New in Symfony 5.1: Access decision based on voter priority
In Symfony applications, security voters centralize the authorization logic
which decides if a given user can access to the requested resource. They are
regular Symfony services tagged with the security.voter tag, so they can
define their priorities via the
priority attribute of the tag.
In practice this voter priority is mostly irrelevant, because of the access decision strategies used by Symfony:
affirmative, grants access as soon as there is one voter granting access;
consensus, grants access if there are more voters granting access than denying;
unanimous, grants access if there is no voter denying access.
That's why in Symfony 5.1 we've added a new access decision strategy called
priority which grants or denies access depending on the first voter that
does not abstain. In this case, the voter priority is essential, because the
first non-abstain decision will be the final decision:
1 2 3 4 5
# config/packages/security.yaml security: access_decision_manager: strategy: priority # ...
This feature originated from the Contao CMS project, which is built with
Symfony, and defines some default permissions which other extensions/bundles
must be able to override. This new
priority access decision strategy is
the only one able to do that.
New in Symfony 5.1: Access decision based on voter priority symfony.com/blog/new-in-symfony-5-1-access-decision-based-on-voter-priorityTweet this