diff --git a/book/security.rst b/book/security.rst
index 5953e702654..094bb487bfe 100644
--- a/book/security.rst
+++ b/book/security.rst
@@ -884,7 +884,7 @@ Access Control in Templates
...........................
If you want to check if the current user has a role inside a template, use
-the built-in helper function:
+the built-in ``is_granted()`` helper function:
.. configuration-block::
@@ -900,20 +900,18 @@ the built-in helper function:
Delete
-If you use this function and you are *not* behind a firewall, an exception will
-be thrown. Again, it's almost always a good idea to have a main firewall that
-covers all URLs (as shown before in this chapter).
-
-.. caution::
+.. note::
- Be careful with this in your base layout or on your error pages! Because of
- some internal Symfony details, to avoid broken error pages in the ``prod``
- environment, wrap calls in these templates with a check for ``app.user``:
+ In Symfony versions previous to 2.8, using the ``is_granted()`` function
+ in a page that wasn't behind a firewall resulted in an exception. That's why
+ you also needed to check first for the existence of the user:
.. code-block:: html+twig
{% if app.user and is_granted('ROLE_ADMIN') %}
+ Starting from Symfony 2.8, the ``app.user and ...`` check is no longer needed.
+
Securing other Services
.......................
diff --git a/cookbook/controller/error_pages.rst b/cookbook/controller/error_pages.rst
index f169aa64cfb..e516976128a 100644
--- a/cookbook/controller/error_pages.rst
+++ b/cookbook/controller/error_pages.rst
@@ -96,7 +96,7 @@ To override the 404 error template for HTML pages, create a new
Page not found
{# example security usage, see below #}
- {% if app.user and is_granted('IS_AUTHENTICATED_FULLY') %}
+ {% if is_granted('IS_AUTHENTICATED_FULLY') %}
{# ... #}
{% endif %}
@@ -124,24 +124,6 @@ store the HTTP status code and message respectively.
for the standard HTML exception page or ``exception.json.twig`` for the JSON
exception page.
-Avoiding Exceptions when Using Security Functions in Error Templates
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-One of the common pitfalls when designing custom error pages is to use the
-``is_granted()`` function in the error template (or in any parent template
-inherited by the error template). If you do that, you'll see an exception thrown
-by Symfony.
-
-The cause of this problem is that routing is done before security. If a 404 error
-occurs, the security layer isn't loaded and thus, the ``is_granted()`` function
-is undefined. The solution is to add the following check before using this function:
-
-.. code-block:: twig
-
- {% if app.user and is_granted('...') %}
- {# ... #}
- {% endif %}
-
.. _testing-error-pages:
Testing Error Pages during Development
pFad - Phonifier reborn
Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.
Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.
Alternative Proxies:
Alternative Proxy
pFad Proxy
pFad v3 Proxy
pFad v4 Proxy