How to use expressions in security, routing, services and validation


Symfony comes with a powerful expression languageComponents. It allows you to add advanced custom logic to your configuration.

The Symfony framework makes good use of expressions in the following ways:

Create ³³For more information on using adverbial clauses: expressions, please refer to Expression syntax.

Security: Expressions use complex access control

Accept roles other than ROLE_ADMINisGrantedAlso. Accepts Expression Object: 

use Symfony\Component\ExpressionLanguage\Expression;// ... public function indexAction(){
    $this->denyAccessUnlessGranted(new Expression(
        '"ROLE_ADMIN" in roles or (user and user.isSuperAdmin())'
    ));     // ...}

In this example, if the current user has ROLE_ADMIN or the # of the current user object ##isSuperAdmin()The method returns true Then access will be authorized (note: your user object may not have isSuperAdmin method, this method only appears for this example).

This uses an expression. You can also learn more about the syntax for expressing languange, refer to Expression syntax.

In an expression, you can access various variables:

  • user
  • User object (or anon, if not authenticated).
    • ##roles
  • Array of roles owned by the user, including Role level (role level) but does not include the IS_AUTHENTICATED_* attribute ( See function below). ##object
    • The second parameter is passed to
  • isGrantedThe object of the method (if any). token
    • Token object.
  • trust_resolver
    • AuthenticationTrustResolverInterface
  • Interface, its objects are: Perhaps you wish to use the is_* function below instead.
Additionally, you can access various functions in expressions:

  • is_authenticated
  • Returns true, if the user passes " Returns true if "Remember Me" or "Full" authentication is passed - for example, if the user is logged in.
  • is_anonymous
  • is equivalent to isGranted Use IS_AUTHENTICATED_ANONYMOUSLY in the function.
  • is_remember_me
  • Similar but not exactly the same as IS_AUTHENTICATED_REMEMBERED ,see below.
  • is_fully_authenticated
  • ##Similar but not exactly the same as IS_AUTHENTICATED_FULLY ,see below.
  • has_role
  • Check whether a user has a given ROLE - equivalent to an expression like this'ROLE_ADMIN' in roles.

##is_remember_me is different from checking

IS_AUTHENTICATED_REMEMBERED##is_remember_me

Adverbial clause: is_authenticated_fully Function and use in isGranted functionIS_AUTHENTICATED_REMEMBERED Adverbial clause: IS_AUTHENTICATED_FULLY is similar in English - they are not ## Same as the following example shows the difference: 

use Symfony\Component\ExpressionLanguage\Expression;// ... $ac = $this->get('security.authorization_checker');$access1 = $ac->isGranted('IS_AUTHENTICATED_REMEMBERED'); $access2 = $ac->isGranted(new Expression(
    'is_remember_me() or is_fully_authenticated()'));

Here, $access1 and $access2## The values ​​of # are the same. Unlike the behavior of IS_AUTHENTICATED_REMEMBERED and IS_AUTHENTICATED_FULLY, is_remember_meFunctionOnly if user passes remember_me Returns true during cookie authentication, and is_fully_authenticated Only ifThe user is in the session cycle It will return true only if the login status is successful (for example, full-fedged).