Hi, The Symfony\Component\Security\Core\Authorization\AccessDecisionManager class has 3 functions for the different types of decision making in the security voting "chain": affirmative, consensus and unanimous. The decideUnamimous() function has a different approach how it's implemented.
Example (overhead code removed for readability, difference marked with bold): private function decideUnanimous(TokenInterface $token, array $attributes, $object = null) { * foreach ($attributes as $attribute) {* foreach ($this->voters as $voter) { $result = $voter->vote($token, $object, *array($attribute)* ); vs. private function decideConsensus(TokenInterface $token, array $attributes, $object = null) { foreach ($this->voters as $voter) { $result = $voter->vote($token, $object, *$attributes*); I'm banging my head to the wall because I can't figure out why the 2 methods should work different. If you are using decideUnanimous you can call it like this: $securityContext->isGranted(array('VIEW', 'CREATE'), $myObject); and for the other functions you need to call isGranted twice. In my application I need to pass extra parameters to the voter and I wanted to use the attributes array for the extra volatile information, but the application broke when I switched to unanimous decision making. Is it on purpose that the attributes array is handled differently throughout the 3 deciders? I want to avoid the push a serialized array in the voter and unserialize it in there ;-) Regards, John -- -- If you want to report a vulnerability issue on Symfony, please read the procedure on http://symfony.com/security You received this message because you are subscribed to the Google Groups "symfony developers" group. To post to this group, send email to symfony-devs@googlegroups.com To unsubscribe from this group, send email to symfony-devs+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/symfony-devs?hl=en