public function indexAction(UserInterface $user)
9991001
{
10001002
if (!$this->get('security.authorization_checker')->isGranted('IS_AUTHENTICATED_FULLY')) {
10011003
throw $this->createAccessDeniedException();
10021004
}
10031005

1004-
$user = $this->getUser();
1005-
10061006
// the above is a shortcut for this
10071007
$user = $this->get('security.token_storage')->getToken()->getUser();
10081008
}
@@ -1012,6 +1012,11 @@ look like::
10121012
The user will be an object and the class of that object will depend on
10131013
your :ref:`user provider <security-user-providers>`.
10141014

1015+
.. versionadded:: 3.2
1016+
The functionality to get the user via the method signature was introduced in
1017+
Symfony 3.2. You can still retrieve it by calling ``$this->getUser()`` if you
1018+
extend the :class:`Symfony\\Bundle\\FrameworkBundle\\Controller\\Controller`.
1019+
10151020
Now you can call whatever methods are on *your* User object. For example,
10161021
if your User object has a ``getFirstName()`` method, you could use that::
10171022

@@ -1032,7 +1037,15 @@ It's important to check if the user is authenticated first. If they're not,
10321037
``$user`` will either be ``null`` or the string ``anon.``. Wait, what? Yes,
10331038
this is a quirk. If you're not logged in, the user is technically the string
10341039
``anon.``, though the ``getUser()`` controller shortcut converts this to
1035-
``null`` for convenience.
1040+
``null`` for convenience. When type-hinting the
1041+
:class:`Symfony\\Component\\Security\\Core\\User\\UserInterface\\UserInterface`
1042+
and being logged-in is optional, you can allow a null value for the argument::
1043+
1044+
public function indexAction(UserInterface $user = null)
1045+
{
1046+
// $user is null when not logged-in or anon.
1047+
}
1048+
10361049

10371050
The point is this: always check to see if the user is logged in before using
10381051
the User object, and use the ``isGranted`` method (or

0 commit comments

Comments
 (0)
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy