Use Constant in API Platform Security Annotation

Question

API Platform for Symfony allows you to use Voters in order to grant or deny access to your ressources, as described in their docs.

However all example are using magic values, I would rather use class constants for this. Ex.

/**
 * @ApiResource(
 *     itemOperations={
 *          "put"={"security"="is_granted(UserVoter::USER_EDIT, object)"},
 *     }
 * )
 */

I've tried it using an "use" statement for the UserVoter class, App\Security\Voter\UserVoter::USER_EDIT as well as escaped App\\Security\\Voter\\UserVoter::USER_EDIT, however nothing was accepted by API Platform

Question: How can I use class constants with security in API Platform?

I never used `ApiPlatform` yet but [see this answer](https://stackoverflow.com/questions/44591028/how-to-use-class-constants-in-security-annotation-using-the-symfony-expression/44591217). Have you tried `\\App\\Security\\Voter\\UserVoter::USER_EDIT` or `is_granted(constant('\\App\\Security\\Voter\\UserVoter::USER_EDIT'), object)`? (_maybe for the second example the constant function will need the Expression Language Component installed, and I don't know if it is included or not in ApiPlatform package_) — gp_sflover, Oct 02 '20 at 14:20
Hey. did you tried `"security"="is_granted(permission(UserVoter::USER_EDIT), object)"` ? Also, show please this entity with main class annotation and its constants — Evgeny Ruban, Oct 02 '20 at 18:26

score 2 · Accepted Answer · answered Jun 29 '21 at 13:29

2

Just to confirm to anyone wondering: is_granted(constant('\\App\\Security\\Voter\\UserVoter::USER_EDIT'), object) works a treat

answered Jun 29 '21 at 13:29

Michael

76
5

Use Constant in API Platform Security Annotation

1 Answers1