From d6e6999049b28b9051e584b60333902e61f142b5 Mon Sep 17 00:00:00 2001
From: Valerio Colella <valerio.colella@linksmt.it>
Date: Fri, 3 May 2024 17:34:06 +0200
Subject: [PATCH] feature #19589 [Security] Document "pass controller object
 argument by name" behavior for IsGranted attribute

---
 security.rst        | 19 +++++++++++++++++++
 security/voters.rst |  2 ++
 2 files changed, 21 insertions(+)

diff --git a/security.rst b/security.rst
index 2b4350e27ee..fa558af149a 100644
--- a/security.rst
+++ b/security.rst
@@ -2548,6 +2548,25 @@ the ``ROLE_SUPER_ADMIN`` permission:
         }
     }
 
+You can pass any controller argument to the #[IsGranted()] attribute by name:
+
+.. code-block:: php-attributes
+
+    // src/Controller/PostController.php
+    // ...
+
+    use Symfony\Component\Security\Http\Attribute\IsGranted;
+
+    class PostController extends AbstractController
+    {
+        #[Route('/posts/{id}/edit', name: 'post_edit')]
+        #[IsGranted('edit', 'post')]
+        public function edit(Post $post): Response
+        {
+            // ...
+        }
+    }
+
 If you want to use a custom status code instead of the default one (which
 is 403), this can be done by setting with the ``statusCode`` argument::
 
diff --git a/security/voters.rst b/security/voters.rst
index 7d37aea2510..196ea529bd9 100644
--- a/security/voters.rst
+++ b/security/voters.rst
@@ -78,6 +78,7 @@ code like this:
         {
             #[Route('/posts/{id}', name: 'post_show')]
             // check for "view" access: calls all voters
+            // pass the Post entity by name
             #[IsGranted('view', 'post')]
             public function show(Post $post): Response
             {
@@ -86,6 +87,7 @@ code like this:
 
             #[Route('/posts/{id}/edit', name: 'post_edit')]
             // check for "edit" access: calls all voters
+            // pass the Post entity by name
             #[IsGranted('edit', 'post')]
             public function edit(Post $post): Response
             {

<!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>
<html xmlns='http://www.w3.org/1999/xhtml'>
<head>
<title>pFad - Phonifier reborn</title>
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
</head>
<body>
<h1>Pfad - The Proxy pFad of &#169; 2024 Garber Painting. All rights reserved.</h1>


<!-- Disclaimer -->
<p>Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.</p>
<br>
<p>Alternative Proxies:</p><p><a href="http://rainy.clevelandohioweatherforecast.com/php-proxy/index.php?q=https://patch-diff.githubusercontent.com/raw/symfony/symfony-docs/pull/19858.patch" target="_blank">Alternative Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony-docs/pull/19858.patch" target="_blank">pFad Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v3index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony-docs/pull/19858.patch" target="_blank">pFad v3 Proxy</a></p><p><a href="http://rainy.clevelandohioweatherforecast.com/pFad/v4index.php?u=https://patch-diff.githubusercontent.com/raw/symfony/symfony-docs/pull/19858.patch" target="_blank">pFad v4 Proxy</a></p></body>
</html>