How to resolve the issue with getting access denied reason text when using CustomVoter and IsGranted()?

A

Alexander Evgenievich2015-11-04 14:25:05

symfony

Alexander Evgenievich, 2015-11-04 14:25:05

Hello.
Voter returns ACCESS_GRANTED or ACCESS_DENIED in cases where access is allowed or denied, respectively, but the check for access permission is complex, i.e. factors that influence the decision-making are not always single, for example: you want to pay for the goods, but you are denied access, and in fact, the reasons for the refusal may be different, either "The account is blocked", or the account is not blocked, but "There are not enough funds for account". And I would like to receive specific error messages due to which access was denied in order to display to the user in the controller.
Is it appropriate to write errors to a special service that will be called in Voter when access is denied, or use a static class?
Or maybe use a trait that will work with a static class and implement this trait in Voters ?

Reply

Answer the question

In order to leave comments, you need to log in

1 answer(s)

S

Sergey, 2015-11-04
@banderos120

Account blocked

this is a business rule, it should not be shoved into the security waterer.
Again, this rule should not be in the security guard. Here you can just throw an exception or something in the corresponding service.
Security gates are only needed to determine whether the user can perform some action or not. And there can be only one reason - there are no rights.
Please implement other business rules and restrictions in your services. You can use the same chain-of-responsibilitites template if you like, but...