[Security] Add ability for voters to explain their vote #20690
Conversation
| If you return ``true`` from ``supports()``, then this method is called. Your | ||
| job is to return ``true`` to allow access and ``false`` to deny access. | ||
| The ``$token`` can be used to find the current user object (if any). In this | ||
| example, all of the complex business logic is included to determine access. | ||
| The ``$token`` can be used to find the current user object (if any). The ``$vote`` |
There was a problem hiding this comment.
perhaps document were this can be seen? or retrieved to be displayed?
There was a problem hiding this comment.
I am not sure to understand your point here
There was a problem hiding this comment.
I meant something like the workflow transition blocker message
is it possible to see this "vote message" somewhere and how ?
There was a problem hiding this comment.
I agree with @94noni. Having a short section explaining how to retrieve and display the reasons to users would be a great addition. It would help developers make better use of the new Vote object in real-world applications.
Co-authored-by: Oskar Stark <oskarstark@googlemail.com>
|
|
||
| if (!$user instanceof User) { | ||
| // the user must be logged in; if not, deny access | ||
| $vote->reasons[] = 'The user is not logged in.'; |
There was a problem hiding this comment.
I think we should instead use the addReason() method.
$vote?->addReason('The user is not logged in.');
| { | ||
| $user = $token->getUser(); | ||
| $vote ??= new Vote(); |
There was a problem hiding this comment.
should be removed while accounting for @javiereguiluz's comment:
| $vote ??= new Vote(); |
| return true; | ||
| } | ||
|
|
||
| $vote->reasons[] = 'You are not the owner of the Post.'; |
There was a problem hiding this comment.
$vote is undefined in this example, I guess a few more changes are needed to pass $vote
Fix #20658