New in Symfony 2.6: New shortcut methods for controllers

Contributed by
Thomas Royer in #11593. and Grégoire Pineau in #11602.

Symfony comes with a very handy base Controller class that assists with some of the most common controller tasks. When your controllers extend from the Symfony\Bundle\FrameworkBundle\Controller\Controller class, you can take advantage of several helper methods, such as redirect(), getUser() and createNotFoundException().

These helpers are so useful, that we've decided to include five new controller helpers in Symfony 2.6 to boost your productivity:

1. redirectToRoute(), allows to return a redirection based on the name of the route instead of having to generate first the URL:

1
2
3
4
5
6
7
8
9
// Symfony 2.6
return $this->redirectToRoute('homepage');

return $this->redirectToRoute('product_show', array('id' => 12), 301);

// Previous Symfony versions
return $this->redirect($this->generateUrl('homepage'));

return $this->redirect($this->generateUrl('product_show', array('id' => 12)), 301);

2. addFlash(), allows to create a flash message of the given type, checking first if the user session is available:

1
2
3
4
5
// Symfony 2.6
$this->addFlash('info', 'The item was created successfully.');

// Previous Symfony versions
$this->get('session')->getFlashBag()->add('info', 'The item was created successfully.');

3. isGranted(), checks if the given attributes are granted against the current authentication token and the optionally supplied object:

1
2
3
4
5
6
7
8
9
// Symfony 2.6
if ($this->isGranted('ROLE_ADMIN')) {
    // ...
}

// Previous Symfony versions
if ($this->get('security.context')->isGranted('ROLE_ADMIN')) {
    // ...
}

4. denyAccessUnlessGranted(), throws an exception unless the attributes are granted against the current authentication token and the optionally supplied object:

1
2
3
4
5
6
7
// Symfony 2.6
$this->denyAccessUnlessGranted('ROLE_EDIT', $item, 'You cannot edit this item.');

// Previous Symfony versions
if (false === $this->get('security.context')->isGranted('ROLE_EDIT', $item)) {
    throw $this->createAccessDeniedException('You cannot edit this item.');
}

5. isCsrfTokenValid(), checks the validity of the given CSRF token:

1
2
3
4
5
6
7
// Symfony 2.6
$this->isCsrfTokenValid('token_id', 'TOKEN');

// Previous Symfony versions
use Symfony\Component\Security\Csrf\CsrfToken;

$this->get('security.csrf.token_manager')->isTokenValid(new CsrfToken('token_id', 'TOKEN'))

Comments

Hooray to new [array init] syntax!
@Artem, the short array syntax has to do with PHP, not with Symfony. I use it to make the prevent the code to overflow the available space. Remember that you can only use it with PHP 5.4 or higher.
It will reduce our typing time :)
Thanks to the contributor and the DX initiative.
@Javier : So the example should be modified as Symfony2 is supposed to support 5.3.3.
Simple and very usefull shotcut methods!
Thanks to the DX initiative
@Loïc you are right. I've just updated the example to use the old and verbose array() syntax.
@javier you forgot this pr: https://github.com/symfony/symfony/pull/11602 Controller::isCsrfTokenValid ;)
@Grégoire sorry for having missed you PR! I've just updated the blog post with the new isCsrfTokenValid() shortcut.
Since PHP 5.3 reached end-of-life last month, perhaps the major version supported by Symfony should be raised to 5.4 which will at least receive security fixes until next September.
This is really great, as it improves the code readability a lot. Thanks!
Oh no! my custom Controller class got totally useless :D
Awesome helpers. Thanks!
BTW, if you like this, check out the KnpRadBundle.
good to know...Thank u........................
nice, thx !
It's very simple and good !
The flashBag and isGranted shortcuts are a godsend and worth the upgrade to 2.6 in of by themselves
My own controller which (extends the main controller) is already doing that sort of stuff..
but thank you :)
Why not using traits ? For example a trait "message" for flash Messages, a trait security for granted ans CSRF, a trait routing.. It will avoid to have multiple useless shortcut !

Comments are closed.

To ensure that comments stay relevant, they are closed for old posts.