Use @IsGranted instead of @Security.

dmerchier · javiereguiluz · commit 166ffcf781c2 · 2018-05-20T12:23:46.000+02:00
diff --git a/src/Controller/Admin/BlogController.php b/src/Controller/Admin/BlogController.php
@@ -15,6 +15,7 @@
 use App\Form\PostType;
 use App\Repository\PostRepository;
 use App\Utils\Slugger;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\Form\Extension\Core\Type\SubmitType;
@@ -118,7 +119,7 @@ public function new(Request $request): Response
     public function show(Post $post): Response
     {
         // This security check can also be performed
-        // using an annotation: @Security("is_granted('show', post)")
+        // using an annotation: @IsGranted("show", subject="post")
         $this->denyAccessUnlessGranted('show', $post, 'Posts can only be shown to their authors.');
 
         return $this->render('admin/blog/show.html.twig', [
@@ -130,11 +131,10 @@ public function show(Post $post): Response
      * Displays a form to edit an existing Post entity.
      *
      * @Route("/{id}/edit", requirements={"id": "\d+"}, methods={"GET", "POST"}, name="admin_post_edit")
+     * @IsGranted("edit", subject="post", message="Posts can only be edited by their authors.")
      */
     public function edit(Request $request, Post $post): Response
     {
-        $this->denyAccessUnlessGranted('edit', $post, 'Posts can only be edited by their authors.');
-
         $form = $this->createForm(PostType::class, $post);
         $form->handleRequest($request);
 
@@ -157,7 +157,7 @@ public function edit(Request $request, Post $post): Response
      * Deletes a Post entity.
      *
      * @Route("/{id}/delete", methods={"POST"}, name="admin_post_delete")
-     * @Security("is_granted('delete', post)")
+     * @IsGranted("delete", subject="post")
      *
      * The Security annotation value is an expression (if it evaluates to false,
      * the authorization mechanism will prevent the user accessing this resource).
diff --git a/src/Controller/BlogController.php b/src/Controller/BlogController.php
@@ -17,8 +17,8 @@
 use App\Form\CommentType;
 use App\Repository\PostRepository;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\Cache;
+use Sensio\Bundle\FrameworkExtraBundle\Configuration\IsGranted;
 use Sensio\Bundle\FrameworkExtraBundle\Configuration\ParamConverter;
-use Sensio\Bundle\FrameworkExtraBundle\Configuration\Security;
 use Symfony\Bundle\FrameworkBundle\Controller\AbstractController;
 use Symfony\Component\EventDispatcher\EventDispatcherInterface;
 use Symfony\Component\EventDispatcher\GenericEvent;
@@ -78,7 +78,7 @@ public function postShow(Post $post): Response
 
     /**
      * @Route("/comment/{postSlug}/new", methods={"POST"}, name="comment_new")
-     * @Security("is_granted('IS_AUTHENTICATED_FULLY')")
+     * @IsGranted("IS_AUTHENTICATED_FULLY")
      * @ParamConverter("post", options={"mapping": {"postSlug": "slug"}})
      *
      * NOTE: The ParamConverter mapping is required because the route parameter
