// composer.json
{
"require": {
"php": "^7.1.3",
"composer/package-versions-deprecated": "^1.11", // 1.11.99
"doctrine/doctrine-bundle": "^1.6", // 1.8.1
"doctrine/doctrine-cache-bundle": "^1.2", // 1.3.2
"doctrine/doctrine-migrations-bundle": "^1.1", // v1.3.1
"doctrine/orm": "^2.5", // v2.7.2
"fzaninotto/faker": "^1.7", // v1.7.1
"knplabs/knp-markdown-bundle": "^1.4", // 1.6.0
"sensio/framework-extra-bundle": "^5.0", // v5.1.3
"stof/doctrine-extensions-bundle": "dev-master", // dev-master
"symfony/asset": "^4.0", // v4.0.1
"symfony/console": "^4.0", // v4.0.1
"symfony/flex": "^1.0", // v1.9.10
"symfony/form": "^4.0", // v4.0.1
"symfony/framework-bundle": "^4.0", // v4.0.1
"symfony/lts": "^4@dev", // dev-master
"symfony/maker-bundle": "^1.0", // v1.0.2
"symfony/monolog-bundle": "^3.1", // v3.1.2
"symfony/polyfill-apcu": "^1.0", // v1.6.0
"symfony/profiler-pack": "^1.0", // v1.0.3
"symfony/security-bundle": "^4.0", // v4.0.1
"symfony/security-csrf": "^4.0",
"symfony/swiftmailer-bundle": "^3.1", // v3.1.6
"symfony/translation": "^4.0", // v4.0.1
"symfony/twig-bundle": "^4.0", // v4.0.1
"symfony/validator": "^4.0", // v4.0.1
"symfony/web-server-bundle": "^4.0", // v4.0.1
"symfony/yaml": "^4.0" // v4.0.1
},
"require-dev": {
"symfony/dotenv": "^4.0", // v4.0.1
"symfony/phpunit-bridge": "^4.0", // v4.0.1
"doctrine/doctrine-fixtures-bundle": "^3.0" // 3.0.2
}
}
8 Comments
I am working on updating a legacy 3.3 project, using this as a helper guide. It has bee a while since I have done this.
There have been some changes, especially with the skeleton, since this was created. I have made it to this section and something strange has happened. I have ended up with Symfony 5.4.
I am thinking because the updated skeleton file for 4.0 is now very generic, composer did what it had to do to get things were it wanted to
I am guessing because of deprecation's and changes since 4.0 was released it has selected the corrected version for me.
I am curious of anyone has experienced this and I should be OK with it. This of course is the demo upgrade and I have to try this process on the actual project.
Hey MrWilde,
If you're wondering why you jumped the v4 and upgraded Symfony directly to v5.4 - the answer is that you don't have reasonable constraints in your composer.json for Symfony versions. As you can see you have
*which mean upgrade to the latest available version, i.e. in theory you should be upgraded up to Symfony 7.1 which is the latest now, but because of some PHP constraints it upgraded only to 5.4 because Symfony 6 already requires PHP 8 while you constrained it to PHP 7.x in your compsoer.json. To avoid such reckless upgrade you need to use smarter constraints for your all your symfony packages, e.g."symfony/dotenv": "^4.4"instead of*- this will upgrade you to the latest 4.4 version and will not try to upgrade to the latest available.Better to not jump over major versions, the strategy should be to upgrade your current major version to the latest, i.e up to 3.4 first, fix all deprecations, and only then upgrade to the next major, i.e. 4.4, then fix all the deprecations again, and next upgrade to the 5.4... and so on.
I hope this helps!
Cheers!
I'm unfamiliar with the @IsGranted stuff.
In my TWIG code I sometimes use
{% if is_granted('ROLE_SUPER_ADMIN') %}to hide menu options etc from non-admins.
In my controllers I often use
if ( $this->get('security.authorization_checker')->isGranted('ROLE_EXTRAOPENING_ADMIN') )And I also have access config in security.yaml
` access_control:
Is this sufficient or am I missing something when I'm not using the @IsGranted directive for certain classes (or functions, I suppose the @IsGranted could go before a specific function such as ::editAction as well?)
Hey Mattias,
It should be OK, if you prefer annotations (or PHP 8 attributes) - you can use IsGranted annotation/attribute above your controller's action. Or you can call that isGranted method explicitly in the method as you did. There is no difference, but the 1st option would make your controller cleaner (less code) while the 2nd option gives you a more control as you can write a PHP code and add more checks if needed.
Well, isGranted() PHP function will just return you either true or false, i.e. you should throw an AccessDeniedException manually to actually deny the access. Btw, it depends on what class your controller extends, but if you extends Symfony base controller - you could shorten that method call to just "$this->isGranted(...)" instead of doing it via "security.authorization_checker" service. And btw, there's another method call createAccessDeniedException() that helps to create the actual exception for you, i.e. you can do something like:
But of course, it would be great to check that your code works and you see that access denied exception in your browser :)
Cheers!
The Controller class is created like this
`
namespace AppBundle\Controller\ExtraOpening;
use AppBundle\Entity\ACRGroup as ACRGroup;
use AppBundle\Entity\ExtraOpening\DebitPeriod;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\Request;
use AppBundle\Service\globalHelper;
/**
/
class DebitPeriodController extends Controller {
...`
Is the Base controller you mentioned different from the <b>Symfony\Bundle\FrameworkBundle\Controller\Controller</b> I'm using?
In this particular case I did this with the logic, but I see what you're saying.
` if ( $this->get('security.authorization_checker')->isGranted('ROLE_EXTRAOPENING_ADMIN') ) {
Hey Mattias,
Ah, yes, I was mention the Symfony\Bundle\FrameworkBundle\Controller\AbstractController - this one should have that isGranted() method. Otherwise, using a special service for this is fine, it's up to you!
Cheers!
Will IsGranted work with 2 different roles?
I.E.
* @IsGranted('ROLE_THIS_ACCESS')
* @IsGranted('ROLE_SUPER_USER')
will allow any user with either role to access?
Hey Matt,
Yes, it should work according to the docs:
> Each IsGranted() must grant access for the user to have access to the controller.
See https://symfony.com/doc/mas... . Or you can use @Security for more flexibility.
Cheers!
"Houston: no signs of life"
Start the conversation!