Symfony Voter in twig

1
votes

I have implemented a voter system to check if a user can view the posts that he has not subscribed to. I am calling this in an action in a controller.

$this->denyAccessUnlessGranted('view', $post, 'You do not have permission to 
view this post!');

If the voter returns true, it is redirected to a twig template.

How can I render the same template if it returns false with the message "You do not have permission to view this post!" ?

Edited to be more clear: I do not want a user to see the posts that he has not subscribed to by changing the post id in url. So, I have implemented voters to check that. If voter returns true, twig template is rendered else the message is displayed without the template. I want this message to be displayed in the template.

I want to use something like this in my twig template:

{% if is_granted('view', post) %}
    post
{% else %}
    Permission denied
{% endif %}
1
phpsymfonytwig
Can you provide more context?Nico Haase
I do not want a user to see the posts that he has not subscribed to by changing the post id in url. So, I have implemented voters to check that. If voter returns true, twig template is rendered else the message is displayed without the template. I want this message to be displayed in the template. I hope you are clear now.jeevan
You may want to have a look at this example in the documentationDarkBee
Where's the problem in outputting the string? I don't have a clue how your voter system works and why it cannot display the given stringNico Haase
@NicoHaase the denyAccessUnlessGranted points to a controller, and if the access is denied based on a voter, it will throw an exeption with the third parameter as "message". This then get's handled by Symfony if there's no exception handling in place.wawa

1 Answers

7
votes

For the future, please give more context. Like where are you calling this? I'm assuming in a controller?

I further assume it's in a action of a controller.

The next assumption derived from your comment is, that you want to render the template if the user has access rights and otherwise redirect him.

If this is the case, you could do something like this:

public function fooAction()
{
    // if it's not in a controller, but you have a container at $container
    // you can call $container->get('security.authorization_checker')->isGranted('view', $post);
    if (!$this->isGranted('view', $post)) {
        return $this->redirect('https://example.com/denied');
        // or if you have a route let's call it "app_denied"
        //return $this->redirectToRoute('app_denied', ['param' => 'value', 'param2' => 'baz']);
    }

    // replace `view.html.twig` with your template
    return $this->render('view.html.twig', [
        'post' => $post,
    ]);
}

Edit: If you want a Exception being thrown, take a look at custom error pages. You can find a tutorial in the Symfony Documentation

Edit 2: based on OP input

You ahould be able to just use is_granted in twig.

You could do something like:

{% if is_granted('view', post) %}
    Show the post here
{% else %}
    Sorry you don't have permissions to access this!
{% endif %}

The only thing you have to take care is, that the post variable is set.

If you want to only display a message if someone doesn't have access rights, you could use:

{% if not is_granted('view', post) %}
    Sorry you don't have permissions to access this!
{% endif %}

Edit 3: OP asked how to set the post variable in twig. I'm again assuming here, so you probably have a controller and use something like:

return $this->render('view.html.twig', [
    'post' => $post,
    'foo' => 'bar',
]);

In this case post and foo are passed as variables to twig. If you have multiple Post entries, let's say in $posts and use something like

return $this->render('view.html.twig', [
    'posts' => $posts,
]);

In the twig file, you can loop through the posts with a for loop.

{% for post in posts %}
    {% if is_granted('view', post) %}
        Jup, show the post
    {% else %}
        Nope, don't show it
    {% endif %}
{% else %}
    There are no posts
{% endif %}

I'd recommend you to read the chapter about Templating